mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-09-24 22:48:32 -04:00
Port the GrapheneOS NETWORK permission to 17.1 and 18.1
Some patches were ported from 12 to 10/11 Some patches from 11 were ported to 10 This 10/11 port should be very close to 12 BOUNS: 16.0 patches, disabled Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad
parent
f4fbe65756
commit
5e1521700f
39 changed files with 2098 additions and 2 deletions
|
|
@ -0,0 +1,102 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Fri, 21 Jul 2017 08:42:55 -0400
|
||||
Subject: [PATCH] support new special runtime permissions
|
||||
|
||||
These are treated as a runtime permission even for legacy apps. They
|
||||
need to be granted by default for all apps to maintain compatibility.
|
||||
---
|
||||
.../server/pm/PackageManagerService.java | 3 ++-
|
||||
.../permission/PermissionManagerService.java | 23 +++++++++++++++----
|
||||
2 files changed, 20 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
index edaa60f4b09e..834a6b0d5260 100644
|
||||
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
@@ -20162,7 +20162,8 @@ public class PackageManagerService extends IPackageManager.Stub
|
||||
}
|
||||
|
||||
// If this permission was granted by default, make sure it is.
|
||||
- if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0) {
|
||||
+ if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
|
||||
+ || PermissionManagerService.isSpecialRuntimePermission(bp.getName())) {
|
||||
mPermissionManager.grantRuntimePermission(permName, packageName, false,
|
||||
Process.SYSTEM_UID, userId, delayingPermCallback);
|
||||
// Allow app op later as we are holding mPackages
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index 82f963e1df2a..293bdc7ba197 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -984,6 +984,10 @@ public class PermissionManagerService {
|
||||
}
|
||||
}
|
||||
|
||||
+ public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
/**
|
||||
* Restore the permission state for a package.
|
||||
*
|
||||
@@ -1277,6 +1281,14 @@ public class PermissionManagerService {
|
||||
}
|
||||
}
|
||||
}
|
||||
+
|
||||
+ if (isSpecialRuntimePermission(bp.name) &&
|
||||
+ origPermissions.getRuntimePermissionState(bp.name, userId) == null) {
|
||||
+ if (permissionsState.grantRuntimePermission(bp, userId)
|
||||
+ != PERMISSION_OPERATION_FAILURE) {
|
||||
+ wasChanged = true;
|
||||
+ }
|
||||
+ }
|
||||
} else {
|
||||
if (permState == null) {
|
||||
// New permission
|
||||
@@ -1410,7 +1422,7 @@ public class PermissionManagerService {
|
||||
wasChanged = true;
|
||||
}
|
||||
}
|
||||
- } else {
|
||||
+ } else {
|
||||
if (!permissionsState.hasRuntimePermission(bp.name, userId)
|
||||
&& permissionsState.grantRuntimePermission(bp,
|
||||
userId) != PERMISSION_OPERATION_FAILURE) {
|
||||
@@ -2183,7 +2195,7 @@ public class PermissionManagerService {
|
||||
&& (grantedPermissions == null
|
||||
|| ArrayUtils.contains(grantedPermissions, permission))) {
|
||||
final int flags = permissionsState.getPermissionFlags(permission, userId);
|
||||
- if (supportsRuntimePermissions) {
|
||||
+ if (supportsRuntimePermissions || isSpecialRuntimePermission(bp.name)) {
|
||||
// Installer cannot change immutable permissions.
|
||||
if ((flags & immutableFlags) == 0) {
|
||||
grantRuntimePermission(permission, pkg.packageName, false, callingUid,
|
||||
@@ -2242,7 +2254,7 @@ public class PermissionManagerService {
|
||||
// to keep the review required permission flag per user while an
|
||||
// install permission's state is shared across all users.
|
||||
if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
- && bp.isRuntime()) {
|
||||
+ && bp.isRuntime() && !isSpecialRuntimePermission(bp.name)) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -2294,7 +2306,8 @@ public class PermissionManagerService {
|
||||
+ permName + " for package " + packageName);
|
||||
}
|
||||
|
||||
- if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) {
|
||||
+ if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
+ && !isSpecialRuntimePermission(permName)) {
|
||||
Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
|
||||
return;
|
||||
}
|
||||
@@ -2381,7 +2394,7 @@ public class PermissionManagerService {
|
||||
// to keep the review required permission flag per user while an
|
||||
// install permission's state is shared across all users.
