diff options
author | Philip P. Moltmann <moltmann@google.com> | 2019-05-30 11:12:54 -0700 |
---|---|---|
committer | Philip P. Moltmann <moltmann@google.com> | 2019-05-31 16:30:54 -0700 |
commit | 4e098b627b6bc793bb07df5162f80cf6b400a90d (patch) | |
tree | b239122be2bfff06c3c700bdada056dc67f6b4fd /src | |
parent | 48629c95db1a2213a24363fc1597845a0bf1bab9 (diff) | |
download | android_packages_apps_PackageInstaller-4e098b627b6bc793bb07df5162f80cf6b400a90d.tar.gz android_packages_apps_PackageInstaller-4e098b627b6bc793bb07df5162f80cf6b400a90d.tar.bz2 android_packages_apps_PackageInstaller-4e098b627b6bc793bb07df5162f80cf6b400a90d.zip |
Hide storage perm if restriced
The storage perm behaves as if hard restricted when taregtSDK<29. This
should include hiding it from the UI if not whitelisted.
Bug: 131188778
Test: Looked at UI and did not see non-whitelisted storage perms
Change-Id: I829232ceb68a27f174515f9fe8f6cf7c4e2e6176
Diffstat (limited to 'src')
3 files changed, 75 insertions, 2 deletions
diff --git a/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java b/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java index 41483c0f..da527777 100644 --- a/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java +++ b/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java @@ -47,6 +47,7 @@ import androidx.annotation.StringRes; import com.android.packageinstaller.permission.service.LocationAccessCheck; import com.android.packageinstaller.permission.utils.ArrayUtils; import com.android.packageinstaller.permission.utils.LocationUtils; +import com.android.packageinstaller.permission.utils.SoftRestrictedPermissionPolicy; import com.android.packageinstaller.permission.utils.Utils; import com.android.permissioncontroller.R; @@ -341,8 +342,10 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup> group.getBackgroundPermissions().addPermission(permission); } else { - if (!permission.isHardRestricted() - || whitelistedRestrictedPermissions.contains(permission.getName())) { + if ((!permission.isHardRestricted() + || whitelistedRestrictedPermissions.contains(permission.getName())) + && (!permission.isSoftRestricted() + || SoftRestrictedPermissionPolicy.shouldShow(packageInfo, permission))) { group.addPermission(permission); } } diff --git a/src/com/android/packageinstaller/permission/model/Permission.java b/src/com/android/packageinstaller/permission/model/Permission.java index 18f1e2ab..463c3479 100644 --- a/src/com/android/packageinstaller/permission/model/Permission.java +++ b/src/com/android/packageinstaller/permission/model/Permission.java @@ -99,6 +99,10 @@ public final class Permission { return (mPermissionInfo.flags & PermissionInfo.FLAG_HARD_RESTRICTED) != 0; } + boolean isSoftRestricted() { + return (mPermissionInfo.flags & PermissionInfo.FLAG_SOFT_RESTRICTED) != 0; + } + /** * Does this permission affect app ops. * diff --git a/src/com/android/packageinstaller/permission/utils/SoftRestrictedPermissionPolicy.java b/src/com/android/packageinstaller/permission/utils/SoftRestrictedPermissionPolicy.java new file mode 100644 index 00000000..cad3d3b4 --- /dev/null +++ b/src/com/android/packageinstaller/permission/utils/SoftRestrictedPermissionPolicy.java @@ -0,0 +1,66 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.packageinstaller.permission.utils; + +import static android.Manifest.permission.READ_EXTERNAL_STORAGE; +import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; +import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT; +import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT; +import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT; + +import android.content.pm.PackageInfo; +import android.os.Build; + +import androidx.annotation.NonNull; + +import com.android.packageinstaller.permission.model.Permission; + +/** + * The behavior of soft restricted permissions is different for each permission. This class collects + * the policies in one place. + * + * This is the twin of {@link com.android.server.policy.SoftRestrictedPermissionPolicy} + */ +public abstract class SoftRestrictedPermissionPolicy { + private static final int FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT = + FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT + | FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT + | FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT; + + /** + * Check if the permission should be shown in the UI. + * + * @param pkg the package the permission belongs to + * @param permission the permission + * + * @return {@code true} iff the permission should be shown in the UI. + */ + public static boolean shouldShow(@NonNull PackageInfo pkg, @NonNull Permission permission) { + switch (permission.getName()) { + case READ_EXTERNAL_STORAGE: + case WRITE_EXTERNAL_STORAGE: { + boolean isWhiteListed = + (permission.getFlags() & FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT) != 0; + int targetSDK = pkg.applicationInfo.targetSdkVersion; + + return isWhiteListed || targetSDK >= Build.VERSION_CODES.Q; + } + default: + return true; + } + } +} |