diff options
author | akirilov <akirilov@google.com> | 2018-08-24 15:43:05 -0700 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2018-09-11 23:19:39 +0000 |
commit | 552371d1a15acfe97b7894eb463dc43493868248 (patch) | |
tree | b8a43cbc22a4e4caa31837e4ca3f6f62794c0c91 | |
parent | c9bc35a45da1e765eb36af604c0c580bd66644cc (diff) | |
download | base-552371d1a15acfe97b7894eb463dc43493868248.tar.gz |
RESTRICT AUTOMERGE: Check both self and shared user id package for requested permissions.
Bug: 111752150
Test: Manual local test
Change-Id: I0b48a20525f87fc6f5ab8d7e70aa7d11cd747f97
(cherry picked from commit 05dc947c63a2304adce53a0aef6b0e0a9db9343a)
-rw-r--r-- | services/core/java/com/android/server/pm/PackageManagerService.java | 5 | ||||
-rw-r--r-- | services/core/java/com/android/server/pm/PermissionsState.java | 8 |
2 files changed, 12 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index d6b572835950..828984ff7c15 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -284,6 +284,7 @@ import com.android.server.Watchdog; import com.android.server.net.NetworkPolicyManagerInternal; import com.android.server.pm.Installer.InstallerException; import com.android.server.pm.PermissionsState.PermissionState; +import com.android.server.pm.PackageSetting; import com.android.server.pm.Settings.DatabaseVersion; import com.android.server.pm.Settings.VersionInfo; import com.android.server.pm.dex.DexManager; @@ -5617,8 +5618,10 @@ public class PackageManagerService extends IPackageManager.Stub private static void enforceDeclaredAsUsedAndRuntimeOrDevelopmentPermission( PackageParser.Package pkg, BasePermission bp) { + final PackageSetting pkgSetting = (PackageSetting) pkg.mExtras; + final PermissionsState permsState = pkgSetting.getPermissionsState(); int index = pkg.requestedPermissions.indexOf(bp.name); - if (index == -1) { + if (!permsState.hasRequestedPermission(bp.name) && index == -1) { throw new SecurityException("Package " + pkg.packageName + " has not requested permission " + bp.name); } diff --git a/services/core/java/com/android/server/pm/PermissionsState.java b/services/core/java/com/android/server/pm/PermissionsState.java index f4d2ad2c6eb0..a14d09ed9172 100644 --- a/services/core/java/com/android/server/pm/PermissionsState.java +++ b/services/core/java/com/android/server/pm/PermissionsState.java @@ -291,6 +291,14 @@ public final class PermissionsState { } /** + * Returns whether the state has any known request for the given permission name, + * whether or not it has been granted. + */ + public boolean hasRequestedPermission(String name) { + return mPermissions != null && (mPermissions.get(name) != null); + } + + /** * Gets all permissions for a given device user id regardless if they * are install time or runtime permissions. * |