AtaraxiaDev/divestos-build
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
divestos-build/Patches/LineageOS-17.1/android_frameworks_base/0014-Network_Permission-4.patch
Tad d50a3a043b Switch 16.0/17.1/18.1 to the more robust GrapheneOS sensors permission patchset 
Like done for 19.1

Signed-off-by: Tad <tad@spotco.us>
2022-04-10 21:12:03 -04:00

83 lines
4.4 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: pratyush <codelab@pratyush.dev>
Date: Sun, 25 Apr 2021 07:04:03 +0530
Subject: [PATCH] fix INTERNET enforcement for secondary users
This code was not specifying the profile for the app so it wasn't
working properly with INTERNET as a runtime permission.
---
.../connectivity/PermissionMonitor.java | 20 +++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/services/core/java/com/android/server/connectivity/PermissionMonitor.java b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
index 0b2012fa759a..3187d4ba1491 100644
--- a/services/core/java/com/android/server/connectivity/PermissionMonitor.java
+++ b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
@@ -130,7 +130,8 @@ public class PermissionMonitor {
String[] packages = mPackageManager.getPackagesForUid(uid);
if (packages != null && packages.length > 0) {
for (String name : packages) {
- final PackageInfo app = getPackageInfo(name);
+ int userId = UserHandle.getUserId(uid);
+ final PackageInfo app = getPackageInfo(name, userId);
if (app != null && app.requestedPermissions != null) {
permission |= getNetdPermissionMask(app.requestedPermissions,
app.requestedPermissionsFlags);
@@ -147,7 +148,7 @@ public class PermissionMonitor {
private void enforceINTERNETAsRuntimePermission(@NonNull String packageName,
@UserIdInt int userId) {
// userId is _not_ uid
- int uid = mPackageManagerInternal.getPackageUid(packageName, 0, userId);
+ int uid = mPackageManagerInternal.getPackageUid( packageName, GET_PERMISSIONS, userId);
sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
}
@@ -363,12 +364,13 @@ public class PermissionMonitor {
}
@VisibleForTesting
- protected Boolean highestPermissionForUid(Boolean currentPermission, String name) {
+ protected Boolean highestPermissionForUid(Boolean currentPermission, String name, int uid) {
if (currentPermission == SYSTEM) {
return currentPermission;
}
try {
- final PackageInfo app = mPackageManager.getPackageInfo(name, GET_PERMISSIONS);
+ final PackageInfo app = mPackageManager.getPackageInfoAsUser(name, GET_PERMISSIONS,
+ UserHandle.getUserId(uid));
final boolean isNetwork = hasNetworkPermission(app);
final boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
if (isNetwork || hasRestrictedPermission) {
@@ -392,7 +394,7 @@ public class PermissionMonitor {
public synchronized void onPackageAdded(String packageName, int uid) {
// If multiple packages share a UID (cf: android:sharedUserId) and ask for different
// permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
- final Boolean permission = highestPermissionForUid(mApps.get(uid), packageName);
+ final Boolean permission = highestPermissionForUid(mApps.get(uid), packageName, uid);
if (permission != mApps.get(uid)) {
mApps.put(uid, permission);
@@ -444,7 +446,7 @@ public class PermissionMonitor {
String[] packages = mPackageManager.getPackagesForUid(uid);
if (packages != null && packages.length > 0) {
for (String name : packages) {
- permission = highestPermissionForUid(permission, name);
+ permission = highestPermissionForUid(permission, name, uid);
if (permission == SYSTEM) {
// An app with this UID still has the SYSTEM permission.
// Therefore, this UID must already have the SYSTEM permission.
@@ -484,11 +486,9 @@ public class PermissionMonitor {
return permissions;
}
- private PackageInfo getPackageInfo(String packageName) {
+ private PackageInfo getPackageInfo(String packageName, int userId) {
try {
- PackageInfo app = mPackageManager.getPackageInfo(packageName, GET_PERMISSIONS
- | MATCH_ANY_USER);
- return app;
+ return mPackageManager.getPackageInfoAsUser(packageName, GET_PERMISSIONS, userId);
} catch (NameNotFoundException e) {
return null;
}
Reference in New Issue View Git Blame Copy Permalink