Merge "RESTRICT AUTOMERGE: Check both self and shared user id package for requested permissions." into pi-dev

services/core/java/com/android/server/pm/permission/BasePermission.java

@@ -39,6 +39,7 @@ import android.util.Slog;
 
 import com.android.server.pm.DumpState;
 import com.android.server.pm.PackageManagerService;
+import com.android.server.pm.PackageSetting;
 import com.android.server.pm.PackageSettingBase;
 
 import org.xmlpull.v1.XmlPullParser;
@@ -374,8 +375,10 @@ public final class BasePermission {
     }
 
     public void enforceDeclaredUsedAndRuntimeOrDevelopment(PackageParser.Package pkg) {
+        final PackageSetting pkgSetting = (PackageSetting) pkg.mExtras;
+        final PermissionsState permsState = pkgSetting.getPermissionsState();
         int index = pkg.requestedPermissions.indexOf(name);
-        if (index == -1) {
+        if (!permsState.hasRequestedPermission(name) && index == -1) {
             throw new SecurityException("Package " + pkg.packageName
                     + " has not requested permission " + name);
         }

services/core/java/com/android/server/pm/permission/PermissionsState.java

@@ -20,9 +20,9 @@ import android.content.pm.PackageManager;
 import android.os.UserHandle;
 import android.util.ArrayMap;
 import android.util.ArraySet;
-
 import android.util.SparseArray;
 import android.util.SparseBooleanArray;
+
 import com.android.internal.util.ArrayUtils;
 
 import java.util.ArrayList;
@@ -290,6 +290,13 @@ public final class PermissionsState {
         return false;
     }
 
+    /**
+     * Returns whether the state has any known request for the given permission name,
+     * whether or not it has been granted.
+     */
+    public boolean hasRequestedPermission(String name) {
+        return mPermissions != null && (mPermissions.get(name) != null);
+    }
     /**
      * Gets all permissions for a given device user id regardless if they
      * are install time or runtime permissions.