DivestOS/Patches/LineageOS-16.0/android_frameworks_base/397595.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Yi-an Chen <theianchen@google.com>
Date: Tue, 23 Apr 2024 21:53:02 +0000
Subject: [PATCH] Fix security vulnerability of non-dynamic permission removal

The original removePermission() code in PermissionManagerService
missed a logical negation operator when handling non-dynamic
permissions, causing both
testPermissionPermission_nonDynamicPermission_permissionUnchanged and
testRemovePermission_dynamicPermission_permissionRemoved tests in
DynamicPermissionsTest to fail.

The corresponding test DynamicPermissionsTest is also updated in the
other CL: ag/27073864

Bug: 321711213
Test: DynamicPermissionsTest on sc-dev and tm-dev locally
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:35d77a77feef62dc108f6478cb9228cc6044f70d)
Merged-In: Id573b75cdcfce3a1df5731ffb00c4228c513e686
Change-Id: Id573b75cdcfce3a1df5731ffb00c4228c513e686
---
 .../android/server/pm/permission/PermissionManagerService.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index b902001cd359..91f24d7295a9 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -758,7 +758,7 @@ public class PermissionManagerService {
             if (bp == null) {
                 return;
             }
-            if (bp.isDynamic()) {
+            if (!bp.isDynamic()) {
                 // TODO: switch this back to SecurityException
                 Slog.wtf(TAG, "Not allowed to modify non-dynamic permission "
                         + permName);
Churn Signed-off-by: Tavi <tavi@divested.dev> 2024-08-17 12:35:07 -04:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
16.0: July 2024 ASB work Signed-off-by: Tavi <tavi@divested.dev> 2024-07-17 16:09:08 -04:00			`From: Yi-an Chen <theianchen@google.com>`
			`Date: Tue, 23 Apr 2024 21:53:02 +0000`
			`Subject: [PATCH] Fix security vulnerability of non-dynamic permission removal`

			`The original removePermission() code in PermissionManagerService`
			`missed a logical negation operator when handling non-dynamic`
			`permissions, causing both`
			`testPermissionPermission_nonDynamicPermission_permissionUnchanged and`
			`testRemovePermission_dynamicPermission_permissionRemoved tests in`
			`DynamicPermissionsTest to fail.`

			`The corresponding test DynamicPermissionsTest is also updated in the`
			`other CL: ag/27073864`

			`Bug: 321711213`
			`Test: DynamicPermissionsTest on sc-dev and tm-dev locally`
			`(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:35d77a77feef62dc108f6478cb9228cc6044f70d)`
			`Merged-In: Id573b75cdcfce3a1df5731ffb00c4228c513e686`
			`Change-Id: Id573b75cdcfce3a1df5731ffb00c4228c513e686`
			`---`
			`.../android/server/pm/permission/PermissionManagerService.java \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java`
Churn Signed-off-by: Tavi <tavi@divested.dev> 2024-08-17 12:35:07 -04:00			`index b902001cd359..91f24d7295a9 100644`
16.0: July 2024 ASB work Signed-off-by: Tavi <tavi@divested.dev> 2024-07-17 16:09:08 -04:00			`--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java`
			`+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java`
Churn Signed-off-by: Tavi <tavi@divested.dev> 2024-08-17 12:35:07 -04:00			`@@ -758,7 +758,7 @@ public class PermissionManagerService {`
16.0: July 2024 ASB work Signed-off-by: Tavi <tavi@divested.dev> 2024-07-17 16:09:08 -04:00			`if (bp == null) {`
			`return;`
			`}`
			`- if (bp.isDynamic()) {`
			`+ if (!bp.isDynamic()) {`
			`// TODO: switch this back to SecurityException`
			`Slog.wtf(TAG, "Not allowed to modify non-dynamic permission "`
			`+ permName);`