mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-08-02 11:26:21 -04:00
Port the GrapheneOS NETWORK permission to 17.1 and 18.1
Some patches were ported from 12 to 10/11 Some patches from 11 were ported to 10 This 10/11 port should be very close to 12 BOUNS: 16.0 patches, disabled Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad
parent
f4fbe65756
commit
5e1521700f
39 changed files with 2098 additions and 2 deletions
|
|
@ -0,0 +1,116 @@
|
|||
From 09632b10185b9133949a431e27089f72b5cfeefa Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Fri, 21 Jul 2017 08:42:55 -0400
|
||||
Subject: [PATCH] support new special runtime permissions
|
||||
|
||||
These are treated as a runtime permission even for legacy apps. They
|
||||
need to be granted by default for all apps to maintain compatibility.
|
||||
---
|
||||
.../server/pm/PackageManagerService.java | 3 +-
|
||||
.../permission/PermissionManagerService.java | 30 ++++++++++++++-----
|
||||
2 files changed, 25 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
index c414abac12a7..46f02259e741 100644
|
||||
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
@@ -19462,7 +19462,8 @@ private void resetUserChangesToRuntimePermissionsAndFlagsLPw(
|
||||
}
|
||||
|
||||
// If this permission was granted by default, make sure it is.
|
||||
- if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0) {
|
||||
+ if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
|
||||
+ || PermissionManagerService.isSpecialRuntimePermission(bp.getName())) {
|
||||
if (permissionsState.grantRuntimePermission(bp, userId)
|
||||
!= PERMISSION_OPERATION_FAILURE) {
|
||||
writeRuntimePermissions = true;
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index c51a72406b53..cb8facb31020 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -659,6 +659,10 @@ private void removeDynamicPermission(
|
||||
}
|
||||
}
|
||||
|
||||
+ public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
private void grantPermissions(PackageParser.Package pkg, boolean replace,
|
||||
String packageOfInterest, PermissionCallback callback) {
|
||||
// IMPORTANT: There are two types of permissions: install and runtime.
|
||||
@@ -767,7 +771,8 @@ private void grantPermissions(PackageParser.Package pkg, boolean replace,
|
||||
// their permissions as always granted runtime ones since we need
|
||||
// to keep the review required permission flag per user while an
|
||||
// install permission's state is shared across all users.
|
||||
- if (!appSupportsRuntimePermissions && !mSettings.mPermissionReviewRequired) {
|
||||
+ if (!appSupportsRuntimePermissions && !mSettings.mPermissionReviewRequired &&
|
||||
+ !isSpecialRuntimePermission(bp.getName())) {
|
||||
// For legacy apps dangerous permissions are install time ones.
|
||||
grant = GRANT_INSTALL;
|
||||
} else if (origPermissions.hasInstallPermission(bp.getName())) {
|
||||
@@ -877,7 +882,8 @@ private void grantPermissions(PackageParser.Package pkg, boolean replace,
|
||||
updatedUserIds, userId);
|
||||
}
|
||||
} else if (mSettings.mPermissionReviewRequired
|
||||
- && !appSupportsRuntimePermissions) {
|
||||
+ && !appSupportsRuntimePermissions
|
||||
+ && !isSpecialRuntimePermission(bp.getName())) {
|
||||
// For legacy apps that need a permission review, every new
|
||||
// runtime permission is granted but it is pending a review.
|
||||
// We also need to review only platform defined runtime
|
||||
@@ -898,7 +904,15 @@ private void grantPermissions(PackageParser.Package pkg, boolean replace,
|
||||
updatedUserIds = ArrayUtils.appendInt(
|
||||
updatedUserIds, userId);
|
||||
}
|
||||
- }
|
||||
+ } else if (isSpecialRuntimePermission(bp.name) &&
|
||||
+ origPermissions.getRuntimePermissionState(bp.name, userId) == null) {
|
||||
+ if (permissionsState.grantRuntimePermission(bp, userId)
|
||||
+ != PermissionsState.PERMISSION_OPERATION_FAILURE) {
|
||||
+ // We changed the permission, hence have to write.
|
||||
+ updatedUserIds = ArrayUtils.appendInt(
|
||||
+ updatedUserIds, userId);
|
||||
+ }
|
||||
+ }
|
||||
// Propagate the permission flags.
