Re-grandfather storage perms

Apprantly some dogfooders got storage permissions that were not whitelisted. This should have never happened. Non-whitelisted permission on pre-Q app now means that the pemission is not grantable anymore, hence the effect of this state is much more severe than before. Hence force grandfathering at this time to make sure everybody is back in a good state. Fixes: 134508486 Test: Installed P -> Installed Whatsapp -> Granted storage perm -> Upgraded to Q -> Checked that storage perm is grandfathered. Change-Id: Iaa667644d6c3ae8db234b96143b67dcd33b773df
author: Philip P. Moltmann <moltmann@google.com> 2019-06-04 14:54:16 -0700
committer: Philip P. Moltmann <moltmann@google.com> 2019-06-04 15:00:03 -0700
commit: acce1d78376532a6209372bbef2d4e8276f00a0e (patch)
tree: 0016ac398b9f7fa8e90b08f6756f7eb3ba595aba /src
parent: d7e985e19272f70fe0218e78b5036c10d89cc403 (diff)
download: android_packages_apps_PackageInstaller-acce1d78376532a6209372bbef2d4e8276f00a0e.tar.gz
android_packages_apps_PackageInstaller-acce1d78376532a6209372bbef2d4e8276f00a0e.tar.bz2
android_packages_apps_PackageInstaller-acce1d78376532a6209372bbef2d4e8276f00a0e.zip
1 files changed, 27 insertions, 22 deletions
diff --git a/src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java b/src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java
index 42f415bf..f64a72b3 100644
--- a/src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java
+++ b/src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java
@@ -38,7 +38,7 @@ class RuntimePermissionsUpgradeController {
     private static final String LOG_TAG = RuntimePermissionsUpgradeController.class.getSimpleName();
 
     // The latest version of the runtime permissions database
-    private static final int LATEST_VERSION = 5;
+    private static final int LATEST_VERSION = 6;
 
     private RuntimePermissionsUpgradeController() {
         /* do nothing - hide constructor */
@@ -121,27 +121,7 @@ class RuntimePermissionsUpgradeController {
         }
 
         if (currentVersion == 2) {
-            Log.i(LOG_TAG, "Grandfathering Storage permissions");
-
-            final List<String> storagePermissions = Utils.getPlatformPermissionNamesOfGroup(
-                    Manifest.permission_group.STORAGE);
-
-            for (int i = 0; i < appCount; i++) {
-                final PackageInfo app = apps.get(i);
-                if (app.requestedPermissions == null) {
-                    continue;
-                }
-
-                // We don't want to allow modification of storage post install, so put it
-                // on the internal system whitelist to prevent the installer changing it.
-                for (String requestedPermission : app.requestedPermissions) {
-                    if (storagePermissions.contains(requestedPermission)) {
-                        context.getPackageManager().addWhitelistedRestrictedPermission(
-                                app.packageName, requestedPermission,
-                                PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE);
-                    }
-                }
-            }
+            // moved to step 5->6 to clean up broken permission state during dogfooding
             currentVersion = 3;
         }
 
@@ -206,6 +186,31 @@ class RuntimePermissionsUpgradeController {
             currentVersion = 5;
         }
 
+        if (currentVersion == 5) {
+            Log.i(LOG_TAG, "Grandfathering Storage permissions");
+
+            final List<String> storagePermissions = Utils.getPlatformPermissionNamesOfGroup(
+                    Manifest.permission_group.STORAGE);
+
+            for (int i = 0; i < appCount; i++) {
+                final PackageInfo app = apps.get(i);
+                if (app.requestedPermissions == null) {
+                    continue;
+                }
+
+                // We don't want to allow modification of storage post install, so put it
+                // on the internal system whitelist to prevent the installer changing it.
+                for (String requestedPermission : app.requestedPermissions) {
+                    if (storagePermissions.contains(requestedPermission)) {
+                        context.getPackageManager().addWhitelistedRestrictedPermission(
+                                app.packageName, requestedPermission,
+                                PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE);
+                    }
+                }
+            }
+            currentVersion = 6;
+        }
+
         // XXX: Add new upgrade steps above this point.
 
         return currentVersion;
author	Philip P. Moltmann <moltmann@google.com>	2019-06-04 14:54:16 -0700
committer	Philip P. Moltmann <moltmann@google.com>	2019-06-04 15:00:03 -0700
commit	acce1d78376532a6209372bbef2d4e8276f00a0e (patch)
tree	0016ac398b9f7fa8e90b08f6756f7eb3ba595aba /src
parent	d7e985e19272f70fe0218e78b5036c10d89cc403 (diff)
download	android_packages_apps_PackageInstaller-acce1d78376532a6209372bbef2d4e8276f00a0e.tar.gz android_packages_apps_PackageInstaller-acce1d78376532a6209372bbef2d4e8276f00a0e.tar.bz2 android_packages_apps_PackageInstaller-acce1d78376532a6209372bbef2d4e8276f00a0e.zip