From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Fri, 21 Jul 2017 08:42:55 -0400
Subject: [PATCH] support new special runtime permissions

These are treated as a runtime permission even for legacy apps. They
need to be granted by default for all apps to maintain compatibility.
---
 .../server/pm/PackageManagerService.java      |  3 ++-
 .../permission/PermissionManagerService.java  | 23 +++++++++++++++----
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 068cb345d463..94807b48eee9 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -20211,7 +20211,8 @@ public class PackageManagerService extends IPackageManager.Stub
             }
 
             // If this permission was granted by default, make sure it is.
-            if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0) {
+            if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
+                    || PermissionManagerService.isSpecialRuntimePermission(bp.getName())) {
                 mPermissionManager.grantRuntimePermission(permName, packageName, false,
                         Process.SYSTEM_UID, userId, delayingPermCallback);
                 // Allow app op later as we are holding mPackages
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index ae10b28cd8bb..4c6c1842d93e 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -1023,6 +1023,10 @@ public class PermissionManagerService {
         }
     }
 
+    public static boolean isSpecialRuntimePermission(final String permission) {
+        return false;
+    }
+
     /**
      * Restore the permission state for a package.
      *
@@ -1322,6 +1326,14 @@ public class PermissionManagerService {
                                             }
                                         }
                                     }
+
+                                    if (isSpecialRuntimePermission(bp.name) &&
+                                            origPermissions.getRuntimePermissionState(bp.name, userId) == null) {
+                                        if (permissionsState.grantRuntimePermission(bp, userId)
+                                                != PERMISSION_OPERATION_FAILURE) {
+                                            wasChanged = true;
+                                        }
+                                    }
                                 } else {
                                     if (permState == null) {
                                         // New permission
@@ -1455,7 +1467,7 @@ public class PermissionManagerService {
                                              wasChanged = true;
                                         }
                                     }
-                                } else {
+				} else {
                                     if (!permissionsState.hasRuntimePermission(bp.name, userId)
                                             && permissionsState.grantRuntimePermission(bp,
                                                     userId) != PERMISSION_OPERATION_FAILURE) {
@@ -2233,7 +2245,7 @@ public class PermissionManagerService {
                     && (grantedPermissions == null
                            || ArrayUtils.contains(grantedPermissions, permission))) {
                 final int flags = permissionsState.getPermissionFlags(permission, userId);
-                if (supportsRuntimePermissions) {
+                if (supportsRuntimePermissions || isSpecialRuntimePermission(bp.name)) {
                     // Installer cannot change immutable permissions.
                     if ((flags & immutableFlags) == 0) {
                         grantRuntimePermission(permission, pkg.packageName, false, callingUid,
@@ -2292,7 +2304,7 @@ public class PermissionManagerService {
         // to keep the review required permission flag per user while an
         // install permission's state is shared across all users.
         if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
-                && bp.isRuntime()) {
+                && bp.isRuntime() && !isSpecialRuntimePermission(bp.name)) {
             return;
         }
 
@@ -2344,7 +2356,8 @@ public class PermissionManagerService {
                     + permName + " for package " + packageName);
         }
 
-        if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) {
+        if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
+                && !isSpecialRuntimePermission(permName)) {
             Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
             return;
         }
@@ -2431,7 +2444,7 @@ public class PermissionManagerService {
         // to keep the review required permission flag per user while an
         // install permission's state is shared across all users.
         if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
-                && bp.isRuntime()) {
+                && bp.isRuntime() && !isSpecialRuntimePermission(permName)) {
             return;
         }