|
||||
permissionsState.updatePermissionFlags(bp, userId, flags, flags);
|
||||
}
|
||||
@@ -1350,7 +1364,7 @@ private void grantRequestedRuntimePermissionsForUser(PackageParser.Package pkg,
|
||||
&& (grantedPermissions == null
|
||||
|| ArrayUtils.contains(grantedPermissions, permission))) {
|
||||
final int flags = permissionsState.getPermissionFlags(permission, userId);
|
||||
- if (supportsRuntimePermissions) {
|
||||
+ if (supportsRuntimePermissions || isSpecialRuntimePermission(bp.name)) {
|
||||
// Installer cannot change immutable permissions.
|
||||
if ((flags & immutableFlags) == 0) {
|
||||
grantRuntimePermission(permission, pkg.packageName, false, callingUid,
|
||||
@@ -1409,7 +1423,7 @@ private void grantRuntimePermission(String permName, String packageName, boolean
|
||||
// install permission's state is shared across all users.
|
||||
if (mSettings.mPermissionReviewRequired
|
||||
&& pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
- && bp.isRuntime()) {
|
||||
+ && bp.isRuntime() && !isSpecialRuntimePermission(bp.name)) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -1445,7 +1459,8 @@ private void grantRuntimePermission(String permName, String packageName, boolean
|
||||
+ permName + " for package " + packageName);
|
||||
}
|
||||
|
||||
- if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) {
|
||||
+ if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
+ && !isSpecialRuntimePermission(permName)) {
|
||||
Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
|
||||
return;
|
||||
}
|
||||
@@ -1530,7 +1545,8 @@ private void revokeRuntimePermission(String permName, String packageName,
|
||||
// install permission's state is shared across all users.
|
||||
if (mSettings.mPermissionReviewRequired
|
||||
&& pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
- && bp.isRuntime()) {
|
||||
+ && bp.isRuntime()
|
||||
+ && !isSpecialRuntimePermission(permName)) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
From 2dd00723364fcf10e6c9e6c2e022e31524fda92d Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sun, 17 Mar 2019 11:59:15 -0400
|
||||
Subject: [PATCH] make INTERNET into a special runtime permission
|
||||
|
||||
---
|
||||
core/res/AndroidManifest.xml | 2 +-
|
||||
.../android/server/pm/permission/PermissionManagerService.java | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index d0ae9dbc55ae..d0449dfc4f57 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1348,7 +1348,7 @@
|
||||
<permission android:name="android.permission.INTERNET"
|
||||
android:description="@string/permdesc_createNetworkSockets"
|
||||
android:label="@string/permlab_createNetworkSockets"
|
||||
- android:protectionLevel="normal|instant" />
|
||||
+ android:protectionLevel="dangerous|instant" />
|
||||
|
||||
<!-- Allows applications to access information about networks.
|
||||
<p>Protection level: normal
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index cb8facb31020..9b11c8e0ffd7 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -660,7 +660,7 @@ private void removeDynamicPermission(
|
||||
}
|
||||
|
||||
public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
- return false;
|
||||
+ return Manifest.permission.INTERNET.equals(permission);
|
||||
}
|
||||
|
||||
private void grantPermissions(PackageParser.Package pkg, boolean replace,
|
||||
|
|
@ -0,0 +1,51 @@
|
|||
From 6ef61fd6f745b9709269d3612a3a4eea2250ebec Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Fri, 21 Jul 2017 11:23:07 -0400
|
||||
Subject: [PATCH] add a NETWORK permission group for INTERNET
|
||||
|
||||
---
|
||||
core/res/AndroidManifest.xml | 10 ++++++++++
|
||||
core/res/res/values/strings.xml | 5 +++++
|
||||
2 files changed, 15 insertions(+)
|
||||
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index d0449dfc4f57..822cf1166539 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1342,10 +1342,20 @@
|
||||
<!-- ======================================= -->
|
||||
<eat-comment />
|
||||
|
||||
+ <!-- Network access
|
||||
+ @hide
|
||||
+ -->
|
||||
+ <permission-group android:name="android.permission-group.NETWORK"
|
||||
+ android:icon="@drawable/perm_group_network"
|
||||
+ android:label="@string/permgrouplab_network"
|
||||
+ android:description="@string/permgroupdesc_network"
|
||||
+ android:priority="900" />
|
||||
+
|
||||
<!-- Allows applications to open network sockets.
