summaryrefslogtreecommitdiff
path: root/services/java/com/android/server/pm/PackageManagerService.java
diff options
context:
space:
mode:
authorNick Kralevich <nnk@google.com>2013-04-03 14:12:24 -0700
committerNick Kralevich <nnk@google.com>2013-04-03 16:17:06 -0700
commit60792852c8510f04759a72bb81d5c7a2e9b3d316 (patch)
tree40444a70f49be2bd6d141497162da11173233d41 /services/java/com/android/server/pm/PackageManagerService.java
parent55cfcd75691581ffc4f88034711a2442db619a53 (diff)
Grant optional permissions by default for system apps.
For pre-installed system apps, automatically grant all optional permissions. Change-Id: I99bb320a0bbaa9873baeb63655556fe0fae6f011
Diffstat (limited to 'services/java/com/android/server/pm/PackageManagerService.java')
-rw-r--r--services/java/com/android/server/pm/PackageManagerService.java23
1 files changed, 16 insertions, 7 deletions
diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java
index ae9260a10324..2e1769b5287d 100644
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -5133,9 +5133,16 @@ public class PackageManagerService extends IPackageManager.Stub {
final int level = bp.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE;
if (level == PermissionInfo.PROTECTION_NORMAL
|| level == PermissionInfo.PROTECTION_DANGEROUS) {
- // If the permission is required, or it's optional and was previously
- // granted to the application, then allow it. Otherwise deny.
- allowed = (required || origPermissions.contains(perm));
+ // We grant a normal or dangerous permission if any of the following
+ // are true:
+ // 1) The permission is required
+ // 2) The permission is optional, but was granted in the past
+ // 3) The permission is optional, but was requested by an
+ // app in /system (not /data)
+ //
+ // Otherwise, reject the permission.
+ allowed = (required || origPermissions.contains(perm)
+ || (isSystemApp(ps) && !isUpdatedSystemApp(ps)));
} else if (bp.packageSetting == null) {
// This permission is invalid; skip it.
allowed = false;
@@ -5153,8 +5160,7 @@ public class PackageManagerService extends IPackageManager.Stub {
}
}
if (allowed) {
- if ((ps.pkgFlags&ApplicationInfo.FLAG_SYSTEM) == 0
- && ps.permissionsFixed) {
+ if (!isSystemApp(ps) && ps.permissionsFixed) {
// If this is an existing, non-system package, then
// we can't add any new permissions to it.
if (!allowedSig && !gp.grantedPermissions.contains(perm)) {
@@ -5197,8 +5203,7 @@ public class PackageManagerService extends IPackageManager.Stub {
}
if ((changedPermission || replace) && !ps.permissionsFixed &&
- ((ps.pkgFlags&ApplicationInfo.FLAG_SYSTEM) == 0) ||
- ((ps.pkgFlags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0)){
+ !isSystemApp(ps) || isUpdatedSystemApp(ps)){
// This is the first that we have heard about this package, so the
// permissions we have now selected are fixed until explicitly
// changed.
@@ -8379,6 +8384,10 @@ public class PackageManagerService extends IPackageManager.Stub {
return (ps.pkgFlags & ApplicationInfo.FLAG_SYSTEM) != 0;
}
+ private static boolean isUpdatedSystemApp(PackageSetting ps) {
+ return (ps.pkgFlags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0;
+ }
+
private static boolean isUpdatedSystemApp(PackageParser.Package pkg) {
return (pkg.applicationInfo.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0;
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-04 20:39:10 +0000