From b875116b6651c3835e941c8bd3803a676a05057c Mon Sep 17 00:00:00 2001
From: "Philip P. Moltmann" <moltmann@google.com>
Date: Thu, 13 Dec 2018 11:25:52 -0800
Subject: Grant removed install permissions

Historically removed permissions just stayed forever in their default
state. E.g. install permissions are granted and runtime permissions are
granted for pre-M apps. In Q we should keep this behavior. Still we have
to make sure that we never set the review-required flag as this flags
will never be reset prevents the app from starting.

Fixes: 120981154
Test: - Manual verification of review-required flag for pre-M app
        - when freshly installed
	- after permission review
	- after permission reset
      - atest android.appsecurity.cts.PermissionsHostTest#
              testCompatDefault22,testReviewPermissionWhenServiceIsBound
	while set-isolated-storage was set to true
      - atest android.content.cts.ContextTest#testCheckPermissionGranted

Change-Id: Ic27c17d2e93f6e2f87127cd4aec7281e6fbdbb8f
---
 .../com/android/server/pm/permission/PermissionManagerService.java | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 31f5ce47abd9..b58c811645f7 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -799,10 +799,6 @@ public class PermissionManagerService {
                     continue;
                 }
 
-                if (bp.isRemoved()) {
-                    continue;
-                }
-
                 // Limit ephemeral apps to ephemeral allowed permissions.
                 if (pkg.applicationInfo.isInstantApp() && !bp.isInstant()) {
                     if (DEBUG_PERMISSIONS) {
@@ -951,7 +947,8 @@ public class PermissionManagerService {
                                     // how to disable the API to simulate revocation as legacy
                                     // apps don't expect to run with revoked permissions.
                                     if (PLATFORM_PACKAGE_NAME.equals(bp.getSourcePackageName())) {
-                                        if ((flags & FLAG_PERMISSION_REVIEW_REQUIRED) == 0) {
+                                        if ((flags & FLAG_PERMISSION_REVIEW_REQUIRED) == 0
+                                                && !bp.isRemoved()) {
                                             flags |= FLAG_PERMISSION_REVIEW_REQUIRED;
                                             // We changed the flags, hence have to write.
                                             updatedUserIds = ArrayUtils.appendInt(
-- 
cgit v1.2.3-59-g8ed1b