summaryrefslogtreecommitdiff
path: root/core/java/android/permission
Commit message (Collapse)AuthorAgeFilesLines
* Merge tag 'android-13.0.0_r63' of ↵George Zacharia2023-08-022-4/+2
|\ | | | | | | | | | | | | | | https://android.googlesource.com/platform/frameworks/base into t13.0-r52 Android 13.0.0 release 63 Change-Id: I89d2c7a713cd97f805f07f604090a6d779117575
| * Watch uid proc state instead of importance for 1-time permissionsEvan Severson2023-05-272-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The system process may bind to an app with the flag BIND_FOREGROUND_SERVICE, this will put the client in the foreground service importance level without the normal requirement that foreground services must show a notification. Looking at proc states instead allows us to differentiate between these two levels of foreground service and revoke the client when not in use. This change makes the parameters `importanceToResetTimer` and `importanceToKeepSessionAlive` in PermissionManager#startOneTimePermissionSession obsolete. Test: atest CtsPermissionTestCases + manual testing with mic/cam/loc Bug: 217981062 (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0be78fbbf7d92bf29858aa0c48b171045ab5057f) Merged-In: I7a725647c001062d1a76a82b680a02e3e2edcb03 Change-Id: I7a725647c001062d1a76a82b680a02e3e2edcb03
| * Merge "RESTRICT AUTOMERGE Note RECEIVE_AMBIENT_TRIGGER_AUDIO in the ↵Nate Myren2022-05-111-0/+3
| |\ | | | | | | | | | SoundTrigger" into tm-qpr-dev
| | * RESTRICT AUTOMERGE Note RECEIVE_AMBIENT_TRIGGER_AUDIO in the SoundTriggerNate Myren2022-05-101-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | In addition, moves the precise logic for soundtrigger RECORD_AUDIO checks out of the soundtrigger system Fixes: 230430779 Test: manual Change-Id: I6d63c99e2d31e3f668070ac82afed71ff6672c9e
* | | SystemUI: Allow toggling privacy indicators [1/2]Pranav Vashi2022-10-221-21/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | **@semdoc add settings backup validators Co-authored-by: jhonboy121 <alfredmathew05@gmail.com> Co-authored-by: Ido Ben-Hur <idoybh2@gmail.com> Signed-off-by: Pranav Vashi <neobuddy89@gmail.com> Signed-off-by: Semavi Ulusoy <doc.divxm@gmail.com> Change-Id: I55fae9c85f69ebd72c60b11c2946c3bd94af10f5
* | | frameworks: Exempt location packages from location indicatorsChirayu Desai2022-10-221-0/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Author: Chirayu Desai <chirayudesai1@gmail.com> Date: Wed Feb 9 03:46:53 2022 +0530 frameworks: Exempt location packages from location indicators * Otherwise it gets pretty spammy config_locationProviderPackageNames: * Pretty obvious, location providers, e.g. GMS config_locationExtraPackageNames: * Pixel 6 IMS package * https://cs.android.com/android/_/android/platform/frameworks/base/+/ffb94e69c3fc308d6d4164e2309f74442282fc84 * This grants location permissions, however we're excluding these apps from location indicators - they already have location permissions! * https://cs.android.com/search?q=config_locationExtraPackageNames&sq= * It isn't used for much else, so it's fine to re-use it for this TODO: Figure something out for user-installed UnifiedNlp plugins Test: 1. Open app with location access such as OrganicMaps, verify apps shown as using location 2. No more regular in background location indicators from UnifiedNlp, or Nearby Change-Id: I395335b858a2ec8fc4879139afcdaa590523d994 Author: Timi Rautamäki <timi.rautamaki@gmail.com> Date: Wed May 4 12:31:56 2022 +0000 PermissionManager: fix NPE in getIndicatorExemptedPackages sLocationProviderPkgNames and sLocationExtraPkgNames can be null because they're static. Also rename them from member to static variable to follow code style. Change-Id: I7d08e02047ccf183cc75ce18b3ebd2086b2831b3 Change-Id: Ib16c4b2e182f273bf2a22884180913763dc6a9a7
