diff options
author | Philip P. Moltmann <moltmann@google.com> | 2019-06-04 14:54:16 -0700 |
---|---|---|
committer | Philip P. Moltmann <moltmann@google.com> | 2019-06-04 15:00:03 -0700 |
commit | acce1d78376532a6209372bbef2d4e8276f00a0e (patch) | |
tree | 0016ac398b9f7fa8e90b08f6756f7eb3ba595aba /src | |
parent | d7e985e19272f70fe0218e78b5036c10d89cc403 (diff) | |
download | android_packages_apps_PackageInstaller-acce1d78376532a6209372bbef2d4e8276f00a0e.tar.gz android_packages_apps_PackageInstaller-acce1d78376532a6209372bbef2d4e8276f00a0e.tar.bz2 android_packages_apps_PackageInstaller-acce1d78376532a6209372bbef2d4e8276f00a0e.zip |
Re-grandfather storage perms
Apprantly some dogfooders got storage permissions that were not
whitelisted. This should have never happened.
Non-whitelisted permission on pre-Q app now means that the pemission is
not grantable anymore, hence the effect of this state is much more
severe than before.
Hence force grandfathering at this time to make sure everybody is back
in a good state.
Fixes: 134508486
Test: Installed P -> Installed Whatsapp -> Granted storage perm -> Upgraded
to Q -> Checked that storage perm is grandfathered.
Change-Id: Iaa667644d6c3ae8db234b96143b67dcd33b773df
Diffstat (limited to 'src')
-rw-r--r-- | src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java | 49 |
1 files changed, 27 insertions, 22 deletions
diff --git a/src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java b/src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java index 42f415bf..f64a72b3 100644 --- a/src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java +++ b/src/com/android/packageinstaller/permission/service/RuntimePermissionsUpgradeController.java @@ -38,7 +38,7 @@ class RuntimePermissionsUpgradeController { private static final String LOG_TAG = RuntimePermissionsUpgradeController.class.getSimpleName(); // The latest version of the runtime permissions database - private static final int LATEST_VERSION = 5; + private static final int LATEST_VERSION = 6; private RuntimePermissionsUpgradeController() { /* do nothing - hide constructor */ @@ -121,27 +121,7 @@ class RuntimePermissionsUpgradeController { } if (currentVersion == 2) { - Log.i(LOG_TAG, "Grandfathering Storage permissions"); - - final List<String> storagePermissions = Utils.getPlatformPermissionNamesOfGroup( - Manifest.permission_group.STORAGE); - - for (int i = 0; i < appCount; i++) { - final PackageInfo app = apps.get(i); - if (app.requestedPermissions == null) { - continue; - } - - // We don't want to allow modification of storage post install, so put it - // on the internal system whitelist to prevent the installer changing it. - for (String requestedPermission : app.requestedPermissions) { - if (storagePermissions.contains(requestedPermission)) { - context.getPackageManager().addWhitelistedRestrictedPermission( - app.packageName, requestedPermission, - PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE); - } - } - } + // moved to step 5->6 to clean up broken permission state during dogfooding currentVersion = 3; } @@ -206,6 +186,31 @@ class RuntimePermissionsUpgradeController { currentVersion = 5; } + if (currentVersion == 5) { + Log.i(LOG_TAG, "Grandfathering Storage permissions"); + + final List<String> storagePermissions = Utils.getPlatformPermissionNamesOfGroup( + Manifest.permission_group.STORAGE); + + for (int i = 0; i < appCount; i++) { + final PackageInfo app = apps.get(i); + if (app.requestedPermissions == null) { + continue; + } + + // We don't want to allow modification of storage post install, so put it + // on the internal system whitelist to prevent the installer changing it. + for (String requestedPermission : app.requestedPermissions) { + if (storagePermissions.contains(requestedPermission)) { + context.getPackageManager().addWhitelistedRestrictedPermission( + app.packageName, requestedPermission, + PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE); + } + } + } + currentVersion = 6; + } + // XXX: Add new upgrade steps above this point. return currentVersion; |