|
||||
<p>Protection level: normal
|
||||
-->
|
||||
<permission android:name="android.permission.INTERNET"
|
||||
+ android:permissionGroup="android.permission-group.NETWORK"
|
||||
android:description="@string/permdesc_createNetworkSockets"
|
||||
android:label="@string/permlab_createNetworkSockets"
|
||||
android:protectionLevel="dangerous|instant" />
|
||||
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
||||
index f6600462ea74..a79fa8e95b6e 100644
|
||||
--- a/core/res/res/values/strings.xml
|
||||
+++ b/core/res/res/values/strings.xml
|
||||
@@ -747,6 +747,11 @@
|
||||
<string name="permgrouprequest_sensors">Allow
|
||||
<b><xliff:g id="app_name" example="Gmail">%1$s</xliff:g></b> to access sensor data about your vital signs?</string>
|
||||
|
||||
+ <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgrouplab_network">Network</string>
|
||||
+ <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgroupdesc_network">network access</string>
|
||||
+
|
||||
<!-- Title for the capability of an accessibility service to retrieve window content. -->
|
||||
<string name="capability_title_canRetrieveWindowContent">Retrieve window content</string>
|
||||
<!-- Description for the capability of an accessibility service to retrieve window content. -->
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
|
||||
Date: Tue, 14 Dec 2021 21:10:51 +0200
|
||||
Subject: [PATCH] don't throw SecurityException when INTERNET permission is
|
||||
revoked
|
||||
|
||||
---
|
||||
ojluni/src/main/java/java/net/Inet6AddressImpl.java | 10 +---------
|
||||
1 file changed, 1 insertion(+), 9 deletions(-)
|
||||
|
||||
diff --git a/ojluni/src/main/java/java/net/Inet6AddressImpl.java b/ojluni/src/main/java/java/net/Inet6AddressImpl.java
|
||||
index 1edfe344ce..2176973b44 100644
|
||||
--- a/ojluni/src/main/java/java/net/Inet6AddressImpl.java
|
||||
+++ b/ojluni/src/main/java/java/net/Inet6AddressImpl.java
|
||||
@@ -143,15 +143,7 @@ class Inet6AddressImpl implements InetAddressImpl {
|
||||
addressCache.put(host, netId, addresses);
|
||||
return addresses;
|
||||
} catch (GaiException gaiException) {
|
||||
- // If the failure appears to have been a lack of INTERNET permission, throw a clear
|
||||
- // SecurityException to aid in debugging this common mistake.
|
||||
- // http://code.google.com/p/android/issues/detail?id=15722
|
||||
- if (gaiException.getCause() instanceof ErrnoException) {
|
||||
- if (((ErrnoException) gaiException.getCause()).errno == EACCES) {
|
||||
- throw new SecurityException("Permission denied (missing INTERNET permission?)", gaiException);
|
||||
- }
|
||||
- }
|
||||
- // Otherwise, throw an UnknownHostException.
|
||||
+ // Throw an UnknownHostException.
|
||||
String detailMessage = "Unable to resolve host \"" + host + "\": " + Libcore.os.gai_strerror(gaiException.error);
|
||||
addressCache.putUnknownHost(host, netId, detailMessage);
|
||||
throw gaiException.rethrowAsUnknownHostException(detailMessage);
|
||||
|
|
@ -0,0 +1,48 @@
|
|||
From 880011e7af233249e1b70177daa3cd786574bc85 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sat, 22 Jul 2017 21:43:50 -0400
|
||||
Subject: [PATCH] always treat INTERNET as a runtime permission
|
||||
|
||||
---
|
||||
.../permission/model/AppPermissionGroup.java | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java b/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
|
||||
index aafce8df5..e6087de4c 100644
|
||||
--- a/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
|
||||
+++ b/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
|
||||
@@ -26,6 +26,7 @@
|
||||
import android.content.pm.PackageManager;
|
||||
import android.content.pm.PermissionGroupInfo;
|
||||
import android.content.pm.PermissionInfo;
|
||||
+import android.Manifest;
|
||||
import android.os.Build;
|
||||
import android.os.Process;
|
||||
import android.os.UserHandle;
|
||||
@@ -338,7 +339,7 @@ public boolean areRuntimePermissionsGranted(String[] filterPermissions) {
|
||||
&& !ArrayUtils.contains(filterPermissions, permission.getName())) {
|
||||
continue;
|
||||
}
|
||||
- if (mAppSupportsRuntimePermissions) {
|
||||
+ if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName())) {
|
||||
if (permission.isGranted()) {
|
||||
return true;
|
||||
}
|
||||
@@ -371,7 +372,7 @@ public boolean grantRuntimePermissions(boolean fixedByTheUser, String[] filterPe
|
||||
continue;
|
||||
}
|
||||
|
||||
- if (mAppSupportsRuntimePermissions) {
|
||||
+ if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName())) {
|
||||
// Do not touch permissions fixed by the system.