|
||||
if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
- && bp.isRuntime()) {
|
||||
+ && bp.isRuntime() && !isSpecialRuntimePermission(permName)) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sun, 17 Mar 2019 11:59:15 -0400
|
||||
Subject: [PATCH] make INTERNET into a special runtime permission
|
||||
|
||||
---
|
||||
core/res/AndroidManifest.xml | 2 +-
|
||||
.../android/server/pm/permission/PermissionManagerService.java | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index 7bcd7a048db4..571099f059c8 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1539,7 +1539,7 @@
|
||||
<permission android:name="android.permission.INTERNET"
|
||||
android:description="@string/permdesc_createNetworkSockets"
|
||||
android:label="@string/permlab_createNetworkSockets"
|
||||
- android:protectionLevel="normal|instant" />
|
||||
+ android:protectionLevel="dangerous|instant" />
|
||||
|
||||
<!-- Allows applications to access information about networks.
|
||||
<p>Protection level: normal
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index 293bdc7ba197..3a71bc8d015b 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -985,7 +985,7 @@ public class PermissionManagerService {
|
||||
}
|
||||
|
||||
public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
- return false;
|
||||
+ return Manifest.permission.INTERNET.equals(permission);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Fri, 21 Jul 2017 11:23:07 -0400
|
||||
Subject: [PATCH] add a NETWORK permission group for INTERNET
|
||||
|
||||
---
|
||||
api/current.txt | 1 +
|
||||
core/res/AndroidManifest.xml | 8 ++++++++
|
||||
core/res/res/values/strings.xml | 5 +++++
|
||||
3 files changed, 14 insertions(+)
|
||||
|
||||
diff --git a/api/current.txt b/api/current.txt
|
||||
index cd78602d9cd9..b99634c11742 100644
|
||||
--- a/api/current.txt
|
||||
+++ b/api/current.txt
|
||||
@@ -176,6 +176,7 @@ package android {
|
||||
field public static final String CONTACTS = "android.permission-group.CONTACTS";
|
||||
field public static final String LOCATION = "android.permission-group.LOCATION";
|
||||
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
|
||||
+ field public static final String NETWORK = "android.permission-group.NETWORK";
|
||||
field public static final String PHONE = "android.permission-group.PHONE";
|
||||
field public static final String SENSORS = "android.permission-group.SENSORS";
|
||||
field public static final String SMS = "android.permission-group.SMS";
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index 571099f059c8..b51e4f21454b 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1533,10 +1533,18 @@
|
||||
<!-- ======================================= -->
|
||||
<eat-comment />
|
||||
|
||||
+ <!-- Network access -->
|
||||
+ <permission-group android:name="android.permission-group.NETWORK"
|
||||
+ android:icon="@drawable/perm_group_network"
|
||||
+ android:label="@string/permgrouplab_network"
|
||||
+ android:description="@string/permgroupdesc_network"
|
||||
+ android:priority="900" />
|
||||
+
|
||||
<!-- Allows applications to open network sockets.
|
||||
<p>Protection level: normal
|
||||
-->
|
||||
<permission android:name="android.permission.INTERNET"
|
||||
+ android:permissionGroup="android.permission-group.UNDEFINED"
|
||||
android:description="@string/permdesc_createNetworkSockets"
|
||||
android:label="@string/permlab_createNetworkSockets"
|
||||
android:protectionLevel="dangerous|instant" />
|
||||
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
||||
index e2afd1e1e0cc..2cf2b923ef90 100644
|
||||
--- a/core/res/res/values/strings.xml
|
||||
+++ b/core/res/res/values/strings.xml
|
||||
@@ -792,6 +792,11 @@
|
||||
<string name="permgrouprequest_sensors">Allow
|
||||
<b><xliff:g id="app_name" example="Gmail">%1$s</xliff:g></b> to access sensor data about your vital signs?</string>
|
||||
|
||||
+ <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgrouplab_network">Network</string>
|
||||
+ <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgroupdesc_network">access the network</string>
|
||||
+
|
||||
<!-- Title for the capability of an accessibility service to retrieve window content. -->
|
||||
<string name="capability_title_canRetrieveWindowContent">Retrieve window content</string>
|
||||
<!-- Description for the capability of an accessibility service to retrieve window content. -->
|
||||
|
|
@ -0,0 +1,111 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Zoraver Kang <zkang@wpi.edu>
|
||||
Date: Mon, 16 Sep 2019 16:41:30 -0400
|
||||
Subject: [PATCH] Enforce INTERNET as a runtime permission.
