2024-05-20 08:00:14 -04:00
|
|
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
|
From: Daniel Micay <danielmicay@gmail.com>
|
|
|
|
Date: Sun, 23 Jul 2017 04:43:50 +0300
|
|
|
|
Subject: [PATCH] add special handling for INTERNET/OTHER_SENSORS
|
|
|
|
|
|
|
|
13: 6d4b86e01
|
|
|
|
---
|
|
|
|
.../data/HibernationSettingStateLiveData.kt | 3 ++-
|
|
|
|
.../permission/model/AppPermissionGroup.java | 5 ++--
|
|
|
|
.../permission/model/Permission.java | 4 ++-
|
|
|
|
.../service/AutoRevokePermissions.kt | 4 +--
|
|
|
|
.../permission/utils/KotlinUtils.kt | 3 +++
|
|
|
|
.../permission/utils/PermissionMapping.kt | 25 +++++++++++++++++++
|
|
|
|
6 files changed, 38 insertions(+), 6 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt b/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt
|
|
|
|
index 75d965d02..5d2d95916 100644
|
|
|
|
--- a/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt
|
|
|
|
+++ b/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt
|
|
|
|
@@ -35,6 +35,7 @@ import com.android.permissioncontroller.hibernation.isPackageHibernationExemptBy
|
|
|
|
import com.android.permissioncontroller.permission.data.PackagePermissionsLiveData.Companion.NON_RUNTIME_NORMAL_PERMS
|
|
|
|
import com.android.permissioncontroller.permission.model.livedatatypes.HibernationSettingState
|
|
|
|
import com.android.permissioncontroller.permission.service.AUTO_REVOKE_EXEMPT_PERMISSIONS
|
|
|
|
+import com.android.permissioncontroller.permission.utils.PermissionMapping.isSpecialRuntimePermissionGroup
|
|
|
|
import kotlinx.coroutines.Job
|
|
|
|
|
|
|
|
/**
|
|
|
|
@@ -120,7 +121,7 @@ private constructor(
|
|
|
|
permName in AUTO_REVOKE_EXEMPT_PERMISSIONS
|
|
|
|
}
|
|
|
|
?: false
|
|
|
|
- if (!default && !allExempt) {
|
|
|
|
+ if (!default && !allExempt && !isSpecialRuntimePermissionGroup(groupName)) {
|
|
|
|
revocableGroups.add(groupName)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java b/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
|
|
|
|
index 3b2cc7ee0..75da346ed 100644
|
|
|
|
--- a/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
|
|
|
|
+++ b/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
|
|
|
|
@@ -26,6 +26,7 @@ import static android.app.AppOpsManager.OPSTR_LEGACY_STORAGE;
|
|
|
|
import static android.content.pm.PackageManager.PERMISSION_GRANTED;
|
|
|
|
import static android.health.connect.HealthPermissions.HEALTH_PERMISSION_GROUP;
|
|
|
|
|
|
|
|
+import static com.android.permissioncontroller.permission.utils.PermissionMapping.isSpecialRuntimePermission;
|
|
|
|
import static com.android.permissioncontroller.permission.utils.Utils.isHealthPermissionUiEnabled;
|
|
|
|
|
|
|
|
import android.Manifest;
|
|
|
|
@@ -948,7 +949,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
|
|
|
|
permission.getName(),
|
|
|
|
mPackageInfo.applicationInfo.targetSdkVersion);
|
|
|
|
|
|
|
|
- if (mAppSupportsRuntimePermissions && !isPermissionSplitFromNonRuntime) {
|
|
|
|
+ if ((mAppSupportsRuntimePermissions && !isPermissionSplitFromNonRuntime) || isSpecialRuntimePermission(permission.getName())) {
|
|
|
|
// Do not touch permissions fixed by the system.
|
|
|
|
if (permission.isSystemFixed()) {
|
|
|
|
wasAllGranted = false;
|
|
|
|
@@ -1144,7 +1145,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
|
|
|
|
permission.getName(),
|
|
|
|
mPackageInfo.applicationInfo.targetSdkVersion);
|
|
|
|
|
|
|
|
- if (mAppSupportsRuntimePermissions && !isPermissionSplitFromNonRuntime) {
|
|
|
|
+ if ((mAppSupportsRuntimePermissions && !isPermissionSplitFromNonRuntime) || isSpecialRuntimePermission(permission.getName())) {
|
|
|
|
|
|
|
|
// Revoke the permission if needed.
