Merge "Fix privileged permission handling for ODM apps." into main

2023-12-19 02:43:22 +00:00 · 2023-12-19 02:43:22 +00:00 · a7488d7230
commit a7488d7230
parent 3d58ec1dd8 3ee1def664
1 changed files with 7 additions and 4 deletions
--- a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt
@ -1262,7 +1262,7 @@ class AppIdPermissionPolicy : SchemePolicy() {
        val apexModuleName = packageState.apexModuleName
        val packageName = packageState.packageName
        return when {
-            packageState.isVendor ->
+            packageState.isVendor || packageState.isOdm ->
                permissionAllowlist.getVendorPrivilegedAppAllowlistState(
                    packageName,
                    permissionName
@ -1471,12 +1471,15 @@ class AppIdPermissionPolicy : SchemePolicy() {
                    // In any case, don't grant a privileged permission to privileged vendor apps,
                    // if the permission's protectionLevel does not have the extra vendorPrivileged
                    // flag.
-                    if (packageState.isVendor && !permission.isVendorPrivileged) {
+                    if (
+                        (packageState.isVendor || packageState.isOdm) &&
+                            !permission.isVendorPrivileged
+                    ) {
                        Slog.w(
                            LOG_TAG,
                            "Permission $permissionName cannot be granted to privileged" +
-                                " vendor app $packageName because it isn't a vendorPrivileged" +
-                                " permission"
+                                " vendor (or odm) app $packageName because it isn't a" +
+                                " vendorPrivileged permission"
                        )
                        return false
                    }