|
||||
|
||||
---
|
||||
.../connectivity/PermissionMonitor.java | 59 ++++++++++++-------
|
||||
1 file changed, 39 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/connectivity/PermissionMonitor.java b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
index 56f4959a9714..0b2012fa759a 100644
|
||||
--- a/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
+++ b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
@@ -29,6 +29,7 @@ import static android.os.Process.INVALID_UID;
|
||||
import static android.os.Process.SYSTEM_UID;
|
||||
|
||||
import android.annotation.NonNull;
|
||||
+import android.annotation.UserIdInt;
|
||||
import android.content.Context;
|
||||
import android.content.pm.ApplicationInfo;
|
||||
import android.content.pm.PackageInfo;
|
||||
@@ -55,6 +56,7 @@ import com.android.internal.util.ArrayUtils;
|
||||
import com.android.internal.util.IndentingPrintWriter;
|
||||
import com.android.server.LocalServices;
|
||||
import com.android.server.SystemConfig;
|
||||
+import com.android.server.pm.permission.PermissionManagerServiceInternal;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
@@ -80,6 +82,7 @@ public class PermissionMonitor {
|
||||
private static final int VERSION_Q = Build.VERSION_CODES.Q;
|
||||
|
||||
private final PackageManager mPackageManager;
|
||||
+ private final PackageManagerInternal mPackageManagerInternal;
|
||||
private final UserManager mUserManager;
|
||||
private final INetd mNetd;
|
||||
|
||||
@@ -104,26 +107,6 @@ public class PermissionMonitor {
|
||||
|
||||
private class PackageListObserver implements PackageManagerInternal.PackageListObserver {
|
||||
|
||||
- private int getPermissionForUid(int uid) {
|
||||
- int permission = 0;
|
||||
- // Check all the packages for this UID. The UID has the permission if any of the
|
||||
- // packages in it has the permission.
|
||||
- String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
- if (packages != null && packages.length > 0) {
|
||||
- for (String name : packages) {
|
||||
- final PackageInfo app = getPackageInfo(name);
|
||||
- if (app != null && app.requestedPermissions != null) {
|
||||
- permission |= getNetdPermissionMask(app.requestedPermissions,
|
||||
- app.requestedPermissionsFlags);
|
||||
- }
|
||||
- }
|
||||
- } else {
|
||||
- // The last package of this uid is removed from device. Clean the package up.
|
||||
- permission = INetd.PERMISSION_UNINSTALLED;
|
||||
- }
|
||||
- return permission;
|
||||
- }
|
||||
-
|
||||
@Override
|
||||
public void onPackageAdded(String packageName, int uid) {
|
||||
sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
|
||||
@@ -140,10 +123,46 @@ public class PermissionMonitor {
|
||||
}
|
||||
}
|
||||
|
||||
+ private int getPermissionForUid(int uid) {
|
||||
+ int permission = 0;
|
||||
+ // Check all the packages for this UID. The UID has the permission if any of the
|
||||
+ // packages in it has the permission.
|
||||
+ String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
+ if (packages != null && packages.length > 0) {
|
||||
+ for (String name : packages) {
|
||||
+ final PackageInfo app = getPackageInfo(name);
|
||||
+ if (app != null && app.requestedPermissions != null) {
|
||||
+ permission |= getNetdPermissionMask(app.requestedPermissions,
|
||||
+ app.requestedPermissionsFlags);
|
||||
+ }
|
||||
+ }
|
||||
+ } else {
|
||||
+ // The last package of this uid is removed from device. Clean the package up.
