From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Tue, 31 May 2022 04:18:35 -0400 Subject: [PATCH] extend special runtime permission implementation --- .../server/pm/permission/PermissionManagerService.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java index e4653a899ddd..ff97a3b2e4a8 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java @@ -1881,7 +1881,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { // permission as requiring a review as this is the initial state. final int uid = mPackageManagerInt.getPackageUid(packageName, 0, userId); final int targetSdk = mPackageManagerInt.getUidTargetSdkVersion(uid); - final int flags = (targetSdk < Build.VERSION_CODES.M && isRuntimePermission) + final int flags = (targetSdk < Build.VERSION_CODES.M && isRuntimePermission && !isSpecialRuntimePermission(permName)) ? FLAG_PERMISSION_REVIEW_REQUIRED | FLAG_PERMISSION_REVOKED_COMPAT : 0; @@ -2765,7 +2765,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT, FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT); } - if (targetSdkVersion < Build.VERSION_CODES.M) { + if (targetSdkVersion < Build.VERSION_CODES.M && !isSpecialRuntimePermission(permissionName)) { uidState.updatePermissionFlags(permission, PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED | PackageManager.FLAG_PERMISSION_REVOKED_COMPAT, @@ -2855,7 +2855,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { // continue; // } - if (bp.isRuntimeOnly() && !appSupportsRuntimePermissions) { + if (bp.isRuntimeOnly() && !appSupportsRuntimePermissions && !isSpecialRuntimePermission(bp.getName())) { if (DEBUG_PERMISSIONS) { Log.i(TAG, "Denying runtime-only permission " + bp.getName() + " for package " + friendlyName); @@ -2960,7 +2960,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { boolean restrictionApplied = (origState.getPermissionFlags( bp.getName()) & FLAG_PERMISSION_APPLY_RESTRICTION) != 0; - if (appSupportsRuntimePermissions) { + if (appSupportsRuntimePermissions || isSpecialRuntimePermission(bp.getName())) { // If hard restricted we don't allow holding it if (permissionPolicyInitialized && hardRestricted) { if (!restrictionExempt) { @@ -3044,7 +3044,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { if (restrictionApplied) { flags &= ~FLAG_PERMISSION_APPLY_RESTRICTION; // Dropping restriction on a legacy app implies a review - if (!appSupportsRuntimePermissions) { + if (!appSupportsRuntimePermissions && !isSpecialRuntimePermission(bp.getName())) { flags |= FLAG_PERMISSION_REVIEW_REQUIRED; } wasChanged = true;