Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b9893a60 authored by Hai Zhang's avatar Hai Zhang
Browse files

Add internal as a new permission protection level. 

Permissions with the new internal protection level are similar to
signature permissions in that they can be controlled internally by the
system via the specified protection flags, but they are no longer
granted according to signatures. This enables us to create role-only
permissions.

Bug: 158736025
Test: presubmit
Change-Id: Ie5f76f14d6e32b05b9113090e10b8a1a41a2d9da
parent a3968751

core/api/current.txt

+1 −0
Original line number Diff line number Diff line
@@ -12453,6 +12453,7 @@ package android.content.pm { 
    field public static final int PROTECTION_FLAG_SETUP = 2048; // 0x800

    field @Deprecated public static final int PROTECTION_FLAG_SYSTEM = 16; // 0x10

    field public static final int PROTECTION_FLAG_VERIFIER = 512; // 0x200

    field public static final int PROTECTION_INTERNAL = 4; // 0x4

    field @Deprecated public static final int PROTECTION_MASK_BASE = 15; // 0xf

    field @Deprecated public static final int PROTECTION_MASK_FLAGS = 65520; // 0xfff0

    field public static final int PROTECTION_NORMAL = 0; // 0x0

core/java/android/content/pm/PermissionInfo.java

+12 −1
Original line number Diff line number Diff line
@@ -65,12 +65,20 @@ public class PermissionInfo extends PackageItemInfo implements Parcelable { 
    @Deprecated

    public static final int PROTECTION_SIGNATURE_OR_SYSTEM = 3;



    /**

     * System-level value for {@link #protectionLevel}, corresponding

     * to the <code>internal</code> value of

     * {@link android.R.attr#protectionLevel}.

     */

    public static final int PROTECTION_INTERNAL = 4;



    /** @hide */

    @IntDef(flag = false, prefix = { "PROTECTION_" }, value = {

            PROTECTION_NORMAL,

            PROTECTION_DANGEROUS,

            PROTECTION_SIGNATURE,

            PROTECTION_SIGNATURE_OR_SYSTEM,

            PROTECTION_INTERNAL,

    })

    @Retention(RetentionPolicy.SOURCE)

    public @interface Protection {}
@@ -327,7 +335,7 @@ public class PermissionInfo extends PackageItemInfo implements Parcelable { 
     * </pre>

     *

     * <p></p>Base permission types are {@link #PROTECTION_NORMAL},

     * {@link #PROTECTION_DANGEROUS}, {@link #PROTECTION_SIGNATURE}

     * {@link #PROTECTION_DANGEROUS}, {@link #PROTECTION_SIGNATURE}, {@link #PROTECTION_INTERNAL}

     * and the deprecated {@link #PROTECTION_SIGNATURE_OR_SYSTEM}.

     * Flags are listed under {@link android.R.attr#protectionLevel}.

     *
@@ -489,6 +497,9 @@ public class PermissionInfo extends PackageItemInfo implements Parcelable { 
            case PermissionInfo.PROTECTION_SIGNATURE_OR_SYSTEM:

                protLevel.append("signatureOrSystem");

                break;

            case PermissionInfo.PROTECTION_INTERNAL:

                protLevel.append("internal");

                break;

            default:

                protLevel.append("????");

                break;

core/java/android/content/pm/parsing/component/ParsedPermissionUtils.java

+5 −3
Original line number Diff line number Diff line
@@ -112,10 +112,12 @@ public class ParsedPermissionUtils { 
            if ((permission.protectionLevel & PermissionInfo.PROTECTION_FLAG_INSTANT) == 0

                    && (permission.protectionLevel & PermissionInfo.PROTECTION_FLAG_RUNTIME_ONLY)

                    == 0

                    && (permission.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE) !=

                    PermissionInfo.PROTECTION_SIGNATURE) {

                    && (permission.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE)

                    != PermissionInfo.PROTECTION_SIGNATURE

                    && (permission.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE)

                    != PermissionInfo.PROTECTION_INTERNAL) {

                return input.error("<permission>  protectionLevel specifies a non-instant flag "

                        + "but is not based on signature type");

                        + "but is not based on signature or internal type");

            }

        }

core/res/res/values/attrs_manifest.xml

+3 −0
Original line number Diff line number Diff line
@@ -226,6 +226,9 @@ 
             to share specific features explicitly because they are being built

             together. -->

        <flag name="signatureOrSystem" value="3" />

        <!-- <strong>Base permission type</strong>: a permission that is managed internally by the

             system and only granted according to the protection flags. -->

        <flag name="internal" value="4" />

        <!-- Additional flag from base permission type: this permission can also

             be granted to any applications installed as privileged apps on the system image.

             Please avoid using this option, as the

services/core/java/com/android/server/pm/permission/Permission.java

+6 −0
Original line number Diff line number Diff line
@@ -61,6 +61,7 @@ public final class Permission { 
            PermissionInfo.PROTECTION_NORMAL,

            PermissionInfo.PROTECTION_SIGNATURE,

            PermissionInfo.PROTECTION_SIGNATURE_OR_SYSTEM,

            PermissionInfo.PROTECTION_INTERNAL,

    })

    @Retention(RetentionPolicy.SOURCE)

    public @interface ProtectionLevel {}
@@ -246,6 +247,11 @@ public final class Permission { 
                == PermissionInfo.PROTECTION_SIGNATURE;

    }



    public boolean isInternal() {

        return (mPermissionInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE)

                == PermissionInfo.PROTECTION_INTERNAL;

    }



    public boolean isAppOp() {

        return (mPermissionInfo.protectionLevel & PermissionInfo.PROTECTION_FLAG_APPOP) != 0;

    }