Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Change protection level from ephemeral to instant" into oc-mr1-dev

Browse Source
This commit is contained in:
TreeHugger Robot
2017-08-14 23:18:45 +00:00
committed by Android (Google) Code Review
parent d57287be19 c247fa1366
commit ef2e7d27ae
9 changed files with 24 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
api/current.txt
View File

@@ -10887,6 +10887,7 @@ package android.content.pm {
field public static final int PROTECTION_FLAG_APPOP = 64; // 0x40
field public static final int PROTECTION_FLAG_DEVELOPMENT = 32; // 0x20
field public static final int PROTECTION_FLAG_INSTALLER = 256; // 0x100
field public static final int PROTECTION_FLAG_INSTANT = 4096; // 0x1000
field public static final int PROTECTION_FLAG_PRE23 = 128; // 0x80
field public static final int PROTECTION_FLAG_PREINSTALLED = 1024; // 0x400
field public static final int PROTECTION_FLAG_PRIVILEGED = 16; // 0x10

2
api/system-current.txt
View File

@@ -11602,8 +11602,8 @@ package android.content.pm {
field public static final int PROTECTION_DANGEROUS = 1; // 0x1
field public static final int PROTECTION_FLAG_APPOP = 64; // 0x40
field public static final int PROTECTION_FLAG_DEVELOPMENT = 32; // 0x20
field public static final int PROTECTION_FLAG_EPHEMERAL = 4096; // 0x1000
field public static final int PROTECTION_FLAG_INSTALLER = 256; // 0x100
field public static final int PROTECTION_FLAG_INSTANT = 4096; // 0x1000
field public static final int PROTECTION_FLAG_PRE23 = 128; // 0x80
field public static final int PROTECTION_FLAG_PREINSTALLED = 1024; // 0x400
field public static final int PROTECTION_FLAG_PRIVILEGED = 16; // 0x10

2
api/test-current.txt
View File

@@ -10928,8 +10928,8 @@ package android.content.pm {
field public static final int PROTECTION_DANGEROUS = 1; // 0x1
field public static final int PROTECTION_FLAG_APPOP = 64; // 0x40
field public static final int PROTECTION_FLAG_DEVELOPMENT = 32; // 0x20
field public static final int PROTECTION_FLAG_EPHEMERAL = 4096; // 0x1000
field public static final int PROTECTION_FLAG_INSTALLER = 256; // 0x100
field public static final int PROTECTION_FLAG_INSTANT = 4096; // 0x1000
field public static final int PROTECTION_FLAG_PRE23 = 128; // 0x80
field public static final int PROTECTION_FLAG_PREINSTALLED = 1024; // 0x400
field public static final int PROTECTION_FLAG_PRIVILEGED = 16; // 0x10

4
core/java/android/content/pm/PackageParser.java
View File

@@ -3235,11 +3235,11 @@ public class PackageParser {
perm.info.protectionLevel = PermissionInfo.fixProtectionLevel(perm.info.protectionLevel);
if ((perm.info.protectionLevel&PermissionInfo.PROTECTION_MASK_FLAGS) != 0) {
if ( (perm.info.protectionLevel&PermissionInfo.PROTECTION_FLAG_EPHEMERAL) == 0
if ( (perm.info.protectionLevel&PermissionInfo.PROTECTION_FLAG_INSTANT) == 0
&& (perm.info.protectionLevel&PermissionInfo.PROTECTION_FLAG_RUNTIME_ONLY) == 0
&& (perm.info.protectionLevel&PermissionInfo.PROTECTION_MASK_BASE) !=
PermissionInfo.PROTECTION_SIGNATURE) {
outError[0] = "<permission> protectionLevel specifies a non-ephemeral flag but is "
outError[0] = "<permission> protectionLevel specifies a non-instnat flag but is "
+ "not based on signature type";
mParseError = PackageManager.INSTALL_PARSE_FAILED_MANIFEST_MALFORMED;
return false;

11
core/java/android/content/pm/PermissionInfo.java
View File

@@ -122,13 +122,10 @@ public class PermissionInfo extends PackageItemInfo implements Parcelable {
/**
* Additional flag for {@link #protectionLevel}, corresponding
* to the <code>ephemeral</code> value of
* to the <code>instant</code> value of
* {@link android.R.attr#protectionLevel}.
* @hide
*/
@SystemApi
@TestApi
public static final int PROTECTION_FLAG_EPHEMERAL = 0x1000;
public static final int PROTECTION_FLAG_INSTANT = 0x1000;
/**
* Additional flag for {@link #protectionLevel}, corresponding
@@ -254,8 +251,8 @@ public class PermissionInfo extends PackageItemInfo implements Parcelable {
if ((level&PermissionInfo.PROTECTION_FLAG_SETUP) != 0) {
protLevel += "|setup";
}
if ((level&PermissionInfo.PROTECTION_FLAG_EPHEMERAL) != 0) {
protLevel += "|ephemeral";
if ((level&PermissionInfo.PROTECTION_FLAG_INSTANT) != 0) {
protLevel += "|instant";
}
if ((level&PermissionInfo.PROTECTION_FLAG_RUNTIME_ONLY) != 0) {
protLevel += "|runtime";

