Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 468fecb7 authored by Mark Punzalan's avatar Mark Punzalan
Browse files

Add featureFlag attribute for new permissions 

This change will cause these feature-flagged permissions to be removed
for U QPR 2. There are many new permissions added after U. We are only
adding the featureFlag attributes 5 at a time for easier investigation
of issues that may arise. Included in this change:

- WRITE_VERIFICATION_STATE_E2EE_CONTACT_KEYS
- CAMERA_HEADLESS_SYSTEM_USER
- REGISTER_NSD_OFFLOAD_ENGINE
- QUARANTINE_APPS
- DETECT_SCREEN_RECORDING

Bug: 318014882
Test: Verified the permissions are not present in AndroidManifest.xml
in framework-res.apk.
Test: Applied change to 24Q2-release branch (U QPR 2) and flashed a
device with the changes. Verified the permissions are not present in
`adb shell pm list permissions`.

Change-Id: I0166256d3b3f2a87ee5143ed16a51663aa874715
parent a51419d4

core/res/Android.bp

+8 −0
Original line number Diff line number Diff line
@@ -154,6 +154,14 @@ android_app { 
    },



    generate_product_characteristics_rro: true,



    flags_packages: [

        "android.content.pm.flags-aconfig",

        "android.provider.flags-aconfig",

        "camera_platform_flags",

        "com.android.net.flags-aconfig",

        "com.android.window.flags.window-aconfig",

    ],

}



java_genrule {

core/res/AndroidManifest.xml

+10 −5
Original line number Diff line number Diff line
@@ -892,7 +892,8 @@ 
                android:permissionGroup="android.permission-group.UNDEFINED"

                android:label="@string/permlab_writeVerificationStateE2eeContactKeys"

                android:description="@string/permdesc_writeVerificationStateE2eeContactKeys"

                android:protectionLevel="signature|privileged" />

                android:protectionLevel="signature|privileged"

                android:featureFlag="android.provider.user_keys" />



    <!-- Allows an application to set default account for new contacts.

        <p> This permission is only granted to system applications fulfilling the Contacts app role.
@@ -1728,7 +1729,8 @@ 
        android:permissionGroup="android.permission-group.UNDEFINED"

        android:label="@string/permlab_cameraHeadlessSystemUser"

        android:description="@string/permdesc_cameraHeadlessSystemUser"

        android:protectionLevel="signature" />

        android:protectionLevel="signature"

        android:featureFlag="com.android.internal.camera.flags.camera_hsum_permission" />



    <!-- ====================================================================== -->

    <!-- Permissions for accessing the device sensors                           -->
@@ -2321,7 +2323,8 @@ 
        @hide This should only be used by system apps.

    -->

    <permission android:name="android.permission.REGISTER_NSD_OFFLOAD_ENGINE"

        android:protectionLevel="signature" />

        android:protectionLevel="signature"

        android:featureFlag="com.android.net.flags.register_nsd_offload_engine" />



    <!-- ======================================= -->

    <!-- Permissions for short range, peripheral networks -->
@@ -2390,7 +2393,8 @@ 
         them from running without explicit user action.

    -->

    <permission android:name="android.permission.QUARANTINE_APPS"

        android:protectionLevel="signature|verifier" />

        android:protectionLevel="signature|verifier"

        android:featureFlag="android.content.pm.quarantined_enabled" />



    <!-- Allows applications to discover and pair bluetooth devices.

         <p>Protection level: normal
@@ -2650,7 +2654,8 @@ 
         @FlaggedApi("com.android.window.flags.screen_recording_callbacks")

    -->

    <permission android:name="android.permission.DETECT_SCREEN_RECORDING"

                android:protectionLevel="normal" />

                android:protectionLevel="normal"

                android:featureFlag="com.android.window.flags.screen_recording_callbacks" />



    <!-- ======================================== -->

    <!-- Permissions for factory reset protection -->