Guard TIF vendor extension APIs by new permission
Guard TvInputManager#getAvailableExtensionInterfaceNames() and
TvInputManager#getExtensionInterface() by
android.Manifest.permission.TIS_EXTENSION_INTERFACE.
Bug: 215189795
Bug: 193052431
Test: run cts -m CtsTvTestCases -t
android.media.tv.cts.TvInputManagerTest
Change-Id: I43d4f063b0a602f00f7f71e8fe08fb09c7a763bf
diff --git a/core/api/system-current.txt b/core/api/system-current.txt
index 6267dbf3..66f0d92 100644
--- a/core/api/system-current.txt
+++ b/core/api/system-current.txt
@@ -329,6 +329,7 @@
field public static final String SYSTEM_APPLICATION_OVERLAY = "android.permission.SYSTEM_APPLICATION_OVERLAY";
field public static final String SYSTEM_CAMERA = "android.permission.SYSTEM_CAMERA";
field public static final String TETHER_PRIVILEGED = "android.permission.TETHER_PRIVILEGED";
+ field public static final String TIS_EXTENSION_INTERFACE = "android.permission.TIS_EXTENSION_INTERFACE";
field public static final String TOGGLE_AUTOMOTIVE_PROJECTION = "android.permission.TOGGLE_AUTOMOTIVE_PROJECTION";
field public static final String TRIGGER_LOST_MODE = "android.permission.TRIGGER_LOST_MODE";
field public static final String TV_INPUT_HARDWARE = "android.permission.TV_INPUT_HARDWARE";
@@ -6658,13 +6659,13 @@
method @Nullable @RequiresPermission(android.Manifest.permission.TV_INPUT_HARDWARE) public android.media.tv.TvInputManager.Hardware acquireTvInputHardware(int, @NonNull android.media.tv.TvInputInfo, @Nullable String, int, @NonNull java.util.concurrent.Executor, @NonNull android.media.tv.TvInputManager.HardwareCallback);
method @RequiresPermission(android.Manifest.permission.MODIFY_PARENTAL_CONTROLS) public void addBlockedRating(@NonNull android.media.tv.TvContentRating);
method @RequiresPermission(android.Manifest.permission.CAPTURE_TV_INPUT) public boolean captureFrame(String, android.view.Surface, android.media.tv.TvStreamConfig);
- method @NonNull public java.util.List<java.lang.String> getAvailableExtensionInterfaceNames(@NonNull String);
+ method @NonNull @RequiresPermission(android.Manifest.permission.TIS_EXTENSION_INTERFACE) public java.util.List<java.lang.String> getAvailableExtensionInterfaceNames(@NonNull String);
method @RequiresPermission(android.Manifest.permission.CAPTURE_TV_INPUT) public java.util.List<android.media.tv.TvStreamConfig> getAvailableTvStreamConfigList(String);
method @RequiresPermission("android.permission.TUNER_RESOURCE_ACCESS") public int getClientPid(@NonNull String);
method public int getClientPriority(int, @Nullable String);
method @NonNull @RequiresPermission(android.Manifest.permission.ACCESS_TUNED_INFO) public java.util.List<android.media.tv.TunedInfo> getCurrentTunedInfos();
method @NonNull @RequiresPermission("android.permission.DVB_DEVICE") public java.util.List<android.media.tv.DvbDeviceInfo> getDvbDeviceList();
- method @Nullable public android.os.IBinder getExtensionInterface(@NonNull String, @NonNull String);
+ method @Nullable @RequiresPermission(android.Manifest.permission.TIS_EXTENSION_INTERFACE) public android.os.IBinder getExtensionInterface(@NonNull String, @NonNull String);
method @RequiresPermission(android.Manifest.permission.TV_INPUT_HARDWARE) public java.util.List<android.media.tv.TvInputHardwareInfo> getHardwareList();
method @RequiresPermission(android.Manifest.permission.READ_CONTENT_RATING_SYSTEMS) public java.util.List<android.media.tv.TvContentRatingSystemInfo> getTvContentRatingSystemList();
method @RequiresPermission(android.Manifest.permission.CAPTURE_TV_INPUT) public boolean isSingleSessionActive();
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 74bf152..9dc2313 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -6349,6 +6349,15 @@
<permission android:name="android.permission.SET_UNRESTRICTED_KEEP_CLEAR_AREAS"
android:protectionLevel="signature|privileged" />
+ <!-- @SystemApi Allows TV input apps and TV apps to use TIS extension interfaces for
+ domain-specific features.
