mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-20 21:34:24 -05:00
Enable the NETWORK permission patchset for 16.0 too
Likely has issues with secondary users. As in the permission affects all copies of the same app. Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
bbdfcdc2a2
commit
0d59c18c85
@ -1,4 +1,4 @@
|
||||
From 09632b10185b9133949a431e27089f72b5cfeefa Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Fri, 21 Jul 2017 08:42:55 -0400
|
||||
Subject: [PATCH] support new special runtime permissions
|
||||
@ -11,10 +11,10 @@ need to be granted by default for all apps to maintain compatibility.
|
||||
2 files changed, 25 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
index c414abac12a7..46f02259e741 100644
|
||||
index dc44fe17722d..e9fd656478dc 100644
|
||||
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
@@ -19462,7 +19462,8 @@ private void resetUserChangesToRuntimePermissionsAndFlagsLPw(
|
||||
@@ -19704,7 +19704,8 @@ public class PackageManagerService extends IPackageManager.Stub
|
||||
}
|
||||
|
||||
// If this permission was granted by default, make sure it is.
|
||||
@ -25,10 +25,10 @@ index c414abac12a7..46f02259e741 100644
|
||||
!= PERMISSION_OPERATION_FAILURE) {
|
||||
writeRuntimePermissions = true;
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index c51a72406b53..cb8facb31020 100644
|
||||
index 79b2636481b3..9f1fe8a6414a 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -659,6 +659,10 @@ private void removeDynamicPermission(
|
||||
@@ -730,6 +730,10 @@ public class PermissionManagerService {
|
||||
}
|
||||
}
|
||||
|
||||
@ -39,7 +39,7 @@ index c51a72406b53..cb8facb31020 100644
|
||||
private void grantPermissions(PackageParser.Package pkg, boolean replace,
|
||||
String packageOfInterest, PermissionCallback callback) {
|
||||
// IMPORTANT: There are two types of permissions: install and runtime.
|
||||
@@ -767,7 +771,8 @@ private void grantPermissions(PackageParser.Package pkg, boolean replace,
|
||||
@@ -838,7 +842,8 @@ public class PermissionManagerService {
|
||||
// their permissions as always granted runtime ones since we need
|
||||
// to keep the review required permission flag per user while an
|
||||
// install permission's state is shared across all users.
|
||||
@ -49,7 +49,7 @@ index c51a72406b53..cb8facb31020 100644
|
||||
// For legacy apps dangerous permissions are install time ones.
|
||||
grant = GRANT_INSTALL;
|
||||
} else if (origPermissions.hasInstallPermission(bp.getName())) {
|
||||
@@ -877,7 +882,8 @@ private void grantPermissions(PackageParser.Package pkg, boolean replace,
|
||||
@@ -948,7 +953,8 @@ public class PermissionManagerService {
|
||||
updatedUserIds, userId);
|
||||
}
|
||||
} else if (mSettings.mPermissionReviewRequired
|
||||
@ -59,7 +59,7 @@ index c51a72406b53..cb8facb31020 100644
|
||||
// For legacy apps that need a permission review, every new
|
||||
// runtime permission is granted but it is pending a review.
|
||||
// We also need to review only platform defined runtime
|
||||
@@ -898,7 +904,15 @@ private void grantPermissions(PackageParser.Package pkg, boolean replace,
|
||||
@@ -969,7 +975,15 @@ public class PermissionManagerService {
|
||||
updatedUserIds = ArrayUtils.appendInt(
|
||||
updatedUserIds, userId);
|
||||
}
|
||||
@ -76,7 +76,7 @@ index c51a72406b53..cb8facb31020 100644
|
||||
// Propagate the permission flags.
|
||||
permissionsState.updatePermissionFlags(bp, userId, flags, flags);
|
||||
}
|
||||
@@ -1350,7 +1364,7 @@ private void grantRequestedRuntimePermissionsForUser(PackageParser.Package pkg,
|
||||
@@ -1421,7 +1435,7 @@ public class PermissionManagerService {
|
||||
&& (grantedPermissions == null
|
||||
|| ArrayUtils.contains(grantedPermissions, permission))) {
|
||||
final int flags = permissionsState.getPermissionFlags(permission, userId);
|
||||
@ -85,7 +85,7 @@ index c51a72406b53..cb8facb31020 100644
|
||||
// Installer cannot change immutable permissions.
|
||||
if ((flags & immutableFlags) == 0) {
|
||||
grantRuntimePermission(permission, pkg.packageName, false, callingUid,
|
||||
@@ -1409,7 +1423,7 @@ private void grantRuntimePermission(String permName, String packageName, boolean
|
||||
@@ -1480,7 +1494,7 @@ public class PermissionManagerService {
|
||||
// install permission's state is shared across all users.
