Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_base / a1be4550146701181f66da4bb7177845cda8ae9e^! / .
commita1be4550146701181f66da4bb7177845cda8ae9e[log] [tgz]
authorManish Singh <psych@google.com>Tue Dec 20 22:28:16 2022 +0000
committerManish Singh <psych@google.com>Wed Jan 18 21:31:58 2023 +0000
tree83a7b01c2140dad6ab6e06e40b034c826d0c0539
parent0c0c43eaa7fd440cb031bff60c12f0cc0efabacf [diff]
Permission protect stageAllHealthConnectRemoteData

The new APIs added in this topic's other CL are protected by knownSigner
permission.

The CTS test app can not be granted this permission.
Granting these permissions to the Shell and the CTS test app can adopt
the Shell's identity to get the necessary permissions and call these
APIs.

The test api is protected by the platform signature permission.

Bug: 243145978
Test: atest CtsHealthConnectDeviceTestCases
Change-Id: Ica89151b28213fd6fee69f5390f3d4e7f92bdc73

diff --git a/core/api/system-current.txt b/core/api/system-current.txt
index 4f50415d..f79dbb9 100644
--- a/core/api/system-current.txt
+++ b/core/api/system-current.txt

@@ -325,6 +325,7 @@
     field public static final String SHUTDOWN = "android.permission.SHUTDOWN";
     field public static final String SIGNAL_REBOOT_READINESS = "android.permission.SIGNAL_REBOOT_READINESS";
     field public static final String SOUND_TRIGGER_RUN_IN_BATTERY_SAVER = "android.permission.SOUND_TRIGGER_RUN_IN_BATTERY_SAVER";
+    field public static final String STAGE_HEALTH_CONNECT_REMOTE_DATA = "android.permission.STAGE_HEALTH_CONNECT_REMOTE_DATA";
     field public static final String START_ACTIVITIES_FROM_BACKGROUND = "android.permission.START_ACTIVITIES_FROM_BACKGROUND";
     field public static final String START_CROSS_PROFILE_ACTIVITIES = "android.permission.START_CROSS_PROFILE_ACTIVITIES";
     field public static final String START_REVIEW_PERMISSION_DECISIONS = "android.permission.START_REVIEW_PERMISSION_DECISIONS";

diff --git a/core/api/test-current.txt b/core/api/test-current.txt
index e3554a5..04cca7d0 100644
--- a/core/api/test-current.txt
+++ b/core/api/test-current.txt

@@ -16,6 +16,7 @@
     field public static final String CONFIGURE_DISPLAY_BRIGHTNESS = "android.permission.CONFIGURE_DISPLAY_BRIGHTNESS";
     field public static final String CONTROL_DEVICE_LIGHTS = "android.permission.CONTROL_DEVICE_LIGHTS";
     field public static final String CONTROL_DEVICE_STATE = "android.permission.CONTROL_DEVICE_STATE";
+    field public static final String DELETE_STAGED_HEALTH_CONNECT_REMOTE_DATA = "android.permission.DELETE_STAGED_HEALTH_CONNECT_REMOTE_DATA";
     field public static final String FORCE_DEVICE_POLICY_MANAGER_LOGS = "android.permission.FORCE_DEVICE_POLICY_MANAGER_LOGS";
     field public static final String FORCE_STOP_PACKAGES = "android.permission.FORCE_STOP_PACKAGES";
     field public static final String GRANT_RUNTIME_PERMISSIONS = "android.permission.GRANT_RUNTIME_PERMISSIONS";

diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 31ae0aa..dc70c31 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml

@@ -6988,6 +6988,17 @@
     <permission android:name="android.permission.GET_APP_METADATA"
                 android:protectionLevel="signature" />
 
+    <!-- @hide @SystemApi Allows an application to stage HealthConnect's remote data so that
+         HealthConnect can later integrate it. -->
+    <permission android:name="android.permission.STAGE_HEALTH_CONNECT_REMOTE_DATA"
+                android:protectionLevel="signature|knownSigner"
+                android:knownCerts="@array/config_healthConnectStagingDataKnownSigners"/>
+
+    <!-- @hide @TestApi Allows an application to clear HealthConnect's staged remote data for
+         testing only. For security reasons, this is a platform-only permission. -->
+    <permission android:name="android.permission.DELETE_STAGED_HEALTH_CONNECT_REMOTE_DATA"
+                android:protectionLevel="signature" />
+
     <!-- @SystemApi Allows the holder to call health connect migration APIs.
         @hide -->
     <permission android:name="android.permission.MIGRATE_HEALTH_CONNECT_DATA"

diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml
index 72657a0..f9d5c1d 100644
--- a/core/res/res/values/config.xml
+++ b/core/res/res/values/config.xml

@@ -6144,6 +6144,12 @@
         <item>@string/config_mainDisplayShape</item>
         <item>@string/config_secondaryDisplayShape</item>
     </string-array>
+
+    <!-- Certificate digests for trusted apps that will be allowed to obtain the knownSigner
+         permission for staging HealthConnect's remote data. The digest should be computed over the
+         DER encoding of the trusted certificate using the SHA-256 digest algorithm. -->
+    <string-array name="config_healthConnectStagingDataKnownSigners">
+    </string-array>
     <!-- Certificate digests for trusted apps that will be allowed to obtain the knownSigner Health
         Connect Migration permissions. The digest should be computed over the DER encoding of the
         trusted certificate using the SHA-256 digest algorithm. -->

diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index d56300e..31402dc 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml

@@ -790,6 +790,10 @@
     <!-- Permission required for CTS test - CtsPackageInstallTestCases-->
     <uses-permission android:name="android.permission.GET_APP_METADATA" />
 
+    <!-- Permission required for CTS test - CtsHealthConnectDeviceTestCases -->
+    <uses-permission android:name="android.permission.DELETE_STAGED_HEALTH_CONNECT_REMOTE_DATA" />
+    <uses-permission android:name="android.permission.STAGE_HEALTH_CONNECT_REMOTE_DATA" />
+
     <uses-permission android:name="android.permission.FOREGROUND_SERVICE"/>
     <uses-permission android:name="android.permission.FOREGROUND_SERVICE_SYSTEM_EXEMPTED"/>