|
||||
+ permission = INetd.PERMISSION_UNINSTALLED;
|
||||
+ }
|
||||
+ return permission;
|
||||
+ }
|
||||
+
|
||||
+ // implements OnRuntimePermissionStateChangedListener
|
||||
+ private void enforceINTERNETAsRuntimePermission(@NonNull String packageName,
|
||||
+ @UserIdInt int userId) {
|
||||
+ // userId is _not_ uid
|
||||
+ int uid = mPackageManagerInternal.getPackageUid(packageName, 0, userId);
|
||||
+ sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
|
||||
+ }
|
||||
+
|
||||
public PermissionMonitor(Context context, INetd netd) {
|
||||
mPackageManager = context.getPackageManager();
|
||||
mUserManager = (UserManager) context.getSystemService(Context.USER_SERVICE);
|
||||
mNetd = netd;
|
||||
+
|
||||
+ mPackageManagerInternal = LocalServices.getService(
|
||||
+ PackageManagerInternal.class);
|
||||
+
|
||||
+ final PermissionManagerServiceInternal permManagerInternal = LocalServices.getService(
|
||||
+ PermissionManagerServiceInternal.class);
|
||||
+ permManagerInternal.addOnRuntimePermissionStateChangedListener(
|
||||
+ this::enforceINTERNETAsRuntimePermission);
|
||||
}
|
||||
|
||||
// Intended to be called only once at startup, after the system is ready. Installs a broadcast
|
||||
|
|
@ -0,0 +1,82 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: pratyush <codelab@pratyush.dev>
|
||||
Date: Sun, 25 Apr 2021 07:04:03 +0530
|
||||
Subject: [PATCH] fix INTERNET enforcement for secondary users
|
||||
|
||||
This code was not specifying the profile for the app so it wasn't
|
||||
working properly with INTERNET as a runtime permission.
|
||||
---
|
||||
.../connectivity/PermissionMonitor.java | 20 +++++++++----------
|
||||
1 file changed, 10 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/connectivity/PermissionMonitor.java b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
index 0b2012fa759a..827dd3a3493d 100644
|
||||
--- a/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
+++ b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
@@ -130,7 +130,8 @@ public class PermissionMonitor {
|
||||
String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
if (packages != null && packages.length > 0) {
|
||||
for (String name : packages) {
|
||||
- final PackageInfo app = getPackageInfo(name);
|
||||
+ int userId = UserHandle.getUserId(uid);
|
||||
+ final PackageInfo app = getPackageInfo(name, userId);
|
||||
if (app != null && app.requestedPermissions != null) {
|
||||
permission |= getNetdPermissionMask(app.requestedPermissions,
|
||||
app.requestedPermissionsFlags);
|
||||
@@ -147,7 +148,7 @@ public class PermissionMonitor {
|
||||
private void enforceINTERNETAsRuntimePermission(@NonNull String packageName,
|
||||
@UserIdInt int userId) {
|
||||
// userId is _not_ uid
|
||||
- int uid = mPackageManagerInternal.getPackageUid(packageName, 0, userId);
|
||||
+ int uid = mPackageManagerInternal.getPackageUidInternal( packageName, GET_PERMISSIONS, userId);
|
||||
sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
|
||||
}
|
||||
|
||||
@@ -363,12 +364,13 @@ public class PermissionMonitor {
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
- protected Boolean highestPermissionForUid(Boolean currentPermission, String name) {
|
||||
+ protected Boolean highestPermissionForUid(Boolean currentPermission, String name, int uid) {
|
||||
if (currentPermission == SYSTEM) {
|
||||
return currentPermission;
|
||||
}
|
||||
try {
|
||||
- final PackageInfo app = mPackageManager.getPackageInfo(name, GET_PERMISSIONS);
|
||||
+ final PackageInfo app = mPackageManager.getPackageInfoAsUser(name, GET_PERMISSIONS,
|
||||
+ UserHandle.getUserId(uid));
|
||||
final boolean isNetwork = hasNetworkPermission(app);
|
||||
final boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
|
||||
if (isNetwork || hasRestrictedPermission) {
|
||||
@@ -392,7 +394,7 @@ public class PermissionMonitor {
|
||||
public synchronized void onPackageAdded(String packageName, int uid) {
|
||||
// If multiple packages share a UID (cf: android:sharedUserId) and ask for different
|
||||
// permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
|
||||
- final Boolean permission = highestPermissionForUid(mApps.get(uid), packageName);
|
||||
+ final Boolean permission = highestPermissionForUid(mApps.get(uid), packageName, uid);
|
||||
if (permission != mApps.get(uid)) {
|
||||
mApps.put(uid, permission);
|
||||
|
||||
@@ -444,7 +446,7 @@ public class PermissionMonitor {
|
||||
String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
if (packages != null && packages.length > 0) {
|
||||
for (String name : packages) {
|
||||
- permission = highestPermissionForUid(permission, name);
|
||||
+ permission = highestPermissionForUid(permission, name, uid);
|
||||
if (permission == SYSTEM) {
|
||||
// An app with this UID still has the SYSTEM permission.
|
||||
// Therefore, this UID must already have the SYSTEM permission.
