From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Fri, 21 Jul 2017 08:42:55 -0400 Subject: [PATCH] support new special runtime permissions These are treated as a runtime permission even for legacy apps. They need to be granted by default for all apps to maintain compatibility. --- .../server/pm/PackageManagerService.java | 3 ++- .../permission/PermissionManagerService.java | 23 +++++++++++++++---- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index d27b5ad0d646..32b022455451 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -20218,7 +20218,8 @@ public class PackageManagerService extends IPackageManager.Stub } // If this permission was granted by default, make sure it is. - if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0) { + if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0 + || PermissionManagerService.isSpecialRuntimePermission(bp.getName())) { mPermissionManager.grantRuntimePermission(permName, packageName, false, Process.SYSTEM_UID, userId, delayingPermCallback); // Allow app op later as we are holding mPackages diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java index 9f8e6eae3ba8..4649b88b9804 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java @@ -1023,6 +1023,10 @@ public class PermissionManagerService { } } + public static boolean isSpecialRuntimePermission(final String permission) { + return false; + } + /** * Restore the permission state for a package. * @@ -1322,6 +1326,14 @@ public class PermissionManagerService { } } } + + if (isSpecialRuntimePermission(bp.name) && + origPermissions.getRuntimePermissionState(bp.name, userId) == null) { + if (permissionsState.grantRuntimePermission(bp, userId) + != PERMISSION_OPERATION_FAILURE) { + wasChanged = true; + } + } } else { if (permState == null) { // New permission @@ -1455,7 +1467,7 @@ public class PermissionManagerService { wasChanged = true; } } - } else { + } else { if (!permissionsState.hasRuntimePermission(bp.name, userId) && permissionsState.grantRuntimePermission(bp, userId) != PERMISSION_OPERATION_FAILURE) { @@ -2233,7 +2245,7 @@ public class PermissionManagerService { && (grantedPermissions == null || ArrayUtils.contains(grantedPermissions, permission))) { final int flags = permissionsState.getPermissionFlags(permission, userId); - if (supportsRuntimePermissions) { + if (supportsRuntimePermissions || isSpecialRuntimePermission(bp.name)) { // Installer cannot change immutable permissions. if ((flags & immutableFlags) == 0) { grantRuntimePermission(permission, pkg.packageName, false, callingUid, @@ -2292,7 +2304,7 @@ public class PermissionManagerService { // to keep the review required permission flag per user while an // install permission's state is shared across all users. if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M - && bp.isRuntime()) { + && bp.isRuntime() && !isSpecialRuntimePermission(bp.name)) { return; } @@ -2344,7 +2356,8 @@ public class PermissionManagerService { + permName + " for package " + packageName); } - if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) { + if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M + && !isSpecialRuntimePermission(permName)) { Slog.w(TAG, "Cannot grant runtime permission to a legacy app"); return; } @@ -2431,7 +2444,7 @@ public class PermissionManagerService { // to keep the review required permission flag per user while an // install permission's state is shared across all users. if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M - && bp.isRuntime()) { + && bp.isRuntime() && !isSpecialRuntimePermission(permName)) { return; }