iot: Grant all runtime permissions for installed apks.

Iot devices don't have user-installable apps. In addition, not all iot devices have a screen. As such, it doesn't make sense to have runtime permissions nor can users grant them in all cases. Cherry-picked and adapted to depend on the FEATURE_EMBEDDED flag. Bug: 31220981 Bug: 35804180 Test: manual test w/app (cherry-picked from 1e577da550c523edea9bd23ef5a0baf221c936f8) Change-Id: Ib3ca73660bc511ab68982b82327463801b583d0b
author: Ralph Nathan <ralphnathan@google.com> 2016-09-30 17:10:09 -0700
committer: Alex Deymo <deymo@google.com> 2017-03-03 17:21:51 -0800
commit: 8d3a80405424b11a9f6741751fe40bb1cadce14c (patch)
tree: 8057cd29c84bc08bcfd945310198b9f8655aa2b0
parent: 870c26af90ce97dffe15f97aff387732ad44033e (diff)
1 files changed, 30 insertions, 15 deletions
diff --git a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
index 6365d1581cee..bb7ffda9863d 100644
--- a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
+++ b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
@@ -207,9 +207,35 @@ final class DefaultPermissionGrantPolicy {
     }
 
     public void grantDefaultPermissions(int userId) {
-        grantPermissionsToSysComponentsAndPrivApps(userId);
-        grantDefaultSystemHandlerPermissions(userId);
-        grantDefaultPermissionExceptions(userId);
+        if (mService.hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {
+            grantAllRuntimePermissions(userId);
+        } else {
+            grantPermissionsToSysComponentsAndPrivApps(userId);
+            grantDefaultSystemHandlerPermissions(userId);
+            grantDefaultPermissionExceptions(userId);
+        }
+    }
+
+    private void grantRuntimePermissionsForPackageLocked(int userId, PackageParser.Package pkg) {
+        Set<String> permissions = new ArraySet<>();
+        for (String permission :  pkg.requestedPermissions) {
+            BasePermission bp = mService.mSettings.mPermissions.get(permission);
+            if (bp != null && bp.isRuntime()) {
+                permissions.add(permission);
+            }
+        }
+        if (!permissions.isEmpty()) {
+            grantRuntimePermissionsLPw(pkg, permissions, true, userId);
+        }
+    }
+
+    private void grantAllRuntimePermissions(int userId) {
+        Log.i(TAG, "Granting all runtime permissions for user " + userId);
+        synchronized (mService.mPackages) {
+            for (PackageParser.Package pkg : mService.mPackages.values()) {
+                grantRuntimePermissionsForPackageLocked(userId, pkg);
+            }
+        }
     }
 
     public void scheduleReadDefaultPermissionExceptions() {
@@ -226,18 +252,7 @@ final class DefaultPermissionGrantPolicy {
                         || pkg.requestedPermissions.isEmpty()) {
                     continue;
                 }
-                Set<String> permissions = new ArraySet<>();
-                final int permissionCount = pkg.requestedPermissions.size();
-                for (int i = 0; i < permissionCount; i++) {
-                    String permission = pkg.requestedPermissions.get(i);
-                    BasePermission bp = mService.mSettings.mPermissions.get(permission);
-                    if (bp != null && bp.isRuntime()) {
-                        permissions.add(permission);
-                    }
-                }
-                if (!permissions.isEmpty()) {
-                    grantRuntimePermissionsLPw(pkg, permissions, true, userId);
-                }
+                grantRuntimePermissionsForPackageLocked(userId, pkg);
             }
         }
     }
author	Ralph Nathan <ralphnathan@google.com>	2016-09-30 17:10:09 -0700
committer	Alex Deymo <deymo@google.com>	2017-03-03 17:21:51 -0800
commit	8d3a80405424b11a9f6741751fe40bb1cadce14c (patch)
tree	8057cd29c84bc08bcfd945310198b9f8655aa2b0
parent	870c26af90ce97dffe15f97aff387732ad44033e (diff)