diff options
| author | Nick Kralevich <nnk@google.com> | 2013-04-03 16:33:49 -0700 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2013-04-03 16:33:49 -0700 |
| commit | 997af33eb1930ab3b5fc6fa2d55f9d0345ffcd88 (patch) | |
| tree | a9e73cbfb46a331e51494c2309e4569ab128db84 /services/java/com/android/server/pm/PackageManagerService.java | |
| parent | 40a534bd871789b63f88bc5c6e4a75e95aa8c3f7 (diff) | |
| parent | 26bb9c955158893f946bed727124d3dbd3cfd0a7 (diff) | |
am 26bb9c95: am 0d17aaa5: Merge "Grant optional permissions by default for system apps." into jb-mr2-dev
* commit '26bb9c955158893f946bed727124d3dbd3cfd0a7':
Grant optional permissions by default for system apps.
Diffstat (limited to 'services/java/com/android/server/pm/PackageManagerService.java')
| -rw-r--r-- | services/java/com/android/server/pm/PackageManagerService.java | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java index a75932fefb43..68c4daf0b9b8 100644 --- a/services/java/com/android/server/pm/PackageManagerService.java +++ b/services/java/com/android/server/pm/PackageManagerService.java @@ -5159,9 +5159,16 @@ public class PackageManagerService extends IPackageManager.Stub { final int level = bp.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE; if (level == PermissionInfo.PROTECTION_NORMAL || level == PermissionInfo.PROTECTION_DANGEROUS) { - // If the permission is required, or it's optional and was previously - // granted to the application, then allow it. Otherwise deny. - allowed = (required || origPermissions.contains(perm)); + // We grant a normal or dangerous permission if any of the following + // are true: + // 1) The permission is required + // 2) The permission is optional, but was granted in the past + // 3) The permission is optional, but was requested by an + // app in /system (not /data) + // + // Otherwise, reject the permission. + allowed = (required || origPermissions.contains(perm) + || (isSystemApp(ps) && !isUpdatedSystemApp(ps))); } else if (bp.packageSetting == null) { // This permission is invalid; skip it. allowed = false; @@ -5179,8 +5186,7 @@ public class PackageManagerService extends IPackageManager.Stub { } } if (allowed) { - if ((ps.pkgFlags&ApplicationInfo.FLAG_SYSTEM) == 0 - && ps.permissionsFixed) { + if (!isSystemApp(ps) && ps.permissionsFixed) { // If this is an existing, non-system package, then // we can't add any new permissions to it. if (!allowedSig && !gp.grantedPermissions.contains(perm)) { @@ -5223,8 +5229,7 @@ public class PackageManagerService extends IPackageManager.Stub { } if ((changedPermission || replace) && !ps.permissionsFixed && - ((ps.pkgFlags&ApplicationInfo.FLAG_SYSTEM) == 0) || - ((ps.pkgFlags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0)){ + !isSystemApp(ps) || isUpdatedSystemApp(ps)){ // This is the first that we have heard about this package, so the // permissions we have now selected are fixed until explicitly // changed. @@ -8405,6 +8410,10 @@ public class PackageManagerService extends IPackageManager.Stub { return (ps.pkgFlags & ApplicationInfo.FLAG_SYSTEM) != 0; } + private static boolean isUpdatedSystemApp(PackageSetting ps) { + return (ps.pkgFlags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0; + } + private static boolean isUpdatedSystemApp(PackageParser.Package pkg) { return (pkg.applicationInfo.flags & ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0; } |