)]}'
{
  "commit": "38a0631dda87a6519198d2ae38139dcafe1c660d",
  "tree": "776455c9de365323de2f106221de59159b9d8925",
  "parents": [
    "acbdf910366f9cd2e890dd4913e465ffcca06e36"
  ],
  "author": {
    "name": "Svet Ganov",
    "email": "svetoslavganov@google.com",
    "time": "Tue Apr 09 23:55:05 2019 -0700"
  },
  "committer": {
    "name": "Svetoslav Ganov",
    "email": "svetoslavganov@google.com",
    "time": "Wed Apr 10 15:38:11 2019 +0000"
  },
  "message": "Handle restricted permissions for shared UID components - framework\n\nWe set the app op for a restricted permission to allow if the app\nrequesting the permission is whitelisted and to deny if the app requesting\nthe permission is not whitelisted. However, there is another case where an\napp in a shared user can access a component in another app in the same shared\nuser due to being in the same shared user and not by having the permission\nthat guards the component form the rest of the world. We need to handle this.\nThe way we do this is by setting app ops corresponding to non requested\nrestricted permissions to allow as this would allow the shared uid access\ncase and be okay for other apps as they would not have the permission and\nwould fail on the permission checks before reaching the app op check.\n\nTest: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.PermissionsHostTest\nTest: atest CtsPermissionTestCases\nTest: atest CtsPermission2TestCases\nTest: atest CtsRoleTestCases\nTest: shell query commands now work\n\nbug:130045570\n\nChange-Id: I654f057e909340fafd708b2bca182eb105d0cd30\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "3011808d281cd9afb5cf7b29b0aa25064e630b7a",
      "old_mode": 33188,
      "old_path": "services/core/java/com/android/server/policy/PermissionPolicyService.java",
      "new_id": "67f30dc2e9fc4bdfa037019b97a70a011157eb37",
      "new_mode": 33188,
      "new_path": "services/core/java/com/android/server/policy/PermissionPolicyService.java"
    }
  ]
}