|
||||
@@ -484,11 +486,9 @@ public class PermissionMonitor {
|
||||
return permissions;
|
||||
}
|
||||
|
||||
- private PackageInfo getPackageInfo(String packageName) {
|
||||
+ private PackageInfo getPackageInfo(String packageName, int userId) {
|
||||
try {
|
||||
- PackageInfo app = mPackageManager.getPackageInfo(packageName, GET_PERMISSIONS
|
||||
- | MATCH_ANY_USER);
|
||||
- return app;
|
||||
+ return mPackageManager.getPackageInfoAsUser(packageName, GET_PERMISSIONS, userId);
|
||||
} catch (NameNotFoundException e) {
|
||||
return null;
|
||||
}
|
||||
|
|
@ -0,0 +1,125 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Pratyush <codelab@pratyush.dev>
|
||||
Date: Thu, 12 Aug 2021 03:44:41 +0530
|
||||
Subject: [PATCH] send uid for each user instead of just owner/admin user
|
||||
|
||||
---
|
||||
.../connectivity/PermissionMonitor.java | 83 +++++++++++--------
|
||||
1 file changed, 49 insertions(+), 34 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/connectivity/PermissionMonitor.java b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
index 827dd3a3493d..6fa9ea20a481 100644
|
||||
--- a/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
+++ b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
@@ -132,7 +132,7 @@ public class PermissionMonitor {
|
||||
for (String name : packages) {
|
||||
int userId = UserHandle.getUserId(uid);
|
||||
final PackageInfo app = getPackageInfo(name, userId);
|
||||
- if (app != null && app.requestedPermissions != null) {
|
||||
+ if (app != null && app.requestedPermissions != null && app.applicationInfo.uid == uid) {
|
||||
permission |= getNetdPermissionMask(app.requestedPermissions,
|
||||
app.requestedPermissionsFlags);
|
||||
}
|
||||
@@ -177,44 +177,45 @@ public class PermissionMonitor {
|
||||
} else {
|
||||
loge("failed to get the PackageManagerInternal service");
|
||||
}
|
||||
- List<PackageInfo> apps = mPackageManager.getInstalledPackages(GET_PERMISSIONS
|
||||
- | MATCH_ANY_USER);
|
||||
- if (apps == null) {
|
||||
- loge("No apps");
|
||||
- return;
|
||||
- }
|
||||
|
||||
SparseIntArray netdPermsUids = new SparseIntArray();
|
||||
|
||||
- for (PackageInfo app : apps) {
|
||||
- int uid = app.applicationInfo != null ? app.applicationInfo.uid : INVALID_UID;
|
||||
- if (uid < 0) {
|
||||
- continue;
|
||||
- }
|
||||
- mAllApps.add(UserHandle.getAppId(uid));
|
||||
-
|
||||
- boolean isNetwork = hasNetworkPermission(app);
|
||||
- boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
|
||||
-
|
||||
- if (isNetwork || hasRestrictedPermission) {
|
||||
- Boolean permission = mApps.get(uid);
|
||||
- // If multiple packages share a UID (cf: android:sharedUserId) and ask for different
|
||||
- // permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
|
||||
- if (permission == null || permission == NETWORK) {
|
||||
- mApps.put(uid, hasRestrictedPermission);
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- //TODO: unify the management of the permissions into one codepath.
|
||||
- int otherNetdPerms = getNetdPermissionMask(app.requestedPermissions,
|
||||
- app.requestedPermissionsFlags);
|
||||
- netdPermsUids.put(uid, netdPermsUids.get(uid) | otherNetdPerms);
|
||||
- }
|
||||
-
|
||||
List<UserInfo> users = mUserManager.getUsers(true); // exclude dying users
|
||||
if (users != null) {
|
||||
for (UserInfo user : users) {
|
||||
mUsers.add(user.id);
|
||||
+
|
||||
+ List<PackageInfo> apps = mPackageManager.getInstalledPackagesAsUser(GET_PERMISSIONS, user.id);
|
||||
+ if (apps == null) {
|
||||
+ loge("No apps");
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ for (PackageInfo app : apps) {
|
||||
+ int uid = app.applicationInfo != null ? app.applicationInfo.uid : INVALID_UID;
|
||||
+ if (uid < 0) {
|
||||
+ continue;
|
||||
+ }
|
||||
+ mAllApps.add(UserHandle.getAppId(uid));
|
||||
+
|
||||
+ boolean isNetwork = hasNetworkPermission(app);
|
||||
+ boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
|
||||
+
|
||||
+ if (isNetwork || hasRestrictedPermission) {
|
||||
+ Boolean permission = mApps.get(uid);
|
||||
+ // If multiple packages share a UID (cf: android:sharedUserId) and ask for different
|
||||
+ // permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
|
||||
+ if (permission == null || permission == NETWORK) {
|
||||
+ mApps.put(uid, hasRestrictedPermission);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ //TODO: unify the management of the permissions into one codepath.