* | | Merge "Note RECEIVE_AMBIENT_TRIGGER_AUDIO in the SoundTrigger" into tm-devNate Myren2022-05-111-0/+3
|\ \ \ | |/ / |/| |
| * | Note RECEIVE_AMBIENT_TRIGGER_AUDIO in the SoundTriggerNate Myren2022-05-091-0/+3
| |/ | | | | | | | | | | | | | | | | | | | | | | This op gets around the background restrictions on RECORD_AUDIO, when used for SoundTrigger detection In addition, moves the precise logic for soundtrigger RECORD_AUDIO checks out of the soundtrigger system Fixes: 230430779 Test: manual Change-Id: I6d63c99e2d31e3f668070ac82afed71ff6672c9e Merged-In: I6d63c99e2d31e3f668070ac82afed71ff6672c9e
* / Actually use the passed-in executor for unused countKevin Han2022-05-101-1/+1
|/ | | | | | | | | Use the passed in executor for getUnusedCount so that the work is actually handled on the main executor. Bug: 231931350 Test: bug repro steps Change-Id: I7c97e1e6d55457662920a3a15a5605324dd7963f
* Grant Notifications to Carrier Provisioning AppNate Myren2022-04-272-0/+19
| | | | | | | | | When the set of carrier privileged apps changes on the device, grant the Carrier Provisioning app POST_NOTIFICATIONS Fixes: 226201376 Test: atest DefaultPermissionGrantPolicyTest Change-Id: I5ff732823404bd48eed076c32485331cf6efd797
* Fix printing duplicate logs to save on batteryManjeet Rulhania2022-03-261-2/+10
| | | | | | | | | Adding state to remember if a log for missing activity manager is already printed or not. Bug: 202092164 Test: Manual Change-Id: Ia945a7396d06f7e8a3fc12359583970faed06a72
* Add conditional permission check annotation to checkPermission methodsNate Myren2022-03-211-0/+15
| | | | | | | | | | Per API council feedback, reflect that the first app in an AttributionSource chain must have UPDATE_APP_OPS_STATS to do a trusted blame Fixes: 222094627 Test: build Change-Id: I63513ca70ddebe0fd5a05d4414f88985bc3fcad4
* Merge "Location provider check for subattribution" into tm-devGanesh Olekar2022-03-171-1/+14
|\
| * Location provider check for subattributionGanesh Olekar2022-03-171-1/+14
| | | | | | | | | | | | | | Bug: 200280741 Test: atest com.android.systemui.privacy.PrivacyDialogTest Change-Id: I7240db08025d801eb537234ca95aeb17c3f302f2 Merged-In: I7240db08025d801eb537234ca95aeb17c3f302f2
* | Rename revokeOwnPermissionsOnKill to revokeSelfPermissionsOnKillThomas Vannet2022-03-163-8/+8
| | | | | | | | | | | | Bug: 215555831 Test: atest android.permission.cts.RevokeSelfPermissionTest Change-Id: I887e2b8a86868352e772537addd8cd20ef305d7b
* | Self-revocation: Call PermissionControllerManager directly from ContextThomas Vannet2022-03-163-19/+10
|/ | | | | | | | | | | | | | | | This fixes a bug where self-revocation didn't work in multi-user settings. Now the correct context is used throughout the call stack and the permission for the calling user will be revoked. Also added a checked IllegalArgumentException (previously unchecked SecurityException) when trying to revoke a permission that is not currently granted. Test: manual using two users and atest android.permission.cts.RevokeOwnPermissionTest Bug: 218788609 Change-Id: I3dce34b8b956b4d1eb0ac1e34b6fdbf1795aa269
* Merge "Add attribution to PermGroupUsage and indicators"Ganesh Olekar2022-02-175-147/+461
|\
| * Add attribution to PermGroupUsage and indicatorsGanesh Olekar2022-02-175-147/+461
| | | | | | | | | | | | | | Bug: 200280741 Test: atest com.android.systemui.privacy.PrivacyDialogTest Change-Id: I1dcd7bea997605f3caaac742419476f4e0ac2fdf CTS-Coverage-Bug: 220157796
* | Add information to grant permissions intent for continue messagesNate Myren2022-02-091-0/+17