20
core/res/AndroidManifest.xml
View File

@@ -770,7 +770,7 @@
android:permissionGroup="android.permission-group.LOCATION"
android:label="@string/permlab_accessFineLocation"
android:description="@string/permdesc_accessFineLocation"
android:protectionLevel="dangerous|ephemeral" />
android:protectionLevel="dangerous|instant" />
<!-- Allows an app to access approximate location.
Alternatively, you might want {@link #ACCESS_FINE_LOCATION}.
@@ -780,7 +780,7 @@
android:permissionGroup="android.permission-group.LOCATION"
android:label="@string/permlab_accessCoarseLocation"
android:description="@string/permdesc_accessCoarseLocation"
android:protectionLevel="dangerous|ephemeral" />
android:protectionLevel="dangerous|instant" />
<!-- ====================================================================== -->
<!-- Permissions for accessing the device telephony -->
@@ -814,13 +814,13 @@
android:protectionLevel="dangerous" />
<!-- Allows read access to the device's phone number(s). This is a subset of the capabilities
granted by {@link #READ_PHONE_STATE} but is exposed to ephemeral applications.
granted by {@link #READ_PHONE_STATE} but is exposed to instant applications.
<p>Protection level: dangerous-->
<permission android:name="android.permission.READ_PHONE_NUMBERS"
android:permissionGroup="android.permission-group.PHONE"
android:label="@string/permlab_readPhoneNumbers"
android:description="@string/permdesc_readPhoneNumbers"
android:protectionLevel="dangerous|ephemeral" />
android:protectionLevel="dangerous|instant" />
<!-- Allows an application to initiate a phone call without going through
the Dialer user interface for the user to confirm the call.
@@ -1000,7 +1000,7 @@
android:permissionGroup="android.permission-group.CAMERA"
android:label="@string/permlab_camera"
android:description="@string/permdesc_camera"
android:protectionLevel="dangerous|ephemeral" />
android:protectionLevel="dangerous|instant" />
<!-- ====================================================================== -->
@@ -1242,7 +1242,7 @@
<permission android:name="android.permission.INTERNET"
android:description="@string/permdesc_createNetworkSockets"
android:label="@string/permlab_createNetworkSockets"
android:protectionLevel="normal|ephemeral" />
android:protectionLevel="normal|instant" />
<!-- Allows applications to access information about networks.
<p>Protection level: normal
@@ -1250,7 +1250,7 @@
<permission android:name="android.permission.ACCESS_NETWORK_STATE"
android:description="@string/permdesc_accessNetworkState"
android:label="@string/permlab_accessNetworkState"
android:protectionLevel="normal|ephemeral" />
android:protectionLevel="normal|instant" />
<!-- Allows applications to access information about Wi-Fi networks.
<p>Protection level: normal
@@ -1473,7 +1473,7 @@
<permission android:name="android.permission.VIBRATE"
android:label="@string/permlab_vibrate"
android:description="@string/permdesc_vibrate"
android:protectionLevel="normal|ephemeral" />
android:protectionLevel="normal|instant" />
<!-- Allows using PowerManager WakeLocks to keep processor from sleeping or screen
from dimming.
@@ -1482,7 +1482,7 @@
<permission android:name="android.permission.WAKE_LOCK"
android:label="@string/permlab_wakeLock"
android:description="@string/permdesc_wakeLock"
android:protectionLevel="normal|ephemeral" />
android:protectionLevel="normal|instant" />
<!-- Allows using the device's IR transmitter, if available.
<p>Protection level: normal
@@ -3532,7 +3532,7 @@
<!-- Allows an instant app to create foreground services. -->
<permission android:name="android.permission.INSTANT_APP_FOREGROUND_SERVICE"
android:protectionLevel="signature|development|ephemeral|appop" />
android:protectionLevel="signature|development|instant|appop" />
<application android:process="system"
android:persistent="true"

4
core/res/res/values/attrs_manifest.xml
View File

@@ -242,9 +242,9 @@
<!-- Additional flag from base permission type: this permission can be automatically
granted to the setup wizard app -->
<flag name="setup" value="0x800" />
<!-- Additional flag from base permission type: this permission can be granted to ephemeral
<!-- Additional flag from base permission type: this permission can be granted to instant
apps -->
<flag name="ephemeral" value="0x1000" />
<flag name="instant" value="0x1000" />
<!-- Additional flag from base permission type: this permission can only be granted to apps
that target runtime permissions ({@link android.os.Build.VERSION_CODES#M} and above)
-->

2
services/core/java/com/android/server/pm/BasePermission.java
View File

@@ -96,7 +96,7 @@ final class BasePermission {
}
public boolean isInstant() {
return (protectionLevel & PermissionInfo.PROTECTION_FLAG_EPHEMERAL) != 0;
return (protectionLevel & PermissionInfo.PROTECTION_FLAG_INSTANT) != 0;
}
public boolean isRuntimeOnly() {

4
services/core/java/com/android/server/pm/PackageManagerService.java
View File

@@ -18514,12 +18514,12 @@ public class PackageManagerService extends IPackageManager.Stub
BasePermission bp = mSettings.mPermissions.get(perm.info.name);
// Don't allow anyone but the system to define ephemeral permissions.
if ((perm.info.protectionLevel & PermissionInfo.PROTECTION_FLAG_EPHEMERAL) != 0
if ((perm.info.protectionLevel & PermissionInfo.PROTECTION_FLAG_INSTANT) != 0
&& !systemApp) {
Slog.w(TAG, "Non-System package " + pkg.packageName
+ " attempting to delcare ephemeral permission "
+ perm.info.name + "; Removing ephemeral.");
perm.info.protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_EPHEMERAL;
perm.info.protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_INSTANT;
}
// Check whether the newly-scanned package wants to define an already-defined perm
if (bp != null) {