RESTRICT AUTOMERGE: Check both self and shared user id package for requested permissions.

Bug: 111752150 Test: Manual local test Change-Id: I0b48a20525f87fc6f5ab8d7e70aa7d11cd747f97 (cherry picked from commit 05dc947c63a2304adce53a0aef6b0e0a9db9343a)
author: akirilov <akirilov@google.com> 2018-08-24 15:43:05 -0700
committer: android-build-team Robot <android-build-team-robot@google.com> 2018-09-11 23:19:39 +0000
commit: 552371d1a15acfe97b7894eb463dc43493868248 (patch)
tree: b8a43cbc22a4e4caa31837e4ca3f6f62794c0c91
parent: c9bc35a45da1e765eb36af604c0c580bd66644cc (diff)
download: base-552371d1a15acfe97b7894eb463dc43493868248.tar.gz
2 files changed, 12 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index d6b572835950..828984ff7c15 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -284,6 +284,7 @@ import com.android.server.Watchdog;
 import com.android.server.net.NetworkPolicyManagerInternal;
 import com.android.server.pm.Installer.InstallerException;
 import com.android.server.pm.PermissionsState.PermissionState;
+import com.android.server.pm.PackageSetting;
 import com.android.server.pm.Settings.DatabaseVersion;
 import com.android.server.pm.Settings.VersionInfo;
 import com.android.server.pm.dex.DexManager;
@@ -5617,8 +5618,10 @@ public class PackageManagerService extends IPackageManager.Stub
 
     private static void enforceDeclaredAsUsedAndRuntimeOrDevelopmentPermission(
             PackageParser.Package pkg, BasePermission bp) {
+        final PackageSetting pkgSetting = (PackageSetting) pkg.mExtras;
+        final PermissionsState permsState = pkgSetting.getPermissionsState();
         int index = pkg.requestedPermissions.indexOf(bp.name);
-        if (index == -1) {
+        if (!permsState.hasRequestedPermission(bp.name) && index == -1) {
             throw new SecurityException("Package " + pkg.packageName
                     + " has not requested permission " + bp.name);
         }
diff --git a/services/core/java/com/android/server/pm/PermissionsState.java b/services/core/java/com/android/server/pm/PermissionsState.java
index f4d2ad2c6eb0..a14d09ed9172 100644
--- a/services/core/java/com/android/server/pm/PermissionsState.java
+++ b/services/core/java/com/android/server/pm/PermissionsState.java
@@ -291,6 +291,14 @@ public final class PermissionsState {
     }
 
     /**
+     * Returns whether the state has any known request for the given permission name,
+     * whether or not it has been granted.
+     */
+    public boolean hasRequestedPermission(String name) {
+        return mPermissions != null && (mPermissions.get(name) != null);
+    }
+
+    /**
      * Gets all permissions for a given device user id regardless if they
      * are install time or runtime permissions.
      *
author	akirilov <akirilov@google.com>	2018-08-24 15:43:05 -0700
committer	android-build-team Robot <android-build-team-robot@google.com>	2018-09-11 23:19:39 +0000
commit	552371d1a15acfe97b7894eb463dc43493868248 (patch)
tree	b8a43cbc22a4e4caa31837e4ca3f6f62794c0c91
parent	c9bc35a45da1e765eb36af604c0c580bd66644cc (diff)
download	base-552371d1a15acfe97b7894eb463dc43493868248.tar.gz