Merge "Start defining strongly-typed storage permissions." (eb0fb4ef) · Commits · e / os / android_frameworks_base

api/current.txt

+12 −3

Original line number	Diff line number	Diff line
		@@ -11,6 +11,7 @@ package android {
		field public static final java.lang.String ACCESS_COARSE_LOCATION = "android.permission.ACCESS_COARSE_LOCATION";
		field public static final java.lang.String ACCESS_FINE_LOCATION = "android.permission.ACCESS_FINE_LOCATION";
		field public static final java.lang.String ACCESS_LOCATION_EXTRA_COMMANDS = "android.permission.ACCESS_LOCATION_EXTRA_COMMANDS";
		field public static final java.lang.String ACCESS_MEDIA_LOCATION = "android.permission.ACCESS_MEDIA_LOCATION";
		field public static final java.lang.String ACCESS_NETWORK_STATE = "android.permission.ACCESS_NETWORK_STATE";
		field public static final java.lang.String ACCESS_NOTIFICATION_POLICY = "android.permission.ACCESS_NOTIFICATION_POLICY";
		field public static final java.lang.String ACCESS_WIFI_STATE = "android.permission.ACCESS_WIFI_STATE";
		@@ -101,10 +102,13 @@ package android {
		field public static final java.lang.String READ_CALENDAR = "android.permission.READ_CALENDAR";
		field public static final java.lang.String READ_CALL_LOG = "android.permission.READ_CALL_LOG";
		field public static final java.lang.String READ_CONTACTS = "android.permission.READ_CONTACTS";
		field public static final java.lang.String READ_EXTERNAL_STORAGE = "android.permission.READ_EXTERNAL_STORAGE";
		field public static final deprecated java.lang.String READ_EXTERNAL_STORAGE = "android.permission.READ_EXTERNAL_STORAGE";
		field public static final java.lang.String READ_FRAME_BUFFER = "android.permission.READ_FRAME_BUFFER";
		field public static final deprecated java.lang.String READ_INPUT_STATE = "android.permission.READ_INPUT_STATE";
		field public static final java.lang.String READ_LOGS = "android.permission.READ_LOGS";
		field public static final java.lang.String READ_MEDIA_AUDIO = "android.permission.READ_MEDIA_AUDIO";
		field public static final java.lang.String READ_MEDIA_IMAGES = "android.permission.READ_MEDIA_IMAGES";
		field public static final java.lang.String READ_MEDIA_VIDEO = "android.permission.READ_MEDIA_VIDEO";
		field public static final java.lang.String READ_PHONE_NUMBERS = "android.permission.READ_PHONE_NUMBERS";
		field public static final java.lang.String READ_PHONE_STATE = "android.permission.READ_PHONE_STATE";
		field public static final java.lang.String READ_SMS = "android.permission.READ_SMS";
		@@ -151,8 +155,11 @@ package android {
		field public static final java.lang.String WRITE_CALENDAR = "android.permission.WRITE_CALENDAR";
		field public static final java.lang.String WRITE_CALL_LOG = "android.permission.WRITE_CALL_LOG";
		field public static final java.lang.String WRITE_CONTACTS = "android.permission.WRITE_CONTACTS";
		field public static final java.lang.String WRITE_EXTERNAL_STORAGE = "android.permission.WRITE_EXTERNAL_STORAGE";
		field public static final deprecated java.lang.String WRITE_EXTERNAL_STORAGE = "android.permission.WRITE_EXTERNAL_STORAGE";
		field public static final java.lang.String WRITE_GSERVICES = "android.permission.WRITE_GSERVICES";
		field public static final java.lang.String WRITE_MEDIA_AUDIO = "android.permission.WRITE_MEDIA_AUDIO";
		field public static final java.lang.String WRITE_MEDIA_IMAGES = "android.permission.WRITE_MEDIA_IMAGES";
		field public static final java.lang.String WRITE_MEDIA_VIDEO = "android.permission.WRITE_MEDIA_VIDEO";
		field public static final java.lang.String WRITE_SECURE_SETTINGS = "android.permission.WRITE_SECURE_SETTINGS";
		field public static final java.lang.String WRITE_SETTINGS = "android.permission.WRITE_SETTINGS";
		field public static final java.lang.String WRITE_SYNC_SETTINGS = "android.permission.WRITE_SYNC_SETTINGS";
		@@ -166,11 +173,13 @@ package android {
		field public static final java.lang.String CAMERA = "android.permission-group.CAMERA";
		field public static final java.lang.String CONTACTS = "android.permission-group.CONTACTS";
		field public static final java.lang.String LOCATION = "android.permission-group.LOCATION";
		field public static final java.lang.String MEDIA_AURAL = "android.permission-group.MEDIA_AURAL";
		field public static final java.lang.String MEDIA_VISUAL = "android.permission-group.MEDIA_VISUAL";
		field public static final java.lang.String MICROPHONE = "android.permission-group.MICROPHONE";
		field public static final java.lang.String PHONE = "android.permission-group.PHONE";
		field public static final java.lang.String SENSORS = "android.permission-group.SENSORS";
		field public static final java.lang.String SMS = "android.permission-group.SMS";
		field public static final java.lang.String STORAGE = "android.permission-group.STORAGE";
		field public static final deprecated java.lang.String STORAGE = "android.permission-group.STORAGE";
		}

