Merge "Ignore permission and permission-group in ephemeral apps"
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index dc25ce4..dd410e2 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -9086,6 +9086,13 @@
PackageParser.PermissionGroup pg = pkg.permissionGroups.get(i);
PackageParser.PermissionGroup cur = mPermissionGroups.get(pg.info.name);
final String curPackageName = cur == null ? null : cur.info.packageName;
+ // Dont allow ephemeral apps to define new permission groups.
+ if (pkg.applicationInfo.isEphemeralApp()) {
+ Slog.w(TAG, "Permission group " + pg.info.name + " from package "
+ + pg.info.packageName
+ + " ignored: ephemeral apps cannot define new permission groups.");
+ continue;
+ }
final boolean isPackageUpdate = pg.info.packageName.equals(curPackageName);
if (cur == null || isPackageUpdate) {
mPermissionGroups.put(pg.info.name, pg);
@@ -9124,6 +9131,14 @@
for (i=0; i<N; i++) {
PackageParser.Permission p = pkg.permissions.get(i);
+ // Dont allow ephemeral apps to define new permissions.
+ if (pkg.applicationInfo.isEphemeralApp()) {
+ Slog.w(TAG, "Permission " + p.info.name + " from package "
+ + p.info.packageName
+ + " ignored: ephemeral apps cannot define new permissions.");
+ continue;
+ }
+
// Assume by default that we did not install this permission into the system.
p.info.flags &= ~PermissionInfo.FLAG_INSTALLED;