|
||||
if (mSettings.mPermissionReviewRequired
|
||||
&& pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
@ -94,7 +94,7 @@ index c51a72406b53..cb8facb31020 100644
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -1445,7 +1459,8 @@ private void grantRuntimePermission(String permName, String packageName, boolean
|
||||
@@ -1516,7 +1530,8 @@ public class PermissionManagerService {
|
||||
+ permName + " for package " + packageName);
|
||||
}
|
||||
|
||||
@ -104,7 +104,7 @@ index c51a72406b53..cb8facb31020 100644
|
||||
Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
|
||||
return;
|
||||
}
|
||||
@@ -1530,7 +1545,8 @@ private void revokeRuntimePermission(String permName, String packageName,
|
||||
@@ -1601,7 +1616,8 @@ public class PermissionManagerService {
|
||||
// install permission's state is shared across all users.
|
||||
if (mSettings.mPermissionReviewRequired
|
||||
&& pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 2dd00723364fcf10e6c9e6c2e022e31524fda92d Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sun, 17 Mar 2019 11:59:15 -0400
|
||||
Subject: [PATCH] make INTERNET into a special runtime permission
|
||||
@ -9,10 +9,10 @@ Subject: [PATCH] make INTERNET into a special runtime permission
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index d0ae9dbc55ae..d0449dfc4f57 100644
|
||||
index af1a6fa9e3c5..873162098247 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1348,7 +1348,7 @@
|
||||
@@ -1361,7 +1361,7 @@
|
||||
<permission android:name="android.permission.INTERNET"
|
||||
android:description="@string/permdesc_createNetworkSockets"
|
||||
android:label="@string/permlab_createNetworkSockets"
|
||||
@ -22,10 +22,10 @@ index d0ae9dbc55ae..d0449dfc4f57 100644
|
||||
<!-- Allows applications to access information about networks.
|
||||
<p>Protection level: normal
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index cb8facb31020..9b11c8e0ffd7 100644
|
||||
index 9f1fe8a6414a..f16f671a51dd 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -660,7 +660,7 @@ private void removeDynamicPermission(
|
||||
@@ -731,7 +731,7 @@ public class PermissionManagerService {
|
||||
}
|
||||
|
||||
public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 6ef61fd6f745b9709269d3612a3a4eea2250ebec Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Fri, 21 Jul 2017 11:23:07 -0400
|
||||
Subject: [PATCH] add a NETWORK permission group for INTERNET
|
||||
@ -9,10 +9,10 @@ Subject: [PATCH] add a NETWORK permission group for INTERNET
|
||||
2 files changed, 15 insertions(+)
|
||||
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index d0449dfc4f57..822cf1166539 100644
|
||||
index 873162098247..8efe5474dfea 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1342,10 +1342,20 @@
|
||||
@@ -1355,10 +1355,20 @@
|
||||
<!-- ======================================= -->
|
||||
<eat-comment />
|
||||
|
||||
@ -34,7 +34,7 @@ index d0449dfc4f57..822cf1166539 100644
|
||||
android:label="@string/permlab_createNetworkSockets"
|
||||
android:protectionLevel="dangerous|instant" />
|
||||
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
||||
index f6600462ea74..a79fa8e95b6e 100644
|
||||
index 29af7d71914f..fd30d719b996 100644
|
||||
--- a/core/res/res/values/strings.xml
|
||||
+++ b/core/res/res/values/strings.xml
|
||||
@@ -747,6 +747,11 @@
|
||||
|
@ -1,4 +1,4 @@
|
||||
From 880011e7af233249e1b70177daa3cd786574bc85 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sat, 22 Jul 2017 21:43:50 -0400
|
||||
Subject: [PATCH] always treat INTERNET as a runtime permission
|
||||
@ -11,7 +11,7 @@ diff --git a/src/com/android/packageinstaller/permission/model/AppPermissionGrou
|
||||
index aafce8df5..e6087de4c 100644
|
||||
--- a/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
|
||||
+++ b/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
|
||||
@@ -26,6 +26,7 @@
|
||||
@@ -26,6 +26,7 @@ import android.content.pm.PackageItemInfo;
|
||||
import android.content.pm.PackageManager;
|
||||
import android.content.pm.PermissionGroupInfo;
|
||||
import android.content.pm.PermissionInfo;
|
||||
@ -19,7 +19,7 @@ index aafce8df5..e6087de4c 100644
|
||||
import android.os.Build;
|
||||
import android.os.Process;
|
||||
import android.os.UserHandle;
|
||||
@@ -338,7 +339,7 @@ public boolean areRuntimePermissionsGranted(String[] filterPermissions) {
|
||||
@@ -338,7 +339,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
|
||||
&& !ArrayUtils.contains(filterPermissions, permission.getName())) {
|
||||
continue;
|
||||
}
|
||||
@ -28,7 +28,7 @@ index aafce8df5..e6087de4c 100644
|
||||
if (permission.isGranted()) {
|
||||
return true;
|
||||
}
|
||||
@@ -371,7 +372,7 @@ public boolean grantRuntimePermissions(boolean fixedByTheUser, String[] filterPe
|
||||
@@ -371,7 +372,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -37,7 +37,7 @@ index aafce8df5..e6087de4c 100644
|
||||
// Do not touch permissions fixed by the system.
