Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3808cf3b authored by Hai Zhang's avatar Hai Zhang Committed by Android (Google) Code Review
Browse files

Merge "Add documentation about role permission protection in Permissions.md." into sc-dev

parents e7a937b0 bdd7a8e8

core/java/android/permission/Permissions.md

+17 −0
Original line number Original line Diff line number Diff line
@@ -809,6 +809,9 @@ Please note that OEMs sign their platform themselves. I.e. OEMs can implement ne 
permissions. It is unlikely that 3rd party apps will be able to use APIs protected by signature

permissions. It is unlikely that 3rd party apps will be able to use APIs protected by signature

permissions as they are usually not signed with the platform certificate.

permissions as they are usually not signed with the platform certificate.





If possible, [role protected permissions](#role-protected-permissions) should also be considered as

an alternative to better restrict which apps may get the permission.



Such permissions are defined and checked like an install time permission.

Such permissions are defined and checked like an install time permission.





### Preinstalled permissions

### Preinstalled permissions
@@ -819,6 +822,9 @@ on a particular device install there. Hence it can be really any app including 3 
Hence this permission level is discouraged unless there are

Hence this permission level is discouraged unless there are

[further restrictions](#restricted-by-tests).

[further restrictions](#restricted-by-tests).





If possible, [role protected permissions](#role-protected-permissions) should also be considered as

an alternative to better restrict which apps may get the permission.



Such permissions are defined and checked like an install time permission.

Such permissions are defined and checked like an install time permission.





### Privileged permissions

### Privileged permissions
@@ -833,6 +839,9 @@ privileged permissions added in updates will never be granted. 
Hence this permission level is discouraged unless there are

Hence this permission level is discouraged unless there are

[further restrictions](#restricted-by-tests).

[further restrictions](#restricted-by-tests).





If possible, [role protected permissions](#role-protected-permissions) should also be considered as

an alternative to better restrict which apps may get the permission.



Such permissions are defined and checked like an install time permission.

Such permissions are defined and checked like an install time permission.





#### Restricted by tests

#### Restricted by tests
@@ -890,8 +899,16 @@ well defined app or set of apps. It is possible to add new types in `PackageMana 
Which apps qualify for such a permission level is flexible and custom for each such level. Usually

Which apps qualify for such a permission level is flexible and custom for each such level. Usually

they refer to a single or small set of apps, usually - but not always - apps defined in AOSP.

they refer to a single or small set of apps, usually - but not always - apps defined in AOSP.





This type of permission is deprecated in favor of

[role protected permissions](#role-protected-permissions).



These permissions are defined and checked like an install time permission.

These permissions are defined and checked like an install time permission.





### Role protected permissions



See

[Using role for permission protection](../../../../../../packages/modules/Permission/PermissionController/src/com/android/permissioncontroller/role/RolePermissionProtection.md).



### Development permissions

### Development permissions





> Not recommended

> Not recommended