From a8b1bba0c85e4dded86d0d11ecf83fecb997f6d0 Mon Sep 17 00:00:00 2001
From: Paul Keith <javelinanddart@gmail.com>
Date: Tue, 12 Oct 2021 23:12:10 -0500
Subject: [PATCH] verify-permissions: Fix checking of permission mask

* Currently this passes if the permission is either
  signature OR privileged, not both. Fix it.
---
 cicd/verify-permissions.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cicd/verify-permissions.py b/cicd/verify-permissions.py
index 966a9da..9e6ad16 100755
--- a/cicd/verify-permissions.py
+++ b/cicd/verify-permissions.py
@@ -50,7 +50,7 @@ for perm in root.findall('permission'):
     levels = set(perm.get('{}protectionLevel'.format(ANDROID_XML_NS)).split('|'))
     # Check if the protections include signature and privileged
     levels_masked = levels & privileged_permission_mask
-    if len(levels_masked) > 0:
+    if len(levels_masked) >= len(privileged_permission_mask):
         privileged_permissions.add(name)
 
 # Definitions for privapp-permissions