Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 76ad1a3c212d09a2c843c1d845c20a4ec5bfd6e4^! / . / services / core / java / com / android / server / pm / permission / DefaultPermissionGrantPolicy.java
commit76ad1a3c212d09a2c843c1d845c20a4ec5bfd6e4[log] [tgz]
authorNathan Harold <nharold@google.com>Tue Feb 20 14:31:09 2018 -0800
committerNathan Harold <nharold@google.com>Thu Mar 22 15:25:31 2018 -0700
treec66948664ae82d2eb09fc47498de528a3bade12d
parentd66b9f3d0ca8ffe378b75f694dc84fe6e9ca0386 [diff] [blame]
Add Permissions Grant for TelephonyDataService

The Telephony Data Service is a privileged service
that provides Data capabilities *to* Telephony. A
data service that provides IWLAN may also use WiFi
as an underlying connection that tunnels Telephony
data services over WiFi using IPsec. The carrier-
config-driven permissions model causes the
framework to bind to an appropriate Telephony Data
Service, for a given carrier, and that Data Service
is responsible for providing Cellular data. Thus,
The TelephonyDataService needs sufficient
permissions to access cellular info necessary for
performing signalling for IWLAN. This includes
Phone state information and location information
such as the current Wifi access points and the
current cell towers. In addition, a Telephony
Data Service may require access to IPsec if the
data service uses the Android API to establish
IPsec, which is optional today.

Bug: 66955045
Test: wip
Merged-In: Ibe4f7806a47e2a50999376ff0a5a07dc5b332953
Change-Id: Ibe4f7806a47e2a50999376ff0a5a07dc5b332953

diff --git a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
index 6f1a83e..23aea3c 100644
--- a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
+++ b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java

@@ -980,6 +980,40 @@
         }
     }
 
+    public void grantDefaultPermissionsToEnabledTelephonyDataServices(
+            String[] packageNames, int userId) {
+        Log.i(TAG, "Granting permissions to enabled data services for user:" + userId);
+        if (packageNames == null) {
+            return;
+        }
+        for (String packageName : packageNames) {
+            PackageParser.Package dataServicePackage = getSystemPackage(packageName);
+            if (dataServicePackage != null
+                    && doesPackageSupportRuntimePermissions(dataServicePackage)) {
+                // Grant these permissions as system-fixed, so that nobody can accidentally
+                // break cellular data.
+                grantRuntimePermissions(dataServicePackage, PHONE_PERMISSIONS, true, userId);
+                grantRuntimePermissions(dataServicePackage, LOCATION_PERMISSIONS, true, userId);
+            }
+        }
+    }
+
+    public void revokeDefaultPermissionsFromDisabledTelephonyDataServices(
+            String[] packageNames, int userId) {
+        Log.i(TAG, "Revoking permissions from disabled data services for user:" + userId);
+        if (packageNames == null) {
+            return;
+        }
+        for (String packageName : packageNames) {
+            PackageParser.Package dataServicePackage = getSystemPackage(packageName);
+            if (dataServicePackage != null
+                    && doesPackageSupportRuntimePermissions(dataServicePackage)) {
+                revokeRuntimePermissions(dataServicePackage, PHONE_PERMISSIONS, true, userId);
+                revokeRuntimePermissions(dataServicePackage, LOCATION_PERMISSIONS, true, userId);
+            }
+        }
+    }
+
     public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) {
         Log.i(TAG, "Granting permissions to default browser for user:" + userId);
         if (packageName == null) {