Skip to content

Avoid auto-granting special permissions to unarchived apps #163

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 24, 2025
Merged

Avoid auto-granting special permissions to unarchived apps #163

merged 1 commit into from
Apr 24, 2025

Conversation

chenxiaolong
Copy link

@chenxiaolong chenxiaolong commented Apr 16, 2025
edited
Loading

Avoid calling setNewlyInstalledInUserId() when restoring an archived app to ensure that the special permission auto-granting logic does not reset the user's previous permission state.

Fixes: GrapheneOS/os-issue-tracker#5256

Tested:

  • All 4 combinations of INERNET on/off (install prompt) and OTHER_SENSORS on/off ("Allow Sensors permission to apps by default" global setting) when installing a new app from the Play Store
  • All 8 combinations of INTERNET on/off, OTHER_SENSORS on/off, and POST_NOTIFICATIONS on/off when archiving and restoring an app
    • (POST_NOTIFICATIONS to test a non-SpecialRuntimePermUtils permission)

@chenxiaolong chenxiaolong mentioned this pull request Apr 16, 2025
Closed
@muhomorr2
Copy link

IIRC permission state is initialized for all users when app gets installed. It's definitely true for apps that were installed before Android 15 update.

isNewlyInstalledInUserId is GrapheneOS-specific, it's a bug that it returns true during unarchival. Need to add a conditional to setNewlyInstalledInUserId in InstallPackageHelper.

@chenxiaolong
Copy link
Author

Thanks, I'll look into that approach instead.

@chenxiaolong chenxiaolong marked this pull request as draft April 16, 2025 12:55
@chenxiaolong chenxiaolong changed the title Avoid auto-granting special permissions when existing state is present Avoid auto-granting special permissions to unarchived apps Apr 16, 2025
@chenxiaolong
Copy link
Author

Done. Updated to use @muhomorr2's suggested approach.

@chenxiaolong chenxiaolong marked this pull request as ready for review April 16, 2025 14:23
@quh4gko8
Copy link
Member

This also needs to be verified and tested that it doesn't call setNewlyInstalledInUserId on app updates like the current behavior, not only skipping it on archived apps.

@chenxiaolong
Copy link
Author

Thanks, fixed in dc4fe44. That was something I overlooked when moving the setNewlyInstalledInUserId calls around. Instead of doing that, I changed it to just store a list of user IDs where the app is archived and then act on it later, where the existing setNewlyInstalledInUserId calls are.

@chenxiaolong
Avoid auto-granting special permissions to unarchived apps
515241a 
Avoid calling setNewlyInstalledInUserId() when restoring an archived app
to ensure that the special permission auto-granting logic does not reset
the user's previous permission state.

Fixes: GrapheneOS/os-issue-tracker#5256

Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
@thestinger thestinger merged commit 556162c into GrapheneOS:15-qpr2 Apr 24, 2025
@chenxiaolong chenxiaolong deleted the auto-grant-reset branch April 24, 2025 20:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@inthewaves inthewaves inthewaves left review comments

@quh4gko8 quh4gko8 quh4gko8 requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

OTHER_SENSORS and INTERNET permissions are reset after archiving app and restoring it
5 participants
@chenxiaolong @muhomorr2 @quh4gko8 @inthewaves @thestinger