diff options
author | Jeff Sharkey <jsharkey@google.com> | 2021-08-16 15:55:08 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2021-08-16 15:55:08 +0000 |
commit | 5af6057607e41068810cd17d053212639f9313e0 (patch) | |
tree | 24b36b29baf4c12c46217df2009fb76e33daf202 | |
parent | 1561c6ac277a2246e12a1b19ce2c88d5702cac98 (diff) | |
parent | e2e6e67bf7e57cb5b2d1e530af9e79711f04f8de (diff) | |
download | base-5af6057607e41068810cd17d053212639f9313e0.tar.gz |
Merge "Preserve certain "Nearby devices" implicit grants." into sc-dev
-rw-r--r-- | services/core/java/com/android/server/pm/permission/PermissionManagerService.java | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java index 08a67d7f4bb5..1133faabcf69 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java @@ -217,6 +217,8 @@ public class PermissionManagerService extends IPermissionManager.Stub { /** All storage permissions */ private static final List<String> STORAGE_PERMISSIONS = new ArrayList<>(); + /** All nearby devices permissions */ + private static final List<String> NEARBY_DEVICES_PERMISSIONS = new ArrayList<>(); /** If the permission of the value is granted, so is the key */ private static final Map<String, String> FULLER_PERMISSION_MAP = new HashMap<>(); @@ -233,6 +235,9 @@ public class PermissionManagerService extends IPermissionManager.Stub { STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); STORAGE_PERMISSIONS.add(Manifest.permission.ACCESS_MEDIA_LOCATION); + NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.BLUETOOTH_ADVERTISE); + NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.BLUETOOTH_CONNECT); + NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.BLUETOOTH_SCAN); } /** Set of source package names for Privileged Permission Allowlist */ @@ -3076,13 +3081,26 @@ public class PermissionManagerService extends IPermissionManager.Stub { Permission bp = mRegistry.getPermission(permission); if (bp != null && bp.isRuntime()) { int flags = ps.getPermissionFlags(permission); - if ((flags & FLAG_PERMISSION_REVOKE_WHEN_REQUESTED) != 0) { - int flagsToRemove = FLAG_PERMISSION_REVOKE_WHEN_REQUESTED; + // We're willing to preserve an implicit "Nearby devices" + // permission grant if this app was already able to interact + // with nearby devices via background location access + boolean preserveGrant = false; + if (ArrayUtils.contains(NEARBY_DEVICES_PERMISSIONS, permission) + && ps.isPermissionGranted( + android.Manifest.permission.ACCESS_BACKGROUND_LOCATION) + && (ps.getPermissionFlags( + android.Manifest.permission.ACCESS_BACKGROUND_LOCATION) + & (FLAG_PERMISSION_REVOKE_WHEN_REQUESTED + | FLAG_PERMISSION_REVOKED_COMPAT)) == 0) { + preserveGrant = true; + } + if ((flags & BLOCKING_PERMISSION_FLAGS) == 0 - && supportsRuntimePermissions) { + && supportsRuntimePermissions + && !preserveGrant) { if (ps.revokePermission(bp)) { if (DEBUG_PERMISSIONS) { Slog.i(TAG, "Revoking runtime permission " |