|
|
|
|
if (permission.isGranted()) {
|
|
|
|
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java b/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
|
|
|
|
index 4daaeaec8..8962a0b81 100644
|
|
|
|
--- a/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
|
|
|
|
+++ b/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
|
|
|
|
@@ -24,6 +24,8 @@ import androidx.annotation.NonNull;
|
|
|
|
import java.util.ArrayList;
|
|
|
|
import java.util.Objects;
|
|
|
|
|
|
|
|
+import static com.android.permissioncontroller.permission.utils.PermissionMapping.isSpecialRuntimePermission;
|
|
|
|
+
|
|
|
|
/**
|
|
|
|
* A permission and it's properties.
|
|
|
|
*
|
|
|
|
@@ -137,7 +139,7 @@ public final class Permission {
|
|
|
|
* @return {@code true} if the permission (and the app-op) is granted.
|
|
|
|
*/
|
|
|
|
public boolean isGrantedIncludingAppOp() {
|
|
|
|
- return mGranted && (!affectsAppOp() || isAppOpAllowed()) && !isReviewRequired();
|
|
|
|
+ return mGranted && (!affectsAppOp() || isAppOpAllowed()) && (!isReviewRequired() || isSpecialRuntimePermission(mName));
|
|
|
|
}
|
|
|
|
|
|
|
|
public boolean isReviewRequired() {
|
|
|
|
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt b/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt
|
|
|
|
index 8e1721219..6690c9cd7 100644
|
|
|
|
--- a/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt
|
|
|
|
+++ b/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt
|
|
|
|
@@ -40,6 +40,7 @@ import com.android.permissioncontroller.permission.model.livedatatypes.LightAppP
|
|
|
|
import com.android.permissioncontroller.permission.model.livedatatypes.LightPackageInfo
|
|
|
|
import com.android.permissioncontroller.permission.utils.KotlinUtils
|
|
|
|
import com.android.permissioncontroller.permission.utils.PermissionMapping
|
|
|
|
+import com.android.permissioncontroller.permission.utils.PermissionMapping.isSpecialRuntimePermissionGroup
|
|
|
|
import com.android.permissioncontroller.permission.utils.application
|
|
|
|
import com.android.permissioncontroller.permission.utils.forEachInParallel
|
|
|
|
import com.android.permissioncontroller.permission.utils.updatePermissionFlags
|
|
|
|
@@ -139,8 +140,7 @@ suspend fun revokeAppPermissions(
|
|
|
|
!group.isGrantedByDefault &&
|
|
|
|
!group.isGrantedByRole &&
|
|
|
|
!group.isRevokeWhenRequested &&
|
|
|
|
- group.isUserSensitive
|
|
|
|
- ) {
|
|
|
|
+ group.isUserSensitive && !isSpecialRuntimePermissionGroup(groupName)) {
|
|
|
|
revocableGroups.add(groupName)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt b/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt
|
2024-12-06 10:55:23 -05:00
|
|
|
index 16c6d5aa9..3ebec4fd4 100644
|
2024-05-20 08:00:14 -04:00
|
|
|
--- a/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt
|
|
|
|
+++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt
|
|
|
|
@@ -91,6 +91,7 @@ import com.android.permissioncontroller.permission.model.livedatatypes.LightPerm
|
|
|
|
import com.android.permissioncontroller.permission.model.livedatatypes.PermState
|
|
|
|
import com.android.permissioncontroller.permission.service.LocationAccessCheck
|
|
|
|
import com.android.permissioncontroller.permission.ui.handheld.SettingsWithLargeHeader
|
|
|
|
+import com.android.permissioncontroller.permission.utils.PermissionMapping.isSpecialRuntimePermission
|
|
|
|
import com.android.safetycenter.resources.SafetyCenterResourcesApk
|
|
|
|
import java.time.Duration
|
|
|
|
import java.util.concurrent.atomic.AtomicReference
|
|
|
|
