Don't create system fixed, revoked permissions
.. when restricting a previously unrestricted permission.
Fixes: 134069814
Test: Upgraded from Q (before loc bg was restricted) to Q (after log bg
was restricted) and saw previously system-fixed loc bg perm to be
re-granted via the DefaultPermissionGrantPolicy.
Change-Id: I641a95a0e481ca057c4fb7e05b29b18b7a8c10b6
(cherry picked from commit 6a59bbe2be05c374df96765600f616df8b4c564c)
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 267fbf0..beb7268 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -1173,6 +1173,14 @@
}
}
+ if (hardRestricted && !restrictionExempt
+ && (flags & FLAG_PERMISSION_SYSTEM_FIXED) != 0) {
+ // Applying a hard restriction implies revoking it. This might
+ // lead to a system-fixed, revoked permission.
+ flags &= ~FLAG_PERMISSION_SYSTEM_FIXED;
+ wasChanged = true;
+ }
+
if (wasChanged) {
updatedUserIds = ArrayUtils.appendInt(updatedUserIds, userId);
}
