From 6a166af8fd25445c1b9a4d7869d87557fcb79cf9 Mon Sep 17 00:00:00 2001
From: Svet Ganov <svetoslavganov@google.com>
Date: Tue, 30 Jun 2015 10:15:44 -0700
Subject: [PATCH] Installer is a part of the system with unrevocable
 permissions

1. Mark the installer permissions as not revocable.

2. Make the permission result dispatch more robust to handle installer death.

bug:22012614

Change-Id: Idee30ca884b87ccf97ba1bb878d4c49912e474b8
---
 core/java/android/app/Activity.java           | 22 ++++++++++---------
 .../pm/DefaultPermissionGrantPolicy.java      | 18 ++++++++++++---
 2 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/core/java/android/app/Activity.java b/core/java/android/app/Activity.java
index e8ab109f992ef..9c2e2084b9695 100644
--- a/core/java/android/app/Activity.java
+++ b/core/java/android/app/Activity.java
@@ -6473,20 +6473,22 @@ public class Activity extends ContextThemeWrapper
     }
 
     private void dispatchRequestPermissionsResult(int requestCode, Intent data) {
-        String[] permissions = data.getStringArrayExtra(
-                PackageManager.EXTRA_REQUEST_PERMISSIONS_NAMES);
-        final int[] grantResults = data.getIntArrayExtra(
-                PackageManager.EXTRA_REQUEST_PERMISSIONS_RESULTS);
+        // If the package installer crashed we may have not data - best effort.
+        String[] permissions = (data != null) ? data.getStringArrayExtra(
+                PackageManager.EXTRA_REQUEST_PERMISSIONS_NAMES) : new String[0];
+        final int[] grantResults = (data != null) ? data.getIntArrayExtra(
+                PackageManager.EXTRA_REQUEST_PERMISSIONS_RESULTS) : new int[0];
         onRequestPermissionsResult(requestCode, permissions, grantResults);
     }
 
     private void dispatchRequestPermissionsResultToFragment(int requestCode, Intent data,
-            Fragment fragement) {
-        String[] permissions = data.getStringArrayExtra(
-                PackageManager.EXTRA_REQUEST_PERMISSIONS_NAMES);
-        final int[] grantResults = data.getIntArrayExtra(
-                PackageManager.EXTRA_REQUEST_PERMISSIONS_RESULTS);
-        fragement.onRequestPermissionsResult(requestCode, permissions, grantResults);
+            Fragment fragment) {
+        // If the package installer crashed we may have not data - best effort.
+        String[] permissions = (data != null) ? data.getStringArrayExtra(
+                PackageManager.EXTRA_REQUEST_PERMISSIONS_NAMES) : new String[0];
+        final int[] grantResults = (data != null) ? data.getIntArrayExtra(
+                PackageManager.EXTRA_REQUEST_PERMISSIONS_RESULTS) : new int[0];
+        fragment.onRequestPermissionsResult(requestCode, permissions, grantResults);
     }
 
     class HostCallbacks extends FragmentHostCallback<Activity> {
diff --git a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
index ff097e5fdf5e8..faa7563a05f12 100644
--- a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
+++ b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
@@ -247,7 +247,7 @@ final class DefaultPermissionGrantPolicy {
             for (int i = 0; i < installerCount; i++) {
                 PackageParser.Package installPackage = installerPackages.get(i);
                 grantInstallPermissionsLPw(installPackage, INSTALLER_PERMISSIONS, userId);
-                grantRuntimePermissionsLPw(installPackage, STORAGE_PERMISSIONS, userId);
+                grantRuntimePermissionsLPw(installPackage, STORAGE_PERMISSIONS, true, userId);
             }
 
             // Verifiers
@@ -381,8 +381,8 @@ final class DefaultPermissionGrantPolicy {
             // Device provisioning
             Intent deviceProvisionIntent = new Intent(
                     DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE);
-            PackageParser.Package deviceProvisionPackage = getDefaultSystemHandlerActvityPackageLPr(
-                    deviceProvisionIntent, userId);
+            PackageParser.Package deviceProvisionPackage =
+                    getDefaultSystemHandlerActivityPackageLPr(deviceProvisionIntent, userId);
             if (deviceProvisionPackage != null
                     && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) {
                 grantRuntimePermissionsLPw(contactsPackage, ACCOUNTS_PERMISSIONS, userId);
@@ -614,6 +614,12 @@ final class DefaultPermissionGrantPolicy {
 
     private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions,
             int userId) {
+        grantRuntimePermissionsLPw(pkg, permissions, false, userId);
+
+    }
+
+    private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions,
+            boolean systemFixed, int userId) {
         List<String> requestedPermissions = pkg.requestedPermissions;
 
         if (pkg.isUpdatedSystemApp()) {
@@ -638,6 +644,12 @@ final class DefaultPermissionGrantPolicy {
                         Log.i(TAG, "Granted " + permission + " to default handler "
                                 + pkg.packageName);
                     }
+
+                    if (systemFixed) {
+                        mService.updatePermissionFlags(permission, pkg.packageName,
+                                PackageManager.FLAG_PERMISSION_SYSTEM_FIXED,
+                                PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, userId);
+                    }
                 }
             }
         }