Skip to content
Commit 38a0631d authored by Svet Ganov's avatar Svet Ganov Committed by Svetoslav Ganov
Browse files

Handle restricted permissions for shared UID components - framework

We set the app op for a restricted permission to allow if the app
requesting the permission is whitelisted and to deny if the app requesting
the permission is not whitelisted. However, there is another case where an
app in a shared user can access a component in another app in the same shared
user due to being in the same shared user and not by having the permission
that guards the component form the rest of the world. We need to handle this.
The way we do this is by setting app ops corresponding to non requested
restricted permissions to allow as this would allow the shared uid access
case and be okay for other apps as they would not have the permission and
would fail on the permission checks before reaching the app op check.

Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.PermissionsHostTest
Test: atest CtsPermissionTestCases
Test: atest CtsPermission2TestCases
Test: atest CtsRoleTestCases
Test: shell query commands now work

bug:130045570

Change-Id: I654f057e909340fafd708b2bca182eb105d0cd30
parent acbdf910
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment