Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2024-09-16 06:22:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
d98f33a337
DivestOS/Patches/LineageOS-21.0/android_packages_modules_Permission/0004-Special_Permissions-1.patch
Tavi d98f33a337 21.0: Initial bringup 
TODO:
- f/w/b
- settings

Signed-off-by: Tavi <tavi@divested.dev>
2024-05-20 11:53:38 -04:00

191 lines
11 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Sun, 23 Jul 2017 04:43:50 +0300
Subject: [PATCH] add special handling for INTERNET/OTHER_SENSORS
13: 6d4b86e01
---
.../data/HibernationSettingStateLiveData.kt | 3 ++-
.../permission/model/AppPermissionGroup.java | 5 ++--
.../permission/model/Permission.java | 4 ++-
.../service/AutoRevokePermissions.kt | 4 +--
.../permission/utils/KotlinUtils.kt | 3 +++
.../permission/utils/PermissionMapping.kt | 25 +++++++++++++++++++
6 files changed, 38 insertions(+), 6 deletions(-)
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt b/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt
index 75d965d02..5d2d95916 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt
+++ b/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt
@@ -35,6 +35,7 @@ import com.android.permissioncontroller.hibernation.isPackageHibernationExemptBy
import com.android.permissioncontroller.permission.data.PackagePermissionsLiveData.Companion.NON_RUNTIME_NORMAL_PERMS
import com.android.permissioncontroller.permission.model.livedatatypes.HibernationSettingState
import com.android.permissioncontroller.permission.service.AUTO_REVOKE_EXEMPT_PERMISSIONS
+import com.android.permissioncontroller.permission.utils.PermissionMapping.isSpecialRuntimePermissionGroup
import kotlinx.coroutines.Job
/**
@@ -120,7 +121,7 @@ private constructor(
permName in AUTO_REVOKE_EXEMPT_PERMISSIONS
}
?: false
- if (!default && !allExempt) {
+ if (!default && !allExempt && !isSpecialRuntimePermissionGroup(groupName)) {
revocableGroups.add(groupName)
}
}
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java b/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
index 3b2cc7ee0..75da346ed 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
+++ b/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
@@ -26,6 +26,7 @@ import static android.app.AppOpsManager.OPSTR_LEGACY_STORAGE;
import static android.content.pm.PackageManager.PERMISSION_GRANTED;
import static android.health.connect.HealthPermissions.HEALTH_PERMISSION_GROUP;
+import static com.android.permissioncontroller.permission.utils.PermissionMapping.isSpecialRuntimePermission;
import static com.android.permissioncontroller.permission.utils.Utils.isHealthPermissionUiEnabled;
import android.Manifest;
@@ -948,7 +949,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
permission.getName(),
mPackageInfo.applicationInfo.targetSdkVersion);
- if (mAppSupportsRuntimePermissions && !isPermissionSplitFromNonRuntime) {
+ if ((mAppSupportsRuntimePermissions && !isPermissionSplitFromNonRuntime) || isSpecialRuntimePermission(permission.getName())) {
// Do not touch permissions fixed by the system.
if (permission.isSystemFixed()) {
wasAllGranted = false;
@@ -1144,7 +1145,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
permission.getName(),
mPackageInfo.applicationInfo.targetSdkVersion);
- if (mAppSupportsRuntimePermissions && !isPermissionSplitFromNonRuntime) {
+ if ((mAppSupportsRuntimePermissions && !isPermissionSplitFromNonRuntime) || isSpecialRuntimePermission(permission.getName())) {
// Revoke the permission if needed.
if (permission.isGranted()) {
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java b/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
index 4daaeaec8..8962a0b81 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
+++ b/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
@@ -24,6 +24,8 @@ import androidx.annotation.NonNull;
import java.util.ArrayList;
import java.util.Objects;
+import static com.android.permissioncontroller.permission.utils.PermissionMapping.isSpecialRuntimePermission;
+
/**
* A permission and it's properties.
*
@@ -137,7 +139,7 @@ public final class Permission {
* @return {@code true} if the permission (and the app-op) is granted.
