2022-06-03 15:14:35 -04:00
|
|
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
2022-06-02 23:03:16 -04:00
|
|
|
From: Daniel Micay <danielmicay@gmail.com>
|
|
|
|
Date: Tue, 31 May 2022 04:18:35 -0400
|
|
|
|
Subject: [PATCH] extend special runtime permission implementation
|
|
|
|
|
|
|
|
---
|
|
|
|
.../server/pm/permission/PermissionManagerService.java | 10 +++++-----
|
|
|
|
1 file changed, 5 insertions(+), 5 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
2023-01-06 03:18:57 -05:00
|
|
|
index 5be5d735598c..e7c141d3e5fd 100644
|
2022-06-02 23:03:16 -04:00
|
|
|
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
|
|
|
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
2022-06-03 15:14:35 -04:00
|
|
|
@@ -1881,7 +1881,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
2022-06-02 23:03:16 -04:00
|
|
|
// permission as requiring a review as this is the initial state.
|
|
|
|
final int uid = mPackageManagerInt.getPackageUid(packageName, 0, userId);
|
|
|
|
final int targetSdk = mPackageManagerInt.getUidTargetSdkVersion(uid);
|
|
|
|
- final int flags = (targetSdk < Build.VERSION_CODES.M && isRuntimePermission)
|
|
|
|
+ final int flags = (targetSdk < Build.VERSION_CODES.M && isRuntimePermission && !isSpecialRuntimePermission(permName))
|
|
|
|
? FLAG_PERMISSION_REVIEW_REQUIRED | FLAG_PERMISSION_REVOKED_COMPAT
|
|
|
|
: 0;
|
|
|
|
|
2023-01-06 03:18:57 -05:00
|
|
|
@@ -2765,7 +2765,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
2022-06-02 23:03:16 -04:00
|
|
|
FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT,
|
|
|
|
FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT);
|
|
|
|
}
|
|
|
|
- if (targetSdkVersion < Build.VERSION_CODES.M) {
|
|
|
|
+ if (targetSdkVersion < Build.VERSION_CODES.M && !isSpecialRuntimePermission(permissionName)) {
|
|
|
|
uidState.updatePermissionFlags(permission,
|
|
|
|
PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED
|
|
|
|
| PackageManager.FLAG_PERMISSION_REVOKED_COMPAT,
|
2023-01-06 03:18:57 -05:00
|
|
|
@@ -2855,7 +2855,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
2022-06-02 23:03:16 -04:00
|
|
|
// continue;
|
|
|
|
// }
|
|
|
|
|
|
|
|
- if (bp.isRuntimeOnly() && !appSupportsRuntimePermissions) {
|
|
|
|
+ if (bp.isRuntimeOnly() && !appSupportsRuntimePermissions && !isSpecialRuntimePermission(bp.getName())) {
|
|
|
|
if (DEBUG_PERMISSIONS) {
|
|
|
|
Log.i(TAG, "Denying runtime-only permission " + bp.getName()
|
|
|
|
+ " for package " + friendlyName);
|
2023-01-06 03:18:57 -05:00
|
|
|
@@ -2934,7 +2934,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
2022-06-02 23:03:16 -04:00
|
|
|
boolean restrictionApplied = (origState.getPermissionFlags(
|
|
|
|
bp.getName()) & FLAG_PERMISSION_APPLY_RESTRICTION) != 0;
|
|
|
|
|
|
|
|
- if (appSupportsRuntimePermissions) {
|
|
|
|
+ if (appSupportsRuntimePermissions || isSpecialRuntimePermission(bp.getName())) {
|
|
|
|
// If hard restricted we don't allow holding it
|
|
|
|
if (permissionPolicyInitialized && hardRestricted) {
|
|
|
|
if (!restrictionExempt) {
|
2023-01-06 03:18:57 -05:00
|
|
|
@@ -3018,7 +3018,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
2022-06-02 23:03:16 -04:00
|
|
|
if (restrictionApplied) {
|
|
|
|
flags &= ~FLAG_PERMISSION_APPLY_RESTRICTION;
|
|
|
|
// Dropping restriction on a legacy app implies a review
|
|
|
|
- if (!appSupportsRuntimePermissions) {
|
|
|
|
+ if (!appSupportsRuntimePermissions && !isSpecialRuntimePermission(bp.getName())) {
|
|
|
|
flags |= FLAG_PERMISSION_REVIEW_REQUIRED;
|
|
|
|
}
|
|
|
|
wasChanged = true;
|