Merge "RESTRICT AUTOMERGE: Check both self and shared user id package for requested permissions." into oc-dev am: 08d2780e1e Change-Id: I3d963182b12d33718157576105d10c7da56ec228

commit: d55320b5240a20bccca4ad7df57e92b14c7f7d37 [log] [tgz]
author: akirilov <akirilov@google.com> Wed Sep 05 17:32:07 2018 -0700
committer: android-build-merger <android-build-merger@google.com> Wed Sep 05 17:32:07 2018 -0700
tree: 43043f8d29f98a4cd3932eed3ef278e90820a338
parent: 9e6abebb10581d1288e14e56ef9d583afc6db191 [diff]
parent: 08d2780e1e2cac0f75721ac59c74a62bbc96de27 [diff]
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 8606b3e..3fa8aca 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java

@@ -278,6 +278,7 @@
 import com.android.server.net.NetworkPolicyManagerInternal;
 import com.android.server.pm.Installer.InstallerException;
 import com.android.server.pm.PermissionsState.PermissionState;
+import com.android.server.pm.PackageSetting;
 import com.android.server.pm.Settings.DatabaseVersion;
 import com.android.server.pm.Settings.VersionInfo;
 import com.android.server.pm.dex.DexManager;
@@ -5353,8 +5354,10 @@
 
     private static void enforceDeclaredAsUsedAndRuntimeOrDevelopmentPermission(
             PackageParser.Package pkg, BasePermission bp) {
+        final PackageSetting pkgSetting = (PackageSetting) pkg.mExtras;
+        final PermissionsState permsState = pkgSetting.getPermissionsState();
         int index = pkg.requestedPermissions.indexOf(bp.name);
-        if (index == -1) {
+        if (!permsState.hasRequestedPermission(bp.name) && index == -1) {
             throw new SecurityException("Package " + pkg.packageName
                     + " has not requested permission " + bp.name);
         }

diff --git a/services/core/java/com/android/server/pm/PermissionsState.java b/services/core/java/com/android/server/pm/PermissionsState.java
index 8a427cd..d494e33 100644
--- a/services/core/java/com/android/server/pm/PermissionsState.java
+++ b/services/core/java/com/android/server/pm/PermissionsState.java

@@ -291,6 +291,14 @@
     }
 
     /**
+     * Returns whether the state has any known request for the given permission name,
+     * whether or not it has been granted.
+     */
+    public boolean hasRequestedPermission(String name) {
+        return mPermissions != null && (mPermissions.get(name) != null);
+    }
+
+    /**
      * Gets all permissions for a given device user id regardless if they
      * are install time or runtime permissions.
      *
commit	d55320b5240a20bccca4ad7df57e92b14c7f7d37	[log] [tgz]
author	akirilov <akirilov@google.com>	Wed Sep 05 17:32:07 2018 -0700
committer	android-build-merger <android-build-merger@google.com>	Wed Sep 05 17:32:07 2018 -0700
tree	43043f8d29f98a4cd3932eed3ef278e90820a338
parent	9e6abebb10581d1288e14e56ef9d583afc6db191 [diff]
parent	08d2780e1e2cac0f75721ac59c74a62bbc96de27 [diff]