*/
public boolean isGrantedIncludingAppOp() {
- return mGranted && (!affectsAppOp() || isAppOpAllowed()) && !isReviewRequired();
+ return mGranted && (!affectsAppOp() || isAppOpAllowed()) && (!isReviewRequired() || isSpecialRuntimePermission(mName));
}
public boolean isReviewRequired() {
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt b/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt
index 8e1721219..6690c9cd7 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt
+++ b/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt
@@ -40,6 +40,7 @@ import com.android.permissioncontroller.permission.model.livedatatypes.LightAppP
import com.android.permissioncontroller.permission.model.livedatatypes.LightPackageInfo
import com.android.permissioncontroller.permission.utils.KotlinUtils
import com.android.permissioncontroller.permission.utils.PermissionMapping
+import com.android.permissioncontroller.permission.utils.PermissionMapping.isSpecialRuntimePermissionGroup
import com.android.permissioncontroller.permission.utils.application
import com.android.permissioncontroller.permission.utils.forEachInParallel
import com.android.permissioncontroller.permission.utils.updatePermissionFlags
@@ -139,8 +140,7 @@ suspend fun revokeAppPermissions(
!group.isGrantedByDefault &&
!group.isGrantedByRole &&
!group.isRevokeWhenRequested &&
- group.isUserSensitive
- ) {
+ group.isUserSensitive && !isSpecialRuntimePermissionGroup(groupName)) {
revocableGroups.add(groupName)
}
}
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt b/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt
index 2aad0154b..5e850f887 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt
+++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt
@@ -91,6 +91,7 @@ import com.android.permissioncontroller.permission.model.livedatatypes.LightPerm
import com.android.permissioncontroller.permission.model.livedatatypes.PermState
import com.android.permissioncontroller.permission.service.LocationAccessCheck
import com.android.permissioncontroller.permission.ui.handheld.SettingsWithLargeHeader
+import com.android.permissioncontroller.permission.utils.PermissionMapping.isSpecialRuntimePermission
import com.android.safetycenter.resources.SafetyCenterResourcesApk
import java.time.Duration
import java.util.concurrent.atomic.AtomicReference
@@ -954,6 +955,7 @@ object KotlinUtils {
val user = UserHandle.getUserHandleForUid(pkgInfo.uid)
val deviceId = group.deviceId
val supportsRuntime = pkgInfo.targetSdkVersion >= Build.VERSION_CODES.M
+ || isSpecialRuntimePermission(perm.name)
val isGrantingAllowed =
(!pkgInfo.isInstantApp || perm.isInstantPerm) &&
(supportsRuntime || !perm.isRuntimeOnly)
@@ -1285,6 +1287,7 @@ object KotlinUtils {
val deviceId = group.deviceId
var isGranted = perm.isGrantedIncludingAppOp
val supportsRuntime = group.packageInfo.targetSdkVersion >= Build.VERSION_CODES.M
+ || isSpecialRuntimePermission(perm.name)
var shouldKill = false
val affectsAppOp = permissionToOp(perm.name) != null || perm.isBackgroundPermission
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt b/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt
index 840a033c3..14ca4d36a 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt
+++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt
@@ -64,6 +64,9 @@ object PermissionMapping {
/** Mapping group -> permissions for all dangerous platform permissions */
private val PLATFORM_PERMISSION_GROUPS: MutableMap<String, MutableList<String>> = mutableMapOf()
+ private val SPECIAL_RUNTIME_PERMISSIONS: MutableMap<String, String> = mutableMapOf()
+ private val SPECIAL_RUNTIME_PERMISSION_GROUPS: MutableMap<String, MutableList<String>> = mutableMapOf()
+
/** Set of groups that will be able to receive one-time grant */
private val ONE_TIME_PERMISSION_GROUPS: MutableSet<String> = mutableSetOf()
@@ -183,10 +186,22 @@ object PermissionMapping {
Manifest.permission_group.SENSORS
}
+ PLATFORM_PERMISSIONS[Manifest.permission.INTERNET] = Manifest.permission_group.NETWORK
+ PLATFORM_PERMISSIONS[Manifest.permission.OTHER_SENSORS] = Manifest.permission_group.OTHER_SENSORS
+
+ SPECIAL_RUNTIME_PERMISSIONS[Manifest.permission.INTERNET] =
+ Manifest.permission_group.NETWORK
+ SPECIAL_RUNTIME_PERMISSIONS[Manifest.permission.OTHER_SENSORS] =
+ Manifest.permission_group.OTHER_SENSORS
+
for ((permission, permissionGroup) in PLATFORM_PERMISSIONS) {
PLATFORM_PERMISSION_GROUPS.getOrPut(permissionGroup) { mutableListOf() }.add(permission)
}
+ for ((permission, permissionGroup) in SPECIAL_RUNTIME_PERMISSIONS) {
+ SPECIAL_RUNTIME_PERMISSION_GROUPS.getOrPut(permissionGroup) { mutableListOf() }.add(permission)
+ }
+
ONE_TIME_PERMISSION_GROUPS.add(Manifest.permission_group.LOCATION)
ONE_TIME_PERMISSION_GROUPS.add(Manifest.permission_group.CAMERA)
ONE_TIME_PERMISSION_GROUPS.add(Manifest.permission_group.MICROPHONE)
@@ -405,4 +420,14 @@ object PermissionMapping {
return PERMISSION_GROUPS_TO_DATA_CATEGORIES.containsKey(permissionGroupName)
}
+
+ @JvmStatic
+ fun isSpecialRuntimePermission(permission: String): Boolean {
+ return SPECIAL_RUNTIME_PERMISSIONS.containsKey(permission)
+ }
+
+ @JvmStatic
+ fun isSpecialRuntimePermissionGroup(permissionGroup: String): Boolean {
+ return SPECIAL_RUNTIME_PERMISSION_GROUPS.containsKey(permissionGroup)
+ }
}
Reference in New Issue View Git Blame Copy Permalink