Merge "Properly handle system app permissions."

author: Svet Ganov <svetoslavganov@google.com> 2015-03-25 16:19:57 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2015-03-25 16:19:58 +0000
commit: d4b1676f5715d3a92a573a90ccd1cbf6f39f51da (patch)
tree: e5962f1d49f1df0ac9a330e03dcc0dcef9667629
parent: 95872a2e65b1cb8ab77a9cbb2cdfff14833d8585 (diff)
parent: 78027f3b72ad0cad4c39c3947985526ac31a6d3e (diff)
2 files changed, 9 insertions, 3 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index ad51457f6cb9..5d3b0f143d1c 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -339,7 +339,7 @@ public class PackageManagerService extends IPackageManager.Stub {
     /** Permission grant: grant the permission as an install permission. */
     private static final int GRANT_INSTALL = 2;
 
-    /** Permission grant: grant the permission as a runtime permission. */
+    /** Permission grant: grant the permission as a runtime one. */
     private static final int GRANT_RUNTIME = 3;
 
     /** Permission grant: grant as runtime a permission that was granted as an install time one. */
@@ -7022,8 +7022,8 @@ public class PackageManagerService extends IPackageManager.Stub {
                         // For legacy apps dangerous permissions are install time ones.
                         grant = GRANT_INSTALL;
                     } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {
-                        // For modern system apps dangerous permissions are install time ones.
-                        grant = GRANT_INSTALL;
+                        // For modern system apps dangerous permissions are runtime ones.
+                        grant = GRANT_UPGRADE;
                     } else {
                         if (origPermissions.hasInstallPermission(bp.name)) {
                             // For legacy apps that became modern, install becomes runtime.
@@ -13358,6 +13358,11 @@ public class PackageManagerService extends IPackageManager.Stub {
         }
     }
 
+    void newUserCreatedLILPw(int userHandle) {
+        // Adding a user requires updating runtime permissions for system apps.
+        updatePermissionsLPw(null, null, UPDATE_PERMISSIONS_ALL);
+    }
+
     @Override
     public VerifierDeviceIdentity getVerifierDeviceIdentity() throws RemoteException {
         mContext.enforceCallingOrSelfPermission(
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index 26ecb729ab27..8cc9d192caa6 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -1219,6 +1219,7 @@ public class UserManagerService extends IUserManager.Stub {
                     updateUserIdsLocked();
                     Bundle restrictions = new Bundle();
                     mUserRestrictions.append(userId, restrictions);
+                    mPm.newUserCreatedLILPw(userId);
                 }
             }
             if (userInfo != null) {
author	Svet Ganov <svetoslavganov@google.com>	2015-03-25 16:19:57 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2015-03-25 16:19:58 +0000
commit	d4b1676f5715d3a92a573a90ccd1cbf6f39f51da (patch)
tree	e5962f1d49f1df0ac9a330e03dcc0dcef9667629
parent	95872a2e65b1cb8ab77a9cbb2cdfff14833d8585 (diff)
parent	78027f3b72ad0cad4c39c3947985526ac31a6d3e (diff)