diff options
author | Philip P. Moltmann <moltmann@google.com> | 2019-06-25 08:50:41 -0700 |
---|---|---|
committer | Philip P. Moltmann <moltmann@google.com> | 2019-06-25 10:14:02 -0700 |
commit | 262a70a0088e062822a424898ef4d8f3264b3bc4 (patch) | |
tree | 1fe5fbd369a6964c79d2a0e325c6bcfcab714df9 | |
parent | a60eaef48b042f5c5ecfe69ff103ccd62a8d4024 (diff) | |
download | android_packages_apps_PackageInstaller-262a70a0088e062822a424898ef4d8f3264b3bc4.tar.gz android_packages_apps_PackageInstaller-262a70a0088e062822a424898ef4d8f3264b3bc4.tar.bz2 android_packages_apps_PackageInstaller-262a70a0088e062822a424898ef4d8f3264b3bc4.zip |
Whitelist all permission in apks on /system
As these apps never get installed, there is no entity white-listing
these permissions. Hence the system needs to do that.
Test: Added permission to an app during OTA and made sure that it is
white-listed
Bug: 135950886
Change-Id: I882c033f995c684a4eb0460c7adce0bb870a16c8
-rw-r--r-- | src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java b/src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java index bac015a6..cac2ef2c 100644 --- a/src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java +++ b/src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java @@ -22,6 +22,7 @@ import android.Manifest; import android.content.Context; import android.content.pm.PackageInfo; import android.content.pm.PackageManager; +import android.content.pm.PermissionInfo; import android.permission.PermissionManager; import android.text.TextUtils; import android.util.Log; @@ -54,6 +55,8 @@ class RuntimePermissionsUpgradeController { PermissionManager.class); final int currentVersion = permissionManager.getRuntimePermissionsVersion(); + whitelistAllSystemAppPermissions(context); + final int upgradedVersion = onUpgradeLocked(context, currentVersion); if (upgradedVersion != LATEST_VERSION) { @@ -70,6 +73,51 @@ class RuntimePermissionsUpgradeController { } /** + * Whitelist permissions of system-apps. + * + * <p>Apps that are updated via OTAs are never installed. Hence their permission are never + * whitelisted. This code replaces that by always whitelisting them. + * + * @param context A context to talk to the platform + */ + private static void whitelistAllSystemAppPermissions(@NonNull Context context) { + // Only whitelist permissions that are in the OTA. For non-OTA updates the installer should + // do the white-listing + final List<PackageInfo> apps = context.getPackageManager() + .getInstalledPackages(PackageManager.GET_PERMISSIONS + | PackageManager.MATCH_UNINSTALLED_PACKAGES + | PackageManager.MATCH_FACTORY_ONLY); + + final int appCount = apps.size(); + for (int i = 0; i < appCount; i++) { + final PackageInfo app = apps.get(i); + + if (app.requestedPermissions == null) { + continue; + } + + for (String requestedPermission : app.requestedPermissions) { + final PermissionInfo permInfo; + try { + permInfo = context.getPackageManager().getPermissionInfo( + requestedPermission, 0); + } catch (PackageManager.NameNotFoundException e) { + continue; + } + + if ((permInfo.flags & (PermissionInfo.FLAG_HARD_RESTRICTED + | PermissionInfo.FLAG_SOFT_RESTRICTED)) == 0) { + continue; + } + + context.getPackageManager().addWhitelistedRestrictedPermission( + app.packageName, requestedPermission, + PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE); + } + } + } + + /** * You must perform all necessary mutations to bring the runtime permissions * database from the old to the new version. When you add a new upgrade step * you *must* update LATEST_VERSION. |