		public final class R {

api/system-current.txt

+1 −0

Original line number	Diff line number	Diff line
		@@ -201,6 +201,7 @@ package android {
		field public static final java.lang.String WRITE_EMBEDDED_SUBSCRIPTIONS = "android.permission.WRITE_EMBEDDED_SUBSCRIPTIONS";
		field public static final java.lang.String WRITE_GSERVICES = "android.permission.WRITE_GSERVICES";
		field public static final java.lang.String WRITE_MEDIA_STORAGE = "android.permission.WRITE_MEDIA_STORAGE";
		field public static final java.lang.String WRITE_OBB = "android.permission.WRITE_OBB";
		field public static final java.lang.String WRITE_SECURE_SETTINGS = "android.permission.WRITE_SECURE_SETTINGS";
		}

core/java/android/content/pm/PackageParser.java

+43 −0

Original line number	Diff line number	Diff line
		@@ -2507,6 +2507,49 @@ public class PackageParser {
		if (pkg.applicationInfo.usesCompatibilityMode()) {
		adjustPackageToBeUnresizeableAndUnpipable(pkg);
		}

		// If the storage model feature flag is disabled, we need to fiddle
		// around with permission definitions to return us to pre-Q behavior.
		// STOPSHIP(b/112545973): remove once feature enabled by default
		if (!SystemProperties.getBoolean(StorageManager.PROP_ISOLATED_STORAGE, false)) {
		if ("android".equals(pkg.packageName)) {
		final ArraySet<String> newGroups = new ArraySet<>();
		newGroups.add(android.Manifest.permission_group.MEDIA_AURAL);
		newGroups.add(android.Manifest.permission_group.MEDIA_VISUAL);

		for (int i = pkg.permissionGroups.size() - 1; i >= 0; i--) {
		final PermissionGroup pg = pkg.permissionGroups.get(i);
		if (newGroups.contains(pg.info.name)) {
		pkg.permissionGroups.remove(i);
		}
		}

		final ArraySet<String> newPermissions = new ArraySet<>();
		newPermissions.add(android.Manifest.permission.READ_MEDIA_AUDIO);
		newPermissions.add(android.Manifest.permission.WRITE_MEDIA_AUDIO);
		newPermissions.add(android.Manifest.permission.READ_MEDIA_VIDEO);
		newPermissions.add(android.Manifest.permission.WRITE_MEDIA_VIDEO);
		newPermissions.add(android.Manifest.permission.READ_MEDIA_IMAGES);
		newPermissions.add(android.Manifest.permission.WRITE_MEDIA_IMAGES);
		newPermissions.add(android.Manifest.permission.ACCESS_MEDIA_LOCATION);
		newPermissions.add(android.Manifest.permission.WRITE_OBB);

		final ArraySet<String> dangerousPermissions = new ArraySet<>();
		dangerousPermissions.add(android.Manifest.permission.READ_EXTERNAL_STORAGE);
		dangerousPermissions.add(android.Manifest.permission.WRITE_EXTERNAL_STORAGE);

		for (int i = pkg.permissions.size() - 1; i >= 0; i--) {
		final Permission p = pkg.permissions.get(i);
		if (newPermissions.contains(p.info.name)) {
		pkg.permissions.remove(i);
		} else if (dangerousPermissions.contains(p.info.name)) {
		p.info.protectionLevel &= ~PermissionInfo.PROTECTION_MASK_BASE;
		p.info.protectionLevel \|= PermissionInfo.PROTECTION_DANGEROUS;
		}
		}
		}
		}

		return pkg;
		}

core/java/android/os/storage/StorageManager.java

+2 −0

Original line number	Diff line number	Diff line
		@@ -124,6 +124,8 @@ public class StorageManager {
		public static final String PROP_SDCARDFS = "persist.sys.sdcardfs";
		/** {@hide} */
		public static final String PROP_VIRTUAL_DISK = "persist.sys.virtual_disk";
		/** {@hide} */
		public static final String PROP_ISOLATED_STORAGE = "persist.sys.isolated_storage";

		/** {@hide} */
		public static final String UUID_PRIVATE_INTERNAL = null;

core/res/AndroidManifest.xml

+78 −4

Original line number	Diff line number	Diff line
		@@ -764,7 +764,8 @@
		<!-- ====================================================================== -->
		<eat-comment />

