Enforce ADJUST_RUNTIME_PERMISSIONS_POLICY
In updatePermissionFlags, we're calling clearCallingIdentity. And,
just after doing so, we're calling
enforceCallingOrSelfPermission(ADJUST_RUNTIME_PERMISSIONS_POLICY).
But, these two things don't really make sense together, because the
former nullifies the latter.
We could either:
1. Remove clearCallingIdentity but keep enforceCallingOrSelfPermission,
or
2. Remove both
For security, this CL goes with the first option. But, doing so means
updatePermissionFlags now enforces ADJUST_RUNTIME_PERMISSIONS_POLICY.
And this breaks some CTS tests. To address this, we have to add
ADJUST_RUNTIME_PERMISSIONS_POLICY to the shell identity.
Bug: 190694761
Test: atest ActivityPermissionRationaleTest
Change-Id: I7031aebf69d9ec919334573b99eb6b7cb8be31d0
diff --git a/core/api/test-current.txt b/core/api/test-current.txt
index 9f33331..54387c5 100644
--- a/core/api/test-current.txt
+++ b/core/api/test-current.txt
@@ -4,6 +4,7 @@
public static final class Manifest.permission {
field public static final String ACCESS_NOTIFICATIONS = "android.permission.ACCESS_NOTIFICATIONS";
field public static final String ACTIVITY_EMBEDDING = "android.permission.ACTIVITY_EMBEDDING";
+ field public static final String ADJUST_RUNTIME_PERMISSIONS_POLICY = "android.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY";
field public static final String APPROVE_INCIDENT_REPORTS = "android.permission.APPROVE_INCIDENT_REPORTS";
field public static final String BACKGROUND_CAMERA = "android.permission.BACKGROUND_CAMERA";
field public static final String BIND_CELL_BROADCAST_SERVICE = "android.permission.BIND_CELL_BROADCAST_SERVICE";
@@ -17,11 +18,13 @@
field public static final String CONTROL_DEVICE_STATE = "android.permission.CONTROL_DEVICE_STATE";
field public static final String FORCE_DEVICE_POLICY_MANAGER_LOGS = "android.permission.FORCE_DEVICE_POLICY_MANAGER_LOGS";
field public static final String FORCE_STOP_PACKAGES = "android.permission.FORCE_STOP_PACKAGES";
+ field public static final String GRANT_RUNTIME_PERMISSIONS = "android.permission.GRANT_RUNTIME_PERMISSIONS";
field public static final String INSTALL_TEST_ONLY_PACKAGE = "android.permission.INSTALL_TEST_ONLY_PACKAGE";
field public static final String KEEP_UNINSTALLED_PACKAGES = "android.permission.KEEP_UNINSTALLED_PACKAGES";
field public static final String MAKE_UID_VISIBLE = "android.permission.MAKE_UID_VISIBLE";
field @Deprecated public static final String MANAGE_ACTIVITY_STACKS = "android.permission.MANAGE_ACTIVITY_STACKS";
field public static final String MANAGE_ACTIVITY_TASKS = "android.permission.MANAGE_ACTIVITY_TASKS";
+ field public static final String MANAGE_APP_OPS_MODES = "android.permission.MANAGE_APP_OPS_MODES";
field public static final String MANAGE_CRATES = "android.permission.MANAGE_CRATES";
field public static final String MANAGE_NOTIFICATION_LISTENERS = "android.permission.MANAGE_NOTIFICATION_LISTENERS";
field public static final String MANAGE_ROLLBACKS = "android.permission.MANAGE_ROLLBACKS";
@@ -225,7 +228,7 @@
method @RequiresPermission("android.permission.MANAGE_APPOPS") public void resetHistoryParameters();
method @RequiresPermission("android.permission.MANAGE_APPOPS") public void resetPackageOpsNoHistory(@NonNull String);
method @RequiresPermission("android.permission.MANAGE_APPOPS") public void setHistoryParameters(int, long, int);
- method @RequiresPermission("android.permission.MANAGE_APP_OPS_MODES") public void setMode(int, int, String, int);
+ method @RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES) public void setMode(int, int, String, int);
method public static int strOpToOp(@NonNull String);
field public static final int ATTRIBUTION_CHAIN_ID_NONE = -1; // 0xffffffff
field public static final int ATTRIBUTION_FLAGS_NONE = 0; // 0x0
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index f0b1b2a..b6c80b1 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -3928,7 +3928,7 @@
<permission android:name="android.permission.MANAGE_APP_OPS_RESTRICTIONS"
android:protectionLevel="signature|installer" />
- <!-- Allows an application to update the user app op modes.
