Installer is a part of the system with unrevocable permissions
1. Mark the installer permissions as not revocable.
2. Make the permission result dispatch more robust to handle installer death.
bug:22012614
Change-Id: Idee30ca884b87ccf97ba1bb878d4c49912e474b8
diff --git a/core/java/android/app/Activity.java b/core/java/android/app/Activity.java
index e8ab109..9c2e208 100644
--- a/core/java/android/app/Activity.java
+++ b/core/java/android/app/Activity.java
@@ -6473,20 +6473,22 @@
}
private void dispatchRequestPermissionsResult(int requestCode, Intent data) {
- String[] permissions = data.getStringArrayExtra(
- PackageManager.EXTRA_REQUEST_PERMISSIONS_NAMES);
- final int[] grantResults = data.getIntArrayExtra(
- PackageManager.EXTRA_REQUEST_PERMISSIONS_RESULTS);
+ // If the package installer crashed we may have not data - best effort.
+ String[] permissions = (data != null) ? data.getStringArrayExtra(
+ PackageManager.EXTRA_REQUEST_PERMISSIONS_NAMES) : new String[0];
+ final int[] grantResults = (data != null) ? data.getIntArrayExtra(
+ PackageManager.EXTRA_REQUEST_PERMISSIONS_RESULTS) : new int[0];
onRequestPermissionsResult(requestCode, permissions, grantResults);
}
private void dispatchRequestPermissionsResultToFragment(int requestCode, Intent data,
- Fragment fragement) {
- String[] permissions = data.getStringArrayExtra(
- PackageManager.EXTRA_REQUEST_PERMISSIONS_NAMES);
- final int[] grantResults = data.getIntArrayExtra(
- PackageManager.EXTRA_REQUEST_PERMISSIONS_RESULTS);
- fragement.onRequestPermissionsResult(requestCode, permissions, grantResults);
+ Fragment fragment) {
+ // If the package installer crashed we may have not data - best effort.
+ String[] permissions = (data != null) ? data.getStringArrayExtra(
+ PackageManager.EXTRA_REQUEST_PERMISSIONS_NAMES) : new String[0];
+ final int[] grantResults = (data != null) ? data.getIntArrayExtra(
+ PackageManager.EXTRA_REQUEST_PERMISSIONS_RESULTS) : new int[0];
+ fragment.onRequestPermissionsResult(requestCode, permissions, grantResults);
}
class HostCallbacks extends FragmentHostCallback<Activity> {
diff --git a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
index ff097e5..faa7563 100644
--- a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
+++ b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
@@ -247,7 +247,7 @@
for (int i = 0; i < installerCount; i++) {
PackageParser.Package installPackage = installerPackages.get(i);
grantInstallPermissionsLPw(installPackage, INSTALLER_PERMISSIONS, userId);
- grantRuntimePermissionsLPw(installPackage, STORAGE_PERMISSIONS, userId);
+ grantRuntimePermissionsLPw(installPackage, STORAGE_PERMISSIONS, true, userId);
}
// Verifiers
@@ -381,8 +381,8 @@
// Device provisioning
Intent deviceProvisionIntent = new Intent(
DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE);
- PackageParser.Package deviceProvisionPackage = getDefaultSystemHandlerActvityPackageLPr(
- deviceProvisionIntent, userId);
+ PackageParser.Package deviceProvisionPackage =
+ getDefaultSystemHandlerActivityPackageLPr(deviceProvisionIntent, userId);
if (deviceProvisionPackage != null
&& doesPackageSupportRuntimePermissions(deviceProvisionPackage)) {
grantRuntimePermissionsLPw(contactsPackage, ACCOUNTS_PERMISSIONS, userId);
@@ -614,6 +614,12 @@
private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions,
int userId) {
+ grantRuntimePermissionsLPw(pkg, permissions, false, userId);
+
+ }
+
+ private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions,
+ boolean systemFixed, int userId) {
List<String> requestedPermissions = pkg.requestedPermissions;
if (pkg.isUpdatedSystemApp()) {
@@ -638,6 +644,12 @@
Log.i(TAG, "Granted " + permission + " to default handler "
+ pkg.packageName);
}
+
+ if (systemFixed) {
+ mService.updatePermissionFlags(permission, pkg.packageName,
+ PackageManager.FLAG_PERMISSION_SYSTEM_FIXED,
+ PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, userId);
+ }
}
}
}