|
||||
if (permission.isSystemFixed()) {
|
||||
return false;
|
||||
@@ -473,7 +474,7 @@ public boolean revokeRuntimePermissions(boolean fixedByTheUser, String[] filterP
|
||||
continue;
|
||||
}
|
||||
|
||||
- if (mAppSupportsRuntimePermissions) {
|
||||
+ if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName())) {
|
||||
// Do not touch permissions fixed by the system.
|
||||
if (permission.isSystemFixed()) {
|
||||
return false;
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
From c3c6a3206c1753cac7a8db72e2f05ddcf4c66d99 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Fri, 21 Jul 2017 10:29:15 -0400
|
||||
Subject: [PATCH] add NETWORK permission group
|
||||
|
||||
---
|
||||
src/com/android/packageinstaller/permission/utils/Utils.java | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/com/android/packageinstaller/permission/utils/Utils.java b/src/com/android/packageinstaller/permission/utils/Utils.java
|
||||
index 85a102831..423b319ee 100644
|
||||
--- a/src/com/android/packageinstaller/permission/utils/Utils.java
|
||||
+++ b/src/com/android/packageinstaller/permission/utils/Utils.java
|
||||
@@ -51,7 +51,8 @@
|
||||
Manifest.permission_group.SMS,
|
||||
Manifest.permission_group.PHONE,
|
||||
Manifest.permission_group.MICROPHONE,
|
||||
- Manifest.permission_group.STORAGE
|
||||
+ Manifest.permission_group.STORAGE,
|
||||
+ Manifest.permission_group.NETWORK
|
||||
};
|
||||
|
||||
private static final Intent LAUNCHER_INTENT = new Intent(Intent.ACTION_MAIN, null)
|
||||
|
|
@ -26,7 +26,7 @@ Change-Id: Ibbffdb5f3930df74ca8b4ba93d451f7fad086989
|
|||
create mode 100644 src/com/android/settings/network/CaptivePortalWarningDialogHost.java
|
||||
|
||||
diff --git a/res/values-de/cm_strings.xml b/res/values-de/cm_strings.xml
|
||||
index 53dca0e6e7..dee07db2b4 100644
|
||||
index e78bbea120..54e2864c9a 100644
|
||||
--- a/res/values-de/cm_strings.xml
|
||||
+++ b/res/values-de/cm_strings.xml
|
||||
@@ -308,4 +308,7 @@
|
||||
|
|
|
|||
|
|
@ -0,0 +1,21 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sun, 6 Aug 2017 08:19:36 -0400
|
||||
Subject: [PATCH] remove legacy NETWORK permission group reference
|
||||
|
||||
---
|
||||
AndroidManifest.xml | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
|
||||
index 302a58e5..65f38e86 100644
|
||||
--- a/AndroidManifest.xml
|
||||
+++ b/AndroidManifest.xml
|
||||
@@ -29,7 +29,6 @@
|
||||
|
||||
<!-- Allows to queue downloads without a notification shown while the download runs. -->
|
||||
<permission android:name="android.permission.DOWNLOAD_WITHOUT_NOTIFICATION"
|
||||
- android:permissionGroup="android.permission-group.NETWORK"
|
||||
android:label="@string/permlab_downloadWithoutNotification"
|
||||
android:description="@string/permdesc_downloadWithoutNotification"
|
||||
android:protectionLevel="normal"/>
|
||||
Loading…
Add table
Add a link
Reference in a new issue