From 95a86edf8f29c8d71647d059b07767a803cbc290 Mon Sep 17 00:00:00 2001
From: Jurijs Oniscuks <jurijs.oniscuks@sony.com>
Date: Thu, 14 Apr 2022 21:27:38 +0200
Subject: Fix odm privapp permissions

SystemConfig.java treats permissions for odm and vendor priv-apps
identically, reading them into mVendorPrivilegedAppAllowlist.

Similarly, PermissionManagerServiceImpl.java should verify permissions
for pkg.isOdm() the same way as it does for pkg.isVendor(). Without this
fix, permissions for /odm/priv-app are simply ignored.

Bug: 230028571
Hastily-ported-to-Android-U-by: Snild Dolkow <snild@sony.com>
Test: manual -- check that odm priv-app can get permissions
Change-Id: I2c0f9452456e6ade7a336694392b2ef1011626bf
---
 .../android/server/pm/permission/PermissionManagerServiceImpl.java    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
index 21446549cfbd..574f121b033a 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
@@ -3379,7 +3379,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
         final PermissionAllowlist permissionAllowlist =
                 SystemConfig.getInstance().getPermissionAllowlist();
         final String packageName = packageState.getPackageName();
-        if (packageState.isVendor()) {
+        if (packageState.isVendor() || packageState.isOdm()) {
             return permissionAllowlist.getVendorPrivilegedAppAllowlistState(packageName,
                     permissionName);
         } else if (packageState.isProduct()) {
@@ -3474,7 +3474,7 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt
             // the permission's protectionLevel does not have the extra 'vendorPrivileged'
             // flag.
             if (allowed && isPrivilegedPermission && !bp.isVendorPrivileged()
-                    && pkgSetting.isVendor()) {
+                    && (pkgSetting.isVendor() || pkgSetting.isOdm())) {
                 Slog.w(TAG, "Permission " + permissionName
                         + " cannot be granted to privileged vendor apk " + pkg.getPackageName()
                         + " because it isn't a 'vendorPrivileged' permission.");
-- 
cgit v1.2.3-59-g8ed1b