[AAPM] Rename permission
Permission is used for more than setting the state
Bug: 352420507
Test: AdvancedProtectionManagerTest
Flag: android.security.aapm_api
Change-Id: I3be84c469981aafe0ef232f75c216c30ee24a1d9
diff --git a/core/api/system-current.txt b/core/api/system-current.txt
index a46f872..9e68e88 100644
--- a/core/api/system-current.txt
+++ b/core/api/system-current.txt
@@ -190,6 +190,7 @@
field public static final String MANAGE_ACCESSIBILITY = "android.permission.MANAGE_ACCESSIBILITY";
field @Deprecated public static final String MANAGE_ACTIVITY_STACKS = "android.permission.MANAGE_ACTIVITY_STACKS";
field public static final String MANAGE_ACTIVITY_TASKS = "android.permission.MANAGE_ACTIVITY_TASKS";
+ field @FlaggedApi("android.security.aapm_api") public static final String MANAGE_ADVANCED_PROTECTION_MODE = "android.permission.MANAGE_ADVANCED_PROTECTION_MODE";
field public static final String MANAGE_APP_HIBERNATION = "android.permission.MANAGE_APP_HIBERNATION";
field public static final String MANAGE_APP_OPS_RESTRICTIONS = "android.permission.MANAGE_APP_OPS_RESTRICTIONS";
field public static final String MANAGE_APP_PREDICTIONS = "android.permission.MANAGE_APP_PREDICTIONS";
@@ -370,7 +371,6 @@
field public static final String SERIAL_PORT = "android.permission.SERIAL_PORT";
field @FlaggedApi("android.security.fsverity_api") public static final String SETUP_FSVERITY = "android.permission.SETUP_FSVERITY";
field public static final String SET_ACTIVITY_WATCHER = "android.permission.SET_ACTIVITY_WATCHER";
- field @FlaggedApi("android.security.aapm_api") public static final String SET_ADVANCED_PROTECTION_MODE = "android.permission.SET_ADVANCED_PROTECTION_MODE";
field public static final String SET_CLIP_SOURCE = "android.permission.SET_CLIP_SOURCE";
field public static final String SET_DEFAULT_ACCOUNT_FOR_CONTACTS = "android.permission.SET_DEFAULT_ACCOUNT_FOR_CONTACTS";
field public static final String SET_HARMFUL_APP_WARNINGS = "android.permission.SET_HARMFUL_APP_WARNINGS";
@@ -12621,8 +12621,8 @@
@FlaggedApi("android.security.aapm_api") public final class AdvancedProtectionManager {
method @NonNull public android.content.Intent createSupportIntent(@NonNull String, @Nullable String);
- method @NonNull @RequiresPermission(android.Manifest.permission.SET_ADVANCED_PROTECTION_MODE) public java.util.List<android.security.advancedprotection.AdvancedProtectionFeature> getAdvancedProtectionFeatures();
- method @RequiresPermission(android.Manifest.permission.SET_ADVANCED_PROTECTION_MODE) public void setAdvancedProtectionEnabled(boolean);
+ method @NonNull @RequiresPermission(android.Manifest.permission.MANAGE_ADVANCED_PROTECTION_MODE) public java.util.List<android.security.advancedprotection.AdvancedProtectionFeature> getAdvancedProtectionFeatures();
+ method @RequiresPermission(android.Manifest.permission.MANAGE_ADVANCED_PROTECTION_MODE) public void setAdvancedProtectionEnabled(boolean);
field @FlaggedApi("android.security.aapm_api") public static final String ACTION_SHOW_ADVANCED_PROTECTION_SUPPORT_DIALOG = "android.security.advancedprotection.action.SHOW_ADVANCED_PROTECTION_SUPPORT_DIALOG";
field public static final String EXTRA_SUPPORT_DIALOG_FEATURE = "android.security.advancedprotection.extra.SUPPORT_DIALOG_FEATURE";
