Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b8dbdc29 authored by Chris Palmer's avatar Chris Palmer
Browse files

Clarify the danger of READ_LOGS and DUMP permissions. 

The logs inevitably contain PII, so now we are making that clear in user
strings and developer docs. Moving DUMP and READ_LOGS into the PERSONAL_INFO
group.

Note that this means we need string translations.

Change-Id: I1b5bf9d2d827ab1a31dedbdb30d0906a87c26a32
parent 24a2c2b5

core/res/AndroidManifest.xml

+5 −6
Original line number Diff line number Diff line
@@ -590,8 +590,8 @@ 
    <!-- Allows an application to retrieve state dump information from system

         services. -->

    <permission android:name="android.permission.DUMP"

        android:permissionGroup="android.permission-group.SYSTEM_TOOLS"

        android:protectionLevel="dangerous"

        android:permissionGroup="android.permission-group.PERSONAL_INFO"

        android:protectionLevel="signatureOrSystem"

        android:label="@string/permlab_dump"

        android:description="@string/permdesc_dump" />
@@ -840,11 +840,10 @@ 
        android:description="@string/permdesc_clearAppCache" />



    <!-- Allows an application to read the low-level system log files.

         These can contain slightly private information about what is

         happening on the device, but should never contain the user's

         private information. -->

         Log entries can contain the user's private information,

         which is why this permission is 'dangerous'. -->

    <permission android:name="android.permission.READ_LOGS"

        android:permissionGroup="android.permission-group.SYSTEM_TOOLS"

        android:permissionGroup="android.permission-group.PERSONAL_INFO"

        android:protectionLevel="dangerous"

        android:label="@string/permlab_readLogs"

        android:description="@string/permdesc_readLogs" />

core/res/res/values/strings.xml

+3 −3
Original line number Diff line number Diff line
@@ -704,12 +704,12 @@ 
    <string name="permdesc_movePackage">Allows an application to move application resources from internal to external media and vice versa.</string>



    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->

    <string name="permlab_readLogs">read system log files</string>

    <string name="permlab_readLogs">read sensitive log data</string>

    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->

    <string name="permdesc_readLogs">Allows an application to read from the

        system\'s various log files.  This allows it to discover general

        information about what you are doing with the phone, but they should

        not contain any personal or private information.</string>

        information about what you are doing with the phone, potentially

        including personal or private information.</string>



    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->

    <string name="permlab_diagnostic">read/write to resources owned by diag</string>