Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 88a68d14 authored by Jyoti Bhayana's avatar Jyoti Bhayana
Browse files

Add permission for HeadlessSystemUser Camera. 

To allow only platform signed apps to access camera
as User 0 in Headless user Mode, add a new permission
android.permission.CAMERA_HEADLESS_SYSTEM_USER with
protection level of "signature".

Bug:296959023
Test: Test that headless system user is not able to access
the camera without the new permission.

Change-Id: I8fab31e1d7e483b476fe1761c8b35e1766119b25
parent f080d0cc

core/api/system-current.txt

+1 −0
Original line number Diff line number Diff line
@@ -95,6 +95,7 @@ package android { 
    field public static final String BYPASS_ROLE_QUALIFICATION = "android.permission.BYPASS_ROLE_QUALIFICATION";

    field public static final String CALL_AUDIO_INTERCEPTION = "android.permission.CALL_AUDIO_INTERCEPTION";

    field public static final String CAMERA_DISABLE_TRANSMIT_LED = "android.permission.CAMERA_DISABLE_TRANSMIT_LED";

    field public static final String CAMERA_HEADLESS_SYSTEM_USER = "android.permission.CAMERA_HEADLESS_SYSTEM_USER";

    field public static final String CAMERA_OPEN_CLOSE_LISTENER = "android.permission.CAMERA_OPEN_CLOSE_LISTENER";

    field public static final String CAPTURE_AUDIO_HOTWORD = "android.permission.CAPTURE_AUDIO_HOTWORD";

    field public static final String CAPTURE_CONSENTLESS_BUGREPORT_ON_USERDEBUG_BUILD = "android.permission.CAPTURE_CONSENTLESS_BUGREPORT_ON_USERDEBUG_BUILD";

core/res/AndroidManifest.xml

+9 −0
Original line number Diff line number Diff line
@@ -1700,6 +1700,15 @@ 
        android:description="@string/permdesc_cameraOpenCloseListener"

        android:protectionLevel="signature" />



    <!-- @SystemApi Allows camera access by Headless System User 0 when device is running in

            HSUM Mode.

    @hide -->

    <permission android:name="android.permission.CAMERA_HEADLESS_SYSTEM_USER"

        android:permissionGroup="android.permission-group.UNDEFINED"

        android:label="@string/permlab_cameraHeadlessSystemUser"

        android:description="@string/permdesc_cameraHeadlessSystemUser"

        android:protectionLevel="signature" />



    <!-- ====================================================================== -->

    <!-- Permissions for accessing the device sensors                           -->

    <!-- ====================================================================== -->

core/res/res/values/strings.xml

+5 −0
Original line number Diff line number Diff line
@@ -1444,6 +1444,11 @@ 
    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. [CHAR_LIMIT=NONE] -->

    <string name="permdesc_cameraOpenCloseListener">This app can receive callbacks when any camera device is being opened (by what application) or closed.</string>



    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. [CHAR_LIMIT=NONE] -->

    <string name="permlab_cameraHeadlessSystemUser">Allow an application or service to access camera as Headless System User.</string>

    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. [CHAR_LIMIT=NONE] -->

    <string name="permdesc_cameraHeadlessSystemUser">This app can access camera as Headless System User.</string>



    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->

    <string name="permlab_vibrate">control vibration</string>

    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->

data/etc/privapp-permissions-platform.xml

+1 −0
Original line number Diff line number Diff line
@@ -235,6 +235,7 @@ applications that come with the platform 


    <privapp-permissions package="com.android.shell">

        <!-- Needed for test only -->

        <permission name="android.permission.CAMERA_HEADLESS_SYSTEM_USER"/>

        <permission name="android.permission.MANAGE_HEALTH_DATA"/>

        <permission name="android.permission.LAUNCH_DEVICE_MANAGER_SETUP"/>

        <permission name="android.permission.MODIFY_DAY_NIGHT_MODE"/>

packages/Shell/AndroidManifest.xml

+1 −0
Original line number Diff line number Diff line
@@ -23,6 +23,7 @@ 
        >



        <!-- Standard permissions granted to the shell. -->

    <uses-permission android:name="android.permission.CAMERA_HEADLESS_SYSTEM_USER" />

    <uses-permission android:name="android.permission.MANAGE_HEALTH_PERMISSIONS" />

    <uses-permission android:name="android.permission.MANAGE_HEALTH_DATA" />

    <uses-permission android:name="android.permission.health.READ_EXERCISE_ROUTE" />