diff options
author | TreeHugger Robot <treehugger-gerrit@google.com> | 2019-06-25 21:52:18 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2019-06-25 21:52:18 +0000 |
commit | bfb184415188d45882b52e3f76ffb76455689ff1 (patch) | |
tree | 62c70fa0c1be7abd2cadbd6db0dd123fd478fe38 | |
parent | f60f249d03812b3690f33e049fea1393cc3e26cf (diff) | |
parent | 262a70a0088e062822a424898ef4d8f3264b3bc4 (diff) | |
download | android_packages_apps_PackageInstaller-bfb184415188d45882b52e3f76ffb76455689ff1.tar.gz android_packages_apps_PackageInstaller-bfb184415188d45882b52e3f76ffb76455689ff1.tar.bz2 android_packages_apps_PackageInstaller-bfb184415188d45882b52e3f76ffb76455689ff1.zip |
Merge "Whitelist all permission in apks on /system" into qt-dev
-rw-r--r-- | src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java b/src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java index bac015a6..cac2ef2c 100644 --- a/src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java +++ b/src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java @@ -22,6 +22,7 @@ import android.Manifest; import android.content.Context; import android.content.pm.PackageInfo; import android.content.pm.PackageManager; +import android.content.pm.PermissionInfo; import android.permission.PermissionManager; import android.text.TextUtils; import android.util.Log; @@ -54,6 +55,8 @@ class RuntimePermissionsUpgradeController { PermissionManager.class); final int currentVersion = permissionManager.getRuntimePermissionsVersion(); + whitelistAllSystemAppPermissions(context); + final int upgradedVersion = onUpgradeLocked(context, currentVersion); if (upgradedVersion != LATEST_VERSION) { @@ -70,6 +73,51 @@ class RuntimePermissionsUpgradeController { } /** + * Whitelist permissions of system-apps. + * + * <p>Apps that are updated via OTAs are never installed. Hence their permission are never + * whitelisted. This code replaces that by always whitelisting them. + * + * @param context A context to talk to the platform + */ + private static void whitelistAllSystemAppPermissions(@NonNull Context context) { + // Only whitelist permissions that are in the OTA. For non-OTA updates the installer should + // do the white-listing + final List<PackageInfo> apps = context.getPackageManager() + .getInstalledPackages(PackageManager.GET_PERMISSIONS + | PackageManager.MATCH_UNINSTALLED_PACKAGES + | PackageManager.MATCH_FACTORY_ONLY); + + final int appCount = apps.size(); + for (int i = 0; i < appCount; i++) { + final PackageInfo app = apps.get(i); + + if (app.requestedPermissions == null) { + continue; + } + + for (String requestedPermission : app.requestedPermissions) { + final PermissionInfo permInfo; + try { + permInfo = context.getPackageManager().getPermissionInfo( + requestedPermission, 0); + } catch (PackageManager.NameNotFoundException e) { + continue; + } + + if ((permInfo.flags & (PermissionInfo.FLAG_HARD_RESTRICTED + | PermissionInfo.FLAG_SOFT_RESTRICTED)) == 0) { + continue; + } + + context.getPackageManager().addWhitelistedRestrictedPermission( + app.packageName, requestedPermission, + PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE); + } + } + } + + /** * You must perform all necessary mutations to bring the runtime permissions * database from the old to the new version. When you add a new upgrade step * you *must* update LATEST_VERSION. |