From 790eeebc908d4a3025e615a2ba1acbf1d135b80b Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Sat, 25 Mar 2023 20:35:40 -0400
Subject: [PATCH] 14/15 extra March patch

Signed-off-by: Tad <tad@spotco.us>
---
 .../android_frameworks_base/352086.patch      | 34 +++++++++++++++++++
 .../android_frameworks_base/352086.patch      | 34 +++++++++++++++++++
 Scripts/LineageOS-14.1/Patch.sh               |  1 +
 Scripts/LineageOS-15.1/Patch.sh               |  1 +
 4 files changed, 70 insertions(+)
 create mode 100644 Patches/LineageOS-14.1/android_frameworks_base/352086.patch
 create mode 100644 Patches/LineageOS-15.1/android_frameworks_base/352086.patch

diff --git a/Patches/LineageOS-14.1/android_frameworks_base/352086.patch b/Patches/LineageOS-14.1/android_frameworks_base/352086.patch
new file mode 100644
index 00000000..6454bd02
--- /dev/null
+++ b/Patches/LineageOS-14.1/android_frameworks_base/352086.patch
@@ -0,0 +1,34 @@
+From 5d17459a966adff163bad35c2bd07168767110dc Mon Sep 17 00:00:00 2001
+From: Nate Myren <ntmyren@google.com>
+Date: Fri, 2 Dec 2022 09:44:31 -0800
+Subject: [PATCH] RESTRICT AUTOMERGE Revoke dev perm if app is upgrading to
+ post 23 and perm has pre23 flag
+
+If a permission has the "pre23" flag, and an app is upgrading past api
+23, then we should not assume that a "development" permission remains
+granted
+
+Fixes: 259458532
+Test: atest RevokeSawPermissionTest
+Change-Id: I214396f455c5ed9e8bac2e50b1525b86475c81c7
+(cherry picked from commit 2f30a63b11e59f9daf42f51eb85aa91c86f4baf4)
+Merged-In: I214396f455c5ed9e8bac2e50b1525b86475c81c7
+---
+ .../java/com/android/server/pm/PackageManagerService.java     | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
+index 915c40e5400e8..ebacb3c2c8950 100644
+--- a/services/core/java/com/android/server/pm/PackageManagerService.java
++++ b/services/core/java/com/android/server/pm/PackageManagerService.java
+@@ -10573,8 +10573,8 @@ && isSystemApp(pkg)) {
+                 // Any pre-installed system app is allowed to get this permission.
+                 allowed = true;
+             }
+-            if (!allowed && (bp.protectionLevel
+-                    & PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) != 0) {
++            if (!allowed && (bp.protectionLevel & PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) != 0
++                && (bp.protectionLevel & PermissionInfo.PROTECTION_FLAG_PRE23) == 0) {
+                 // For development permissions, a development permission
+                 // is granted only if it was already granted.
+                 allowed = origPermissions.hasInstallPermission(perm);
diff --git a/Patches/LineageOS-15.1/android_frameworks_base/352086.patch b/Patches/LineageOS-15.1/android_frameworks_base/352086.patch
new file mode 100644
index 00000000..6454bd02
--- /dev/null
+++ b/Patches/LineageOS-15.1/android_frameworks_base/352086.patch
@@ -0,0 +1,34 @@
+From 5d17459a966adff163bad35c2bd07168767110dc Mon Sep 17 00:00:00 2001
+From: Nate Myren <ntmyren@google.com>
+Date: Fri, 2 Dec 2022 09:44:31 -0800
+Subject: [PATCH] RESTRICT AUTOMERGE Revoke dev perm if app is upgrading to
+ post 23 and perm has pre23 flag
+
+If a permission has the "pre23" flag, and an app is upgrading past api
+23, then we should not assume that a "development" permission remains
+granted
+
+Fixes: 259458532
+Test: atest RevokeSawPermissionTest
+Change-Id: I214396f455c5ed9e8bac2e50b1525b86475c81c7
+(cherry picked from commit 2f30a63b11e59f9daf42f51eb85aa91c86f4baf4)
+Merged-In: I214396f455c5ed9e8bac2e50b1525b86475c81c7
+---
+ .../java/com/android/server/pm/PackageManagerService.java     | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
+index 915c40e5400e8..ebacb3c2c8950 100644
+--- a/services/core/java/com/android/server/pm/PackageManagerService.java
++++ b/services/core/java/com/android/server/pm/PackageManagerService.java
+@@ -10573,8 +10573,8 @@ && isSystemApp(pkg)) {
+                 // Any pre-installed system app is allowed to get this permission.
+                 allowed = true;
+             }
+-            if (!allowed && (bp.protectionLevel
+-                    & PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) != 0) {
++            if (!allowed && (bp.protectionLevel & PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) != 0
++                && (bp.protectionLevel & PermissionInfo.PROTECTION_FLAG_PRE23) == 0) {
+                 // For development permissions, a development permission
+                 // is granted only if it was already granted.
+                 allowed = origPermissions.hasInstallPermission(perm);
diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh
index 42266a9c..f14de717 100644
--- a/Scripts/LineageOS-14.1/Patch.sh
+++ b/Scripts/LineageOS-14.1/Patch.sh
@@ -182,6 +182,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/346950.patch"; #n-asb-2023-01 T
 applyPatch "$DOS_PATCHES/android_frameworks_base/346951.patch"; #n-asb-2023-01 Fix conditionId string trimming in AutomaticZenRule
 applyPatch "$DOS_PATCHES/android_frameworks_base/348650.patch"; #n-asb-2023-02 Correct the behavior of ACTION_PACKAGE_DATA_CLEARED
 applyPatch "$DOS_PATCHES/android_frameworks_base/348651.patch"; #n-asb-2023-02 Convert argument to intent in ChooseTypeAndAccountActivity
+applyPatch "$DOS_PATCHES/android_frameworks_base/352086.patch"; #n-asb-2023-03 Revoke dev perm if app is upgrading to post 23 and perm has pre23 flag
 git revert --no-edit 0326bb5e41219cf502727c3aa44ebf2daa19a5b3; #Re-enable doze on devices without gms
 applyPatch "$DOS_PATCHES/android_frameworks_base/248599.patch"; #Make SET_TIME_ZONE permission match SET_TIME (AOSP)
 applyPatch "$DOS_PATCHES/android_frameworks_base/0001-Reduced_Resolution.patch"; #Allow reducing resolution to save power TODO: Add 800x480 (DivestOS)
diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh
index b9880a01..cc6e99bb 100644
--- a/Scripts/LineageOS-15.1/Patch.sh
+++ b/Scripts/LineageOS-15.1/Patch.sh
@@ -173,6 +173,7 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/347049-backport.patch"; #P_asb_
 applyPatch "$DOS_PATCHES/android_frameworks_base/347051-backport.patch"; #P_asb_2023-01 Add protections agains use-after-free issues if cancel() or queue() is called after a device connection has been closed.
 applyPatch "$DOS_PATCHES/android_frameworks_base/349330.patch"; #P_asb_2023-02 Correct the behavior of ACTION_PACKAGE_DATA_CLEARED
 applyPatch "$DOS_PATCHES/android_frameworks_base/349331.patch"; #P_asb_2023-02 Convert argument to intent in ChooseTypeAndAccountActivity
+applyPatch "$DOS_PATCHES/android_frameworks_base/352086.patch"; #n-asb-2023-03 Revoke dev perm if app is upgrading to post 23 and perm has pre23 flag
 applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
 applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
 applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)