From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Sun, 23 Jul 2017 04:43:50 +0300 Subject: [PATCH] add special handling for INTERNET/OTHER_SENSORS 13: 6d4b86e01 --- .../data/HibernationSettingStateLiveData.kt | 3 ++- .../permission/model/AppPermissionGroup.java | 5 ++-- .../permission/model/Permission.java | 4 ++- .../service/AutoRevokePermissions.kt | 4 +-- .../permission/utils/KotlinUtils.kt | 3 +++ .../permission/utils/PermissionMapping.kt | 25 +++++++++++++++++++ 6 files changed, 38 insertions(+), 6 deletions(-) diff --git a/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt b/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt index 75d965d02..5d2d95916 100644 --- a/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt +++ b/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt @@ -35,6 +35,7 @@ import com.android.permissioncontroller.hibernation.isPackageHibernationExemptBy import com.android.permissioncontroller.permission.data.PackagePermissionsLiveData.Companion.NON_RUNTIME_NORMAL_PERMS import com.android.permissioncontroller.permission.model.livedatatypes.HibernationSettingState import com.android.permissioncontroller.permission.service.AUTO_REVOKE_EXEMPT_PERMISSIONS +import com.android.permissioncontroller.permission.utils.PermissionMapping.isSpecialRuntimePermissionGroup import kotlinx.coroutines.Job /** @@ -120,7 +121,7 @@ private constructor( permName in AUTO_REVOKE_EXEMPT_PERMISSIONS } ?: false - if (!default && !allExempt) { + if (!default && !allExempt && !isSpecialRuntimePermissionGroup(groupName)) { revocableGroups.add(groupName) } } diff --git a/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java b/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java index 3b2cc7ee0..75da346ed 100644 --- a/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java +++ b/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java @@ -26,6 +26,7 @@ import static android.app.AppOpsManager.OPSTR_LEGACY_STORAGE; import static android.content.pm.PackageManager.PERMISSION_GRANTED; import static android.health.connect.HealthPermissions.HEALTH_PERMISSION_GROUP; +import static com.android.permissioncontroller.permission.utils.PermissionMapping.isSpecialRuntimePermission; import static com.android.permissioncontroller.permission.utils.Utils.isHealthPermissionUiEnabled; import android.Manifest; @@ -948,7 +949,7 @@ public final class AppPermissionGroup implements Comparable permission.getName(), mPackageInfo.applicationInfo.targetSdkVersion); - if (mAppSupportsRuntimePermissions && !isPermissionSplitFromNonRuntime) { + if ((mAppSupportsRuntimePermissions && !isPermissionSplitFromNonRuntime) || isSpecialRuntimePermission(permission.getName())) { // Do not touch permissions fixed by the system. if (permission.isSystemFixed()) { wasAllGranted = false; @@ -1144,7 +1145,7 @@ public final class AppPermissionGroup implements Comparable permission.getName(), mPackageInfo.applicationInfo.targetSdkVersion); - if (mAppSupportsRuntimePermissions && !isPermissionSplitFromNonRuntime) { + if ((mAppSupportsRuntimePermissions && !isPermissionSplitFromNonRuntime) || isSpecialRuntimePermission(permission.getName())) { // Revoke the permission if needed. if (permission.isGranted()) { diff --git a/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java b/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java index 4daaeaec8..8962a0b81 100644 --- a/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java +++ b/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java @@ -24,6 +24,8 @@ import androidx.annotation.NonNull; import java.util.ArrayList; import java.util.Objects; +import static com.android.permissioncontroller.permission.utils.PermissionMapping.isSpecialRuntimePermission; + /** * A permission and it's properties. * @@ -137,7 +139,7 @@ public final class Permission { * @return {@code true} if the permission (and the app-op) is granted. */ public boolean isGrantedIncludingAppOp() { - return mGranted && (!affectsAppOp() || isAppOpAllowed()) && !isReviewRequired(); + return mGranted && (!affectsAppOp() || isAppOpAllowed()) && (!isReviewRequired() || isSpecialRuntimePermission(mName)); } public boolean isReviewRequired() { diff --git a/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt b/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt index 8e1721219..6690c9cd7 100644 --- a/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt +++ b/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt @@ -40,6 +40,7 @@ import com.android.permissioncontroller.permission.model.livedatatypes.LightAppP import