This repository has been archived by the owner on Mar 6, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 35
/
Copy path00001-global-internet-permission-toggle.patch
329 lines (290 loc) · 17 KB
/
00001-global-internet-permission-toggle.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
####################################################
# frameworks/base
####################################################
From 5a0fea90677a7442a7d45f798ad56ff90a899552 Mon Sep 17 00:00:00 2001
From: inthewaves <[email protected]>
Date: Sat, 12 Sep 2020 12:28:34 -0700
Subject: [PATCH 1/3] support new special runtime permissions
These are treated as a runtime permission even for legacy apps. They
need to be granted by default for all apps to maintain compatibility.
Ported from 10: 4d5d82f4e2fb9ff68158bf30f3944591bb74dd04
Changes from 10:
- It seems like parts of PackageManagerService#resetUserChangesToRuntimePermissionsAndFlagsLPw
were refactored into PermissionManagerService#resetRuntimePermissionsInternal.
As a result, PackageManagerService is no longer modified.
---
.../permission/PermissionManagerService.java | 24 +++++++++++++++----
1 file changed, 19 insertions(+), 5 deletions(-)
diff --git a/frameworks/base/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/frameworks/base/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 9963cf7e212..99e0813f25d 100644
--- a/frameworks/base/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/frameworks/base/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -1455,7 +1455,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
// to keep the review required permission flag per user while an
// install permission's state is shared across all users.
if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M
- && bp.isRuntime()) {
+ && bp.isRuntime() && !isSpecialRuntimePermission(permName)) {
return;
}
@@ -1507,7 +1507,8 @@ public class PermissionManagerService extends IPermissionManager.Stub {
+ permName + " for package " + packageName);
}
- if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M) {
+ if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M
+ && !isSpecialRuntimePermission(permName)) {
Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
return;
}
@@ -1617,7 +1618,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
// to keep the review required permission flag per user while an
// install permission's state is shared across all users.
if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M
- && bp.isRuntime()) {
+ && bp.isRuntime() && !isSpecialRuntimePermission(bp.name)) {
return;
}
@@ -1841,7 +1842,8 @@ public class PermissionManagerService extends IPermissionManager.Stub {
// If this permission was granted by default or role, make sure it is.
if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
- || (oldFlags & FLAG_PERMISSION_GRANTED_BY_ROLE) != 0) {
+ || (oldFlags & FLAG_PERMISSION_GRANTED_BY_ROLE) != 0
+ || isSpecialRuntimePermission(bp.getName())) {
// PermissionPolicyService will handle the app op for runtime permissions later.
grantRuntimePermissionInternal(permName, packageName, false,
Process.SYSTEM_UID, userId, delayingPermCallback);
@@ -2479,6 +2481,10 @@ public class PermissionManagerService extends IPermissionManager.Stub {
}
}
+ public static boolean isSpecialRuntimePermission(final String permission) {
+ return false;
+ }
+
/**
* Restore the permission state for a package.
*
@@ -2826,6 +2832,14 @@ public class PermissionManagerService extends IPermissionManager.Stub {
}
}
}
+
+ if (isSpecialRuntimePermission(bp.name) &&
+ origPermissions.getRuntimePermissionState(bp.name, userId) == null) {
+ if (permissionsState.grantRuntimePermission(bp, userId)
+ != PERMISSION_OPERATION_FAILURE) {
+ wasChanged = true;
+ }
+ }
} else {
if (permState == null) {
// New permission
@@ -3772,7 +3786,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
&& (grantedPermissions == null
|| ArrayUtils.contains(grantedPermissions, permission))) {
final int flags = permissionsState.getPermissionFlags(permission, userId);
- if (supportsRuntimePermissions) {
+ if (supportsRuntimePermissions || isSpecialRuntimePermission(bp.name)) {
// Installer cannot change immutable permissions.
if ((flags & immutableFlags) == 0) {
grantRuntimePermissionInternal(permission, pkg.getPackageName(), false,
--
2.24.3 (Apple Git-128)
From 4c6229bc7cdcbda4c52922de1336e65ebbe47f42 Mon Sep 17 00:00:00 2001
From: Daniel Micay <[email protected]>
Date: Sun, 17 Mar 2019 11:59:15 -0400
Subject: [PATCH 2/3] make INTERNET into a special runtime permission
Ported from 10: 5e2898e9d21dd6802bb0b0139e7e496c41e1cd80
---
core/res/AndroidManifest.xml | 2 +-
.../android/server/pm/permission/PermissionManagerService.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/frameworks/base/core/res/AndroidManifest.xml b/frameworks/base/core/res/AndroidManifest.xml
index 9945057f0e9..43e01645db8 100644
--- a/frameworks/base/core/res/AndroidManifest.xml
+++ b/frameworks/base/core/res/AndroidManifest.xml
@@ -1584,7 +1584,7 @@
<permission android:name="android.permission.INTERNET"
android:description="@string/permdesc_createNetworkSockets"
android:label="@string/permlab_createNetworkSockets"
- android:protectionLevel="normal|instant" />
+ android:protectionLevel="dangerous|instant" />
<!-- Allows applications to access information about networks.
