commit cd1a5490ec994f4eb3ab305c5554d372d02dab4a
author Hall Liu <hallliu@google.com> Wed Apr 21 21:42:00 2021 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Wed Apr 21 21:42:00 2021 +0000
tree 060f563105029facff4dd6d04c92906708397b29
parent 9341d83295418e0e2bbb0248de31e822a42d1047
parent f4562b5cee38bd5f75fd79499e79d15713f07613

Merge "Remove fixed grant of READ_PHONE_STATE and cleanup" into sc-dev

data/etc/platform.xml

diff --git a/data/etc/platform.xml b/data/etc/platform.xml
index 71fc29b..e8eb4ac 100644
--- a/data/etc/platform.xml
+++ b/data/etc/platform.xml
@@ -205,9 +205,6 @@
     <split-permission name="android.permission.WRITE_EXTERNAL_STORAGE">
         <new-permission name="android.permission.READ_EXTERNAL_STORAGE" />
     </split-permission>
-    <split-permission name="android.permission.READ_PRIVILEGED_PHONE_STATE">
-        <new-permission name="android.permission.READ_PHONE_STATE" />
-    </split-permission>
     <split-permission name="android.permission.READ_CONTACTS"
                       targetSdk="16">
         <new-permission name="android.permission.READ_CALL_LOG" />

services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java

diff --git a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
index 34003c7..1e92ca6 100644
--- a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
+++ b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
@@ -422,19 +422,24 @@
             grantRuntimePermissionsForSystemPackage(pm, userId, pkg);
         }
 
-        // Grant READ_PHONE_STATE to all system apps that have READ_PRIVILEGED_PHONE_STATE
+        // Re-grant READ_PHONE_STATE as non-fixed to all system apps that have
+        // READ_PRIVILEGED_PHONE_STATE and READ_PHONE_STATE granted -- this is to undo the fixed
+        // grant from R.
         for (PackageInfo pkg : packages) {
             if (pkg == null
                     || !doesPackageSupportRuntimePermissions(pkg)
                     || ArrayUtils.isEmpty(pkg.requestedPermissions)
                     || !pm.isGranted(Manifest.permission.READ_PRIVILEGED_PHONE_STATE,
-                            pkg, UserHandle.of(userId))) {
+                            pkg, UserHandle.of(userId))
+                    || !pm.isGranted(Manifest.permission.READ_PHONE_STATE, pkg,
+                            UserHandle.of(userId))) {
                 continue;
             }
-            grantRuntimePermissions(pm, pkg,
-                    Collections.singleton(Manifest.permission.READ_PHONE_STATE),
-                    true, // systemFixed
-                    userId);
+
+            pm.updatePermissionFlags(Manifest.permission.READ_PHONE_STATE, pkg,
+                    PackageManager.FLAG_PERMISSION_SYSTEM_FIXED,
+                    0,
+                    UserHandle.of(userId));
         }
 
     }
@@ -1723,7 +1728,7 @@
                 int flagMask, int flagValues, @NonNull UserHandle user) {
             PermissionState state = getPermissionState(permission, pkg, user);
             state.initFlags();
-            state.newFlags |= flagValues & flagMask;
+            state.newFlags = (state.newFlags & ~flagMask) | (flagValues & flagMask);
         }
 
         @Override