|/ | | | | | | | | | | After first launch, remember T+ apps which had the review required flag cleared on launch, until a grant permission request comes in. Also modifies some behavior of the upgrade code grants. Bug: 194833441 Test: atest NotificationPermissionTest Change-Id: Iafef8348e6cdb05fb214382b945cc7886beaff4b
* Update self-revocation doc: revoke by permission, not groupThomas Vannet2022-02-032-6/+10
| | | | | | Test: None, this is just a doc update Bug: 210387494 Change-Id: Ib6555c9c419e2f5b890d31c249f09207632d7724
* Add killed delay param to startOneTimePermissionSessionThomas Vannet2022-02-034-10/+36
| | | | | | | | | | | | | | | This param controls how long to wait before revoking permission after every process has been killed. Deprecate previous API and update all known uses of the deprecated API. Use updated API for self-revocation feature. If multiple one-time permission sessions are started for the same package with different parameters, always use the shortest parameters. Test: atest android.permission.cts.RevokeOwnPermissionTest, atest android.permission.cts.OneTimePermissionTest Bug: 210387494 Change-Id: I0c0e21b3b48dd31f0c267d5c8b89336714835289
* Merge "create systemApi checkPermissionForStartDataDelivery in ↵Nate Myren2022-01-251-0/+36
|\ | | | | | | PermissionManager"
| * create systemApi checkPermissionForStartDataDelivery in PermissionManagerNate Myren2022-01-101-0/+36
| | | | | | | | | | | | | | | | | | This allows us to check attribution for started ops in tests, and support starting in system apps Test: atest CameraMicIndicatorsPermissionTest Bug: 212434116 Change-Id: Iacdf1d339588cd680c20b3fb55ada9cedb2e70b0
* | Add API to get hibernation eligibilityKevin Han2022-01-213-0/+113
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Add an API to get a package's eligibility for hibernation for a given user. A package is either eligible, exempt by the system, or exempt by the user. This information can be used to show more accurate UI for hibernation controls (e.g. disabling the user-controlled exemption toggle if the app is already exempt by the system) Bug: 200087723 Test: CTS test in topic Change-Id: Iea844477184fadb55ea14485dff172ed7be2b715
* | Immediately revoke permission on process kill after a self-revocationThomas Vannet2022-01-211-4/+4
| | | | | | | | | | | | Test: atest android.permission.cts.RevokeOwnPermissionTest Bug: 210387494 Change-Id: Iaa3a4c00847d5411c5b829d190eba8231d046d8c
* | Rename selfRevokePermissions to revokeOwnPermissionsOnKillThomas Vannet2022-01-215-12/+12
| | | | | | | | | | | | | | | | Test: atest android.permission.cts.RevokeOwnPermissionTest Bug: 215555831 Bug: 210575642 Bug: 210387494 Change-Id: I94e29f66d13ac76669fab2ccc08879c30c26b7ea
* | Add self revocation public APIThomas Vannet2022-01-115-0/+89
| | | | | | | | | | | | | | | | | | | | | | | | | | Test: Manual test using a non-privileged app, atest android.permission.cts.SelfRevokeRuntimePermissionTest When calling the API, the permission (along with any other permissions from the same group) for the current package is downgraded to a one-time permission, and a one-time permission session is started. Bug: 210387494 Change-Id: I9f061cbc8c3db720127c96200fe94a644246b6d7
* | Allow shell to revoke notification permission without killNate Myren2022-01-102-0/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | Add the revokePostNotificationPermissionWithoutKillForTest API, which will allow the shell to revoke the POST_NOTIFICATIONS permission without killing this app. Gate this permission behind the REVOKE_POST_NOTIFICATIONS_WITHOUT_KILL permission, which is signature|privileged, accessible only to the shell. Ignore-AOSP-First: Contains information about unreleased features Test: manual Bug: 194833441 Change-Id: I3177d1aeb338591c1d736aa6b4f073b6db6227e7