		<!-- Used for runtime permissions related to the shared external storage. -->
		<!-- Used for runtime permissions related to the shared external storage.
		@deprecated replaced by new strongly-typed permission groups in Q. -->
		<permission-group android:name="android.permission-group.STORAGE"
		android:icon="@drawable/perm_group_storage"
		android:label="@string/permgrouplab_storage"
		@@ -792,13 +793,13 @@
		grants your app this permission. If you don't need this permission, be sure your <a
		href="{@docRoot}guide/topics/manifest/uses-sdk-element.html#target">{@code
		targetSdkVersion}</a> is 4 or higher.
		<p>Protection level: dangerous
		@deprecated replaced by new strongly-typed permission groups in Q.
		-->
		<permission android:name="android.permission.READ_EXTERNAL_STORAGE"
		android:permissionGroup="android.permission-group.STORAGE"
		android:label="@string/permlab_sdcardRead"
		android:description="@string/permdesc_sdcardRead"
		android:protectionLevel="dangerous" />
		android:protectionLevel="normal" />

		<!-- Allows an application to write to external storage.
		<p class="note"><strong>Note:</strong> If <em>both</em> your <a
		@@ -813,14 +814,87 @@
		read/write files in your application-specific directories returned by
		{@link android.content.Context#getExternalFilesDir} and
		{@link android.content.Context#getExternalCacheDir}.
		<p>Protection level: dangerous
		@deprecated replaced by new strongly-typed permission groups in Q.
		-->
		<permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"
		android:permissionGroup="android.permission-group.STORAGE"
		android:label="@string/permlab_sdcardWrite"
		android:description="@string/permdesc_sdcardWrite"
		android:protectionLevel="normal" />

		<!-- Runtime permission controlling access to the user's shared aural media
		collection. -->
		<permission-group android:name="android.permission-group.MEDIA_AURAL"
		android:icon="@drawable/perm_group_aural"
		android:label="@string/permgrouplab_aural"
		android:description="@string/permgroupdesc_aural"
		android:request="@string/permgrouprequest_aural"
		android:priority="910" />

		<!-- Allows an application to read the user's shared audio collection. -->
		<permission android:name="android.permission.READ_MEDIA_AUDIO"
		android:permissionGroup="android.permission-group.MEDIA_AURAL"
		android:label="@string/permlab_audioRead"
		android:description="@string/permdesc_audioRead"
		android:protectionLevel="dangerous" />

		<!-- Allows an application to modify the user's shared audio collection. -->
		<permission android:name="android.permission.WRITE_MEDIA_AUDIO"
		android:permissionGroup="android.permission-group.MEDIA_AURAL"
		android:label="@string/permlab_audioWrite"
		android:description="@string/permdesc_audioWrite"
		android:protectionLevel="dangerous" />

		<!-- Runtime permission controlling access to the user's shared visual media
		collection, including images and videos. -->
		<permission-group android:name="android.permission-group.MEDIA_VISUAL"
		android:icon="@drawable/perm_group_visual"
		android:label="@string/permgrouplab_visual"
		android:description="@string/permgroupdesc_visual"
		android:request="@string/permgrouprequest_visual"
		android:priority="920" />

		<!-- Allows an application to read the user's shared images collection. -->
		<permission android:name="android.permission.READ_MEDIA_IMAGES"
		android:permissionGroup="android.permission-group.MEDIA_VISUAL"
		android:label="@string/permlab_imagesRead"
		android:description="@string/permdesc_imagesRead"
		android:protectionLevel="dangerous" />

		<!-- Allows an application to modify the user's shared images collection. -->
		<permission android:name="android.permission.WRITE_MEDIA_IMAGES"
		android:permissionGroup="android.permission-group.MEDIA_VISUAL"
		android:label="@string/permlab_imagesWrite"
		android:description="@string/permdesc_imagesWrite"
		android:protectionLevel="dangerous" />

		<!-- Allows an application to read the user's shared video collection. -->
		<permission android:name="android.permission.READ_MEDIA_VIDEO"
		android:permissionGroup="android.permission-group.MEDIA_VISUAL"
		android:label="@string/permlab_videoRead"
		android:description="@string/permdesc_videoRead"
		android:protectionLevel="dangerous" />

		<!-- Allows an application to modify the user's shared video collection. -->
		<permission android:name="android.permission.WRITE_MEDIA_VIDEO"
		android:permissionGroup="android.permission-group.MEDIA_VISUAL"
		android:label="@string/permlab_videoWrite"
		android:description="@string/permdesc_videoWrite"
		android:protectionLevel="dangerous" />

		<!-- Allows an application to access any geographic locations persisted in the
		user's shared collection. -->
		<permission android:name="android.permission.ACCESS_MEDIA_LOCATION"
		android:permissionGroup="android.permission-group.MEDIA_VISUAL"
		android:label="@string/permlab_mediaLocation"
		android:description="@string/permdesc_mediaLocation"
		android:protectionLevel="dangerous" />

		<!-- @hide @SystemApi
		Allows an application to modify OBB files visible to other apps. -->
		<permission android:name="android.permission.WRITE_OBB"
		android:protectionLevel="signature\|privileged" />

		<!-- ====================================================================== -->
		<!-- Permissions for accessing the device location -->
		<!-- ====================================================================== -->