From 05dc947c63a2304adce53a0aef6b0e0a9db9343a Mon Sep 17 00:00:00 2001
From: akirilov <akirilov@google.com>
Date: Fri, 24 Aug 2018 15:43:05 -0700
Subject: [PATCH] RESTRICT AUTOMERGE: Check both self and shared user id
 package for requested permissions.

Bug: 111752150
Test: Manual local test
Change-Id: I0b48a20525f87fc6f5ab8d7e70aa7d11cd747f97
---
 .../core/java/com/android/server/pm/PackageManagerService.java    | 5 ++++-
 services/core/java/com/android/server/pm/PermissionsState.java    | 8 ++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 43f70198d96b..ec9d00e94d8d 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -276,6 +276,7 @@ import com.android.server.Watchdog;
 import com.android.server.net.NetworkPolicyManagerInternal;
 import com.android.server.pm.Installer.InstallerException;
 import com.android.server.pm.PermissionsState.PermissionState;
+import com.android.server.pm.PackageSetting;
 import com.android.server.pm.Settings.DatabaseVersion;
 import com.android.server.pm.Settings.VersionInfo;
 import com.android.server.pm.dex.DexManager;
@@ -5355,8 +5356,10 @@ public class PackageManagerService extends IPackageManager.Stub
 
     private static void enforceDeclaredAsUsedAndRuntimeOrDevelopmentPermission(
             PackageParser.Package pkg, BasePermission bp) {
+        final PackageSetting pkgSetting = (PackageSetting) pkg.mExtras;
+        final PermissionsState permsState = pkgSetting.getPermissionsState();
         int index = pkg.requestedPermissions.indexOf(bp.name);
-        if (index == -1) {
+        if (!permsState.hasRequestedPermission(bp.name) && index == -1) {
             throw new SecurityException("Package " + pkg.packageName
                     + " has not requested permission " + bp.name);
         }
diff --git a/services/core/java/com/android/server/pm/PermissionsState.java b/services/core/java/com/android/server/pm/PermissionsState.java
index 8a427cd329e2..d494e33cc647 100644
--- a/services/core/java/com/android/server/pm/PermissionsState.java
+++ b/services/core/java/com/android/server/pm/PermissionsState.java
@@ -291,6 +291,14 @@ public final class PermissionsState {
     }
 
     /**
+     * Returns whether the state has any known request for the given permission name,
+     * whether or not it has been granted.
+     */
+    public boolean hasRequestedPermission(String name) {
+        return mPermissions != null && (mPermissions.get(name) != null);
+    }
+
+    /**
      * Gets all permissions for a given device user id regardless if they
      * are install time or runtime permissions.
      *
-- 
2.11.0