Installer is a part of the system with unrevocable permissions
1. Mark the installer permissions as not revocable.
2. Make the permission result dispatch more robust to handle installer death.
bug:22012614
Change-Id: Idee30ca884b87ccf97ba1bb878d4c49912e474b8
diff --git a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
index ff097e5..faa7563 100644
--- a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
+++ b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
@@ -247,7 +247,7 @@
for (int i = 0; i < installerCount; i++) {
PackageParser.Package installPackage = installerPackages.get(i);
grantInstallPermissionsLPw(installPackage, INSTALLER_PERMISSIONS, userId);
- grantRuntimePermissionsLPw(installPackage, STORAGE_PERMISSIONS, userId);
+ grantRuntimePermissionsLPw(installPackage, STORAGE_PERMISSIONS, true, userId);
}
// Verifiers
@@ -381,8 +381,8 @@
// Device provisioning
Intent deviceProvisionIntent = new Intent(
DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE);
- PackageParser.Package deviceProvisionPackage = getDefaultSystemHandlerActvityPackageLPr(
- deviceProvisionIntent, userId);
+ PackageParser.Package deviceProvisionPackage =
+ getDefaultSystemHandlerActivityPackageLPr(deviceProvisionIntent, userId);
if (deviceProvisionPackage != null
&& doesPackageSupportRuntimePermissions(deviceProvisionPackage)) {
grantRuntimePermissionsLPw(contactsPackage, ACCOUNTS_PERMISSIONS, userId);
@@ -614,6 +614,12 @@
private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions,
int userId) {
+ grantRuntimePermissionsLPw(pkg, permissions, false, userId);
+
+ }
+
+ private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions,
+ boolean systemFixed, int userId) {
List<String> requestedPermissions = pkg.requestedPermissions;
if (pkg.isUpdatedSystemApp()) {
@@ -638,6 +644,12 @@
Log.i(TAG, "Granted " + permission + " to default handler "
+ pkg.packageName);
}
+
+ if (systemFixed) {
+ mService.updatePermissionFlags(permission, pkg.packageName,
+ PackageManager.FLAG_PERMISSION_SYSTEM_FIXED,
+ PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, userId);
+ }
}
}
}