Clarify the danger of READ_LOGS and DUMP permissions.

The logs inevitably contain PII, so now we are making that clear in user strings and developer docs. Moving DUMP and READ_LOGS into the PERSONAL_INFO group. Note that this means we need string translations. Change-Id: I1b5bf9d2d827ab1a31dedbdb30d0906a87c26a32
2010-09-15 10:45:31 -07:00
parent 24a2c2b596
commit b8dbdc293a
2 changed files with 8 additions and 9 deletions
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@ -590,8 +590,8 @@
    <!-- Allows an application to retrieve state dump information from system
         services. -->
    <permission android:name="android.permission.DUMP"
-        android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
-        android:protectionLevel="dangerous"
+        android:permissionGroup="android.permission-group.PERSONAL_INFO"
+        android:protectionLevel="signatureOrSystem"
        android:label="@string/permlab_dump"
        android:description="@string/permdesc_dump" />

@ -840,11 +840,10 @@
        android:description="@string/permdesc_clearAppCache" />

    <!-- Allows an application to read the low-level system log files.
-         These can contain slightly private information about what is
-         happening on the device, but should never contain the user's
-         private information. -->
+         Log entries can contain the user's private information,
+         which is why this permission is 'dangerous'. -->
    <permission android:name="android.permission.READ_LOGS"
-        android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
+        android:permissionGroup="android.permission-group.PERSONAL_INFO"
        android:protectionLevel="dangerous"
        android:label="@string/permlab_readLogs"
        android:description="@string/permdesc_readLogs" />
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@ -704,12 +704,12 @@
    <string name="permdesc_movePackage">Allows an application to move application resources from internal to external media and vice versa.</string>

    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
-    <string name="permlab_readLogs">read system log files</string>
+    <string name="permlab_readLogs">read sensitive log data</string>
    <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
    <string name="permdesc_readLogs">Allows an application to read from the
        system\'s various log files.  This allows it to discover general
-        information about what you are doing with the phone, but they should
-        not contain any personal or private information.</string>
+        information about what you are doing with the phone, potentially
+        including personal or private information.</string>

    <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
    <string name="permlab_diagnostic">read/write to resources owned by diag</string>