drgreen/android_frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Grant optional permissions by default for system apps." into jb-mr2-dev

Browse Source
This commit is contained in:
Nick Kralevich
2013-04-03 23:26:28 +00:00
committed by Android (Google) Code Review
parent 9ce89835da 60792852c8
commit 0d17aaa543
1 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
services/java/com/android/server/pm/PackageManagerService.java
View File

@ -5135,9 +5135,16 @@ public class PackageManagerService extends IPackageManager.Stub {
final int level = bp.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE; final int level = bp.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE;
if (level == PermissionInfo.PROTECTION_NORMAL if (level == PermissionInfo.PROTECTION_NORMAL
|| level == PermissionInfo.PROTECTION_DANGEROUS) { || level == PermissionInfo.PROTECTION_DANGEROUS) {
// If the permission is required, or it's optional and was previously // We grant a normal or dangerous permission if any of the following
// granted to the application, then allow it. Otherwise deny. // are true:
allowed = (required || origPermissions.contains(perm)); // 1) The permission is required
// 2) The permission is optional, but was granted in the past
// 3) The permission is optional, but was requested by an
// app in /system (not /data)
//
// Otherwise, reject the permission.
allowed = (required || origPermissions.contains(perm)
|| (isSystemApp(ps) && !isUpdatedSystemApp(ps)));
} else if (bp.packageSetting == null) { } else if (bp.packageSetting == null) {
// This permission is invalid; skip it. // This permission is invalid; skip it.
allowed = false; allowed = false;
@ -5155,8 +5162,7 @@ public class PackageManagerService extends IPackageManager.Stub {
} }
} }
if (allowed) { if (allowed) {
if ((ps.pkgFlags&ApplicationInfo.FLAG_SYSTEM) == 0 if (!isSystemApp(ps) && ps.permissionsFixed) {
&& ps.permissionsFixed) {
// If this is an existing, non-system package, then // If this is an existing, non-system package, then
// we can't add any new permissions to it. // we can't add any new permissions to it.
if (!allowedSig && !gp.grantedPermissions.contains(perm)) { if (!allowedSig && !gp.grantedPermissions.contains(perm)) {
@ -5199,8 +5205,7 @@ public class PackageManagerService extends IPackageManager.Stub {
} }
if ((changedPermission || replace) && !ps.permissionsFixed && if ((changedPermission || replace) && !ps.permissionsFixed &&
((ps.pkgFlags&ApplicationInfo.FLAG_SYSTEM) == 0) || !isSystemApp(ps) || isUpdatedSystemApp(ps)){
((ps.pkgFlags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0)){
// This is the first that we have heard about this package, so the // This is the first that we have heard about this package, so the
// permissions we have now selected are fixed until explicitly // permissions we have now selected are fixed until explicitly
// changed. // changed.
@ -8381,6 +8386,10 @@ public class PackageManagerService extends IPackageManager.Stub {
return (ps.pkgFlags & ApplicationInfo.FLAG_SYSTEM) != 0; return (ps.pkgFlags & ApplicationInfo.FLAG_SYSTEM) != 0;
} }
private static boolean isUpdatedSystemApp(PackageSetting ps) {
return (ps.pkgFlags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0;
}
private static boolean isUpdatedSystemApp(PackageParser.Package pkg) { private static boolean isUpdatedSystemApp(PackageParser.Package pkg) {
return (pkg.applicationInfo.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0; return (pkg.applicationInfo.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0;
} }