This permission guards only hidden and system APIs, hance it
should be signatureOrSystem protection level.
Change-Id: I8d2b75167c6887a285af0b494c39b4ffea2f0cbf
b/20220885
Instead, move it to GSF:
ag/700092
SUBSCRIBED_FEEDS_READ/WRITE permissions guard the Content Provider
that stores sync feeds for 1p apps (Gmail, Claendar, etc).
The sync feeds are used for delivering and processing
GCM tickle-to-sync messages.
These permissions should not be used by 3rd parties but
if they were, this change will break them.
I don't know the reason these were not in GSF and 'signature'
to begin with. If someone does, please, comment.
Change-Id: I6c4e4c774fea12c7fe7082477c210ad75f007c66
Requires updating the docs in AccountManaager as well as the logic in
AccountManagerService.
MANAGE_ACCOUNTS, USE_CREDENTIALS, and AUTHENTCATE_ACCOUNTS are going
away. Where AUTHENTCATE_ACCOUNTS was required we now do signature
matching.
GET_ACCOUNTS is kept but has been grouped under contacts.
Bug: 20136477
Change-Id: Iabbb76dce8d1efc607c1f107911d7ddab598a481
- User flow is now similar to requesting access to notification
content, namely prompting the user to visit a settings page
for enabling/disabling apps access.
- New ACTION_NOTIFICATION_POLICY_ACCESS_GRANTED_CHANGED intent
for apps to listen to this state change.
- Removed obsolete request method and associated internal callback
aidl.
- Added new android.permission.ACCESS_NOTIFICATION_POLICY permission
for apps to include as a signal that they want to request this access
(and therefore appear in the list on the settings page).
- Improve javadocs, outline the user flow in NotificationManager#isNotificationPolicyAccessGranted
and link to this method elsewhere.
- NoManService now persists the user-enabled package list across reboots
and does so per-user.
- Rename public settings intent to correspond with the noman api.
Bug: 21621663
Change-Id: I72cbc21cd736e6a157b6be5d1d0ba0b4a8e7ef4e
Previously when a MidiManager client opened a virtual or Bluetooth device,
the client bound directly to the virtual device's MidiDeviceService
or BluetoothMidiDevice's IMidiDeviceServer for the given BluetoothDevice.
Only USB devices were opened in MidiService.
Now opening any type of MIDI device is done via IMidiManager.openDevice() or
IMidiManager.openBluetoothDevice(). MidiService tracks all connnections between
clients and devices.
Services that implement virtual devices must now require android.permission.BIND_MIDI_DEVICE_SERVICE
so only MidiService can bind to these services.
Bug: 21044677
Change-Id: I7172f7b1e0cbfe4a2a87dff376c32dc9b41aa563
API to allow an app to be whitelisted for network and wakelock
access for a short period. So even if the device is in idle
mode, such apps can be given a chance to download the payload
related to a high priority cloud-to-device message.
This API is meant for system apps only.
A new permission CHANGE_DEVICE_IDLE_TEMP_WHITELIST is required
to make this call.
Bug: 21525864
Change-Id: Id7a761a664f21af5d7ff55aa56e8df98d15511ca
- Remove ManagedProvision Bluetooth extras from
DevicePolicyManager
- Remove ManagedProvisioning device initializer status
action and extras from DevicePolicyManager.
- Remove DIA status update protected-broadcast
and permission
- Remove DPM.sendDeviceInitializerStatus method
Bug: 21559093
Change-Id: Ibb651ebb2772ace6a16a5830f82f75465150e6e3
Now that *_PROFILE permissions are in the same permission
group as *_CONTACTS, these permissions have no visible
impact on the user. However, they complicate developer's
lives and prevent us from using Context#grantUriRequest().
Bug: 21090207
Change-Id: I31e6ae7b0f49c3589071f6a95f8d69a9456c144d
As a part of the new runtime permissions work we are limiting
the PII apps can access. BT and WiFi MAC addresses are PII and
based on our research there is no valid use case for app dev
to get these addresses aside of user tracking which we are
trying to limit.
bug:21078858
Change-Id: Ib48223b272c0fd4f5c36acc889d4f44df204b309
Replace BIND_CARRIER_MESSAGING_SERVICE and
BIND_CARRIER_CONFIG_SERVICE since we don't really
need one permission for each carrier service type.
Deprecate BIND_CARRIER_MESSAGING_SERVICE since it
already shipped, but remove BIND_CARRIER_CONFIG_SERVICE
since it hasn't.
b/21165906
Change-Id: I716f3f1c98a228afcfee84cf4a48911f0736ce8c
Added an API to pass an open file descriptor of DVB devices and
addressed the security issue of setting the permissions on DVB devices
to 0666.
Bug: 20436120
Change-Id: I4649e76084f3356ec22b7e776fb87c6a8fdc00d6
The access mock location is no longer a runtime permission. It is a
signature protected one that apps cannot get but the fact they request
it means they want to inject location into the system. Now the user
gets to choose the current mock location app in developer options from
the apps that request the mock location permission. The access to mock
location is no longer guarded by the permisson but from a new app op
which is off by default and the settiings UI sets it to enabled only
for the currently selected mock location app.
bug:21078873
Change-Id: I19e3f9dc7c7de82eab46b30fec1abfbca54a0e59
Permissions ACCESS_NETWORK_STATE, INTERNET, NFC, DISABLE_KEYGUARD
do not lead to unrecoverable damage and do not lead to PII leaks,
hence they do not meet the bar to be runtime permissions and we
are lowering their protection level.
bug:21078873
Change-Id: I30c8e742d6a69474171994b65ce070068402ae47
The whitelist is now maintained by DeviceIdleController,
which is moving out into its own independent system service.
Network stats now queries it for the whitelist, instead of
collecting that itself.
Also did a few improvements in alarm manager -- made the
code for moving alarms out of the pending list more robust,
and fixed the debug output to always print the contents of
the pending list even if we aren't in a pending state. (That
would have helped me identify the problem much earlier.)
Change-Id: I0f7119d4c553c3af4d77b2f71246fa6e2c13c561
