diff options
| author | Svet Ganov <svetoslavganov@google.com> | 2019-04-09 23:55:05 -0700 |
|---|---|---|
| committer | Svetoslav Ganov <svetoslavganov@google.com> | 2019-04-10 15:38:11 +0000 |
| commit | 38a0631dda87a6519198d2ae38139dcafe1c660d (patch) | |
| tree | 776455c9de365323de2f106221de59159b9d8925 /tools/aapt2/java/JavaClassGenerator.cpp | |
| parent | acbdf910366f9cd2e890dd4913e465ffcca06e36 (diff) | |
Handle restricted permissions for shared UID components - framework
We set the app op for a restricted permission to allow if the app
requesting the permission is whitelisted and to deny if the app requesting
the permission is not whitelisted. However, there is another case where an
app in a shared user can access a component in another app in the same shared
user due to being in the same shared user and not by having the permission
that guards the component form the rest of the world. We need to handle this.
The way we do this is by setting app ops corresponding to non requested
restricted permissions to allow as this would allow the shared uid access
case and be okay for other apps as they would not have the permission and
would fail on the permission checks before reaching the app op check.
Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.PermissionsHostTest
Test: atest CtsPermissionTestCases
Test: atest CtsPermission2TestCases
Test: atest CtsRoleTestCases
Test: shell query commands now work
bug:130045570
Change-Id: I654f057e909340fafd708b2bca182eb105d0cd30
Diffstat (limited to 'tools/aapt2/java/JavaClassGenerator.cpp')
0 files changed, 0 insertions, 0 deletions