From 74a6adb8e03af6e5c258eb3c55bf2fb49276b9d6 Mon Sep 17 00:00:00 2001
From: Hai Zhang <zhanghai@google.com>
Date: Tue, 14 Dec 2021 12:36:36 +0000
Subject: Don't remove SYSTEM_FIXED for intentional fixed grants to critical
 apps.

See b/208785537#comment11.

Bug: 208785537
Bug: 206556385
Bug: 183537857
Fixes: 203175819
Fixes: 229913295
Test: presubmit
Change-Id: Iaf5e2a0d86259805a9ef03f8f1baa14dd8c58da0
Merged-In: Iaf5e2a0d86259805a9ef03f8f1baa14dd8c58da0
(cherry picked from commit e6f07a4fb2b5f17aefb17df8e7d04dcc57fd0be9)
(cherry picked from commit b0b2863467a3a88087bc1d866067f5f62ba70238)
(cherry picked from commit 751b86257688210328f300bc3268b99f14ed1a73)
---
 .../com/android/server/pm/permission/DefaultPermissionGrantPolicy.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
index 301914615562..c2c5d91eafa8 100644
--- a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
+++ b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
@@ -434,7 +434,8 @@ final class DefaultPermissionGrantPolicy {
                     || !pm.isGranted(Manifest.permission.READ_PRIVILEGED_PHONE_STATE,
                             pkg, UserHandle.of(userId))
                     || !pm.isGranted(Manifest.permission.READ_PHONE_STATE, pkg,
-                            UserHandle.of(userId))) {
+                            UserHandle.of(userId))
+                    || pm.isSysComponentOrPersistentPlatformSignedPrivApp(pkg)) {
                 continue;
             }
 
-- 
cgit v1.2.3-59-g8ed1b