Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Throw on revoked location permission - framework" into pi-dev

Browse Source 
am: 4acd39d3db

Change-Id: Ia4dd0dc5bc0296da541d68714f54c68a75cb32cc
This commit is contained in:
Svetoslav Ganov
2018-03-28 03:36:04 +00:00
committed by android-build-merger
parent d313e8f29c 4acd39d3db
commit d16a343efb
2 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
services/core/java/com/android/server/TelephonyRegistry.java
View File

@@ -1753,7 +1753,8 @@ class TelephonyRegistry extends ITelephonyRegistry.Stub {
long token = Binder.clearCallingIdentity(); long token = Binder.clearCallingIdentity();
try { try {
return LocationAccessPolicy.canAccessCellLocation(mContext, return LocationAccessPolicy.canAccessCellLocation(mContext,
r.callingPackage, r.callerUid, r.callerPid); r.callingPackage, r.callerUid, r.callerPid,
/*throwOnDeniedPermission*/ false);
} finally { } finally {
Binder.restoreCallingIdentity(token); Binder.restoreCallingIdentity(token);
} }

14
telephony/java/android/telephony/LocationAccessPolicy.java
View File

@@ -40,17 +40,19 @@ import java.util.List;
*/ */
public final class LocationAccessPolicy { public final class LocationAccessPolicy {
private static final String LOG_TAG = LocationAccessPolicy.class.getSimpleName(); private static final String LOG_TAG = LocationAccessPolicy.class.getSimpleName();
/** /**
* API to determine if the caller has permissions to get cell location. * API to determine if the caller has permissions to get cell location.
* *
* @param pkgName Package name of the application requesting access * @param pkgName Package name of the application requesting access
* @param uid The uid of the package * @param uid The uid of the package
* @param pid The pid of the package * @param pid The pid of the package
* @param throwOnDeniedPermission Whether to throw if the location permission is denied.
* @return boolean true or false if permissions is granted * @return boolean true or false if permissions is granted
*/ */
public static boolean canAccessCellLocation(@NonNull Context context, @NonNull String pkgName, public static boolean canAccessCellLocation(@NonNull Context context, @NonNull String pkgName,
int uid, int pid) throws SecurityException { int uid, int pid, boolean throwOnDeniedPermission) throws SecurityException {
Trace.beginSection("TelephonyLocationCheck"); Trace.beginSection("TelephonyLohcationCheck");
try { try {
// Always allow the phone process to access location. This avoid breaking legacy code // Always allow the phone process to access location. This avoid breaking legacy code
// that rely on public-facing APIs to access cell location, and it doesn't create a // that rely on public-facing APIs to access cell location, and it doesn't create a
@@ -65,9 +67,11 @@ public final class LocationAccessPolicy {
// where a legacy app the user is not using tracks their location. // where a legacy app the user is not using tracks their location.
// Granting ACCESS_FINE_LOCATION to an app automatically grants it // Granting ACCESS_FINE_LOCATION to an app automatically grants it
// ACCESS_COARSE_LOCATION. // ACCESS_COARSE_LOCATION.
if (throwOnDeniedPermission) {
if (context.checkPermission(Manifest.permission.ACCESS_COARSE_LOCATION, pid, uid) == context.enforcePermission(Manifest.permission.ACCESS_COARSE_LOCATION,
PackageManager.PERMISSION_DENIED) { pid, uid, "canAccessCellLocation");
} else if (context.checkPermission(Manifest.permission.ACCESS_COARSE_LOCATION,
pid, uid) == PackageManager.PERMISSION_DENIED) {
return false; return false;
} }
final int opCode = AppOpsManager.permissionToOpCode( final int opCode = AppOpsManager.permissionToOpCode(