From 7e1f7097f4a6895358bf1472e6d26c5198d00c11 Mon Sep 17 00:00:00 2001 From: mrulhania Date: Thu, 24 Oct 2024 14:29:30 -0700 Subject: Role re-evaluation should respect ask every time choice by user Role evalation respect USER_SET flag when the role is not supposed to override user choices. Role granting logic is missing ONE_TIME check, ONE_TIME flag should be considered a user choice. Fix: 355411348 Test: tbd FLAG: EXEMPT bug fix Relnote: security bug fix Change-Id: Ie65c2cd62ba3f24e8dd411abca49e397746bc1a9 --- .../java/com/android/role/controller/model/Permissions.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'PermissionController/role-controller/java') diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/Permissions.java b/PermissionController/role-controller/java/com/android/role/controller/model/Permissions.java index ed21db7bb..820ff3d4e 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/Permissions.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/Permissions.java @@ -263,7 +263,8 @@ public class Permissions { if (!wasPermissionOrAppOpGranted) { // If we've granted a permission which wasn't granted, it's no longer user set or fixed. newMask |= PackageManager.FLAG_PERMISSION_USER_FIXED - | PackageManager.FLAG_PERMISSION_USER_SET; + | PackageManager.FLAG_PERMISSION_USER_SET + | PackageManager.FLAG_PERMISSION_ONE_TIME; } // If a component gets a permission for being the default handler A and also default handler // B, we grant the weaker grant form. This only applies to default permission grant. @@ -634,7 +635,8 @@ public class Permissions { } if (!overrideUserSetAndFixed) { fixedFlags |= PackageManager.FLAG_PERMISSION_USER_FIXED - | PackageManager.FLAG_PERMISSION_USER_SET; + | PackageManager.FLAG_PERMISSION_USER_SET + | PackageManager.FLAG_PERMISSION_ONE_TIME; } return (flags & fixedFlags) != 0; } -- cgit v1.2.3-59-g8ed1b