|
||||
+ int otherNetdPerms = getNetdPermissionMask(app.requestedPermissions,
|
||||
+ app.requestedPermissionsFlags);
|
||||
+ netdPermsUids.put(uid, netdPermsUids.get(uid) | otherNetdPerms);
|
||||
+ }
|
||||
+
|
||||
}
|
||||
}
|
||||
|
||||
@@ -307,9 +308,23 @@ public class PermissionMonitor {
|
||||
List<Integer> network = new ArrayList<>();
|
||||
List<Integer> system = new ArrayList<>();
|
||||
for (Entry<Integer, Boolean> app : apps.entrySet()) {
|
||||
- List<Integer> list = app.getValue() ? system : network;
|
||||
for (int user : users) {
|
||||
- list.add(UserHandle.getUid(user, app.getKey()));
|
||||
+ int uid = UserHandle.getUid(user, UserHandle.getAppId(app.getKey()));
|
||||
+ if (uid < 0) continue;
|
||||
+ String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
+ if (packages == null) continue;
|
||||
+ for (String pkg : packages) {
|
||||
+ PackageInfo info = getPackageInfo(pkg, user);
|
||||
+ if (info != null && info.applicationInfo.uid == uid) {
|
||||
+ boolean isNetwork = hasNetworkPermission(info);
|
||||
+ boolean hasRestrictedPermission = hasRestrictedNetworkPermission(info);
|
||||
+
|
||||
+ if (isNetwork || hasRestrictedPermission) {
|
||||
+ List<Integer> list = hasRestrictedPermission ? system : network;
|
||||
+ list.add(UserHandle.getUid(user, app.getKey()));
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
}
|
||||
try {
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
|
||||
Date: Tue, 14 Dec 2021 18:17:11 +0200
|
||||
Subject: [PATCH] skip reportNetworkConnectivity() when permission is revoked
|
||||
|
||||
---
|
||||
core/java/android/net/ConnectivityManager.java | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/core/java/android/net/ConnectivityManager.java b/core/java/android/net/ConnectivityManager.java
|
||||
index 12102a140947..21661609ff72 100644
|
||||
--- a/core/java/android/net/ConnectivityManager.java
|
||||
+++ b/core/java/android/net/ConnectivityManager.java
|
||||
@@ -17,6 +17,7 @@ package android.net;
|
||||
|
||||
import static android.net.IpSecManager.INVALID_RESOURCE_ID;
|
||||
|
||||
+import android.Manifest;
|
||||
import android.annotation.CallbackExecutor;
|
||||
import android.annotation.IntDef;
|
||||
import android.annotation.NonNull;
|
||||
@@ -31,6 +32,7 @@ import android.annotation.UnsupportedAppUsage;
|
||||
import android.app.PendingIntent;
|
||||
import android.content.Context;
|
||||
import android.content.Intent;
|
||||
+import android.content.pm.PackageManager;
|
||||
import android.net.IpSecManager.UdpEncapsulationSocket;
|
||||
import android.net.SocketKeepalive.Callback;
|
||||
import android.os.Binder;
|
||||
@@ -3054,6 +3056,12 @@ public class ConnectivityManager {
|
||||
*/
|
||||
public void reportNetworkConnectivity(@Nullable Network network, boolean hasConnectivity) {
|
||||
printStackTrace();
|
||||
+ if (mContext.checkSelfPermission(Manifest.permission.INTERNET) != PackageManager.PERMISSION_GRANTED) {
|
||||
+ // ConnectivityService enforces this by throwing an unexpected SecurityException,
|
||||
+ // which puts GMS into a crash loop. Also useful for other apps that don't expect that
|
||||
+ // INTERNET permission might get revoked.
|
||||
+ return;
|
||||
+ }
|
||||
try {
|
||||
mService.reportNetworkConnectivity(network, hasConnectivity);
|
||||
} catch (RemoteException e) {
|
||||
Loading…
Add table
Add a link
Reference in a new issue