diff options
| author | 2024-11-08 17:47:40 +0000 | |
|---|---|---|
| committer | 2024-11-13 23:32:46 +0000 | |
| commit | cb92da45e2bc0a55173f303c01ae4cd543deb581 (patch) | |
| tree | 97174233792de9567f0b5913d133a122b9648cfa | |
| parent | f723deaac6400b49c1614317e9e15673e327399e (diff) | |
Add appop protection level to WRITE_SYSTEM_PREFERENCES
Bug: 375193223
Flag: com.android.settingslib.flags.write_system_preference_permission_enabled
Test: atest PermissionPolicyTest
Change-Id: I5cd199ea136279e4e7e668231d1b266d74f0d42b
| -rw-r--r-- | core/api/current.txt | 2 | ||||
| -rw-r--r-- | core/java/android/app/AppOpsManager.java | 15 | ||||
| -rw-r--r-- | core/res/AndroidManifest.xml | 8 |
3 files changed, 19 insertions, 6 deletions
diff --git a/core/api/current.txt b/core/api/current.txt index 59dc31492a0a..bf54aad635b9 100644 --- a/core/api/current.txt +++ b/core/api/current.txt @@ -336,7 +336,7 @@ package android { field public static final String WRITE_SECURE_SETTINGS = "android.permission.WRITE_SECURE_SETTINGS"; field public static final String WRITE_SETTINGS = "android.permission.WRITE_SETTINGS"; field public static final String WRITE_SYNC_SETTINGS = "android.permission.WRITE_SYNC_SETTINGS"; - field @FlaggedApi("com.android.settingslib.flags.settings_catalyst") public static final String WRITE_SYSTEM_PREFERENCES = "android.permission.WRITE_SYSTEM_PREFERENCES"; + field @FlaggedApi("com.android.settingslib.flags.write_system_preference_permission_enabled") public static final String WRITE_SYSTEM_PREFERENCES = "android.permission.WRITE_SYSTEM_PREFERENCES"; field public static final String WRITE_VOICEMAIL = "com.android.voicemail.permission.WRITE_VOICEMAIL"; } diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java index 8b37dbd04bec..6c03b32a4816 100644 --- a/core/java/android/app/AppOpsManager.java +++ b/core/java/android/app/AppOpsManager.java @@ -1624,9 +1624,13 @@ public class AppOpsManager { /** @hide Access to read oxygen saturation. */ public static final int OP_READ_OXYGEN_SATURATION = AppOpEnums.APP_OP_READ_OXYGEN_SATURATION; + /** @hide Access to write system preferences. */ + public static final int OP_WRITE_SYSTEM_PREFERENCES = + AppOpEnums.APP_OP_WRITE_SYSTEM_PREFERENCES; + /** @hide */ @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) - public static final int _NUM_OP = 153; + public static final int _NUM_OP = 154; /** * All app ops represented as strings. @@ -1783,6 +1787,7 @@ public class AppOpsManager { OPSTR_READ_SKIN_TEMPERATURE, OPSTR_RANGING, OPSTR_READ_OXYGEN_SATURATION, + OPSTR_WRITE_SYSTEM_PREFERENCES, }) public @interface AppOpString {} @@ -2540,6 +2545,9 @@ public class AppOpsManager { @FlaggedApi(Flags.FLAG_RANGING_PERMISSION_ENABLED) public static final String OPSTR_RANGING = "android:ranging"; + /** @hide Access to system preferences write services */ + public static final String OPSTR_WRITE_SYSTEM_PREFERENCES = "android:write_system_preferences"; + /** {@link #sAppOpsToNote} not initialized yet for this op */ private static final byte SHOULD_COLLECT_NOTE_OP_NOT_INITIALIZED = 0; /** Should not collect noting of this app-op in {@link #sAppOpsToNote} */ @@ -2656,6 +2664,7 @@ public class AppOpsManager { OP_RECEIVE_SANDBOX_TRIGGER_AUDIO, OP_MEDIA_ROUTING_CONTROL, OP_READ_SYSTEM_GRAMMATICAL_GENDER, + OP_WRITE_SYSTEM_PREFERENCES, }; @SuppressWarnings("FlaggedApi") @@ -3144,6 +3153,10 @@ public class AppOpsManager { Flags.replaceBodySensorPermissionEnabled() ? HealthPermissions.READ_OXYGEN_SATURATION : null) .setDefaultMode(AppOpsManager.MODE_ALLOWED).build(), + new AppOpInfo.Builder(OP_WRITE_SYSTEM_PREFERENCES, OPSTR_WRITE_SYSTEM_PREFERENCES, + "WRITE_SYSTEM_PREFERENCES").setPermission( + com.android.settingslib.flags.Flags.writeSystemPreferencePermissionEnabled() + ? Manifest.permission.WRITE_SYSTEM_PREFERENCES : null).build(), }; // The number of longs needed to form a full bitmask of app ops diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 3e0c1200749e..c3d151b529a4 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -4991,16 +4991,16 @@ android:protectionLevel="signature|privileged|role" android:featureFlag="com.android.settingslib.flags.settings_catalyst" /> - <!-- @FlaggedApi(com.android.settingslib.flags.Flags.FLAG_SETTINGS_CATALYST) + <!-- @FlaggedApi(com.android.settingslib.flags.Flags.FLAG_WRITE_SYSTEM_PREFERENCE_PERMISSION_ENABLED) Allows an application to access the Settings Preference services to write settings values exposed by the system Settings app and system apps that contribute settings surfaced in the Settings app. <p>This allows the calling application to write settings values through the host application, agnostic of underlying storage. - <p>Protection Level: signature|privileged|appop - appop to be added in followup --> + <p>Protection Level: signature|privileged|appop --> <permission android:name="android.permission.WRITE_SYSTEM_PREFERENCES" - android:protectionLevel="signature|privileged" - android:featureFlag="com.android.settingslib.flags.settings_catalyst" /> + android:protectionLevel="signature|privileged|appop" + android:featureFlag="com.android.settingslib.flags.write_system_preference_permission_enabled" /> <!-- ========================================= --> <!-- Permissions for special development tools --> |