* | Merge "Prepare PropertyInvalidatedCache for SystemApi"Lee Shombert2022-01-061-3/+3
|\ \
| * | Prepare PropertyInvalidatedCache for SystemApiLee Shombert2022-01-041-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 152453213 Tag: #refactor This commit prepares PropertyInvalidatedCache to function as a system api. Specifically, the methods recompute() and bypass() which may be overridden by clients are now public (instead of protected). This forces an update to all existing clients, to accommodate the change in method visibility. Two small changes have been made as cleanup: 1. The awkwardly named debugCompareQueryResults() is now resultEquals(), which is more or less consistent with how other equality tests are named in Android. This name change affects two clients. 2. PackageManager has changed to use resultEquals() instead of maybeCheckConsistency(). This provides a simpler and more consistent use of the APIs. maybeCheckConsistency() has been made private. Test: atest PropertyInvalidatedCacheTests Change-Id: I4110f8e887a4fd8c784141e8892557a9d1b80a94
* | | Merge "Add unused count API"Kevin Han2022-01-063-0/+61
|\ \ \ | |_|/ |/| |
| * | Add unused count APIKevin Han2021-12-163-0/+61
| |/ | | | | | | | | | | | | | | | | | | Add unused count API to PermissionControllerManager to allow Settings to pull the number of unused apps from PermissionController. Bug: 200087723 Bug: 187465752 Test: CTS test in topic Change-Id: I197b07af0e7a40bb5daececd8ef7d053a2895016
* | Merge "Intent action to review permission decisions"Jordan Jozwiak2022-01-051-0/+22
|\ \
| * | Intent action to review permission decisionsJordan Jozwiak2021-12-221-0/+22
| |/ | | | | | | | | | | | | | | | | Action will open the PermissionController screen to review recent permission decisions. Currently only supported on Auto. Bug: 194240664 Test: adb shell am start -a android.permission.action.REVIEW_PERMISSION_DECISIONS Change-Id: Ic37e0b69632d38596b707cd7b1a17fbb89bfa547
* | Merge "Ensure only microphone attribution chains are recorded"Nate Myren2022-01-041-5/+7
|\ \
| * | Ensure only microphone attribution chains are recordedNate Myren2021-12-291-5/+7
| |/ | | | | | | | | | | | | | | Also ensure each chain is attributed to only one op Test: manual Fixes: 212434116 Change-Id: I50efc2b305627f8e37eb28842487b911dce5d925
* / Javadoc on Method from api reviewWilliam Escande2022-01-031-1/+2
|/ | | | | | | | | | Add some specific info on checkPermissionForDataDeliveryFromDataSource javadoc. Fix: 204179567 Bug: 195144968 Test: build (it's only javadoc) Change-Id: I6d4e5b9e06bf990b5e40eb727259dc79753d5eef
* Lock mAttributionChains in PermissionUsageHelperNate Myren2021-12-081-48/+58
| | | | | | Test: manual Fixes: 201451838 Change-Id: I4b17ed0e65fae45f393665f7f9d617a2acc1cbdd
* Merge "Unify owners for default permission grant policy." am: bff35de778 am: ↵Hai Zhang2021-11-051-0/+8
|\ | | | | | | | | | | | | | | 74906bb45b am: b78ad5e8db am: a176c9efb2 am: 2d8f698bd7 Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1878788 Change-Id: Ife128e50b161df46d3116acbbaf5472c36aa60c3
| * Unify owners for default permission grant policy.Hai Zhang2021-11-031-0/+8
| | | | | | | | | | | | | | | | | | The list of owners is taken from: - frameworks/base/services/core/java/com/android/server/pm/permission/OWNERS - cts/common/device-side/util-axt/src/com/android/compatibility/common/util/OWNERS - vendor/xts/gts-tests/tests/permission/src/com/google/android/permission/gts/OWNERS Test: presubmit Change-Id: I3cc073d4890a4295caba8b04752a02f1e00db03c
