Grant only requested permissions not the whole group.

The policy for an app requesting permissions is that only the requested permissions are granted not the whole groups to which these permissions belong. There was a regression where we granted the whole group not only the requested permissions. If an app has a permission in a group already granted, now per policy a subsequent request from the same group is followed by an auto grant. bug:23370436 Change-Id: Icce6377d60187f6f153d10d646cd8c9878dd6fab
author: Svet Ganov <svetoslavganov@google.com> 2015-08-20 01:56:39 -0700
committer: The Android Automerger <android-build@google.com> 2015-08-20 12:55:54 -0700
commit: 7d765a8bf06f7fa17fffb962d71e07a442bffad0 (patch)
tree: f39759200479d79430438534379028d998bec836
parent: 9430f0d9168562d5d215527832549b96656f3d48 (diff)
download: android_packages_apps_PackageInstaller-7d765a8bf06f7fa17fffb962d71e07a442bffad0.tar.gz
android_packages_apps_PackageInstaller-7d765a8bf06f7fa17fffb962d71e07a442bffad0.tar.bz2
android_packages_apps_PackageInstaller-7d765a8bf06f7fa17fffb962d71e07a442bffad0.zip
6 files changed, 48 insertions, 20 deletions
diff --git a/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java b/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
index 633336c3..b3ac9721 100644
--- a/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
+++ b/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
@@ -28,6 +28,7 @@ import android.os.Build;
 import android.os.UserHandle;
 import android.util.ArrayMap;
 
+import com.android.internal.util.ArrayUtils;
 import com.android.packageinstaller.R;
 import com.android.packageinstaller.permission.utils.LocationUtils;
 
@@ -264,13 +265,19 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
         return mPermissions.get(permission) != null;
     }
 
-    public boolean areRuntimePermissionsGranted() {
+    public boolean areRuntimePermissionsGranted(String[] filterPermissions) {
         if (LocationUtils.isLocked(mName, mPackageInfo.packageName)) {
             return LocationUtils.isLocationEnabled(mContext);
         }
         final int permissionCount = mPermissions.size();
         for (int i = 0; i < permissionCount; i++) {
             Permission permission = mPermissions.valueAt(i);
+
+            if (filterPermissions != null && !ArrayUtils.contains(
+                    filterPermissions, permission.getName())) {
+                continue;
+            }
+
             if (mAppSupportsRuntimePermissions) {
                 if (permission.isGranted()) {
                     return true;
@@ -283,7 +290,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
         return false;
     }
 
-    public boolean grantRuntimePermissions(boolean fixedByTheUser) {
+    public boolean grantRuntimePermissions(boolean fixedByTheUser, String[] filterPermissions) {
         final boolean isSharedUser = mPackageInfo.sharedUserId != null;
         final int uid = mPackageInfo.applicationInfo.uid;
 
@@ -291,6 +298,12 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
         // permissions, otherwise we toggle the app op corresponding
         // to the permission if the permission is granted to the app.
         for (Permission permission : mPermissions.values()) {
+
+            if (filterPermissions != null && !ArrayUtils.contains(
+                    filterPermissions, permission.getName())) {
+                continue;
+            }
+
             if (mAppSupportsRuntimePermissions) {
                 // Do not touch permissions fixed by the system.
                 if (permission.isSystemFixed()) {
@@ -371,7 +384,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
         return true;
     }
 
-    public boolean revokeRuntimePermissions(boolean fixedByTheUser) {
+    public boolean revokeRuntimePermissions(boolean fixedByTheUser, String[] filterPermissions) {
         final boolean isSharedUser = mPackageInfo.sharedUserId != null;
         final int uid = mPackageInfo.applicationInfo.uid;
 
@@ -379,6 +392,12 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
         // permissions, otherwise we toggle the app op corresponding
         // to the permission if the permission is granted to the app.
         for (Permission permission : mPermissions.values()) {
+
+            if (filterPermissions != null && !ArrayUtils.contains(
+                    filterPermissions, permission.getName())) {
+                continue;
+            }
+
             if (mAppSupportsRuntimePermissions) {
                 // Do not touch permissions fixed by the system.
                 if (permission.isSystemFixed()) {
diff --git a/src/com/android/packageinstaller/permission/model/PermissionApps.java b/src/com/android/packageinstaller/permission/model/PermissionApps.java
index 73fc7089..09d469bc 100644
--- a/src/com/android/packageinstaller/permission/model/PermissionApps.java
+++ b/src/com/android/packageinstaller/permission/model/PermissionApps.java
@@ -313,15 +313,15 @@ public class PermissionApps {
         }
 
