Don't propagate unrequested permissions

When an instant app is re-installed, we attempt to propagate the previously accepted permissions. Instead of crashing the system_server, we simply ignore the previously granted permission and forget that the user ever granted it. If a second update to the instant app re-requests the permission, the user will again have to accept or deny. Test: atest GtsPackageManagerHostTestCases:PackageManagerHostTest Change-Id: I7bb9fb67159f6c4d4f4e2a24e7913d11713e826e Fixes: 72698203
author: Todd Kennedy <toddke@google.com> 2018-02-08 14:52:57 -0800
committer: Todd Kennedy <toddke@google.com> 2018-02-09 00:07:17 +0000
commit: 1a3216bbb9faaa8ddd402b80e173c55f784706d7 (patch)
tree: 79bf29d0a99b63bad9959828888d344ffc19ceaa
parent: 5931b2d1c4f7b14ae88ea74ae266f55524a0edce (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/services/core/java/com/android/server/pm/InstantAppRegistry.java b/services/core/java/com/android/server/pm/InstantAppRegistry.java
index 30088dd9b12f..fb81ebfec67e 100644
--- a/services/core/java/com/android/server/pm/InstantAppRegistry.java
+++ b/services/core/java/com/android/server/pm/InstantAppRegistry.java
@@ -274,7 +274,7 @@ class InstantAppRegistry {
             }
 
             // Propagate permissions before removing any state
-            propagateInstantAppPermissionsIfNeeded(pkg.packageName, userId);
+            propagateInstantAppPermissionsIfNeeded(pkg, userId);
 
             // Track instant apps
             if (ps.getInstantApp(userId)) {
@@ -869,10 +869,10 @@ class InstantAppRegistry {
         return uninstalledApps;
     }
 
-    private void propagateInstantAppPermissionsIfNeeded(@NonNull String packageName,
+    private void propagateInstantAppPermissionsIfNeeded(@NonNull PackageParser.Package pkg,
             @UserIdInt int userId) {
         InstantAppInfo appInfo = peekOrParseUninstalledInstantAppInfo(
-                packageName, userId);
+                pkg.packageName, userId);
         if (appInfo == null) {
             return;
         }
@@ -884,8 +884,8 @@ class InstantAppRegistry {
             for (String grantedPermission : appInfo.getGrantedPermissions()) {
                 final boolean propagatePermission =
                         mService.mSettings.canPropagatePermissionToInstantApp(grantedPermission);
-                if (propagatePermission) {
-                    mService.grantRuntimePermission(packageName, grantedPermission, userId);
+                if (propagatePermission && pkg.requestedPermissions.contains(grantedPermission)) {
+                    mService.grantRuntimePermission(pkg.packageName, grantedPermission, userId);
                 }
             }
         } finally {
author	Todd Kennedy <toddke@google.com>	2018-02-08 14:52:57 -0800
committer	Todd Kennedy <toddke@google.com>	2018-02-09 00:07:17 +0000
commit	1a3216bbb9faaa8ddd402b80e173c55f784706d7 (patch)
tree	79bf29d0a99b63bad9959828888d344ffc19ceaa
parent	5931b2d1c4f7b14ae88ea74ae266f55524a0edce (diff)