From 6a59bbe2be05c374df96765600f616df8b4c564c Mon Sep 17 00:00:00 2001
From: "Philip P. Moltmann" <moltmann@google.com>
Date: Thu, 30 May 2019 16:21:57 -0700
Subject: [PATCH] Don't create system fixed, revoked permissions

.. when restricting a previously unrestricted permission.

Fixes: 134069814
Test: Upgraded from Q (before loc bg was restricted) to Q (after log bg
      was restricted) and saw previously system-fixed loc bg perm to be
      re-granted via the DefaultPermissionGrantPolicy.
Change-Id: I641a95a0e481ca057c4fb7e05b29b18b7a8c10b6
---
 .../server/pm/permission/PermissionManagerService.java    | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 267fbf030619f..beb72686d6cee 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -1173,6 +1173,14 @@ public class PermissionManagerService {
                                     }
                                 }
 
+                                if (hardRestricted && !restrictionExempt
+                                        && (flags & FLAG_PERMISSION_SYSTEM_FIXED) != 0) {
+                                    // Applying a hard restriction implies revoking it. This might
+                                    // lead to a system-fixed, revoked permission.
+                                    flags &= ~FLAG_PERMISSION_SYSTEM_FIXED;
+                                    wasChanged = true;
+                                }
+
                                 if (wasChanged) {
                                     updatedUserIds = ArrayUtils.appendInt(updatedUserIds, userId);
                                 }