diff options
| author | Hongming Jin <hongmingjin@google.com> | 2018-08-08 15:01:57 -0700 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2018-09-10 23:19:54 +0000 |
| commit | 25060bbde58faf298a7ed5cd9b0bf48acf0c2405 (patch) | |
| tree | d0b69895749f3f98577a70db9b83b1f427ece641 | |
| parent | 181dc252ddec574464882970d3fab290e8b625b5 (diff) | |
| download | base-25060bbde58faf298a7ed5cd9b0bf48acf0c2405.tar.gz | |
RESTRICT AUTOMERGE: Check both self and shared user id package for requested permissions.
Bug: 111752150
Test: Manual local test
Change-Id: I80383300cd5d2455d08a0ad91000efa85404903b
(cherry picked from commit 5e37e9d962c476202590bef32b87c2eb794d61a1)
| -rw-r--r-- | services/core/java/com/android/server/pm/permission/BasePermission.java | 5 | ||||
| -rw-r--r-- | services/core/java/com/android/server/pm/permission/PermissionsState.java | 9 |
2 files changed, 12 insertions, 2 deletions
diff --git a/services/core/java/com/android/server/pm/permission/BasePermission.java b/services/core/java/com/android/server/pm/permission/BasePermission.java index 1d002efc546f..820258022fd5 100644 --- a/services/core/java/com/android/server/pm/permission/BasePermission.java +++ b/services/core/java/com/android/server/pm/permission/BasePermission.java @@ -39,6 +39,7 @@ import android.util.Slog; import com.android.server.pm.DumpState; import com.android.server.pm.PackageManagerService; +import com.android.server.pm.PackageSetting; import com.android.server.pm.PackageSettingBase; import org.xmlpull.v1.XmlPullParser; @@ -374,8 +375,10 @@ public final class BasePermission { } public void enforceDeclaredUsedAndRuntimeOrDevelopment(PackageParser.Package pkg) { + final PackageSetting pkgSetting = (PackageSetting) pkg.mExtras; + final PermissionsState permsState = pkgSetting.getPermissionsState(); int index = pkg.requestedPermissions.indexOf(name); - if (index == -1) { + if (!permsState.hasRequestedPermission(name) && index == -1) { throw new SecurityException("Package " + pkg.packageName + " has not requested permission " + name); } diff --git a/services/core/java/com/android/server/pm/permission/PermissionsState.java b/services/core/java/com/android/server/pm/permission/PermissionsState.java index 11df380427eb..5e66bfc3cd3e 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionsState.java +++ b/services/core/java/com/android/server/pm/permission/PermissionsState.java @@ -20,9 +20,9 @@ import android.content.pm.PackageManager; import android.os.UserHandle; import android.util.ArrayMap; import android.util.ArraySet; - import android.util.SparseArray; import android.util.SparseBooleanArray; + import com.android.internal.util.ArrayUtils; import java.util.ArrayList; @@ -291,6 +291,13 @@ public final class PermissionsState { } /** + * Returns whether the state has any known request for the given permission name, + * whether or not it has been granted. + */ + public boolean hasRequestedPermission(String name) { + return mPermissions != null && (mPermissions.get(name) != null); + } + /** * Gets all permissions for a given device user id regardless if they * are install time or runtime permissions. * |