Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit f8bc5a09 authored by Philip P. Moltmann's avatar Philip P. Moltmann
Browse files

Don't grant policy fixed permission on request 

Since Q the permission controller can grant policy fixed permissions.
This is needed to move the POLICY_FIXED logic into the permission
controller.

A permission group can have both policy-fixed/granted and
policy-fixed/denied permissions.

Before this change it could happen that if we have such a group the
app could get a policy-fixed/denied individual permission granted by
accident as the whole group is classified as policy-fixed/granted .

Test: created a group with denied and allowed permission and then tried
          to grant the denied permission.
      atest com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testPermissionGrantOfDisallowedPermissionWhileOtherPermIsGranted
Fixes: 133871568
Change-Id: I5569b96bcc9549f646dd1f0f9b64b2baa968a1d9
parent 3f8f673c
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment