DivestOS/Patches/LineageOS-16.0/android_frameworks_base/0013-Special_Permissions.patch
Tavi 85e5812290
16.0: July 2024 ASB work
Signed-off-by: Tavi <tavi@divested.dev>
2024-07-17 17:43:18 -04:00

117 lines
6.8 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Fri, 21 Jul 2017 08:42:55 -0400
Subject: [PATCH] support new special runtime permissions
These are treated as a runtime permission even for legacy apps. They
need to be granted by default for all apps to maintain compatibility.
---
.../server/pm/PackageManagerService.java | 3 +-
.../permission/PermissionManagerService.java | 30 ++++++++++++++-----
2 files changed, 25 insertions(+), 8 deletions(-)
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 893268da7f36..f91fa76b53ce 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -19732,7 +19732,8 @@ public class PackageManagerService extends IPackageManager.Stub
}
// If this permission was granted by default, make sure it is.
- if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0) {
+ if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
+ || PermissionManagerService.isSpecialRuntimePermission(bp.getName())) {
if (permissionsState.grantRuntimePermission(bp, userId)
!= PERMISSION_OPERATION_FAILURE) {
writeRuntimePermissions = true;
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 91f24d7295a9..ed1d3102b140 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -770,6 +770,10 @@ public class PermissionManagerService {
}
}
+ public static boolean isSpecialRuntimePermission(final String permission) {
+ return false;
+ }
+
private void grantPermissions(PackageParser.Package pkg, boolean replace,
String packageOfInterest, PermissionCallback callback) {
// IMPORTANT: There are two types of permissions: install and runtime.
@@ -878,7 +882,8 @@ public class PermissionManagerService {
// their permissions as always granted runtime ones since we need
// to keep the review required permission flag per user while an
// install permission's state is shared across all users.
- if (!appSupportsRuntimePermissions && !mSettings.mPermissionReviewRequired) {
+ if (!appSupportsRuntimePermissions && !mSettings.mPermissionReviewRequired &&
+ !isSpecialRuntimePermission(bp.getName())) {
// For legacy apps dangerous permissions are install time ones.
grant = GRANT_INSTALL;
} else if (origPermissions.hasInstallPermission(bp.getName())) {
@@ -988,7 +993,8 @@ public class PermissionManagerService {
updatedUserIds, userId);
}
} else if (mSettings.mPermissionReviewRequired
- && !appSupportsRuntimePermissions) {
+ && !appSupportsRuntimePermissions
+ && !isSpecialRuntimePermission(bp.getName())) {
// For legacy apps that need a permission review, every new
// runtime permission is granted but it is pending a review.
// We also need to review only platform defined runtime
@@ -1009,7 +1015,15 @@ public class PermissionManagerService {
updatedUserIds = ArrayUtils.appendInt(
updatedUserIds, userId);
}
- }
+ } else if (isSpecialRuntimePermission(bp.name) &&
+ origPermissions.getRuntimePermissionState(bp.name, userId) == null) {
+ if (permissionsState.grantRuntimePermission(bp, userId)
+ != PermissionsState.PERMISSION_OPERATION_FAILURE) {
+ // We changed the permission, hence have to write.
+ updatedUserIds = ArrayUtils.appendInt(
+ updatedUserIds, userId);
+ }
+ }
// Propagate the permission flags.
permissionsState.updatePermissionFlags(bp, userId, flags, flags);
}
@@ -1468,7 +1482,7 @@ public class PermissionManagerService {
&& (grantedPermissions == null
|| ArrayUtils.contains(grantedPermissions, permission))) {
final int flags = permissionsState.getPermissionFlags(permission, userId);
- if (supportsRuntimePermissions) {
+ if (supportsRuntimePermissions || isSpecialRuntimePermission(bp.name)) {
// Installer cannot change immutable permissions.
if ((flags & immutableFlags) == 0) {
grantRuntimePermission(permission, pkg.packageName, false, callingUid,
@@ -1527,7 +1541,7 @@ public class PermissionManagerService {
// install permission's state is shared across all users.
if (mSettings.mPermissionReviewRequired
&& pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
- && bp.isRuntime()) {
+ && bp.isRuntime() && !isSpecialRuntimePermission(bp.name)) {
return;
}
@@ -1563,7 +1577,8 @@ public class PermissionManagerService {
+ permName + " for package " + packageName);
}
- if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) {
+ if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
+ && !isSpecialRuntimePermission(permName)) {
Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
return;
}
@@ -1648,7 +1663,8 @@ public class PermissionManagerService {
// install permission's state is shared across all users.
if (mSettings.mPermissionReviewRequired
&& pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
- && bp.isRuntime()) {
+ && bp.isRuntime()
+ && !isSpecialRuntimePermission(permName)) {
return;
}