diff options
| author | 2015-03-25 09:10:09 -0700 | |
|---|---|---|
| committer | 2015-03-25 09:15:40 -0700 | |
| commit | 78027f3b72ad0cad4c39c3947985526ac31a6d3e (patch) | |
| tree | b0af4c056bdb5c4dece6d357135e45c63d0166cf | |
| parent | 94615e49e15dd23bcced3bfb152c67f16720db07 (diff) | |
Properly handle system app permissions.
System apps targeting SDK grater than Lollipop MR1 get runtime
permissions and when a new user is added we update the permissions
for all packages to ensure that the new user gets the runtime
permissions.
Change-Id: Ic7dc5b5a94b034e00d715a60b12f613803524c3b
| -rw-r--r-- | services/core/java/com/android/server/pm/PackageManagerService.java | 11 | ||||
| -rw-r--r-- | services/core/java/com/android/server/pm/UserManagerService.java | 1 |
2 files changed, 9 insertions, 3 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index ad51457f6cb9..5d3b0f143d1c 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -339,7 +339,7 @@ public class PackageManagerService extends IPackageManager.Stub { /** Permission grant: grant the permission as an install permission. */ private static final int GRANT_INSTALL = 2; - /** Permission grant: grant the permission as a runtime permission. */ + /** Permission grant: grant the permission as a runtime one. */ private static final int GRANT_RUNTIME = 3; /** Permission grant: grant as runtime a permission that was granted as an install time one. */ @@ -7022,8 +7022,8 @@ public class PackageManagerService extends IPackageManager.Stub { // For legacy apps dangerous permissions are install time ones. grant = GRANT_INSTALL; } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { - // For modern system apps dangerous permissions are install time ones. - grant = GRANT_INSTALL; + // For modern system apps dangerous permissions are runtime ones. + grant = GRANT_UPGRADE; } else { if (origPermissions.hasInstallPermission(bp.name)) { // For legacy apps that became modern, install becomes runtime. @@ -13358,6 +13358,11 @@ public class PackageManagerService extends IPackageManager.Stub { } } + void newUserCreatedLILPw(int userHandle) { + // Adding a user requires updating runtime permissions for system apps. + updatePermissionsLPw(null, null, UPDATE_PERMISSIONS_ALL); + } + @Override public VerifierDeviceIdentity getVerifierDeviceIdentity() throws RemoteException { mContext.enforceCallingOrSelfPermission( diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java index 26ecb729ab27..8cc9d192caa6 100644 --- a/services/core/java/com/android/server/pm/UserManagerService.java +++ b/services/core/java/com/android/server/pm/UserManagerService.java @@ -1219,6 +1219,7 @@ public class UserManagerService extends IUserManager.Stub { updateUserIdsLocked(); Bundle restrictions = new Bundle(); mUserRestrictions.append(userId, restrictions); + mPm.newUserCreatedLILPw(userId); } } if (userInfo != null) { |