Add new "preinstalled" permission flag.

This allows you to specify that a permission can be granted to any pre-installed system app (not just privileged ones). And as long as I am doing this, clean up the old "system" permission flag, renaming it to "privileged" which is what it really is today, deprecating the old names. And switch the platform's permission declarations to use the new name. Change-Id: Iabf484746af232144786851ec7fe90e3de9dddb2
author: Dianne Hackborn <hackbod@google.com> 2015-07-07 17:25:25 -0700
committer: Dianne Hackborn <hackbod@google.com> 2015-07-07 17:25:25 -0700
commit: a90c8def2c6762bc6e5396b78c43e65e4b05079d (patch)
tree: ea3272f28ed7308ec41540d399e454261e51c56c /services
parent: f2474d336a7df696f3897e2cd255d138eb3fac02 (diff)
download: frameworks_base-a90c8def2c6762bc6e5396b78c43e65e4b05079d.zip
frameworks_base-a90c8def2c6762bc6e5396b78c43e65e4b05079d.tar.gz
frameworks_base-a90c8def2c6762bc6e5396b78c43e65e4b05079d.tar.bz2
1 files changed, 34 insertions, 26 deletions
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 9c0d408..124214c 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -8430,7 +8430,7 @@ public class PackageManagerService extends IPackageManager.Stub {
                 || (compareSignatures(mPlatformPackage.mSignatures, pkg.mSignatures)
                         == PackageManager.SIGNATURE_MATCH);
         if (!allowed && (bp.protectionLevel
-                & PermissionInfo.PROTECTION_FLAG_SYSTEM) != 0) {
+                & PermissionInfo.PROTECTION_FLAG_PRIVILEGED) != 0) {
             if (isSystemApp(pkg)) {
                 // For updated system applications, a system permission
                 // is granted only if it had been defined by the original application.
@@ -8467,31 +8467,39 @@ public class PackageManagerService extends IPackageManager.Stub {
                 }
             }
         }
-        if (!allowed && (bp.protectionLevel
-                & PermissionInfo.PROTECTION_FLAG_PRE23) != 0
-                && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.MNC) {
-            // If this was a previously normal/dangerous permission that got moved
-            // to a system permission as part of the runtime permission redesign, then
-            // we still want to blindly grant it to old apps.
-            allowed = true;
-        }
-        if (!allowed && (bp.protectionLevel & PermissionInfo.PROTECTION_FLAG_INSTALLER) != 0
-                && pkg.packageName.equals(mRequiredInstallerPackage)) {
-            // If this permission is to be granted to the system installer and
-            // this app is an installer, then it gets the permission.
-            allowed = true;
-        }
-        if (!allowed && (bp.protectionLevel & PermissionInfo.PROTECTION_FLAG_VERIFIER) != 0
-                && pkg.packageName.equals(mRequiredVerifierPackage)) {
-            // If this permission is to be granted to the system verifier and
-            // this app is a verifier, then it gets the permission.
-            allowed = true;
-        }
-        if (!allowed && (bp.protectionLevel
-                & PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) != 0) {
-            // For development permissions, a development permission
-            // is granted only if it was already granted.
-            allowed = origPermissions.hasInstallPermission(perm);
+        if (!allowed) {
+            if (!allowed && (bp.protectionLevel
+                    & PermissionInfo.PROTECTION_FLAG_PRE23) != 0
+                    && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.MNC) {
+                // If this was a previously normal/dangerous permission that got moved
+                // to a system permission as part of the runtime permission redesign, then
+                // we still want to blindly grant it to old apps.
+                allowed = true;
+            }
+            if (!allowed && (bp.protectionLevel & PermissionInfo.PROTECTION_FLAG_INSTALLER) != 0
+                    && pkg.packageName.equals(mRequiredInstallerPackage)) {
+                // If this permission is to be granted to the system installer and
+                // this app is an installer, then it gets the permission.
+                allowed = true;
+            }
+            if (!allowed && (bp.protectionLevel & PermissionInfo.PROTECTION_FLAG_VERIFIER) != 0
+                    && pkg.packageName.equals(mRequiredVerifierPackage)) {
+                // If this permission is to be granted to the system verifier and
+                // this app is a verifier, then it gets the permission.
+                allowed = true;
+            }
+            if (!allowed && (bp.protectionLevel
+                    & PermissionInfo.PROTECTION_FLAG_PREINSTALLED) != 0
+                    && isSystemApp(pkg)) {
+                // Any pre-installed system app is allowed to get this permission.
+                allowed = true;
+            }
+            if (!allowed && (bp.protectionLevel
+                    & PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) != 0) {
+                // For development permissions, a development permission
+                // is granted only if it was already granted.
+                allowed = origPermissions.hasInstallPermission(perm);
+            }
         }
         return allowed;
     }
author	Dianne Hackborn <hackbod@google.com>	2015-07-07 17:25:25 -0700
committer	Dianne Hackborn <hackbod@google.com>	2015-07-07 17:25:25 -0700
commit	a90c8def2c6762bc6e5396b78c43e65e4b05079d (patch)
tree	ea3272f28ed7308ec41540d399e454261e51c56c /services
parent	f2474d336a7df696f3897e2cd255d138eb3fac02 (diff)
download	frameworks_base-a90c8def2c6762bc6e5396b78c43e65e4b05079d.zip frameworks_base-a90c8def2c6762bc6e5396b78c43e65e4b05079d.tar.gz frameworks_base-a90c8def2c6762bc6e5396b78c43e65e4b05079d.tar.bz2