mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
59bf3b75c7
https://review.lineageos.org/c/LineageOS/android_frameworks_base/+/353117 https://review.lineageos.org/q/topic:Q_asb_2023-03 https://review.lineageos.org/q/topic:Q_asb_2023-04 https://review.lineageos.org/q/topic:Q_asb_2023-05 https://review.lineageos.org/q/topic:Q_asb_2023-06 https://review.lineageos.org/q/topic:Q_asb_2023-07 https://review.lineageos.org/q/topic:Q_asb_2023-08 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/376560 https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/376561 https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/376562 https://review.lineageos.org/q/topic:Q_asb_2023-09 https://review.lineageos.org/q/topic:Q_asb_2023-10 https://review.lineageos.org/q/topic:Q_asb_2023-11 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/376563 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_webp/+/376568 https://review.lineageos.org/q/topic:Q_asb_2023-12 https://review.lineageos.org/q/topic:Q_asb_2024-01 https://review.lineageos.org/q/topic:Q_asb_2024-02 https://review.lineageos.org/q/topic:Q_asb_2024-03 Signed-off-by: Tavi <tavi@divested.dev>
54 lines
2.8 KiB
Diff
54 lines
2.8 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Nate Myren <ntmyren@google.com>
|
|
Date: Fri, 2 Dec 2022 09:44:31 -0800
|
|
Subject: [PATCH] RESTRICT AUTOMERGE Revoke dev perm if app is upgrading to
|
|
post 23 and perm has pre23 flag
|
|
|
|
If a permission has the "pre23" flag, and an app is upgrading past api
|
|
23, then we should not assume that a "development" permission remains
|
|
granted
|
|
|
|
Fixes: 259458532
|
|
Test: atest RevokeSawPermissionTest
|
|
Change-Id: I214396f455c5ed9e8bac2e50b1525b86475c81c7
|
|
(cherry picked from commit 2f30a63b11e59f9daf42f51eb85aa91c86f4baf4)
|
|
Merged-In: I214396f455c5ed9e8bac2e50b1525b86475c81c7
|
|
---
|
|
.../server/pm/permission/PermissionManagerService.java | 9 +++++++--
|
|
1 file changed, 7 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
|
index 23af4e6c1c3e..9f8e6eae3ba8 100644
|
|
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
|
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
|
@@ -671,7 +671,7 @@ public class PermissionManagerService {
|
|
}
|
|
final PackageSetting ps = (PackageSetting) newPackage.mExtras;
|
|
if (grantSignaturePermission(Manifest.permission.SYSTEM_ALERT_WINDOW, newPackage, saw,
|
|
- ps.getPermissionsState())) {
|
|
+ ps.getPermissionsState(), true)) {
|
|
return;
|
|
}
|
|
for (int userId: mUserManagerInt.getUserIds()) {
|
|
@@ -1836,6 +1836,11 @@ public class PermissionManagerService {
|
|
|
|
private boolean grantSignaturePermission(String perm, PackageParser.Package pkg,
|
|
BasePermission bp, PermissionsState origPermissions) {
|
|
+ return grantSignaturePermission(perm, pkg, bp, origPermissions, false);
|
|
+ }
|
|
+ private boolean grantSignaturePermission(String perm, PackageParser.Package pkg,
|
|
+ BasePermission bp, PermissionsState origPermissions,
|
|
+ boolean isApi23Upgrade) {
|
|
boolean oemPermission = bp.isOEM();
|
|
boolean vendorPrivilegedPermission = bp.isVendorPrivileged();
|
|
boolean privilegedPermission = bp.isPrivileged() || bp.isVendorPrivileged();
|
|
@@ -2022,7 +2027,7 @@ public class PermissionManagerService {
|
|
// Any pre-installed system app is allowed to get this permission.
|
|
allowed = true;
|
|
}
|
|
- if (!allowed && bp.isDevelopment()) {
|
|
+ if (!allowed && bp.isDevelopment() && !(bp.isPre23() && isApi23Upgrade)) {
|
|
// For development permissions, a development permission
|
|
// is granted only if it was already granted.
|
|
allowed = origPermissions.hasInstallPermission(perm);
|