* | Merge "Only initialize PermissionUsageHelper lazily or when requested"Nate Myren2021-11-022-6/+30
|\ \
| * | Only initialize PermissionUsageHelper lazily or when requestedNate Myren2021-11-022-6/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes a memory leak caused by automatically registering a PermissionUsageHelper on PermissionManager instantiation. Bug: 204222680 Test: manual Change-Id: I94c6da3dd89e8b158552e94c94e4d0fb3f5d6f0d
* | | Add checkPermissionForDataDeliveryFromDataSourceWilliam Escande2021-10-071-0/+33
|/ / | | | | | | | | | | | | | | | | | | | | Api is used by Bluetooth and we need to stop using the hidden call to permissionChecker Add associated CTS test Bug: 195144968 Tag: #refactor Test: Build Change-Id: I854b7b5e3d95589bf0d3df307829e3f85e31aee1
* | Merge "Update permissions OWNERS" am: dbbb827a79 am: 799b63acc2 am: ↵Treehugger Robot2021-09-281-1/+2
|\| | | | | | | | | | | | | | | 3c213db1f8 am: 31e6117eb0 am: 3dfc16e7da Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1838051 Change-Id: Ib5be74f5815d966db35d5c74ea9c2de445c33144
| * Merge "Update permissions OWNERS" am: dbbb827a79Treehugger Robot2021-09-281-1/+2
| |\ | | | | | | | | | | | | | | | Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1838051 Change-Id: Ic4d3da57e701c0da40c55bd44d73df0edce9a911
| | * Update permissions OWNERSEvan Severson2021-09-281-1/+2
| | | | | | | | | | | | | | | | | | Bug: 201319595 Test: None Change-Id: Iebb9cd731b592df2dfb79bd088e917635c21b6b1
* | | Expose PermissionChecker as system API.Hai Zhang2021-09-141-0/+84
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Only the most basic two APIs are exposed here, which happens to be the ones required by USB module so that we can unblock them before IC. The other overloads and variants can be exposed later when we have a proper decision on how to expose this entire class as an API. The constant values are hard-coded because they have to be compile constants to be included in API, while referencing the PermissionChecker fields doesn't count as such. More details are available in Buganizer comments. Bug: 195353742 Test: atest android.permission5.cts.PermissionCheckerTest Change-Id: I156c3be0e4c45c95a65bfa9117fb6b850b95238d
* | | Merge "Add attribution info to start callbacks" into sc-dev am: 5d97f29218 ↵Nate Myren2021-08-031-12/+72
|\| | | | | | | | | | | | | | | | | | | | | | | am: d1a82a7de8 Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/15446590 Change-Id: Ic800a8e11e6d8513629ec8e9b1f64ffef0c85645
| * | Add attribution info to start callbacksNate Myren2021-08-031-12/+72
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add attribution flags and chain IDs to start callbacks, and have the PermissionUsageHelper listen for starts. This ensures that, if another start happens while an op is already running, and has chain information, then this chain information will be recorded. Test: manual Bug: 194198234 Change-Id: I0ab1aa0969b70e18001f4a814ea5689f9329a019
* | | Do not cache wildcard users (PermissionManager)Lee Shombert2021-08-021-0/+5
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 186778818 PropertyInvalidatedCache queries that contain wildcard user IDs are no longer cached. Some simple multi-user tests show that no current caches use wildcard user IDs, so the change has no effect on performance. The bypass() mechanism is used to avoid the cache when necessary. The change is preemptive - there are no known uses of these caches with wildcard user IDs. Test: atest * FrameworksServicesTests:UserManagerServiceCreateProfileTest Change-Id: I60be14ae33fcd6e2e8df30c279311f6ffdf7711c
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-07 22:37:05 +0000