diff options
| author | Jeff Sharkey <jsharkey@android.com> | 2021-08-10 12:11:18 -0600 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2021-08-17 01:10:16 +0000 |
| commit | 773d4f36fcec4a5db1057dc4ff00cb3ffde0a304 (patch) | |
| tree | c70f324952762f0a9c972fdbf930b740d2077b90 | |
| parent | 6b313952524977c26b719303e8689a4548d14f54 (diff) | |
| download | base-773d4f36fcec4a5db1057dc4ff00cb3ffde0a304.tar.gz | |
Preserve certain "Nearby devices" implicit grants.
We're willing to preserve an implicit "Nearby devices" permission
grant if this app was already able to interact with nearby devices
via background location access.
If the app doesn't have background location access, then the implicit
"Nearby devices" grant will be revoked as normal. If the "Nearby
devices" permission had already been revoked through some other
means, it will remain revoked.
Bug: 195931693
Test: atest CtsPermission2TestCases CtsPermission3TestCases
Change-Id: I7d8df91954525da6473f70cb1759d9507e6a5606
(cherry picked from commit e2e6e67bf7e57cb5b2d1e530af9e79711f04f8de)
| -rw-r--r-- | services/core/java/com/android/server/pm/permission/PermissionManagerService.java | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java index 08a67d7f4bb5..1133faabcf69 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java @@ -217,6 +217,8 @@ public class PermissionManagerService extends IPermissionManager.Stub { /** All storage permissions */ private static final List<String> STORAGE_PERMISSIONS = new ArrayList<>(); + /** All nearby devices permissions */ + private static final List<String> NEARBY_DEVICES_PERMISSIONS = new ArrayList<>(); /** If the permission of the value is granted, so is the key */ private static final Map<String, String> FULLER_PERMISSION_MAP = new HashMap<>(); @@ -233,6 +235,9 @@ public class PermissionManagerService extends IPermissionManager.Stub { STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); STORAGE_PERMISSIONS.add(Manifest.permission.ACCESS_MEDIA_LOCATION); + NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.BLUETOOTH_ADVERTISE); + NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.BLUETOOTH_CONNECT); + NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.BLUETOOTH_SCAN); } /** Set of source package names for Privileged Permission Allowlist */ @@ -3076,13 +3081,26 @@ public class PermissionManagerService extends IPermissionManager.Stub { Permission bp = mRegistry.getPermission(permission); if (bp != null && bp.isRuntime()) { int flags = ps.getPermissionFlags(permission); - if ((flags & FLAG_PERMISSION_REVOKE_WHEN_REQUESTED) != 0) { - int flagsToRemove = FLAG_PERMISSION_REVOKE_WHEN_REQUESTED; + // We're willing to preserve an implicit "Nearby devices" + // permission grant if this app was already able to interact + // with nearby devices via background location access + boolean preserveGrant = false; + if (ArrayUtils.contains(NEARBY_DEVICES_PERMISSIONS, permission) + && ps.isPermissionGranted( + android.Manifest.permission.ACCESS_BACKGROUND_LOCATION) + && (ps.getPermissionFlags( + android.Manifest.permission.ACCESS_BACKGROUND_LOCATION) + & (FLAG_PERMISSION_REVOKE_WHEN_REQUESTED + | FLAG_PERMISSION_REVOKED_COMPAT)) == 0) { + preserveGrant = true; + } + if ((flags & BLOCKING_PERMISSION_FLAGS) == 0 - && supportsRuntimePermissions) { + && supportsRuntimePermissions + && !preserveGrant) { if (ps.revokePermission(bp)) { if (DEBUG_PERMISSIONS) { Slog.i(TAG, "Revoking runtime permission " |