+ <!-- @TestApi Allows an application to update the user app op modes.
Not for use by third party apps.
@hide -->
<permission android:name="android.permission.MANAGE_APP_OPS_MODES"
@@ -4732,7 +4732,7 @@
<permission android:name="android.permission.CHANGE_COMPONENT_ENABLED_STATE"
android:protectionLevel="signature|privileged|role" />
- <!-- @SystemApi Allows an application to grant specific permissions.
+ <!-- @SystemApi @TestApi iAllows an application to grant specific permissions.
@hide -->
<permission android:name="android.permission.GRANT_RUNTIME_PERMISSIONS"
android:protectionLevel="signature|installer|verifier" />
@@ -4766,7 +4766,7 @@
<permission android:name="android.permission.RESTORE_RUNTIME_PERMISSIONS"
android:protectionLevel="signature" />
- <!-- @SystemApi Allows an application to change policy_fixed permissions.
+ <!-- @SystemApi @TestApi Allows an application to change policy_fixed permissions.
@hide -->
<permission android:name="android.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY"
android:protectionLevel="signature|installer" />
diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index 6fe8087..0417fcd 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml
@@ -708,6 +708,9 @@
<!-- Permission required for CTS test - CtsWindowManagerDeviceTestCases-->
<uses-permission android:name="android.permission.UPDATE_LOCK_TASK_PACKAGES" />
+ <!-- Permission required for CTS test - ActivityPermissionRationaleTest -->
+ <uses-permission android:name="android.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY" />
+
<application android:label="@string/app_label"
android:theme="@android:style/Theme.DeviceDefault.DayNight"
android:defaultToDeviceProtectedStorage="true"
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
index 4a80c4a..c81a3ee 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
@@ -738,26 +738,21 @@
boolean overridePolicy = false;
if (callingUid != Process.SYSTEM_UID && callingUid != Process.ROOT_UID) {
- final long callingIdentity = Binder.clearCallingIdentity();
- try {
- if ((flagMask & FLAG_PERMISSION_POLICY_FIXED) != 0) {
- if (checkAdjustPolicyFlagPermission) {
- mContext.enforceCallingOrSelfPermission(
- Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY,
- "Need " + Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY
- + " to change policy flags");
- } else if (mPackageManagerInt.getUidTargetSdkVersion(callingUid)
- >= Build.VERSION_CODES.Q) {
- throw new IllegalArgumentException(
- Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY + " needs "
- + " to be checked for packages targeting "
- + Build.VERSION_CODES.Q + " or later when changing policy "
- + "flags");
- }
- overridePolicy = true;
+ if ((flagMask & FLAG_PERMISSION_POLICY_FIXED) != 0) {
+ if (checkAdjustPolicyFlagPermission) {
+ mContext.enforceCallingOrSelfPermission(
+ Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY,
+ "Need " + Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY
+ + " to change policy flags");
+ } else if (mPackageManagerInt.getUidTargetSdkVersion(callingUid)
+ >= Build.VERSION_CODES.Q) {
+ throw new IllegalArgumentException(
+ Manifest.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY + " needs "
+ + " to be checked for packages targeting "
+ + Build.VERSION_CODES.Q + " or later when changing policy "
+ + "flags");
}
- } finally {
- Binder.restoreCallingIdentity(callingIdentity);
+ overridePolicy = true;
}
}