         public boolean areRuntimePermissionsGranted() {
-            return mAppPermissionGroup.areRuntimePermissionsGranted();
+            return mAppPermissionGroup.areRuntimePermissionsGranted(null);
         }
 
         public void grantRuntimePermissions() {
-            mAppPermissionGroup.grantRuntimePermissions(false);
+            mAppPermissionGroup.grantRuntimePermissions(false, null);
         }
 
         public void revokeRuntimePermissions() {
-            mAppPermissionGroup.revokeRuntimePermissions(false);
+            mAppPermissionGroup.revokeRuntimePermissions(false, null);
         }
 
         public boolean isPolicyFixed() {
diff --git a/src/com/android/packageinstaller/permission/model/PermissionStatusReceiver.java b/src/com/android/packageinstaller/permission/model/PermissionStatusReceiver.java
index 52fb874e..84a977d7 100644
--- a/src/com/android/packageinstaller/permission/model/PermissionStatusReceiver.java
+++ b/src/com/android/packageinstaller/permission/model/PermissionStatusReceiver.java
@@ -77,7 +77,7 @@ public class PermissionStatusReceiver extends BroadcastReceiver {
             for (AppPermissionGroup group : appPermissions.getPermissionGroups()) {
                 if (Utils.shouldShowPermission(group)) {
                     totalCount++;
-                    if (group.areRuntimePermissionsGranted()) {
+                    if (group.areRuntimePermissionsGranted(null)) {
                         grantedCount++;
 
                         if (Utils.OS_PKG.equals(group.getDeclaringPackage())) {
diff --git a/src/com/android/packageinstaller/permission/ui/AppPermissionsFragment.java b/src/com/android/packageinstaller/permission/ui/AppPermissionsFragment.java
index e4e904c8..3277289c 100644
--- a/src/com/android/packageinstaller/permission/ui/AppPermissionsFragment.java
+++ b/src/com/android/packageinstaller/permission/ui/AppPermissionsFragment.java
@@ -224,7 +224,7 @@ public final class AppPermissionsFragment extends SettingsWithHeader
             }
             preference.setPersistent(false);
             preference.setEnabled(!group.isPolicyFixed());
-            preference.setChecked(group.areRuntimePermissionsGranted());
+            preference.setChecked(group.areRuntimePermissionsGranted(null));
 
             if (isPlatform) {
                 screen.addPreference(preference);
@@ -281,7 +281,7 @@ public final class AppPermissionsFragment extends SettingsWithHeader
             return false;
         }
         if (newValue == Boolean.TRUE) {
-            group.grantRuntimePermissions(false);
+            group.grantRuntimePermissions(false, null);
         } else {
             final boolean grantedByDefault = group.hasGrantedByDefaultPermission();
             if (grantedByDefault || (!group.hasRuntimePermission() && !mHasConfirmedRevoke)) {
@@ -294,7 +294,7 @@ public final class AppPermissionsFragment extends SettingsWithHeader
                             @Override
                             public void onClick(DialogInterface dialog, int which) {
                                 ((SwitchPreference) preference).setChecked(false);
-                                group.revokeRuntimePermissions(false);
+                                group.revokeRuntimePermissions(false, null);
                                 if (!grantedByDefault) {
                                     mHasConfirmedRevoke = true;
                                 }
@@ -303,7 +303,7 @@ public final class AppPermissionsFragment extends SettingsWithHeader
                         .show();
                 return false;
             } else {
-                group.revokeRuntimePermissions(false);
+                group.revokeRuntimePermissions(false, null);
             }
         }
 
