From c690062ee1e6f192b8239b7c8998e5f34d1c9ba0 Mon Sep 17 00:00:00 2001 From: Nate Myren Date: Tue, 31 Mar 2020 11:54:31 -0700 Subject: [PATCH] Reset any non-runtime permissions with user sensitive If a package has non-runtime permissions with either of the user sensitive flags set, reset the flags Test: Manual Bug: 152784093 Change-Id: Idc5dc8d9c444e79ca0ba5e8a0504d080b5de7847 --- .../pm/permission/PermissionManagerService.java | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java index 82c02a4ebefee..b7c9ecb604f8d 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java @@ -2497,10 +2497,24 @@ public class PermissionManagerService extends IPermissionManager.Stub { synchronized (mLock) { ArraySet newImplicitPermissions = new ArraySet<>(); + // TODO ntmyren: Remove once propagated to droidfood + int flagMask = PackageManager.FLAG_PERMISSION_USER_SENSITIVE_WHEN_GRANTED + | PackageManager.FLAG_PERMISSION_USER_SENSITIVE_WHEN_DENIED; + int user = UserHandle.getUserId(pkg.getUid()); + final int N = pkg.getRequestedPermissions().size(); for (int i = 0; i < N; i++) { final String permName = pkg.getRequestedPermissions().get(i); final BasePermission bp = mSettings.getPermissionLocked(permName); + + // TODO ntmyren: Remove once propagated to droidfood + if (bp != null && !bp.isRuntime()) { + PermissionState permState = permissionsState.getInstallPermissionState(bp.name); + if (permState == null || (permState.getFlags() & flagMask) != 0) { + permissionsState.updatePermissionFlags(bp, user, flagMask, 0); + } + } + final boolean appSupportsRuntimePermissions = pkg.getTargetSdkVersion() >= Build.VERSION_CODES.M; String upgradedActivityRecognitionPermission = null;