Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a1be4550 authored by Manish Singh's avatar Manish Singh
Browse files

Permission protect stageAllHealthConnectRemoteData 

The new APIs added in this topic's other CL are protected by knownSigner
permission.

The CTS test app can not be granted this permission.
Granting these permissions to the Shell and the CTS test app can adopt
the Shell's identity to get the necessary permissions and call these
APIs.

The test api is protected by the platform signature permission.

Bug: 243145978
Test: atest CtsHealthConnectDeviceTestCases
Change-Id: Ica89151b28213fd6fee69f5390f3d4e7f92bdc73
parent 0c0c43ea

core/api/system-current.txt

+1 −0
Original line number Diff line number Diff line
@@ -325,6 +325,7 @@ package android { 
    field public static final String SHUTDOWN = "android.permission.SHUTDOWN";

    field public static final String SIGNAL_REBOOT_READINESS = "android.permission.SIGNAL_REBOOT_READINESS";

    field public static final String SOUND_TRIGGER_RUN_IN_BATTERY_SAVER = "android.permission.SOUND_TRIGGER_RUN_IN_BATTERY_SAVER";

    field public static final String STAGE_HEALTH_CONNECT_REMOTE_DATA = "android.permission.STAGE_HEALTH_CONNECT_REMOTE_DATA";

    field public static final String START_ACTIVITIES_FROM_BACKGROUND = "android.permission.START_ACTIVITIES_FROM_BACKGROUND";

    field public static final String START_CROSS_PROFILE_ACTIVITIES = "android.permission.START_CROSS_PROFILE_ACTIVITIES";

    field public static final String START_REVIEW_PERMISSION_DECISIONS = "android.permission.START_REVIEW_PERMISSION_DECISIONS";

core/api/test-current.txt

+1 −0
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ package android { 
    field public static final String CONFIGURE_DISPLAY_BRIGHTNESS = "android.permission.CONFIGURE_DISPLAY_BRIGHTNESS";

    field public static final String CONTROL_DEVICE_LIGHTS = "android.permission.CONTROL_DEVICE_LIGHTS";

    field public static final String CONTROL_DEVICE_STATE = "android.permission.CONTROL_DEVICE_STATE";

    field public static final String DELETE_STAGED_HEALTH_CONNECT_REMOTE_DATA = "android.permission.DELETE_STAGED_HEALTH_CONNECT_REMOTE_DATA";

    field public static final String FORCE_DEVICE_POLICY_MANAGER_LOGS = "android.permission.FORCE_DEVICE_POLICY_MANAGER_LOGS";

    field public static final String FORCE_STOP_PACKAGES = "android.permission.FORCE_STOP_PACKAGES";

    field public static final String GRANT_RUNTIME_PERMISSIONS = "android.permission.GRANT_RUNTIME_PERMISSIONS";

core/res/AndroidManifest.xml

+11 −0
Original line number Diff line number Diff line
@@ -6988,6 +6988,17 @@ 
    <permission android:name="android.permission.GET_APP_METADATA"

                android:protectionLevel="signature" />



    <!-- @hide @SystemApi Allows an application to stage HealthConnect's remote data so that

         HealthConnect can later integrate it. -->

    <permission android:name="android.permission.STAGE_HEALTH_CONNECT_REMOTE_DATA"

                android:protectionLevel="signature|knownSigner"

                android:knownCerts="@array/config_healthConnectStagingDataKnownSigners"/>



    <!-- @hide @TestApi Allows an application to clear HealthConnect's staged remote data for

         testing only. For security reasons, this is a platform-only permission. -->

    <permission android:name="android.permission.DELETE_STAGED_HEALTH_CONNECT_REMOTE_DATA"

                android:protectionLevel="signature" />



    <!-- @SystemApi Allows the holder to call health connect migration APIs.

        @hide -->

    <permission android:name="android.permission.MIGRATE_HEALTH_CONNECT_DATA"

core/res/res/values/config.xml

+6 −0
Original line number Diff line number Diff line
@@ -6144,6 +6144,12 @@ 
        <item>@string/config_mainDisplayShape</item>

        <item>@string/config_secondaryDisplayShape</item>

    </string-array>



    <!-- Certificate digests for trusted apps that will be allowed to obtain the knownSigner

         permission for staging HealthConnect's remote data. The digest should be computed over the

         DER encoding of the trusted certificate using the SHA-256 digest algorithm. -->

    <string-array name="config_healthConnectStagingDataKnownSigners">

    </string-array>

    <!-- Certificate digests for trusted apps that will be allowed to obtain the knownSigner Health

        Connect Migration permissions. The digest should be computed over the DER encoding of the

        trusted certificate using the SHA-256 digest algorithm. -->

packages/Shell/AndroidManifest.xml

+4 −0
Original line number Diff line number Diff line
@@ -790,6 +790,10 @@ 
    <!-- Permission required for CTS test - CtsPackageInstallTestCases-->

    <uses-permission android:name="android.permission.GET_APP_METADATA" />



    <!-- Permission required for CTS test - CtsHealthConnectDeviceTestCases -->

    <uses-permission android:name="android.permission.DELETE_STAGED_HEALTH_CONNECT_REMOTE_DATA" />

    <uses-permission android:name="android.permission.STAGE_HEALTH_CONNECT_REMOTE_DATA" />



    <uses-permission android:name="android.permission.FOREGROUND_SERVICE"/>

    <uses-permission android:name="android.permission.FOREGROUND_SERVICE_SYSTEM_EXEMPTED"/>