+ <p>Protection level: signature|privileged|vendorPrivileged
+ <p>Not for use by third-party applications.
+ @hide
+ -->
+ <permission android:name="android.permission.TIS_EXTENSION_INTERFACE"
+ android:protectionLevel="signature|privileged|vendorPrivileged" />
+
<!-- Attribution for Geofencing service. -->
<attribution android:tag="GeofencingService" android:label="@string/geofencing_service"/>
<!-- Attribution for Country Detector. -->
diff --git a/data/etc/privapp-permissions-platform.xml b/data/etc/privapp-permissions-platform.xml
index 83c4024..de0749f 100644
--- a/data/etc/privapp-permissions-platform.xml
+++ b/data/etc/privapp-permissions-platform.xml
@@ -453,6 +453,7 @@
<!-- Permissions required for CTS test - TVInputManagerTest -->
<permission name="android.permission.ACCESS_TUNED_INFO" />
<permission name="android.permission.TV_INPUT_HARDWARE" />
+ <permission name="android.permission.TIS_EXTENSION_INTERFACE" />
<permission name="com.android.providers.tv.permission.ACCESS_WATCHED_PROGRAMS" />
<permission name="com.android.providers.tv.permission.WRITE_EPG_DATA"/>
<!-- Permission required for CTS test - PrivilegedLocationPermissionTest -->
diff --git a/media/java/android/media/tv/TvInputManager.java b/media/java/android/media/tv/TvInputManager.java
index 75236f4..73e96a2 100644
--- a/media/java/android/media/tv/TvInputManager.java
+++ b/media/java/android/media/tv/TvInputManager.java
@@ -1584,6 +1584,7 @@
* @hide
*/
@SystemApi
+ @RequiresPermission(android.Manifest.permission.TIS_EXTENSION_INTERFACE)
@NonNull
public List<String> getAvailableExtensionInterfaceNames(@NonNull String inputId) {
Preconditions.checkNotNull(inputId);
@@ -1609,6 +1610,7 @@
* @hide
*/
@SystemApi
+ @RequiresPermission(android.Manifest.permission.TIS_EXTENSION_INTERFACE)
@Nullable
public IBinder getExtensionInterface(@NonNull String inputId, @NonNull String name) {
Preconditions.checkNotNull(inputId);
diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index ef5849c..e9f940a 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml
@@ -464,6 +464,7 @@
<!-- Permissions required for CTS test - TVInputManagerTest -->
<uses-permission android:name="android.permission.ACCESS_TUNED_INFO" />
<uses-permission android:name="android.permission.TV_INPUT_HARDWARE" />
+ <uses-permission android:name="android.permission.TIS_EXTENSION_INTERFACE" />
<uses-permission android:name="com.android.providers.tv.permission.ACCESS_WATCHED_PROGRAMS" />
<uses-permission android:name="com.android.providers.tv.permission.WRITE_EPG_DATA"/>
diff --git a/services/core/java/com/android/server/tv/TvInputManagerService.java b/services/core/java/com/android/server/tv/TvInputManagerService.java
index e786fa2..f15d2bb 100755
--- a/services/core/java/com/android/server/tv/TvInputManagerService.java
+++ b/services/core/java/com/android/server/tv/TvInputManagerService.java
@@ -1183,6 +1183,7 @@
@Override
public List<String> getAvailableExtensionInterfaceNames(String inputId, int userId) {
+ ensureTisExtensionInterfacePermission();
final int callingUid = Binder.getCallingUid();
final int callingPid = Binder.getCallingPid();
final int resolvedUserId = resolveCallingUserId(callingPid, callingUid,
@@ -1228,6 +1229,7 @@
@Override
public IBinder getExtensionInterface(String inputId, String name, int userId) {
+ ensureTisExtensionInterfacePermission();
final int callingUid = Binder.getCallingUid();
final int callingPid = Binder.getCallingPid();
final int resolvedUserId = resolveCallingUserId(callingPid, callingUid,
@@ -2628,6 +2630,14 @@
}
}
+ private void ensureTisExtensionInterfacePermission() {
+ if (mContext.checkCallingPermission(
+ android.Manifest.permission.TIS_EXTENSION_INTERFACE)
+ != PackageManager.PERMISSION_GRANTED) {
+ throw new SecurityException("Requires TIS_EXTENSION_INTERFACE permission");
+ }
+ }
+
@Override
@SuppressWarnings("resource")
protected void dump(FileDescriptor fd, final PrintWriter writer, String[] args) {