From cc0a80895fdd9d0a29c55047c22eee7a07e9dc92 Mon Sep 17 00:00:00 2001
From: Hai Zhang <zhanghai@google.com>
Date: Tue, 4 Jan 2022 09:21:10 +0000
Subject: [PATCH] Don't remove SYSTEM_FIXED for intentional fixed grants to
 critical apps.

See b/208785537#comment11.

Bug: 208785537
Bug: 206556385
Bug: 183537857
Bug: 208785537
Test: presubmit
Change-Id: Iaf5e2a0d86259805a9ef03f8f1baa14dd8c58da0
Merged-In: Iaf5e2a0d86259805a9ef03f8f1baa14dd8c58da0
(cherry picked from commit e6f07a4fb2b5f17aefb17df8e7d04dcc57fd0be9)
---
 .../server/pm/permission/DefaultPermissionGrantPolicy.java     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
index 46cb720cb2c0..186b2b5c7c50 100644
--- a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
+++ b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
@@ -435,7 +435,8 @@ final class DefaultPermissionGrantPolicy {
                     || !pm.isGranted(Manifest.permission.READ_PRIVILEGED_PHONE_STATE,
                             pkg, UserHandle.of(userId))
                     || !pm.isGranted(Manifest.permission.READ_PHONE_STATE, pkg,
-                            UserHandle.of(userId))) {
+                            UserHandle.of(userId))
+                    || pm.isSysComponentOrPersistentPlatformSignedPrivApp(pkg)) {
                 continue;
             }