diff options
| author | 2025-03-20 20:58:09 -0700 | |
|---|---|---|
| committer | 2025-03-20 20:58:09 -0700 | |
| commit | f1c5361dfaf276e9b96413c1a4e6db4e74e1b0c8 (patch) | |
| tree | 2cde1ad36c50924bf03a700a7efd543ac494f07b | |
| parent | 5ad0e8b1a26f4f3559d0136b91b59e812ffaad13 (diff) | |
| parent | 30d34d06fac9ae18754719a4d032f496c89112e7 (diff) | |
Merge "[appops] Preflight skip datasource validation" into main
| -rw-r--r-- | services/core/java/com/android/server/pm/permission/PermissionManagerService.java | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java index ac19ea12c6a4..fbf81b9accad 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java @@ -1541,8 +1541,19 @@ public class PermissionManagerService extends IPermissionManager.Stub { } final AttributionSource resolvedAttributionSource = accessorSource.withPackageName(resolvedAccessorPackageName); - final int opMode = appOpsManager.unsafeCheckOpRawNoThrow(op, - resolvedAttributionSource); + // Avoid checking the first attr in the chain in some cases for consistency with + // checks for data delivery. + // In particular, for chains of 2 or more, when skipProxyOperation is true, the + // for data delivery implementation does not actually check the first link in the + // chain. If the attribution is just a singleReceiverFromDatasource, this + // exemption does not apply, since it does not go through proxyOp flow, and the top + // of the chain is actually removed above. + // Skipping the check avoids situations where preflight checks fail since the data + // source itself does not have the op (e.g. audioserver). + final int opMode = (skipProxyOperation && !singleReceiverFromDatasource) ? + AppOpsManager.MODE_ALLOWED : + appOpsManager.unsafeCheckOpRawNoThrow(op, resolvedAttributionSource); + final AttributionSource next = accessorSource.getNext(); if (!selfAccess && opMode == AppOpsManager.MODE_ALLOWED && next != null) { final String resolvedNextPackageName = resolvePackageName(context, next); |