field public static final String EXTRA_SUPPORT_DIALOG_TYPE = "android.security.advancedprotection.extra.SUPPORT_DIALOG_TYPE";
diff --git a/core/java/android/security/advancedprotection/AdvancedProtectionManager.java b/core/java/android/security/advancedprotection/AdvancedProtectionManager.java
index 9fe0dda..0302faf 100644
--- a/core/java/android/security/advancedprotection/AdvancedProtectionManager.java
+++ b/core/java/android/security/advancedprotection/AdvancedProtectionManager.java
@@ -281,7 +281,7 @@
* @hide
*/
@SystemApi
- @RequiresPermission(Manifest.permission.SET_ADVANCED_PROTECTION_MODE)
+ @RequiresPermission(Manifest.permission.MANAGE_ADVANCED_PROTECTION_MODE)
public void setAdvancedProtectionEnabled(boolean enabled) {
try {
mService.setAdvancedProtectionEnabled(enabled);
@@ -297,7 +297,7 @@
*/
@SystemApi
@NonNull
- @RequiresPermission(Manifest.permission.SET_ADVANCED_PROTECTION_MODE)
+ @RequiresPermission(Manifest.permission.MANAGE_ADVANCED_PROTECTION_MODE)
public List<AdvancedProtectionFeature> getAdvancedProtectionFeatures() {
try {
return mService.getAdvancedProtectionFeatures();
diff --git a/core/java/android/security/advancedprotection/IAdvancedProtectionService.aidl b/core/java/android/security/advancedprotection/IAdvancedProtectionService.aidl
index 6830763..1939f82 100644
--- a/core/java/android/security/advancedprotection/IAdvancedProtectionService.aidl
+++ b/core/java/android/security/advancedprotection/IAdvancedProtectionService.aidl
@@ -31,8 +31,8 @@
void registerAdvancedProtectionCallback(IAdvancedProtectionCallback callback);
@EnforcePermission("QUERY_ADVANCED_PROTECTION_MODE")
void unregisterAdvancedProtectionCallback(IAdvancedProtectionCallback callback);
- @EnforcePermission("SET_ADVANCED_PROTECTION_MODE")
+ @EnforcePermission("MANAGE_ADVANCED_PROTECTION_MODE")
void setAdvancedProtectionEnabled(boolean enabled);
- @EnforcePermission("SET_ADVANCED_PROTECTION_MODE")
+ @EnforcePermission("MANAGE_ADVANCED_PROTECTION_MODE")
List<AdvancedProtectionFeature> getAdvancedProtectionFeatures();
}
\ No newline at end of file
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 95d07df..79dd12a 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -4172,18 +4172,19 @@
android:protectionLevel="signature|installer" />
<uses-permission android:name="android.permission.MANAGE_ENHANCED_CONFIRMATION_STATES" />
- <!-- Allows an application to toggle the device's advanced protection mode status.
- @FlaggedApi("android.security.aapm_api")
+ <!-- Allows an application to modify the device's advanced protection mode status, and query
+ the list of enabled features
+ @FlaggedApi(android.security.Flags.FLAG_AAPM_API)
@SystemApi
@hide -->
- <permission android:name="android.permission.SET_ADVANCED_PROTECTION_MODE"
+ <permission android:name="android.permission.MANAGE_ADVANCED_PROTECTION_MODE"
android:protectionLevel="signature|privileged"
android:featureFlag="android.security.aapm_api"/>
- <uses-permission android:name="android.permission.SET_ADVANCED_PROTECTION_MODE"
+ <uses-permission android:name="android.permission.MANAGE_ADVANCED_PROTECTION_MODE"
android:featureFlag="android.security.aapm_api"/>
<!-- Allows an application to query the device's advanced protection mode status.
