mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-14 02:14:34 -05:00
54 lines
2.8 KiB
Diff
54 lines
2.8 KiB
Diff
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||
|
From: Nate Myren <ntmyren@google.com>
|
||
|
Date: Fri, 2 Dec 2022 09:44:31 -0800
|
||
|
Subject: [PATCH] RESTRICT AUTOMERGE Revoke dev perm if app is upgrading to
|
||
|
post 23 and perm has pre23 flag
|
||
|
|
||
|
If a permission has the "pre23" flag, and an app is upgrading past api
|
||
|
23, then we should not assume that a "development" permission remains
|
||
|
granted
|
||
|
|
||
|
Fixes: 259458532
|
||
|
Test: atest RevokeSawPermissionTest
|
||
|
Change-Id: I214396f455c5ed9e8bac2e50b1525b86475c81c7
|
||
|
(cherry picked from commit 2f30a63b11e59f9daf42f51eb85aa91c86f4baf4)
|
||
|
Merged-In: I214396f455c5ed9e8bac2e50b1525b86475c81c7
|
||
|
---
|
||
|
.../server/pm/permission/PermissionManagerService.java | 9 +++++++--
|
||
|
1 file changed, 7 insertions(+), 2 deletions(-)
|
||
|
|
||
|
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||
|
index 23af4e6c1c3e..9f8e6eae3ba8 100644
|
||
|
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||
|
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||
|
@@ -671,7 +671,7 @@ public class PermissionManagerService {
|
||
|
}
|
||
|
final PackageSetting ps = (PackageSetting) newPackage.mExtras;
|
||
|
if (grantSignaturePermission(Manifest.permission.SYSTEM_ALERT_WINDOW, newPackage, saw,
|
||
|
- ps.getPermissionsState())) {
|
||
|
+ ps.getPermissionsState(), true)) {
|
||
|
return;
|
||
|
}
|
||
|
for (int userId: mUserManagerInt.getUserIds()) {
|
||
|
@@ -1836,6 +1836,11 @@ public class PermissionManagerService {
|
||
|
|
||
|
private boolean grantSignaturePermission(String perm, PackageParser.Package pkg,
|
||
|
BasePermission bp, PermissionsState origPermissions) {
|
||
|
+ return grantSignaturePermission(perm, pkg, bp, origPermissions, false);
|
||
|
+ }
|
||
|
+ private boolean grantSignaturePermission(String perm, PackageParser.Package pkg,
|
||
|
+ BasePermission bp, PermissionsState origPermissions,
|
||
|
+ boolean isApi23Upgrade) {
|
||
|
boolean oemPermission = bp.isOEM();
|
||
|
boolean vendorPrivilegedPermission = bp.isVendorPrivileged();
|
||
|
boolean privilegedPermission = bp.isPrivileged() || bp.isVendorPrivileged();
|
||
|
@@ -2022,7 +2027,7 @@ public class PermissionManagerService {
|
||
|
// Any pre-installed system app is allowed to get this permission.
|
||
|
allowed = true;
|
||
|
}
|
||
|
- if (!allowed && bp.isDevelopment()) {
|
||
|
+ if (!allowed && bp.isDevelopment() && !(bp.isPre23() && isApi23Upgrade)) {
|
||
|
// For development permissions, a development permission
|
||
|
// is granted only if it was already granted.
|
||
|
allowed = origPermissions.hasInstallPermission(perm);
|