diff options
| -rw-r--r-- | api/current.txt | 1 | ||||
| -rw-r--r-- | core/java/android/content/pm/PermissionInfo.java | 13 | ||||
| -rw-r--r-- | core/res/AndroidManifest.xml | 4 | ||||
| -rw-r--r-- | core/res/res/values/attrs_manifest.xml | 5 | ||||
| -rw-r--r-- | non-updatable-api/current.txt | 1 | ||||
| -rw-r--r-- | services/core/java/com/android/server/pm/permission/BasePermission.java | 5 | ||||
| -rw-r--r-- | services/core/java/com/android/server/pm/permission/PermissionManagerService.java | 4 |
7 files changed, 31 insertions, 2 deletions
diff --git a/api/current.txt b/api/current.txt index 5d87ab192b58..855f84ab3238 100644 --- a/api/current.txt +++ b/api/current.txt @@ -12345,6 +12345,7 @@ package android.content.pm { field public static final int FLAG_HARD_RESTRICTED = 4; // 0x4 field public static final int FLAG_IMMUTABLY_RESTRICTED = 16; // 0x10 field public static final int FLAG_INSTALLED = 1073741824; // 0x40000000 + field public static final int FLAG_INSTALLER_EXEMPT_IGNORED = 32; // 0x20 field public static final int FLAG_SOFT_RESTRICTED = 8; // 0x8 field public static final int PROTECTION_DANGEROUS = 1; // 0x1 field public static final int PROTECTION_FLAG_APPOP = 64; // 0x40 diff --git a/core/java/android/content/pm/PermissionInfo.java b/core/java/android/content/pm/PermissionInfo.java index 04e15c20b2f4..5d4c843d2eab 100644 --- a/core/java/android/content/pm/PermissionInfo.java +++ b/core/java/android/content/pm/PermissionInfo.java @@ -377,6 +377,14 @@ public class PermissionInfo extends PackageItemInfo implements Parcelable { public static final int FLAG_IMMUTABLY_RESTRICTED = 1<<4; /** + * Flag for {@link #flags}, corresponding to <code>installerExemptIgnored</code> + * value of {@link android.R.attr#permissionFlags}. + * + * <p> Modifier for permission restriction. This permission cannot be exempted by the installer. + */ + public static final int FLAG_INSTALLER_EXEMPT_IGNORED = 1 << 5; + + /** * Flag for {@link #flags}, indicating that this permission has been * installed into the system's globally defined permissions. */ @@ -656,6 +664,11 @@ public class PermissionInfo extends PackageItemInfo implements Parcelable { } /** @hide */ + public boolean isInstallerExemptIgnored() { + return (flags & PermissionInfo.FLAG_INSTALLER_EXEMPT_IGNORED) != 0; + } + + /** @hide */ public boolean isAppOp() { return (protectionLevel & PermissionInfo.PROTECTION_FLAG_APPOP) != 0; } diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 5074df470410..2614998904d5 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -1254,7 +1254,7 @@ android:permissionGroup="android.permission-group.UNDEFINED" android:label="@string/permlab_recordBackgroundAudio" android:description="@string/permdesc_recordBackgroundAudio" - android:permissionFlags="hardRestricted" + android:permissionFlags="hardRestricted|installerExemptIgnored" android:protectionLevel="dangerous" /> <!-- ====================================================================== --> @@ -1334,7 +1334,7 @@ android:permissionGroup="android.permission-group.UNDEFINED" android:label="@string/permlab_backgroundCamera" android:description="@string/permdesc_backgroundCamera" - android:permissionFlags="hardRestricted" + android:permissionFlags="hardRestricted|installerExemptIgnored" android:protectionLevel="dangerous" /> <!-- @SystemApi Required in addition to android.permission.CAMERA to be able to access diff --git a/core/res/res/values/attrs_manifest.xml b/core/res/res/values/attrs_manifest.xml index 1c71baeaf46a..96ebc127e9ba 100644 --- a/core/res/res/values/attrs_manifest.xml +++ b/core/res/res/values/attrs_manifest.xml @@ -344,6 +344,11 @@ the app is uninstalled. --> <flag name="immutablyRestricted" value="0x10" /> + <!-- + Modifier for permission restriction. This permission cannot + be exempted by the installer. + --> + <flag name="installerExemptIgnored" value="0x20" /> </attr> <!-- Specified the name of a group that this permission is associated diff --git a/non-updatable-api/current.txt b/non-updatable-api/current.txt index 6a9dc2df612c..86a9d3908fd8 100644 --- a/non-updatable-api/current.txt +++ b/non-updatable-api/current.txt @@ -12345,6 +12345,7 @@ package android.content.pm { field public static final int FLAG_HARD_RESTRICTED = 4; // 0x4 field public static final int FLAG_IMMUTABLY_RESTRICTED = 16; // 0x10 field public static final int FLAG_INSTALLED = 1073741824; // 0x40000000 + field public static final int FLAG_INSTALLER_EXEMPT_IGNORED = 32; // 0x20 field public static final int FLAG_SOFT_RESTRICTED = 8; // 0x8 field public static final int PROTECTION_DANGEROUS = 1; // 0x1 field public static final int PROTECTION_FLAG_APPOP = 64; // 0x40 diff --git a/services/core/java/com/android/server/pm/permission/BasePermission.java b/services/core/java/com/android/server/pm/permission/BasePermission.java index 865b8a1e97eb..d8162493010a 100644 --- a/services/core/java/com/android/server/pm/permission/BasePermission.java +++ b/services/core/java/com/android/server/pm/permission/BasePermission.java @@ -206,6 +206,11 @@ public final class BasePermission { return perm != null && (perm.getFlags() & PermissionInfo.FLAG_IMMUTABLY_RESTRICTED) != 0; } + public boolean isInstallerExemptIgnored() { + return perm != null + && (perm.getFlags() & PermissionInfo.FLAG_INSTALLER_EXEMPT_IGNORED) != 0; + } + public boolean isSignature() { return (protectionLevel & PermissionInfo.PROTECTION_MASK_BASE) == PermissionInfo.PROTECTION_SIGNATURE; diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java index 544f1225916e..ce2e68f9f875 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java @@ -787,6 +787,10 @@ public class PermissionManagerService extends IPermissionManager.Stub { throw new IllegalArgumentException("Unknown permission: " + permName); } + if (bp.isInstallerExemptIgnored()) { + flagValues &= ~FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT; + } + final UidPermissionState uidState = getUidState(pkg, userId); if (uidState == null) { Slog.e(TAG, "Missing permissions state for " + packageName + " and user " + userId); |