Add missing permission enforcement.
Since, we are opening PermissionControllerService to instant apps for
the permission group mapping API, I'm reviewing the permission checks
and this is the only missing one. However, this API is just a trigger
to update our state so calling it some more times shouldn't pose a
security risk, so this fix is just a nice-to-have.
Bug: 189836392
Test: presubmit
Change-Id: I6e9159ce090acaad2ecf522bd04c613169e03252
diff --git a/core/java/android/permission/PermissionControllerService.java b/core/java/android/permission/PermissionControllerService.java
index 0b99b85..6d94a2a 100644
--- a/core/java/android/permission/PermissionControllerService.java
+++ b/core/java/android/permission/PermissionControllerService.java
@@ -542,6 +542,9 @@
public void updateUserSensitiveForApp(int uid, @NonNull AndroidFuture callback) {
Preconditions.checkNotNull(callback, "callback cannot be null");
+ enforceSomePermissionsGrantedToCaller(
+ Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY);
+
try {
onUpdateUserSensitivePermissionFlags(uid, () -> callback.complete(null));
} catch (Exception e) {
@@ -608,9 +611,7 @@
try {
Objects.requireNonNull(permissionGroupName);
Objects.requireNonNull(callback);
- PermissionControllerService
- .this
- .onGetGroupOfPlatformPermission(
+ PermissionControllerService.this.onGetGroupOfPlatformPermission(
permissionGroupName, callback::complete);
} catch (Throwable t) {
callback.completeExceptionally(t);