Skip to content

Commit

Permalink
support new special runtime permissions
Browse files Browse the repository at this point in the history 
These are treated as a runtime permission even for legacy apps. They
need to be granted by default for all apps to maintain compatibility.

Ported from 10: 4d5d82f4e2fb9ff68158bf30f3944591bb74dd04

Changes from 10:
- It seems like parts of PackageManagerService#resetUserChangesToRuntimePermissionsAndFlagsLPw
were refactored into PermissionManagerService#resetRuntimePermissionsInternal.
As a result, PackageManagerService is no longer modified.

[kdrag0n: Ported to Android 12]
Signed-off-by: Danny Lin <danny@kdrag0n.dev>
  • Loading branch information
@inthewaves @kdrag0n
inthewaves authored and kdrag0n committed Jun 7, 2022
1 parent 6b1ac47 commit 48e0cfe
Showing 1 changed file with 20 additions and 5 deletions.
25 changes: 20 additions & 5 deletions services/core/java/com/android/server/pm/permission/PermissionManagerService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1525,7 +1525,8 @@ private void grantRuntimePermissionInternal(String packageName, String permName,
// their permissions as always granted runtime ones since we need
// to keep the review required permission flag per user while an
// install permission's state is shared across all users.
if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M && bp.isRuntime()) {
if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M && bp.isRuntime() &&
!isSpecialRuntimePermission(permName)) {
return;
}

Expand Down Expand Up @@ -1568,7 +1569,8 @@ private void grantRuntimePermissionInternal(String packageName, String permName,
+ " for package " + packageName);
}

if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M) {
if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M &&
!isSpecialRuntimePermission(permName)) {
Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
return;
}
Expand Down Expand Up @@ -1693,7 +1695,8 @@ private void revokeRuntimePermissionInternal(String packageName, String permName
// their permissions as always granted runtime ones since we need
// to keep the review required permission flag per user while an
// install permission's state is shared across all users.
if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M && bp.isRuntime()) {
if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M && bp.isRuntime() &&
!isSpecialRuntimePermission(permName)) {
return;
}

Expand Down Expand Up @@ -1898,7 +1901,8 @@ public void onInstallPermissionUpdatedNotifyListener(int uid) {

// If this permission was granted by default or role, make sure it is.
if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
|| (oldFlags & FLAG_PERMISSION_GRANTED_BY_ROLE) != 0) {
|| (oldFlags & FLAG_PERMISSION_GRANTED_BY_ROLE) != 0
|| isSpecialRuntimePermission(permName)) {
// PermissionPolicyService will handle the app op for runtime permissions later.
grantRuntimePermissionInternal(packageName, permName, false,
Process.SYSTEM_UID, userId, delayingPermCallback);
Expand Down Expand Up @@ -2587,6 +2591,10 @@ private int[] getPermissionGidsInternal(@NonNull String permissionName, @UserIdI
}
}

public static boolean isSpecialRuntimePermission(final String permission) {
return false;
}

/**
* Restore the permission state for a package.
*
Expand Down Expand Up @@ -2966,6 +2974,13 @@ && shouldGrantPermissionByProtectionFlags(pkg, ps, permission,
}
}
}

if (isSpecialRuntimePermission(permName) &&
origPermState == null) {
if (uidState.grantPermission(bp)) {
wasChanged = true;
}
}
} else {
if (origPermState == null) {
// New permission
Expand Down Expand Up @@ -3803,7 +3818,7 @@ private void grantRequestedRuntimePermissionsInternal(@NonNull AndroidPackage pk
if (shouldGrantPermission) {
final int flags = getPermissionFlagsInternal(pkg.getPackageName(), permission,
myUid, userId);
if (supportsRuntimePermissions) {
if (supportsRuntimePermissions || isSpecialRuntimePermission(permission)) {
// Installer cannot change immutable permissions.
if ((flags & immutableFlags) == 0) {
grantRuntimePermissionInternal(pkg.getPackageName(), permission, false,
Expand Down

0 comments on commit 48e0cfe

Please sign in to comment.