@@ -954,6 +955,7 @@ object KotlinUtils {
|
|
|
|
val user = UserHandle.getUserHandleForUid(pkgInfo.uid)
|
|
|
|
val deviceId = group.deviceId
|
|
|
|
val supportsRuntime = pkgInfo.targetSdkVersion >= Build.VERSION_CODES.M
|
|
|
|
+ || isSpecialRuntimePermission(perm.name)
|
|
|
|
val isGrantingAllowed =
|
|
|
|
(!pkgInfo.isInstantApp || perm.isInstantPerm) &&
|
|
|
|
(supportsRuntime || !perm.isRuntimeOnly)
|
|
|
|
@@ -1285,6 +1287,7 @@ object KotlinUtils {
|
|
|
|
val deviceId = group.deviceId
|
|
|
|
var isGranted = perm.isGrantedIncludingAppOp
|
|
|
|
val supportsRuntime = group.packageInfo.targetSdkVersion >= Build.VERSION_CODES.M
|
|
|
|
+ || isSpecialRuntimePermission(perm.name)
|
|
|
|
var shouldKill = false
|
|
|
|
|
|
|
|
val affectsAppOp = permissionToOp(perm.name) != null || perm.isBackgroundPermission
|
|
|
|
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt b/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt
|
|
|
|
index 840a033c3..14ca4d36a 100644
|
|
|
|
--- a/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt
|
|
|
|
+++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt
|
|
|
|
@@ -64,6 +64,9 @@ object PermissionMapping {
|
|
|
|
/** Mapping group -> permissions for all dangerous platform permissions */
|
|
|
|
private val PLATFORM_PERMISSION_GROUPS: MutableMap<String, MutableList<String>> = mutableMapOf()
|
|
|
|
|
|
|
|
+ private val SPECIAL_RUNTIME_PERMISSIONS: MutableMap<String, String> = mutableMapOf()
|
|
|
|
+ private val SPECIAL_RUNTIME_PERMISSION_GROUPS: MutableMap<String, MutableList<String>> = mutableMapOf()
|
|
|
|
+
|
|
|
|
/** Set of groups that will be able to receive one-time grant */
|
|
|
|
private val ONE_TIME_PERMISSION_GROUPS: MutableSet<String> = mutableSetOf()
|
|
|
|
|
|
|
|
@@ -183,10 +186,22 @@ object PermissionMapping {
|
|
|
|
Manifest.permission_group.SENSORS
|
|
|
|
}
|
|
|
|
|
|
|
|
+ PLATFORM_PERMISSIONS[Manifest.permission.INTERNET] = Manifest.permission_group.NETWORK
|
|
|
|
+ PLATFORM_PERMISSIONS[Manifest.permission.OTHER_SENSORS] = Manifest.permission_group.OTHER_SENSORS
|
|
|
|
+
|
|
|
|
+ SPECIAL_RUNTIME_PERMISSIONS[Manifest.permission.INTERNET] =
|
|
|
|
+ Manifest.permission_group.NETWORK
|
|
|
|
+ SPECIAL_RUNTIME_PERMISSIONS[Manifest.permission.OTHER_SENSORS] =
|
|
|
|
+ Manifest.permission_group.OTHER_SENSORS
|
|
|
|
+
|
|
|
|
for ((permission, permissionGroup) in PLATFORM_PERMISSIONS) {
|
|
|
|
PLATFORM_PERMISSION_GROUPS.getOrPut(permissionGroup) { mutableListOf() }.add(permission)
|
|
|
|
}
|
|
|
|
|
|
|
|
+ for ((permission, permissionGroup) in SPECIAL_RUNTIME_PERMISSIONS) {
|
|
|
|
+ SPECIAL_RUNTIME_PERMISSION_GROUPS.getOrPut(permissionGroup) { mutableListOf() }.add(permission)
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
ONE_TIME_PERMISSION_GROUPS.add(Manifest.permission_group.LOCATION)
|
|
|
|
ONE_TIME_PERMISSION_GROUPS.add(Manifest.permission_group.CAMERA)
|
|
|
|
ONE_TIME_PERMISSION_GROUPS.add(Manifest.permission_group.MICROPHONE)
|
|
|
|
@@ -405,4 +420,14 @@ object PermissionMapping {
|
|
|
|
|
|
|
|
return PERMISSION_GROUPS_TO_DATA_CATEGORIES.containsKey(permissionGroupName)
|
|
|
|
}
|
|
|
|
+
|
|
|
|
+ @JvmStatic
|
|
|
|
+ fun isSpecialRuntimePermission(permission: String): Boolean {
|
|
|
|
+ return SPECIAL_RUNTIME_PERMISSIONS.containsKey(permission)
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ @JvmStatic
|
|
|
|
+ fun isSpecialRuntimePermissionGroup(permissionGroup: String): Boolean {
|
|
|
|
+ return SPECIAL_RUNTIME_PERMISSION_GROUPS.containsKey(permissionGroup)
|
|
|
|
+ }
|
|
|
|
}
|