Skip granting of legacy permissions.
Once this feature flag is flipped, the READ/WRITE_EXTERNAL_STORAGE
permissions will no longer be runtime permissions, so we need to stop
trying to grant them to apps. (Otherwise the device won't boot.)
Bug: 112545973
Test: manual
Change-Id: I837630619e3f016e4a40ebb391239ecd41032cd2
diff --git a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
index 0a93653..e6a018a 100644
--- a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
+++ b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
@@ -31,9 +31,11 @@
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
+import android.content.pm.PackageManager.NameNotFoundException;
import android.content.pm.PackageManagerInternal;
import android.content.pm.PackageManagerInternal.PackagesProvider;
import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider;
+import android.content.pm.PermissionInfo;
import android.content.pm.ProviderInfo;
import android.content.pm.ResolveInfo;
import android.media.RingtoneManager;
@@ -1182,12 +1184,16 @@
final int permissionGrantCount = permissionGrants.size();
for (int j = 0; j < permissionGrantCount; j++) {
DefaultPermissionGrant permissionGrant = permissionGrants.get(j);
+ if (!isPermissionDangerous(permissionGrant.name)) {
+ Log.w(TAG, "Ignoring permission " + permissionGrant.name
+ + " which isn't dangerous");
+ continue;
+ }
if (permissions == null) {
permissions = new ArraySet<>();
} else {
permissions.clear();
}
- permissions.add(permissionGrant.name);
grantRuntimePermissions(pkg, permissions, permissionGrant.fixed, userId);
}
}
@@ -1350,6 +1356,16 @@
&& pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1;
}
+ private boolean isPermissionDangerous(String name) {
+ try {
+ final PermissionInfo pi = mContext.getPackageManager().getPermissionInfo(name, 0);
+ return (pi.getProtectionFlags() & PermissionInfo.PROTECTION_DANGEROUS) != 0;
+ } catch (NameNotFoundException e) {
+ // When unknown assume it's dangerous to be on the safe side
+ return true;
+ }
+ }
+
private static final class DefaultPermissionGrant {
final String name;
final boolean fixed;