<p>Protection level: normal
diff --git a/frameworks/base/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/frameworks/base/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 99e0813f25d..d8476b29c8e 100644
--- a/frameworks/base/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/frameworks/base/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -2482,7 +2482,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
}
public static boolean isSpecialRuntimePermission(final String permission) {
- return false;
+ return Manifest.permission.INTERNET.equals(permission);
}
/**
--
2.24.3 (Apple Git-128)
From 5ab4a769427c99e802831ccb0f0a1aee5ba2a8a2 Mon Sep 17 00:00:00 2001
From: Daniel Micay <[email protected]>
Date: Fri, 21 Jul 2017 11:23:07 -0400
Subject: [PATCH 3/3] add a NETWORK permission group for INTERNET
Ported from 10: b5c9f9407d5f5407686ea8c02fa67573ddc07824
Changes from 10:
- Needed to run `m api-stubs-docs-non-updatable-update-current-api`
to fix the "You have tried to change the API from what has been
previously approved" errors.
---
api/current.txt | 1 +
core/res/AndroidManifest.xml | 8 ++++++++
core/res/res/values/strings.xml | 5 +++++
non-updatable-api/current.txt | 1 +
4 files changed, 15 insertions(+)
diff --git a/frameworks/base/api/current.txt b/frameworks/base/api/current.txt
index 952ccdad992..728c0e95ca6 100644
--- a/frameworks/base/api/current.txt
+++ b/frameworks/base/api/current.txt
@@ -184,6 +184,7 @@ package android {
field public static final String CONTACTS = "android.permission-group.CONTACTS";
field public static final String LOCATION = "android.permission-group.LOCATION";
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
+ field public static final String NETWORK = "android.permission-group.NETWORK";
field public static final String PHONE = "android.permission-group.PHONE";
field public static final String SENSORS = "android.permission-group.SENSORS";
field public static final String SMS = "android.permission-group.SMS";
diff --git a/frameworks/base/core/res/AndroidManifest.xml b/frameworks/base/core/res/AndroidManifest.xml
index 43e01645db8..82e3d98494a 100644
--- a/frameworks/base/core/res/AndroidManifest.xml
+++ b/frameworks/base/core/res/AndroidManifest.xml
@@ -1578,10 +1578,18 @@
<!-- ======================================= -->
<eat-comment />
+ <!-- Network access -->
+ <permission-group android:name="android.permission-group.NETWORK"
+ android:icon="@drawable/perm_group_network"
+ android:label="@string/permgrouplab_network"
+ android:description="@string/permgroupdesc_network"
+ android:priority="900" />
+
<!-- Allows applications to open network sockets.
<p>Protection level: normal
-->
<permission android:name="android.permission.INTERNET"
+ android:permissionGroup="android.permission-group.UNDEFINED"
android:description="@string/permdesc_createNetworkSockets"
android:label="@string/permlab_createNetworkSockets"
android:protectionLevel="dangerous|instant" />
diff --git a/frameworks/base/core/res/res/values/strings.xml b/frameworks/base/core/res/res/values/strings.xml
index 00e3f21ad4f..4f3bde99d7f 100644
--- a/frameworks/base/core/res/res/values/strings.xml
+++ b/frameworks/base/core/res/res/values/strings.xml
@@ -804,6 +804,11 @@
<!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permgroupdesc_sensors">access sensor data about your vital signs</string>
+ <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permgrouplab_network">Network</string>
+ <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
+ <string name="permgroupdesc_network">access the network</string>
+
<!-- Title for the capability of an accessibility service to retrieve window content. -->
<string name="capability_title_canRetrieveWindowContent">Retrieve window content</string>
<!-- Description for the capability of an accessibility service to retrieve window content. -->
diff --git a/frameworks/base/non-updatable-api/current.txt b/frameworks/base/non-updatable-api/current.txt
index 5f15216e840..189544f9859 100644
--- a/frameworks/base/non-updatable-api/current.txt
+++ b/frameworks/base/non-updatable-api/current.txt
@@ -184,6 +184,7 @@ package android {
field public static final String CONTACTS = "android.permission-group.CONTACTS";
field public static final String LOCATION = "android.permission-group.LOCATION";
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
+ field public static final String NETWORK = "android.permission-group.NETWORK";
field public static final String PHONE = "android.permission-group.PHONE";
