Merge "Throw on revoked location permission - framework" into pi-dev

2018-03-28 03:22:22 +00:00
parent 2bfb9a15ad 33b1509375
commit 4acd39d3db
2 changed files with 11 additions and 6 deletions
--- a/services/core/java/com/android/server/TelephonyRegistry.java
+++ b/services/core/java/com/android/server/TelephonyRegistry.java
@@ -1753,7 +1753,8 @@ class TelephonyRegistry extends ITelephonyRegistry.Stub {
        long token = Binder.clearCallingIdentity();
        try {
            return LocationAccessPolicy.canAccessCellLocation(mContext,
-                    r.callingPackage, r.callerUid, r.callerPid);
+                    r.callingPackage, r.callerUid, r.callerPid,
+                    /*throwOnDeniedPermission*/ false);
        } finally {
            Binder.restoreCallingIdentity(token);
        }
--- a/telephony/java/android/telephony/LocationAccessPolicy.java
+++ b/telephony/java/android/telephony/LocationAccessPolicy.java
@@ -40,17 +40,19 @@ import java.util.List;
 */
 public final class LocationAccessPolicy {
    private static final String LOG_TAG = LocationAccessPolicy.class.getSimpleName();
+
    /**
     * API to determine if the caller has permissions to get cell location.
     *
     * @param pkgName Package name of the application requesting access
     * @param uid The uid of the package
     * @param pid The pid of the package
+     * @param throwOnDeniedPermission Whether to throw if the location permission is denied.
     * @return boolean true or false if permissions is granted
     */
    public static boolean canAccessCellLocation(@NonNull Context context, @NonNull String pkgName,
-            int uid, int pid) throws SecurityException {
-        Trace.beginSection("TelephonyLocationCheck");
+            int uid, int pid, boolean throwOnDeniedPermission) throws SecurityException {
+        Trace.beginSection("TelephonyLohcationCheck");
        try {
            // Always allow the phone process to access location. This avoid breaking legacy code
            // that rely on public-facing APIs to access cell location, and it doesn't create a
@@ -65,9 +67,11 @@ public final class LocationAccessPolicy {
            // where a legacy app the user is not using tracks their location.
            // Granting ACCESS_FINE_LOCATION to an app automatically grants it
            // ACCESS_COARSE_LOCATION.
-
-            if (context.checkPermission(Manifest.permission.ACCESS_COARSE_LOCATION, pid, uid) ==
-                    PackageManager.PERMISSION_DENIED) {
+            if (throwOnDeniedPermission) {
+                context.enforcePermission(Manifest.permission.ACCESS_COARSE_LOCATION,
+                        pid, uid, "canAccessCellLocation");
+            } else if (context.checkPermission(Manifest.permission.ACCESS_COARSE_LOCATION,
+                    pid, uid) == PackageManager.PERMISSION_DENIED) {
                return false;
            }
            final int opCode = AppOpsManager.permissionToOpCode(