Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bdd7a8e8 authored by Hai Zhang's avatar Hai Zhang
Browse files

Add documentation about role permission protection in Permissions.md. 

Change-Id: Ibb645d33554a05965ac344c4a4a4b7b9f004dec7
Test: presubmit
(cherry picked from commit dcbaef94)
parent 69b07322

core/java/android/permission/Permissions.md

+17 −0
Original line number Original line Diff line number Diff line
@@ -809,6 +809,9 @@ Please note that OEMs sign their platform themselves. I.e. OEMs can implement ne 
permissions. It is unlikely that 3rd party apps will be able to use APIs protected by signature

permissions. It is unlikely that 3rd party apps will be able to use APIs protected by signature

permissions as they are usually not signed with the platform certificate.

permissions as they are usually not signed with the platform certificate.





If possible, [role protected permissions](#role-protected-permissions) should also be considered as

an alternative to better restrict which apps may get the permission.



Such permissions are defined and checked like an install time permission.

Such permissions are defined and checked like an install time permission.





### Preinstalled permissions

### Preinstalled permissions
@@ -819,6 +822,9 @@ on a particular device install there. Hence it can be really any app including 3 
Hence this permission level is discouraged unless there are

Hence this permission level is discouraged unless there are

[further restrictions](#restricted-by-tests).

[further restrictions](#restricted-by-tests).





If possible, [role protected permissions](#role-protected-permissions) should also be considered as

an alternative to better restrict which apps may get the permission.



Such permissions are defined and checked like an install time permission.

Such permissions are defined and checked like an install time permission.





### Privileged permissions

### Privileged permissions
@@ -833,6 +839,9 @@ privileged permissions added in updates will never be granted. 
Hence this permission level is discouraged unless there are

Hence this permission level is discouraged unless there are

[further restrictions](#restricted-by-tests).

[further restrictions](#restricted-by-tests).





If possible, [role protected permissions](#role-protected-permissions) should also be considered as

an alternative to better restrict which apps may get the permission.



Such permissions are defined and checked like an install time permission.

Such permissions are defined and checked like an install time permission.





#### Restricted by tests

#### Restricted by tests
@@ -890,8 +899,16 @@ well defined app or set of apps. It is possible to add new types in `PackageMana 
Which apps qualify for such a permission level is flexible and custom for each such level. Usually

Which apps qualify for such a permission level is flexible and custom for each such level. Usually

they refer to a single or small set of apps, usually - but not always - apps defined in AOSP.

they refer to a single or small set of apps, usually - but not always - apps defined in AOSP.





This type of permission is deprecated in favor of

[role protected permissions](#role-protected-permissions).



These permissions are defined and checked like an install time permission.

These permissions are defined and checked like an install time permission.





### Role protected permissions



See

[Using role for permission protection](../../../../../../packages/modules/Permission/PermissionController/src/com/android/permissioncontroller/role/RolePermissionProtection.md).



### Development permissions

### Development permissions





> Not recommended

> Not recommended