- @FlaggedApi("android.security.aapm_api") -->
+ @FlaggedApi(android.security.Flags.FLAG_AAPM_API) -->
<permission android:name="android.permission.QUERY_ADVANCED_PROTECTION_MODE"
android:protectionLevel="normal"
android:featureFlag="android.security.aapm_api"/>
diff --git a/data/etc/privapp-permissions-platform.xml b/data/etc/privapp-permissions-platform.xml
index fea7cb4..0209afb 100644
--- a/data/etc/privapp-permissions-platform.xml
+++ b/data/etc/privapp-permissions-platform.xml
@@ -598,7 +598,7 @@
<!-- Permission required for CTS test - CtsAppTestCases -->
<permission name="android.permission.KILL_UID" />
<!-- Permission required for CTS test - AdvancedProtectionManagerTest -->
- <permission name="android.permission.SET_ADVANCED_PROTECTION_MODE" />
+ <permission name="android.permission.MANAGE_ADVANCED_PROTECTION_MODE" />
<permission name="android.permission.QUERY_ADVANCED_PROTECTION_MODE" />
<!-- Permissions required for CTS test - SettingsPreferenceServiceClientTest -->
<permission name="android.permission.READ_SYSTEM_PREFERENCES" />
diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index 526320d..1333f0e 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml
@@ -951,7 +951,7 @@
<!-- Permission required for CTS test - CtsNfcTestCases -->
<uses-permission android:name="android.permission.NFC_SET_CONTROLLER_ALWAYS_ON" />
<!-- Permission required for CTS test - AdvancedProtectionManagerTest -->
- <uses-permission android:name="android.permission.SET_ADVANCED_PROTECTION_MODE"
+ <uses-permission android:name="android.permission.MANAGE_ADVANCED_PROTECTION_MODE"
android:featureFlag="android.security.aapm_api"/>
<uses-permission android:name="android.permission.QUERY_ADVANCED_PROTECTION_MODE"
android:featureFlag="android.security.aapm_api"/>
diff --git a/services/core/java/com/android/server/security/advancedprotection/AdvancedProtectionService.java b/services/core/java/com/android/server/security/advancedprotection/AdvancedProtectionService.java
index e780be4..e8723b9 100644
--- a/services/core/java/com/android/server/security/advancedprotection/AdvancedProtectionService.java
+++ b/services/core/java/com/android/server/security/advancedprotection/AdvancedProtectionService.java
@@ -141,7 +141,7 @@
}
@Override
- @EnforcePermission(Manifest.permission.SET_ADVANCED_PROTECTION_MODE)
+ @EnforcePermission(Manifest.permission.MANAGE_ADVANCED_PROTECTION_MODE)
public void setAdvancedProtectionEnabled(boolean enabled) {
setAdvancedProtectionEnabled_enforcePermission();
final long identity = Binder.clearCallingIdentity();
@@ -159,7 +159,7 @@
}
@Override
- @EnforcePermission(Manifest.permission.SET_ADVANCED_PROTECTION_MODE)
+ @EnforcePermission(Manifest.permission.MANAGE_ADVANCED_PROTECTION_MODE)
public List<AdvancedProtectionFeature> getAdvancedProtectionFeatures() {
getAdvancedProtectionFeatures_enforcePermission();
List<AdvancedProtectionFeature> features = new ArrayList<>();
diff --git a/services/tests/servicestests/src/com/android/server/security/advancedprotection/AdvancedProtectionServiceTest.java b/services/tests/servicestests/src/com/android/server/security/advancedprotection/AdvancedProtectionServiceTest.java
index 24bf6ca..b1df0f1 100644
--- a/services/tests/servicestests/src/com/android/server/security/advancedprotection/AdvancedProtectionServiceTest.java
+++ b/services/tests/servicestests/src/com/android/server/security/advancedprotection/AdvancedProtectionServiceTest.java
@@ -60,7 +60,7 @@
public void setup() throws Settings.SettingNotFoundException {
mContext = mock(Context.class);
mPermissionEnforcer = new FakePermissionEnforcer();
- mPermissionEnforcer.grant(Manifest.permission.SET_ADVANCED_PROTECTION_MODE);
+ mPermissionEnforcer.grant(Manifest.permission.MANAGE_ADVANCED_PROTECTION_MODE);
mPermissionEnforcer.grant(Manifest.permission.QUERY_ADVANCED_PROTECTION_MODE);
mStore = new AdvancedProtectionService.AdvancedProtectionStore(mContext) {
@@ -299,7 +299,7 @@
@Test
public void testSetProtection_withoutPermission() {
- mPermissionEnforcer.revoke(Manifest.permission.SET_ADVANCED_PROTECTION_MODE);
+ mPermissionEnforcer.revoke(Manifest.permission.MANAGE_ADVANCED_PROTECTION_MODE);
assertThrows(SecurityException.class, () -> mService.setAdvancedProtectionEnabled(true));
}