Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit caa4203e authored Aug 08, 2018 by Nandana Dutt

Restrict READ_FRAME_BUFFER to signature only

We want to restrict screen reading permissions
to signature only so only the platform and
apps signed with the platform key can access
the device screen.

Add @removed and @hide to the permission so that it's
not in the docs any more without breaking any existing
apps referring to the permissions.

Bug: 111131054
Test: manually tested screenshot & bugreport
Test: atest PermissionsHostTest
Test: make & verified generated file
out/target/common/obj/PACKAGING/hiddenapi-light-greylist.txt
contains READ_FRAME_BUFFER

Change-Id: I8294aff965e889335a495ab792f893957d39ec5d

Change-Id: I8294aff965e889335a495ab792f893957d39ec5d

parent a2e28a4b

api/current.txt

+0 −1

Original line number	Diff line number	Diff line
		@@ -103,7 +103,6 @@ package android {
		field public static final java.lang.String READ_CALL_LOG = "android.permission.READ_CALL_LOG";
		field public static final java.lang.String READ_CONTACTS = "android.permission.READ_CONTACTS";
		field public static final deprecated java.lang.String READ_EXTERNAL_STORAGE = "android.permission.READ_EXTERNAL_STORAGE";
		field public static final java.lang.String READ_FRAME_BUFFER = "android.permission.READ_FRAME_BUFFER";
		field public static final deprecated java.lang.String READ_INPUT_STATE = "android.permission.READ_INPUT_STATE";
		field public static final java.lang.String READ_LOGS = "android.permission.READ_LOGS";
		field public static final java.lang.String READ_MEDIA_AUDIO = "android.permission.READ_MEDIA_AUDIO";

api/system-current.txt

+0 −1

Original line number	Diff line number	Diff line
		@@ -134,7 +134,6 @@ package android {
		field public static final java.lang.String QUERY_TIME_ZONE_RULES = "android.permission.QUERY_TIME_ZONE_RULES";
		field public static final java.lang.String READ_CONTENT_RATING_SYSTEMS = "android.permission.READ_CONTENT_RATING_SYSTEMS";
		field public static final java.lang.String READ_DREAM_STATE = "android.permission.READ_DREAM_STATE";
		field public static final java.lang.String READ_FRAME_BUFFER = "android.permission.READ_FRAME_BUFFER";
		field public static final java.lang.String READ_INSTALL_SESSIONS = "android.permission.READ_INSTALL_SESSIONS";
		field public static final java.lang.String READ_LOGS = "android.permission.READ_LOGS";
		field public static final java.lang.String READ_NETWORK_USAGE_HISTORY = "android.permission.READ_NETWORK_USAGE_HISTORY";

config/hiddenapi-light-greylist.txt

+1 −0

Original line number	Diff line number	Diff line
		@@ -517,6 +517,7 @@ Landroid/location/ILocationManager$Stub;-><init>()V
		Landroid/location/ILocationManager$Stub;->asInterface(Landroid/os/IBinder;)Landroid/location/ILocationManager;
		Landroid/location/ILocationManager$Stub;->TRANSACTION_getAllProviders:I
		Landroid/location/ILocationManager;->getAllProviders()Ljava/util/List;
		Landroid/Manifest$permission;->READ_FRAME_BUFFER:Ljava/lang/String;
		Landroid/media/IAudioFocusDispatcher;->dispatchAudioFocusChange(ILjava/lang/String;)V
		Landroid/media/IAudioRoutesObserver$Stub;-><init>()V
		Landroid/media/IAudioService$Stub$Proxy;-><init>(Landroid/os/IBinder;)V

core/res/AndroidManifest.xml

+5 −3

Original line number	Diff line number	Diff line
		@@ -3238,11 +3238,13 @@
		<permission android:name="android.permission.ACCESS_SURFACE_FLINGER"
		android:protectionLevel="signature" />

		<!-- @SystemApi Allows an application to take screen shots and more generally
		<!-- Allows an application to take screen shots and more generally
		get access to the frame buffer data.
		<p>Not for use by third-party applications. -->
		<p>Not for use by third-party applications.
		@hide
		@removed -->
		<permission android:name="android.permission.READ_FRAME_BUFFER"
		android:protectionLevel="signature\|privileged" />
		android:protectionLevel="signature" />

		<!-- Allows an application to use InputFlinger's low level features.
		@hide -->