@@ -351,7 +351,7 @@ public final class AppPermissionsFragment extends SettingsWithHeader
                 SwitchPreference switchPref = (SwitchPreference) preference;
                 AppPermissionGroup group = mAppPermissions.getPermissionGroup(switchPref.getKey());
                 if (group != null) {
-                    switchPref.setChecked(group.areRuntimePermissionsGranted());
+                    switchPref.setChecked(group.areRuntimePermissionsGranted(null));
                 }
             }
         }
diff --git a/src/com/android/packageinstaller/permission/ui/GrantPermissionsActivity.java b/src/com/android/packageinstaller/permission/ui/GrantPermissionsActivity.java
index c451dd50..a61432e3 100644
--- a/src/com/android/packageinstaller/permission/ui/GrantPermissionsActivity.java
+++ b/src/com/android/packageinstaller/permission/ui/GrantPermissionsActivity.java
@@ -118,21 +118,30 @@ public class GrantPermissionsActivity extends OverlayTouchActivity
             if (!group.isUserFixed() && !group.isPolicyFixed()) {
                 switch (permissionPolicy) {
                     case DevicePolicyManager.PERMISSION_POLICY_AUTO_GRANT: {
-                        if (!group.areRuntimePermissionsGranted()) {
-                            group.grantRuntimePermissions(false);
+                        if (!group.areRuntimePermissionsGranted(mRequestedPermissions)) {
+                            group.grantRuntimePermissions(false, mRequestedPermissions);
                             group.setPolicyFixed();
                         }
                     } break;
 
                     case DevicePolicyManager.PERMISSION_POLICY_AUTO_DENY: {
-                        if (!group.areRuntimePermissionsGranted()) {
-                            group.revokeRuntimePermissions(false);
+                        if (group.areRuntimePermissionsGranted(mRequestedPermissions)) {
+                            group.revokeRuntimePermissions(false, mRequestedPermissions);
                             group.setPolicyFixed();
                         }
                     } break;
 
                     default: {
-                        mRequestGrantPermissionGroups.put(group.getName(), new GroupState(group));
+                        if (group.areRuntimePermissionsGranted(null)
+                                && !group.areRuntimePermissionsGranted(mRequestedPermissions)) {
+                            // If the group is granted but requested permissions
+                            // in it not we auto grant the these permissions.
+                            group.grantRuntimePermissions(group.isUserFixed(),
+                                    mRequestedPermissions);
+                        } else {
+                            mRequestGrantPermissionGroups.put(group.getName(),
+                                    new GroupState(group));
+                        }
                     } break;
                 }
             } else {
@@ -226,10 +235,10 @@ public class GrantPermissionsActivity extends OverlayTouchActivity
         GroupState groupState = mRequestGrantPermissionGroups.get(name);
         if (groupState.mGroup != null) {
             if (granted) {
-                groupState.mGroup.grantRuntimePermissions(doNotAskAgain);
+                groupState.mGroup.grantRuntimePermissions(doNotAskAgain, mRequestedPermissions);
                 groupState.mState = GroupState.STATE_ALLOWED;
             } else {
-                groupState.mGroup.revokeRuntimePermissions(doNotAskAgain);
+                groupState.mGroup.revokeRuntimePermissions(doNotAskAgain, mRequestedPermissions);
                 groupState.mState = GroupState.STATE_DENIED;
             }
             updateGrantResults(groupState.mGroup);
diff --git a/src/com/android/packageinstaller/permission/utils/SafetyNetLogger.java b/src/com/android/packageinstaller/permission/utils/SafetyNetLogger.java
index 8280ba36..851d41d2 100644
--- a/src/com/android/packageinstaller/permission/utils/SafetyNetLogger.java
+++ b/src/com/android/packageinstaller/permission/utils/SafetyNetLogger.java
@@ -63,7 +63,7 @@ public final class SafetyNetLogger {
                 builder.append(';');
             }
             builder.append(group.getName()).append('|');
-            builder.append(group.areRuntimePermissionsGranted()).append('|');
+            builder.append(group.areRuntimePermissionsGranted(null)).append('|');
             builder.append(group.getFlags());
         }
author	Svet Ganov <svetoslavganov@google.com>	2015-08-20 01:56:39 -0700
committer	The Android Automerger <android-build@google.com>	2015-08-20 12:55:54 -0700
commit	7d765a8bf06f7fa17fffb962d71e07a442bffad0 (patch)
tree	f39759200479d79430438534379028d998bec836
parent	9430f0d9168562d5d215527832549b96656f3d48 (diff)
download	android_packages_apps_PackageInstaller-7d765a8bf06f7fa17fffb962d71e07a442bffad0.tar.gz android_packages_apps_PackageInstaller-7d765a8bf06f7fa17fffb962d71e07a442bffad0.tar.bz2 android_packages_apps_PackageInstaller-7d765a8bf06f7fa17fffb962d71e07a442bffad0.zip