Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a5d70a17 authored by Chad Brubaker's avatar Chad Brubaker
Browse files

Allow permissions to be runtime-only. 

This adds the new runtime protection level flag that if set means
the permission can only be granted to apps that target runtime
permissions (>= M).

ANSWER_PHONE_CALLS has also been made runtime-only.

Bug: 30932767
Test: cts-tradefed run commandAndExit cts-dev -m CtsPermission2TestCases
Change-Id: I42b30414c808730f2d5961ca31b6e3db740b8cf7
parent 2ac96982

api/current.txt

+1 −0
Original line number Diff line number Diff line
@@ -10801,6 +10801,7 @@ package android.content.pm { 
    field public static final int PROTECTION_FLAG_PRE23 = 128; // 0x80

    field public static final int PROTECTION_FLAG_PREINSTALLED = 1024; // 0x400

    field public static final int PROTECTION_FLAG_PRIVILEGED = 16; // 0x10

    field public static final int PROTECTION_FLAG_RUNTIME_ONLY = 8192; // 0x2000

    field public static final int PROTECTION_FLAG_SETUP = 2048; // 0x800

    field public static final deprecated int PROTECTION_FLAG_SYSTEM = 16; // 0x10

    field public static final int PROTECTION_FLAG_VERIFIER = 512; // 0x200

api/system-current.txt

+1 −0
Original line number Diff line number Diff line
@@ -11519,6 +11519,7 @@ package android.content.pm { 
    field public static final int PROTECTION_FLAG_PRE23 = 128; // 0x80

    field public static final int PROTECTION_FLAG_PREINSTALLED = 1024; // 0x400

    field public static final int PROTECTION_FLAG_PRIVILEGED = 16; // 0x10

    field public static final int PROTECTION_FLAG_RUNTIME_ONLY = 8192; // 0x2000

    field public static final int PROTECTION_FLAG_SETUP = 2048; // 0x800

    field public static final deprecated int PROTECTION_FLAG_SYSTEM = 16; // 0x10

    field public static final int PROTECTION_FLAG_VERIFIER = 512; // 0x200

api/test-current.txt

+1 −0
Original line number Diff line number Diff line
@@ -10841,6 +10841,7 @@ package android.content.pm { 
    field public static final int PROTECTION_FLAG_PRE23 = 128; // 0x80

    field public static final int PROTECTION_FLAG_PREINSTALLED = 1024; // 0x400

    field public static final int PROTECTION_FLAG_PRIVILEGED = 16; // 0x10

    field public static final int PROTECTION_FLAG_RUNTIME_ONLY = 8192; // 0x2000

    field public static final int PROTECTION_FLAG_SETUP = 2048; // 0x800

    field public static final deprecated int PROTECTION_FLAG_SYSTEM = 16; // 0x10

    field public static final int PROTECTION_FLAG_VERIFIER = 512; // 0x200

core/java/android/content/pm/PackageParser.java

+1 −0
Original line number Diff line number Diff line
@@ -3114,6 +3114,7 @@ public class PackageParser { 


        if ((perm.info.protectionLevel&PermissionInfo.PROTECTION_MASK_FLAGS) != 0) {

            if ( (perm.info.protectionLevel&PermissionInfo.PROTECTION_FLAG_EPHEMERAL) == 0

                    && (perm.info.protectionLevel&PermissionInfo.PROTECTION_FLAG_RUNTIME_ONLY) == 0

                    && (perm.info.protectionLevel&PermissionInfo.PROTECTION_MASK_BASE) !=

                    PermissionInfo.PROTECTION_SIGNATURE) {

                outError[0] = "<permission>  protectionLevel specifies a non-ephemeral flag but is "

core/java/android/content/pm/PermissionInfo.java

+10 −0
Original line number Diff line number Diff line
@@ -130,6 +130,13 @@ public class PermissionInfo extends PackageItemInfo implements Parcelable { 
    @TestApi

    public static final int PROTECTION_FLAG_EPHEMERAL = 0x1000;



    /**

     * Additional flag for {@link #protectionLevel}, corresponding

     * to the <code>runtime</code> value of

     * {@link android.R.attr#protectionLevel}.

     */

    public static final int PROTECTION_FLAG_RUNTIME_ONLY = 0x2000;



    /**

     * Mask for {@link #protectionLevel}: the basic protection type.

     */
@@ -250,6 +257,9 @@ public class PermissionInfo extends PackageItemInfo implements Parcelable { 
        if ((level&PermissionInfo.PROTECTION_FLAG_EPHEMERAL) != 0) {

            protLevel += "|ephemeral";

        }

        if ((level&PermissionInfo.PROTECTION_FLAG_RUNTIME_ONLY) != 0) {

            protLevel += "|runtime";

        }

        return protLevel;

    }