Merge "RESTRICT AUTOMERGE: Check both self and shared user id package for requested permissions." into oc-dev

services/core/java/com/android/server/pm/PackageManagerService.java

@@ -276,6 +276,7 @@ import com.android.server.Watchdog;
 import com.android.server.net.NetworkPolicyManagerInternal;
 import com.android.server.pm.Installer.InstallerException;
 import com.android.server.pm.PermissionsState.PermissionState;
+import com.android.server.pm.PackageSetting;
 import com.android.server.pm.Settings.DatabaseVersion;
 import com.android.server.pm.Settings.VersionInfo;
 import com.android.server.pm.dex.DexManager;
@@ -5355,8 +5356,10 @@ public class PackageManagerService extends IPackageManager.Stub
 
     private static void enforceDeclaredAsUsedAndRuntimeOrDevelopmentPermission(
             PackageParser.Package pkg, BasePermission bp) {
+        final PackageSetting pkgSetting = (PackageSetting) pkg.mExtras;
+        final PermissionsState permsState = pkgSetting.getPermissionsState();
         int index = pkg.requestedPermissions.indexOf(bp.name);
-        if (index == -1) {
+        if (!permsState.hasRequestedPermission(bp.name) && index == -1) {
             throw new SecurityException("Package " + pkg.packageName
                     + " has not requested permission " + bp.name);
         }

services/core/java/com/android/server/pm/PermissionsState.java

@@ -290,6 +290,14 @@ public final class PermissionsState {
         return false;
     }
 
+    /**
+     * Returns whether the state has any known request for the given permission name,
+     * whether or not it has been granted.
+     */
+    public boolean hasRequestedPermission(String name) {
+        return mPermissions != null && (mPermissions.get(name) != null);
+    }
+
     /**
      * Gets all permissions for a given device user id regardless if they
      * are install time or runtime permissions.