Merge "Prevent modification of system fixed permissions" into mnc-dev
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 28a786a..74e8e4d 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -3183,6 +3183,12 @@
final PermissionsState permissionsState = sb.getPermissionsState();
+ final int flags = permissionsState.getPermissionFlags(name, userId);
+ if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0) {
+ throw new SecurityException("Cannot grant system fixed permission: "
+ + name + " for package: " + packageName);
+ }
+
final int result = permissionsState.grantRuntimePermission(bp, userId);
switch (result) {
case PermissionsState.PERMISSION_OPERATION_FAILURE: {
@@ -3240,6 +3246,12 @@
final PermissionsState permissionsState = sb.getPermissionsState();
+ final int flags = permissionsState.getPermissionFlags(name, userId);
+ if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0) {
+ throw new SecurityException("Cannot revoke system fixed permission: "
+ + name + " for package: " + packageName);
+ }
+
if (permissionsState.revokeRuntimePermission(bp, userId) ==
PermissionsState.PERMISSION_OPERATION_FAILURE) {
return;