summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--services/core/java/com/android/server/pm/PackageManagerService.java12
1 files changed, 7 insertions, 5 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 3b36addfba79..a29007850f7b 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -3605,10 +3605,14 @@ public class PackageManagerService extends IPackageManager.Stub {
enforceCrossUserPermission(Binder.getCallingUid(), userId, true, false,
"updatePermissionFlags");
- // Only the system can change system fixed flags.
+ // Only the system can change these flags and nothing else.
if (getCallingUid() != Process.SYSTEM_UID) {
flagMask &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
flagValues &= ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
+ flagMask &= ~PackageManager.FLAG_PERMISSION_POLICY_FIXED;
+ flagValues &= ~PackageManager.FLAG_PERMISSION_POLICY_FIXED;
+ flagMask &= ~PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
+ flagValues &= ~PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
}
synchronized (mPackages) {
@@ -12923,10 +12927,6 @@ public class PackageManagerService extends IPackageManager.Stub {
synchronized (mPackages) {
PackageSetting ps = mSettings.mPackages.get(newPkg.packageName);
- // Propagate the permissions state as we do want to drop on the floor
- // runtime permissions. The update permissions method below will take
- // care of removing obsolete permissions and grant install permissions.
- ps.getPermissionsState().copyFrom(disabledPs.getPermissionsState());
updatePermissionsLPw(newPkg.packageName, newPkg,
UPDATE_PERMISSIONS_ALL | UPDATE_PERMISSIONS_REPLACE_PKG);
@@ -12940,6 +12940,8 @@ public class PackageManagerService extends IPackageManager.Stub {
+ " => " + perUserInstalled[i]);
}
ps.setInstalled(perUserInstalled[i], allUserHandles[i]);
+
+ mSettings.writeRuntimePermissionsForUserLPr(allUserHandles[i], false);
}
// Regardless of writeSettings we need to ensure that this restriction
// state propagation is persisted
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-27 23:38:46 +0000