diff options
| author | 2024-01-26 00:30:47 +0000 | |
|---|---|---|
| committer | 2024-01-26 00:30:47 +0000 | |
| commit | 0ab7d5b89d241a031db960ee7c5ef7631e045ba0 (patch) | |
| tree | 9430b4e572d370de8058ed57c0db9864d6734d32 | |
| parent | 3af0ae38c125f807df2b03da379ddfa703398061 (diff) | |
| parent | 60efb86813f318b59717fdb2cc0da82011c96112 (diff) | |
Merge "[ECM] Enforce MANAGE_ENHANCED_CONFIRMATION_STATES" into main
| -rw-r--r-- | service/java/com/android/ecm/EnhancedConfirmationService.java | 18 |
1 files changed, 2 insertions, 16 deletions
diff --git a/service/java/com/android/ecm/EnhancedConfirmationService.java b/service/java/com/android/ecm/EnhancedConfirmationService.java index 5b8513dc3..6fd803793 100644 --- a/service/java/com/android/ecm/EnhancedConfirmationService.java +++ b/service/java/com/android/ecm/EnhancedConfirmationService.java @@ -179,22 +179,8 @@ public class EnhancedConfirmationService extends SystemService { private void enforcePermissions(@NonNull String methodName, @UserIdInt int userId) { UserUtils.enforceCrossUserPermission(userId, false, methodName, mContext); - // TODO(b/320512579): Enforce MANAGE_ENHANCED_CONFIRMATION_STATES instead - // - // Regarding permission enforcement: - // - // - Before implementing EnhancedConfirmationService, EnhancedConfirmationManager - // enforced MANAGE_APPOPS, UPDATE_APP_OPS_STATS, and MANAGE_APP_OPS_MODES. - // - We could enforce all three, but MANAGE_APPOPS should be enough: it - // is hidden API and is only granted to Shell and Settings, so the other two - // permissions are redundant. - // - We need to reference MANAGE_APPOPS by string here, because the current class - // is in a mainline module, and so does not have access to hidden API, and thus - // can't reference android.Manifest.permission.MANAGE_APPOPS. - // - In a follow-up CL, we plan to enforce a new permission anyway. But, doing - // that impacts calling apps, and also involves updating API code (RequiresPermission - // annotations), so that will go smoother if we do it in a separate CL. - mContext.enforceCallingPermission("android.permission.MANAGE_APPOPS", methodName); + mContext.enforceCallingPermission( + android.Manifest.permission.MANAGE_ENHANCED_CONFIRMATION_STATES, methodName); } private boolean isPackageEcmGuarded(@NonNull String packageName, @UserIdInt int userId) |