|
||||
if (permission.isSystemFixed()) {
|
||||
return false;
|
||||
@@ -473,7 +474,7 @@ public boolean revokeRuntimePermissions(boolean fixedByTheUser, String[] filterP
|
||||
@@ -473,7 +474,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
|
||||
continue;
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
From c3c6a3206c1753cac7a8db72e2f05ddcf4c66d99 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Fri, 21 Jul 2017 10:29:15 -0400
|
||||
Subject: [PATCH] add NETWORK permission group
|
||||
@ -11,7 +11,7 @@ diff --git a/src/com/android/packageinstaller/permission/utils/Utils.java b/src/
|
||||
index 85a102831..423b319ee 100644
|
||||
--- a/src/com/android/packageinstaller/permission/utils/Utils.java
|
||||
+++ b/src/com/android/packageinstaller/permission/utils/Utils.java
|
||||
@@ -51,7 +51,8 @@
|
||||
@@ -51,7 +51,8 @@ public final class Utils {
|
||||
Manifest.permission_group.SMS,
|
||||
Manifest.permission_group.PHONE,
|
||||
Manifest.permission_group.MICROPHONE,
|
||||
|
@ -8,7 +8,7 @@ Subject: [PATCH] remove legacy NETWORK permission group reference
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
|
||||
index 302a58e5..65f38e86 100644
|
||||
index 067bc937..930a3b6f 100644
|
||||
--- a/AndroidManifest.xml
|
||||
+++ b/AndroidManifest.xml
|
||||
@@ -29,7 +29,6 @@
|
||||
|
@ -117,6 +117,11 @@ applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0005-User_Logout.patch"; #Allow user logout (GrapheneOS)
|
||||
if [ "$DOS_SENSORS_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0011-Sensors.patch"; fi; #Permission for sensors access (MSe1969)
|
||||
#applyPatch "$DOS_PATCHES/android_frameworks_base/0012-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS)
|
||||
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-1.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-2.patch";
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-3.patch";
|
||||
fi;
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0002-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
|
||||
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service
|
||||
@ -183,6 +188,10 @@ if enterAndClear "hardware/qcom/display-caf/msm8998"; then
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8998.patch";
|
||||
fi;
|
||||
|
||||
if enterAndClear "libcore"; then
|
||||
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_libcore/0001-Network_Permission.patch"; fi; #Expose the NETWORK permission (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "lineage-sdk"; then
|
||||
awk -i inplace '!/LineageWeatherManagerService/' lineage/res/res/values/config.xml; #Disable Weather
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_AUDIOFX" = true ]; then awk -i inplace '!/LineageAudioService/' lineage/res/res/values/config.xml; fi; #Remove AudioFX
|
||||
@ -201,6 +210,13 @@ rm -rf src/org/lineageos/lineageparts/lineagestats/ res/xml/anonymous_stats.xml
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_LineageParts/0001-Remove_Analytics.patch"; #Remove analytics
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/PackageInstaller"; then
|
||||
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PackageInstaller/0001-Network_Permission-1.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PackageInstaller/0001-Network_Permission-2.patch";
|
||||
fi;
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/Settings"; then
|
||||
git revert --no-edit c240992b4c86c7f226290807a2f41f2619e7e5e8; #Don't hide OEM unlock
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
|
||||
@ -234,6 +250,10 @@ applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0001-Voic
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0002-Disable_Personalization.patch"; #Disable personalization dictionary by default (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/providers/DownloadProvider"; then
|
||||
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; fi; #Expose the NETWORK permission (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/services/Telephony"; then
|
||||
git revert --no-edit 99564aaf0417c9ddf7d6aeb10d326e5b24fa8f55;
|
||||
applyPatch "$DOS_PATCHES/android_packages_services_Telephony/0001-PREREQ_Handle_All_Modes.patch";
|
||||
|
Loading…
Reference in New Issue
Block a user