3 files changed, 58 insertions, 0 deletions

diff --git a/src/tools/androidtestrunner/main.cpp b/src/tools/androidtestrunner/main.cpp
index 0e04d10e692..b517d85c5fb 100644
--- a/src/tools/androidtestrunner/main.cpp
+++ b/src/tools/androidtestrunner/main.cpp
@@ -328,6 +328,53 @@ static bool processAndroidManifest()
     return true;
 }
 
+static QStringList queryDangerousPermissions()
+{
+    QByteArray output;
+    const QStringList args({ "shell"_L1, "dumpsys"_L1, "package"_L1, "permissions"_L1 });
+    if (!execAdbCommand(args, &output, false)) {
+        qWarning("Failed to query permissions via dumpsys");
+        return {};
+    }
+
+    /*
+     * Permissions section from this command look like:
+     *
+     * Permission [android.permission.INTERNET] (c8cafdc):
+     *     sourcePackage=android
+     *     uid=1000 gids=[3003] type=0 prot=normal|instant
+     *     perm=PermissionInfo{5f5bfbb android.permission.INTERNET}
+     *     flags=0x0
+     */
+     const static QRegularExpression regex("^\\s*Permission\\s+\\[([^\\]]+)\\]\\s+\\(([^)]+)\\):"_L1);
+    QStringList dangerousPermissions;
+    QString currentPerm;
+
+    const QStringList lines = QString::fromUtf8(output).split(u'\n');
+    for (const QString &line : lines) {
+        QRegularExpressionMatch match = regex.match(line);
+        if (match.hasMatch()) {
+            currentPerm = match.captured(1);
+            continue;
+        }
+
+        if (currentPerm.isEmpty())
+            continue;
+
+        int protIndex = line.indexOf("prot="_L1);
+        if (protIndex == -1)
+            continue;
+
+        QString protectionTypes = line.mid(protIndex + 5).trimmed();
+        if (protectionTypes.contains("dangerous"_L1, Qt::CaseInsensitive)) {
+            dangerousPermissions.append(currentPerm);
+            currentPerm.clear();
+        }
+    }
+
+    return dangerousPermissions;
+}
+
 static void setOutputFile(QString file, QString format)
 {
     if (format.isEmpty())
@@ -938,7 +985,11 @@ int main(int argc, char *argv[])
             return EXIT_ERROR;
     }
 
+    const QStringList dangerousPermisisons = queryDangerousPermissions();
     for (const auto &permission : g_options.permissions) {
+        if (!dangerousPermisisons.contains(permission))
+            continue;
+
         if (!execAdbCommand({ "shell"_L1, "pm"_L1, "grant"_L1, g_options.package, permission },
                             nullptr)) {
             qWarning("Unable to grant '%s' to '%s'. Probably the Android version mismatch.",
diff --git a/src/tools/moc/moc.cpp b/src/tools/moc/moc.cpp
index 9cfd877d945..64af8c10fc1 100644
--- a/src/tools/moc/moc.cpp
+++ b/src/tools/moc/moc.cpp
@@ -68,6 +68,8 @@ bool Moc::parseClassHead(ClassDef *def)
         const QByteArrayView lex = lexemView();
         if (lex != "final" && lex != "sealed" && lex != "Q_DECL_FINAL")
             name = lexem();
+        else
+            def->isFinal = true;
     }
 
     def->qualified += name;
@@ -85,6 +87,8 @@ bool Moc::parseClassHead(ClassDef *def)
         const QByteArrayView lex = lexemView();
         if (lex != "final" && lex != "sealed" && lex != "Q_DECL_FINAL")
             return false;
+        else
+            def->isFinal = true;
     }
 
     if (test(COLON)) {
@@ -2055,6 +2059,8 @@ QJsonObject ClassDef::toJson() const
     cls["className"_L1] = QString::fromUtf8(classname.constData());
     cls["qualifiedClassName"_L1] = QString::fromUtf8(qualified.constData());
     cls["lineNumber"_L1] = lineNumber;
+    if (isFinal)
+        cls["final"_L1] = true;
 
     QJsonArray classInfos;
     for (const auto &info: std::as_const(classInfoList)) {
diff --git a/src/tools/moc/moc.h b/src/tools/moc/moc.h
index bf55aa7c44f..aafa80d2164 100644
--- a/src/tools/moc/moc.h
+++ b/src/tools/moc/moc.h
@@ -207,6 +207,7 @@ struct ClassDef : BaseDef {
     bool hasQGadget = false;
     bool hasQNamespace = false;
     bool requireCompleteMethodTypes = false;
+    bool isFinal = false;
 
     QJsonObject toJson() const;
 };