Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 42882cc8 authored Mar 08, 2023 by Adam Bookatz

QUERY_USERS is a privileged permission

Unlike MANAGE_USERS, the weaker QUERY_USERS was not marked as a
privileged permission, making it (ironically) harder to get. To
encourage apps for which the weaker permission suffices to use that
weaker permission instead, we change it to privileged.

Bug: 272303195
Test: builds and boots
Test: atest IntentResolverUnitTests (invokes a test app that uses this
permission)

Change-Id: I289023f3007fe1a06c3ed517c397e5b57068b468

parent 3521df06

core/res/AndroidManifest.xml

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -3159,7 +3159,7 @@
	<!-- @SystemApi @hide Allows an application to call APIs that allow it to query users on the		<!-- @SystemApi @hide Allows an application to call APIs that allow it to query users on the
	device. -->		device. -->
	<permission android:name="android.permission.QUERY_USERS"		<permission android:name="android.permission.QUERY_USERS"
	android:protectionLevel="signature\|role" />		android:protectionLevel="signature\|privileged\|role" />

	<!-- Allows an application to access data blobs across users. -->		<!-- Allows an application to access data blobs across users. -->
	<permission android:name="android.permission.ACCESS_BLOBS_ACROSS_USERS"		<permission android:name="android.permission.ACCESS_BLOBS_ACROSS_USERS"

data/etc/privapp-permissions-platform.xml

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -275,6 +275,7 @@ applications that come with the platform
	<!-- Permission required to test onPermissionsChangedListener -->		<!-- Permission required to test onPermissionsChangedListener -->
	<permission name="android.permission.OBSERVE_GRANT_REVOKE_PERMISSIONS"/>		<permission name="android.permission.OBSERVE_GRANT_REVOKE_PERMISSIONS"/>
	<permission name="android.permission.INTERACT_ACROSS_USERS"/>		<permission name="android.permission.INTERACT_ACROSS_USERS"/>
			<permission name="android.permission.QUERY_USERS"/>
	<permission name="android.permission.LOCAL_MAC_ADDRESS"/>		<permission name="android.permission.LOCAL_MAC_ADDRESS"/>
	<permission name="android.permission.MANAGE_ACCESSIBILITY"/>		<permission name="android.permission.MANAGE_ACCESSIBILITY"/>
	<permission name="android.permission.MANAGE_DEVICE_ADMINS"/>		<permission name="android.permission.MANAGE_DEVICE_ADMINS"/>