DivestOS/Patches/LineageOS-17.1/android_frameworks_base/0014-Special_Permissions.patch
Tad aa4464d1c4
17.1 September ASB work
+ an August backport from @flamefire

Signed-off-by: Tad <tad@spotco.us>
2023-09-11 01:23:37 -04:00

103 lines
5.5 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Fri, 21 Jul 2017 08:42:55 -0400
Subject: [PATCH] support new special runtime permissions
These are treated as a runtime permission even for legacy apps. They
need to be granted by default for all apps to maintain compatibility.
---
.../server/pm/PackageManagerService.java | 3 ++-
.../permission/PermissionManagerService.java | 23 +++++++++++++++----
2 files changed, 20 insertions(+), 6 deletions(-)
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 5bd1b4ac0195..475ba5ddc8c0 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -20215,7 +20215,8 @@ public class PackageManagerService extends IPackageManager.Stub
}
// If this permission was granted by default, make sure it is.
- if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0) {
+ if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
+ || PermissionManagerService.isSpecialRuntimePermission(bp.getName())) {
mPermissionManager.grantRuntimePermission(permName, packageName, false,
Process.SYSTEM_UID, userId, delayingPermCallback);
// Allow app op later as we are holding mPackages
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 9f8e6eae3ba8..4649b88b9804 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -1023,6 +1023,10 @@ public class PermissionManagerService {
}
}
+ public static boolean isSpecialRuntimePermission(final String permission) {
+ return false;
+ }
+
/**
* Restore the permission state for a package.
*
@@ -1322,6 +1326,14 @@ public class PermissionManagerService {
}
}
}
+
+ if (isSpecialRuntimePermission(bp.name) &&
+ origPermissions.getRuntimePermissionState(bp.name, userId) == null) {
+ if (permissionsState.grantRuntimePermission(bp, userId)
+ != PERMISSION_OPERATION_FAILURE) {
+ wasChanged = true;
+ }
+ }
} else {
if (permState == null) {
// New permission
@@ -1455,7 +1467,7 @@ public class PermissionManagerService {
wasChanged = true;
}
}
- } else {
+ } else {
if (!permissionsState.hasRuntimePermission(bp.name, userId)
&& permissionsState.grantRuntimePermission(bp,
userId) != PERMISSION_OPERATION_FAILURE) {
@@ -2233,7 +2245,7 @@ public class PermissionManagerService {
&& (grantedPermissions == null
|| ArrayUtils.contains(grantedPermissions, permission))) {
final int flags = permissionsState.getPermissionFlags(permission, userId);
- if (supportsRuntimePermissions) {
+ if (supportsRuntimePermissions || isSpecialRuntimePermission(bp.name)) {
// Installer cannot change immutable permissions.
if ((flags & immutableFlags) == 0) {
grantRuntimePermission(permission, pkg.packageName, false, callingUid,
@@ -2292,7 +2304,7 @@ public class PermissionManagerService {
// to keep the review required permission flag per user while an
// install permission's state is shared across all users.
if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
- && bp.isRuntime()) {
+ && bp.isRuntime() && !isSpecialRuntimePermission(bp.name)) {
return;
}
@@ -2344,7 +2356,8 @@ public class PermissionManagerService {
+ permName + " for package " + packageName);
}
- if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) {
+ if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
+ && !isSpecialRuntimePermission(permName)) {
Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
return;
}
@@ -2431,7 +2444,7 @@ public class PermissionManagerService {
// to keep the review required permission flag per user while an
// install permission's state is shared across all users.
if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
- && bp.isRuntime()) {
+ && bp.isRuntime() && !isSpecialRuntimePermission(permName)) {
return;
}