Preserve certain "Nearby devices" implicit grants.
We're willing to preserve an implicit "Nearby devices" permission
grant if this app was already able to interact with nearby devices
via background location access.
If the app doesn't have background location access, then the implicit
"Nearby devices" grant will be revoked as normal. If the "Nearby
devices" permission had already been revoked through some other
means, it will remain revoked.
Bug: 195931693
Test: atest CtsPermission2TestCases CtsPermission3TestCases
Change-Id: I7d8df91954525da6473f70cb1759d9507e6a5606
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 08a67d7f..1133faa 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -217,6 +217,8 @@
/** All storage permissions */
private static final List<String> STORAGE_PERMISSIONS = new ArrayList<>();
+ /** All nearby devices permissions */
+ private static final List<String> NEARBY_DEVICES_PERMISSIONS = new ArrayList<>();
/** If the permission of the value is granted, so is the key */
private static final Map<String, String> FULLER_PERMISSION_MAP = new HashMap<>();
@@ -233,6 +235,9 @@
STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
STORAGE_PERMISSIONS.add(Manifest.permission.ACCESS_MEDIA_LOCATION);
+ NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.BLUETOOTH_ADVERTISE);
+ NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.BLUETOOTH_CONNECT);
+ NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.BLUETOOTH_SCAN);
}
/** Set of source package names for Privileged Permission Allowlist */
@@ -3076,13 +3081,26 @@
Permission bp = mRegistry.getPermission(permission);
if (bp != null && bp.isRuntime()) {
int flags = ps.getPermissionFlags(permission);
-
if ((flags & FLAG_PERMISSION_REVOKE_WHEN_REQUESTED) != 0) {
-
int flagsToRemove = FLAG_PERMISSION_REVOKE_WHEN_REQUESTED;
+ // We're willing to preserve an implicit "Nearby devices"
+ // permission grant if this app was already able to interact
+ // with nearby devices via background location access
+ boolean preserveGrant = false;
+ if (ArrayUtils.contains(NEARBY_DEVICES_PERMISSIONS, permission)
+ && ps.isPermissionGranted(
+ android.Manifest.permission.ACCESS_BACKGROUND_LOCATION)
+ && (ps.getPermissionFlags(
+ android.Manifest.permission.ACCESS_BACKGROUND_LOCATION)
+ & (FLAG_PERMISSION_REVOKE_WHEN_REQUESTED
+ | FLAG_PERMISSION_REVOKED_COMPAT)) == 0) {
+ preserveGrant = true;
+ }
+
if ((flags & BLOCKING_PERMISSION_FLAGS) == 0
- && supportsRuntimePermissions) {
+ && supportsRuntimePermissions
+ && !preserveGrant) {
if (ps.revokePermission(bp)) {
if (DEBUG_PERMISSIONS) {
Slog.i(TAG, "Revoking runtime permission "