com.android.permissioncontroller.permission.model.livedatatypes.LightPackageInfo import com.android.permissioncontroller.permission.utils.KotlinUtils import com.android.permissioncontroller.permission.utils.PermissionMapping +import com.android.permissioncontroller.permission.utils.PermissionMapping.isSpecialRuntimePermissionGroup import com.android.permissioncontroller.permission.utils.application import com.android.permissioncontroller.permission.utils.forEachInParallel import com.android.permissioncontroller.permission.utils.updatePermissionFlags @@ -139,8 +140,7 @@ suspend fun revokeAppPermissions( !group.isGrantedByDefault && !group.isGrantedByRole && !group.isRevokeWhenRequested && - group.isUserSensitive - ) { + group.isUserSensitive && !isSpecialRuntimePermissionGroup(groupName)) { revocableGroups.add(groupName) } } diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt b/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt index 16c6d5aa9..3ebec4fd4 100644 --- a/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt +++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt @@ -91,6 +91,7 @@ import com.android.permissioncontroller.permission.model.livedatatypes.LightPerm import com.android.permissioncontroller.permission.model.livedatatypes.PermState import com.android.permissioncontroller.permission.service.LocationAccessCheck import com.android.permissioncontroller.permission.ui.handheld.SettingsWithLargeHeader +import com.android.permissioncontroller.permission.utils.PermissionMapping.isSpecialRuntimePermission import com.android.safetycenter.resources.SafetyCenterResourcesApk import java.time.Duration import java.util.concurrent.atomic.AtomicReference @@ -954,6 +955,7 @@ object KotlinUtils { val user = UserHandle.getUserHandleForUid(pkgInfo.uid) val deviceId = group.deviceId val supportsRuntime = pkgInfo.targetSdkVersion >= Build.VERSION_CODES.M + || isSpecialRuntimePermission(perm.name) val isGrantingAllowed = (!pkgInfo.isInstantApp || perm.isInstantPerm) && (supportsRuntime || !perm.isRuntimeOnly) @@ -1285,6 +1287,7 @@ object KotlinUtils { val deviceId = group.deviceId var isGranted = perm.isGrantedIncludingAppOp val supportsRuntime = group.packageInfo.targetSdkVersion >= Build.VERSION_CODES.M + || isSpecialRuntimePermission(perm.name) var shouldKill = false val affectsAppOp = permissionToOp(perm.name) != null || perm.isBackgroundPermission diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt b/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt index 840a033c3..14ca4d36a 100644 --- a/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt +++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt @@ -64,6 +64,9 @@ object PermissionMapping { /** Mapping group -> permissions for all dangerous platform permissions */ private val PLATFORM_PERMISSION_GROUPS: MutableMap> = mutableMapOf() + private val SPECIAL_RUNTIME_PERMISSIONS: MutableMap = mutableMapOf() + private val SPECIAL_RUNTIME_PERMISSION_GROUPS: MutableMap> = mutableMapOf() + /** Set of groups that will be able to receive one-time grant */ private val ONE_TIME_PERMISSION_GROUPS: MutableSet = mutableSetOf() @@ -183,10 +186,22 @@ object PermissionMapping { Manifest.permission_group.SENSORS } + PLATFORM_PERMISSIONS[Manifest.permission.INTERNET] = Manifest.permission_group.NETWORK + PLATFORM_PERMISSIONS[Manifest.permission.OTHER_SENSORS] = Manifest.permission_group.OTHER_SENSORS + + SPECIAL_RUNTIME_PERMISSIONS[Manifest.permission.INTERNET] = + Manifest.permission_group.NETWORK + SPECIAL_RUNTIME_PERMISSIONS[Manifest.permission.OTHER_SENSORS] = + Manifest.permission_group.OTHER_SENSORS + for ((permission, permissionGroup) in PLATFORM_PERMISSIONS) { PLATFORM_PERMISSION_GROUPS.getOrPut(permissionGroup) { mutableListOf() }.add(permission) } + for ((permission, permissionGroup) in SPECIAL_RUNTIME_PERMISSIONS) { + SPECIAL_RUNTIME_PERMISSION_GROUPS.getOrPut(permissionGroup) { mutableListOf() }.add(permission) + } + ONE_TIME_PERMISSION_GROUPS.add(Manifest.permission_group.LOCATION) ONE_TIME_PERMISSION_GROUPS.add(Manifest.permission_group.CAMERA) ONE_TIME_PERMISSION_GROUPS.add(Manifest.permission_group.MICROPHONE) @@ -405,4 +420,14 @@ object PermissionMapping { return PERMISSION_GROUPS_TO_DATA_CATEGORIES.containsKey(permissionGroupName) } + + @JvmStatic + fun isSpecialRuntimePermission(permission: String): Boolean { + return SPECIAL_RUNTIME_PERMISSIONS.containsKey(permission) + } + + @JvmStatic + fun isSpecialRuntimePermissionGroup(permissionGroup: String): Boolean { + return SPECIAL_RUNTIME_PERMISSION_GROUPS.containsKey(permissionGroup) + } }