From 4a601f972a9930e26aa2ead8995cc8b97c1844b3 Mon Sep 17 00:00:00 2001 From: Svet Ganov Date: Tue, 17 Jan 2017 13:50:46 -0800 Subject: DO NOT MERGE ANYWHERE Skip review permissions if package is installed with -g. Bug: 34193954 Change-Id: Id744fd190ef78e498e635c2ab9936f12d0bbc917 (cherry picked from commit 6130fb741c86d7d4f0f86e3a875c3eca1fe8aa51) --- .../android/server/pm/PackageManagerService.java | 31 ++++++++++++++-------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 4cb3e95412a4..03612ab67c8f 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -1646,9 +1646,11 @@ public class PackageManagerService extends IPackageManager.Stub { } // Now that we successfully installed the package, grant runtime - // permissions if requested before broadcasting the install. - if (grantPermissions && res.pkg.applicationInfo.targetSdkVersion - >= Build.VERSION_CODES.M) { + // permissions if requested before broadcasting the install. Also + // for legacy apps in permission review mode we clear the permission + // review flag which is used to emulate runtime permissions for + // legacy apps. + if (grantPermissions) { grantRequestedRuntimePermissions(res.pkg, res.newUsers, grantedPermissions); } @@ -1885,11 +1887,6 @@ public class PackageManagerService extends IPackageManager.Stub { for (int userId : userIds) { grantRequestedRuntimePermissionsForUser(pkg, userId, grantedPermissions); } - - // We could have touched GID membership, so flush out packages.list - synchronized (mPackages) { - mSettings.writePackageListLPr(); - } } private void grantRequestedRuntimePermissionsForUser(PackageParser.Package pkg, int userId, @@ -1904,6 +1901,9 @@ public class PackageManagerService extends IPackageManager.Stub { final int immutableFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED | PackageManager.FLAG_PERMISSION_POLICY_FIXED; + final boolean supportsRuntimePermissions = pkg.applicationInfo.targetSdkVersion + >= Build.VERSION_CODES.M; + for (String permission : pkg.requestedPermissions) { final BasePermission bp; synchronized (mPackages) { @@ -1913,9 +1913,18 @@ public class PackageManagerService extends IPackageManager.Stub { && (grantedPermissions == null || ArrayUtils.contains(grantedPermissions, permission))) { final int flags = permissionsState.getPermissionFlags(permission, userId); - // Installer cannot change immutable permissions. - if ((flags & immutableFlags) == 0) { - grantRuntimePermission(pkg.packageName, permission, userId); + if (supportsRuntimePermissions) { + // Installer cannot change immutable permissions. + if ((flags & immutableFlags) == 0) { + grantRuntimePermission(pkg.packageName, permission, userId); + } + } else if (mPermissionReviewRequired) { + // In permission review mode we clear the review flag when we + // are asked to install the app with all permissions granted. + if ((flags & PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED) != 0) { + updatePermissionFlags(permission, pkg.packageName, + PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED, 0 /*value*/, userId); + } } } } -- cgit v1.2.3-59-g8ed1b