diff options
| author | 2020-10-28 19:55:55 -0700 | |
|---|---|---|
| committer | 2020-11-04 15:36:01 -0800 | |
| commit | e372d996dfb3bd2cb6fe30ee319b8b88c2086f05 (patch) | |
| tree | e5ff2d8654540c42e9b97008eb71f189ebaccf9f | |
| parent | 3a20a22ea67a44b7a1cc330d70c1067bc302b48f (diff) | |
Don't exempt background mic / camera when device upgrades
Fixes the issue where the platform added preinstalled apps to the
background mic / camera allowlists so they were able to request
these permissions.
Bug: 169856898
Bug: 158311343
Test: Upgrade from R. Upgrade from ToT.
Change-Id: I8ad30cd3d3e30f94b4e42c2bf8acbb0b0e0b7472
| -rw-r--r-- | services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java index 1ae430a3281a..bf5a50e7ea53 100644 --- a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java +++ b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java @@ -1272,7 +1272,12 @@ public final class DefaultPermissionGrantPolicy { newFlags |= (flags & PackageManager.FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT); // If we are allowlisting the permission, update the exempt flag before grant. - if (whitelistRestrictedPermissions && pm.isPermissionRestricted(permission)) { + // If the permission can't be allowlisted by an installer, skip it here because + // this is where the platform takes the role of the installer for exempting + // preinstalled apps. + if (whitelistRestrictedPermissions && pm.isPermissionRestricted(permission) + && !pm.getPermissionInfo(permission).isInstallerExemptIgnored()) { + pm.updatePermissionFlags(permission, pkg, PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT, PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT, user); |