From b8dbdc293a8495a873a9c36353d6a9408c698256 Mon Sep 17 00:00:00 2001
From: Chris Palmer <palmer@google.com>
Date: Wed, 15 Sep 2010 10:45:31 -0700
Subject: [PATCH] Clarify the danger of READ_LOGS and DUMP permissions.

The logs inevitably contain PII, so now we are making that clear in user
strings and developer docs. Moving DUMP and READ_LOGS into the PERSONAL_INFO
group.

Note that this means we need string translations.

Change-Id: I1b5bf9d2d827ab1a31dedbdb30d0906a87c26a32
---
 core/res/AndroidManifest.xml    | 11 +++++------
 core/res/res/values/strings.xml |  6 +++---
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index a543816e3dc8f..ab0ff3f1032db 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -590,8 +590,8 @@
     <!-- Allows an application to retrieve state dump information from system
          services. -->
     <permission android:name="android.permission.DUMP"
-        android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
-        android:protectionLevel="dangerous"
+        android:permissionGroup="android.permission-group.PERSONAL_INFO"
+        android:protectionLevel="signatureOrSystem"
         android:label="@string/permlab_dump"
         android:description="@string/permdesc_dump" />
 
@@ -840,11 +840,10 @@
         android:description="@string/permdesc_clearAppCache" />
 
     <!-- Allows an application to read the low-level system log files.
-         These can contain slightly private information about what is
-         happening on the device, but should never contain the user's
-         private information. -->
+         Log entries can contain the user's private information,
+         which is why this permission is 'dangerous'. -->
     <permission android:name="android.permission.READ_LOGS"
-        android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
+        android:permissionGroup="android.permission-group.PERSONAL_INFO"
         android:protectionLevel="dangerous"
         android:label="@string/permlab_readLogs"
         android:description="@string/permdesc_readLogs" />
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index 59136392ccb8a..dc89acb24f969 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -704,12 +704,12 @@
     <string name="permdesc_movePackage">Allows an application to move application resources from internal to external media and vice versa.</string>
 
     <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
-    <string name="permlab_readLogs">read system log files</string>
+    <string name="permlab_readLogs">read sensitive log data</string>
     <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
     <string name="permdesc_readLogs">Allows an application to read from the
         system\'s various log files.  This allows it to discover general
-        information about what you are doing with the phone, but they should
-        not contain any personal or private information.</string>
+        information about what you are doing with the phone, potentially
+        including personal or private information.</string>
 
     <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
     <string name="permlab_diagnostic">read/write to resources owned by diag</string>