diff options
author | Svet Ganov <svetoslavganov@google.com> | 2015-08-20 01:56:39 -0700 |
---|---|---|
committer | The Android Automerger <android-build@google.com> | 2015-08-20 12:55:54 -0700 |
commit | 7d765a8bf06f7fa17fffb962d71e07a442bffad0 (patch) | |
tree | f39759200479d79430438534379028d998bec836 | |
parent | 9430f0d9168562d5d215527832549b96656f3d48 (diff) | |
download | android_packages_apps_PackageInstaller-7d765a8bf06f7fa17fffb962d71e07a442bffad0.tar.gz android_packages_apps_PackageInstaller-7d765a8bf06f7fa17fffb962d71e07a442bffad0.tar.bz2 android_packages_apps_PackageInstaller-7d765a8bf06f7fa17fffb962d71e07a442bffad0.zip |
Grant only requested permissions not the whole group.
The policy for an app requesting permissions is that only the requested permissions
are granted not the whole groups to which these permissions belong. There was a
regression where we granted the whole group not only the requested permissions. If
an app has a permission in a group already granted, now per policy a subsequent
request from the same group is followed by an auto grant.
bug:23370436
Change-Id: Icce6377d60187f6f153d10d646cd8c9878dd6fab
6 files changed, 48 insertions, 20 deletions
diff --git a/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java b/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java index 633336c3..b3ac9721 100644 --- a/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java +++ b/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java @@ -28,6 +28,7 @@ import android.os.Build; import android.os.UserHandle; import android.util.ArrayMap; +import com.android.internal.util.ArrayUtils; import com.android.packageinstaller.R; import com.android.packageinstaller.permission.utils.LocationUtils; @@ -264,13 +265,19 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup> return mPermissions.get(permission) != null; } - public boolean areRuntimePermissionsGranted() { + public boolean areRuntimePermissionsGranted(String[] filterPermissions) { if (LocationUtils.isLocked(mName, mPackageInfo.packageName)) { return LocationUtils.isLocationEnabled(mContext); } final int permissionCount = mPermissions.size(); for (int i = 0; i < permissionCount; i++) { Permission permission = mPermissions.valueAt(i); + + if (filterPermissions != null && !ArrayUtils.contains( + filterPermissions, permission.getName())) { + continue; + } + if (mAppSupportsRuntimePermissions) { if (permission.isGranted()) { return true; @@ -283,7 +290,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup> return false; } - public boolean grantRuntimePermissions(boolean fixedByTheUser) { + public boolean grantRuntimePermissions(boolean fixedByTheUser, String[] filterPermissions) { final boolean isSharedUser = mPackageInfo.sharedUserId != null; final int uid = mPackageInfo.applicationInfo.uid; @@ -291,6 +298,12 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup> // permissions, otherwise we toggle the app op corresponding // to the permission if the permission is granted to the app. for (Permission permission : mPermissions.values()) { + + if (filterPermissions != null && !ArrayUtils.contains( + filterPermissions, permission.getName())) { + continue; + } + if (mAppSupportsRuntimePermissions) { // Do not touch permissions fixed by the system. if (permission.isSystemFixed()) { @@ -371,7 +384,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup> return true; } - public boolean revokeRuntimePermissions(boolean fixedByTheUser) { + public boolean revokeRuntimePermissions(boolean fixedByTheUser, String[] filterPermissions) { final boolean isSharedUser = mPackageInfo.sharedUserId != null; final int uid = mPackageInfo.applicationInfo.uid; @@ -379,6 +392,12 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup> // permissions, otherwise we toggle the app op corresponding // to the permission if the permission is granted to the app. for (Permission permission : mPermissions.values()) { + + if (filterPermissions != null && !ArrayUtils.contains( + filterPermissions, permission.getName())) { + continue; + } + if (mAppSupportsRuntimePermissions) { // Do not touch permissions fixed by the system. if (permission.isSystemFixed()) { diff --git a/src/com/android/packageinstaller/permission/model/PermissionApps.java b/src/com/android/packageinstaller/permission/model/PermissionApps.java index 73fc7089..09d469bc 100644 --- a/src/com/android/packageinstaller/permission/model/PermissionApps.java +++ b/src/com/android/packageinstaller/permission/model/PermissionApps.java @@ -313,15 +313,15 @@ public class PermissionApps { } public boolean areRuntimePermissionsGranted() { - return mAppPermissionGroup.areRuntimePermissionsGranted(); + return mAppPermissionGroup.areRuntimePermissionsGranted(null); } public void grantRuntimePermissions() { - mAppPermissionGroup.grantRuntimePermissions(false); + mAppPermissionGroup.grantRuntimePermissions(false, null); } public void revokeRuntimePermissions() { - mAppPermissionGroup.revokeRuntimePermissions(false); + mAppPermissionGroup.revokeRuntimePermissions(false, null); } public boolean isPolicyFixed() { diff --git a/src/com/android/packageinstaller/permission/model/PermissionStatusReceiver.java b/src/com/android/packageinstaller/permission/model/PermissionStatusReceiver.java index 52fb874e..84a977d7 100644 --- a/src/com/android/packageinstaller/permission/model/PermissionStatusReceiver.java +++ b/src/com/android/packageinstaller/permission/model/PermissionStatusReceiver.java @@ -77,7 +77,7 @@ public class PermissionStatusReceiver extends BroadcastReceiver { for (AppPermissionGroup group : appPermissions.getPermissionGroups()) { if (Utils.shouldShowPermission(group)) { totalCount++; - if (group.areRuntimePermissionsGranted()) { + if (group.areRuntimePermissionsGranted(null)) { grantedCount++; if (Utils.OS_PKG.equals(group.getDeclaringPackage())) { diff --git a/src/com/android/packageinstaller/permission/ui/AppPermissionsFragment.java b/src/com/android/packageinstaller/permission/ui/AppPermissionsFragment.java index e4e904c8..3277289c 100644 --- a/src/com/android/packageinstaller/permission/ui/AppPermissionsFragment.java +++ b/src/com/android/packageinstaller/permission/ui/AppPermissionsFragment.java @@ -224,7 +224,7 @@ public final class AppPermissionsFragment extends SettingsWithHeader } preference.setPersistent(false); preference.setEnabled(!group.isPolicyFixed()); - preference.setChecked(group.areRuntimePermissionsGranted()); + preference.setChecked(group.areRuntimePermissionsGranted(null)); if (isPlatform) { screen.addPreference(preference); @@ -281,7 +281,7 @@ public final class AppPermissionsFragment extends SettingsWithHeader return false; } if (newValue == Boolean.TRUE) { - group.grantRuntimePermissions(false); + group.grantRuntimePermissions(false, null); } else { final boolean grantedByDefault = group.hasGrantedByDefaultPermission(); if (grantedByDefault || (!group.hasRuntimePermission() && !mHasConfirmedRevoke)) { @@ -294,7 +294,7 @@ public final class AppPermissionsFragment extends SettingsWithHeader @Override public void onClick(DialogInterface dialog, int which) { ((SwitchPreference) preference).setChecked(false); - group.revokeRuntimePermissions(false); + group.revokeRuntimePermissions(false, null); if (!grantedByDefault) { mHasConfirmedRevoke = true; } @@ -303,7 +303,7 @@ public final class AppPermissionsFragment extends SettingsWithHeader .show(); return false; } else { - group.revokeRuntimePermissions(false); + group.revokeRuntimePermissions(false, null); } } @@ -351,7 +351,7 @@ public final class AppPermissionsFragment extends SettingsWithHeader SwitchPreference switchPref = (SwitchPreference) preference; AppPermissionGroup group = mAppPermissions.getPermissionGroup(switchPref.getKey()); if (group != null) { - switchPref.setChecked(group.areRuntimePermissionsGranted()); + switchPref.setChecked(group.areRuntimePermissionsGranted(null)); } } } diff --git a/src/com/android/packageinstaller/permission/ui/GrantPermissionsActivity.java b/src/com/android/packageinstaller/permission/ui/GrantPermissionsActivity.java index c451dd50..a61432e3 100644 --- a/src/com/android/packageinstaller/permission/ui/GrantPermissionsActivity.java +++ b/src/com/android/packageinstaller/permission/ui/GrantPermissionsActivity.java @@ -118,21 +118,30 @@ public class GrantPermissionsActivity extends OverlayTouchActivity if (!group.isUserFixed() && !group.isPolicyFixed()) { switch (permissionPolicy) { case DevicePolicyManager.PERMISSION_POLICY_AUTO_GRANT: { - if (!group.areRuntimePermissionsGranted()) { - group.grantRuntimePermissions(false); + if (!group.areRuntimePermissionsGranted(mRequestedPermissions)) { + group.grantRuntimePermissions(false, mRequestedPermissions); group.setPolicyFixed(); } } break; case DevicePolicyManager.PERMISSION_POLICY_AUTO_DENY: { - if (!group.areRuntimePermissionsGranted()) { - group.revokeRuntimePermissions(false); + if (group.areRuntimePermissionsGranted(mRequestedPermissions)) { + group.revokeRuntimePermissions(false, mRequestedPermissions); group.setPolicyFixed(); } } break; default: { - mRequestGrantPermissionGroups.put(group.getName(), new GroupState(group)); + if (group.areRuntimePermissionsGranted(null) + && !group.areRuntimePermissionsGranted(mRequestedPermissions)) { + // If the group is granted but requested permissions + // in it not we auto grant the these permissions. + group.grantRuntimePermissions(group.isUserFixed(), + mRequestedPermissions); + } else { + mRequestGrantPermissionGroups.put(group.getName(), + new GroupState(group)); + } } break; } } else { @@ -226,10 +235,10 @@ public class GrantPermissionsActivity extends OverlayTouchActivity GroupState groupState = mRequestGrantPermissionGroups.get(name); if (groupState.mGroup != null) { if (granted) { - groupState.mGroup.grantRuntimePermissions(doNotAskAgain); + groupState.mGroup.grantRuntimePermissions(doNotAskAgain, mRequestedPermissions); groupState.mState = GroupState.STATE_ALLOWED; } else { - groupState.mGroup.revokeRuntimePermissions(doNotAskAgain); + groupState.mGroup.revokeRuntimePermissions(doNotAskAgain, mRequestedPermissions); groupState.mState = GroupState.STATE_DENIED; } updateGrantResults(groupState.mGroup); diff --git a/src/com/android/packageinstaller/permission/utils/SafetyNetLogger.java b/src/com/android/packageinstaller/permission/utils/SafetyNetLogger.java index 8280ba36..851d41d2 100644 --- a/src/com/android/packageinstaller/permission/utils/SafetyNetLogger.java +++ b/src/com/android/packageinstaller/permission/utils/SafetyNetLogger.java @@ -63,7 +63,7 @@ public final class SafetyNetLogger { builder.append(';'); } builder.append(group.getName()).append('|'); - builder.append(group.areRuntimePermissionsGranted()).append('|'); + builder.append(group.areRuntimePermissionsGranted(null)).append('|'); builder.append(group.getFlags()); } |