field public static final String SENSORS = "android.permission-group.SENSORS";
field public static final String SMS = "android.permission-group.SMS";
--
2.24.3 (Apple Git-128)
####################################################
# packages/apps/PermissionController
####################################################
From f16059b2b6f65cb5624679821c2cbf00c64b619c Mon Sep 17 00:00:00 2001
From: Daniel Micay <[email protected]>
Date: Sat, 22 Jul 2017 21:43:50 -0400
Subject: [PATCH 1/2] always treat INTERNET as a runtime permission
ported from 10: 6c4f112dde47f21ce5a583f5bd8b217db6de5c02
---
.../permission/model/AppPermissionGroup.java | 5 +++--
.../permissioncontroller/permission/model/Permission.java | 3 ++-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/packages/apps/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java b/packages/apps/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
index aeb90811..0399a183 100644
--- a/packages/apps/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
+++ b/packages/apps/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
@@ -34,6 +34,7 @@ import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
import android.content.pm.PermissionGroupInfo;
import android.content.pm.PermissionInfo;
+import android.Manifest;
import android.os.Build;
import android.os.UserHandle;
import android.permission.PermissionManager;
@@ -872,7 +873,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
boolean wasGranted = permission.isGrantedIncludingAppOp();
- if (mAppSupportsRuntimePermissions) {
+ if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName())) {
// Do not touch permissions fixed by the system.
if (permission.isSystemFixed()) {
wasAllGranted = false;
@@ -1057,7 +1058,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
break;
}
- if (mAppSupportsRuntimePermissions) {
+ if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName())) {
// Revoke the permission if needed.
if (permission.isGranted()) {
permission.setGranted(false);
diff --git a/packages/apps/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java b/packages/apps/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
index 49381db2..3af5241a 100644
--- a/packages/apps/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
+++ b/packages/apps/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
@@ -18,6 +18,7 @@ package com.android.permissioncontroller.permission.model;
import android.content.pm.PackageManager;
import android.content.pm.PermissionInfo;
+import android.Manifest;
import androidx.annotation.NonNull;
@@ -137,7 +138,7 @@ public final class Permission {
* @return {@code true} if the permission (and the app-op) is granted.
*/
public boolean isGrantedIncludingAppOp() {
- return mGranted && (!affectsAppOp() || isAppOpAllowed()) && !isReviewRequired();
+ return mGranted && (!affectsAppOp() || isAppOpAllowed()) && (!isReviewRequired() || Manifest.permission.INTERNET.equals(mName));
}
public boolean isReviewRequired() {
--
2.24.3 (Apple Git-128)
From 796bd7ca347b7163797ede28b513d1ab17c226a0 Mon Sep 17 00:00:00 2001
From: Daniel Micay <[email protected]>
Date: Fri, 21 Jul 2017 10:29:15 -0400
Subject: [PATCH 2/2] add INTERNET permission toggle
ported from 10: a07271ed7e45239369f2ca33496d939d2e9cbd08
---
.../android/permissioncontroller/permission/utils/Utils.java | 3 +++
1 file changed, 3 insertions(+)
diff --git a/packages/apps/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java b/packages/apps/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
index 65fdd590..2f0dc3d2 100644
--- a/packages/apps/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
+++ b/packages/apps/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
@@ -25,6 +25,7 @@ import static android.Manifest.permission_group.CAMERA;
import static android.Manifest.permission_group.CONTACTS;
import static android.Manifest.permission_group.LOCATION;
import static android.Manifest.permission_group.MICROPHONE;
+import static android.Manifest.permission_group.NETWORK;
import static android.Manifest.permission_group.PHONE;
import static android.Manifest.permission_group.SENSORS;
import static android.Manifest.permission_group.SMS;
@@ -209,6 +210,8 @@ public final class Utils {
PLATFORM_PERMISSIONS.put(Manifest.permission.BODY_SENSORS, SENSORS);
+ PLATFORM_PERMISSIONS.put(Manifest.permission.INTERNET, NETWORK);
+
PLATFORM_PERMISSION_GROUPS = new ArrayMap<>();
int numPlatformPermissions = PLATFORM_PERMISSIONS.size();
for (int i = 0; i < numPlatformPermissions; i++) {
--
2.24.3 (Apple Git-128)