Google Git
Sign in
android / platform / frameworks / base / 4ffebb7e4889487d1642d3664ccaf62ffc787e56^! / .
commit4ffebb7e4889487d1642d3664ccaf62ffc787e56[log] [tgz]
authorHai Zhang <zhanghai@google.com>Thu Jul 18 14:50:58 2019 -0700
committerHai Zhang <zhanghai@google.com>Fri Jul 19 15:06:35 2019 -0700
treeddaa1e8c44e8392f8095aea364496394d6878831
parenteafd4dae94f8159af68e0ef006df2e413e82c477 [diff]
Set app op mode to allowed when granting permissions to reset state.

We grant GRANTED_BY_DEFAULT permissions again when user clears data
for a package to reset its state, but the app op mode needs to be
granted as well.

Fixes: 137723522
Test: presubmit & manual
Change-Id: Ibbbbff9e5d8161538637a4c542d7c0bc92a90501

diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 9d0b427..af0ae2c 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java

@@ -53,6 +53,7 @@
 import android.annotation.Nullable;
 import android.annotation.UserIdInt;
 import android.app.ActivityManager;
+import android.app.AppOpsManager;
 import android.app.ApplicationPackageManager;
 import android.app.IActivityManager;
 import android.content.Context;
@@ -1434,7 +1435,7 @@
     /**
      * Reverts user permission state changes (permissions and flags).
      *
-     * @param ps The package for which to reset.
+     * @param pkg The package for which to reset.
      * @param userId The device user for which to do a reset.
      */
     @GuardedBy("mPackages")
@@ -1508,6 +1509,7 @@
             }
         };
 
+        final AppOpsManager appOpsManager = mContext.getSystemService(AppOpsManager.class);
         for (int i = 0; i < permissionCount; i++) {
             final String permName = pkg.requestedPermissions.get(i);
             final BasePermission bp;
@@ -1575,6 +1577,14 @@
             if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0) {
                 grantRuntimePermissionInternal(permName, packageName, false,
                         Process.SYSTEM_UID, userId, delayingPermCallback);
+                // Allow app op later as we are holding mPackages
+                // PermissionPolicyService will handle the app op for foreground/background
+                // permissions.
+                String appOp = AppOpsManager.permissionToOp(permName);
+                if (appOp != null) {
+                    mHandler.post(() -> appOpsManager.setUidMode(appOp, uid,
+                            AppOpsManager.MODE_ALLOWED));
+                }
             // If permission review is enabled the permissions for a legacy apps
             // are represented as constantly granted runtime ones, so don't revoke.
             } else if ((flags & FLAG_PERMISSION_REVIEW_REQUIRED) == 0) {