Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_base / d0fe35e8b43af4992b69e5e2700f0152f5a16bf0^! / .
commitd0fe35e8b43af4992b69e5e2700f0152f5a16bf0[log] [tgz]
authorkholoud mohamed <kholoudm@google.com>Mon Nov 08 22:28:17 2021 +0000
committerKholoud Mohamed <kholoudm@google.com>Wed Dec 08 16:23:01 2021 +0000
tree9b047bb175eb58cb6b6341fa6b5409f88172896f
parent9758a66af4874aee0f905c6ecb22d292d78a9f90 [diff]
Create new QUERY_USERS permission

This new permission allows the holder to query information of all users
on the device.

Bug: 188410712
Bug: 205707885
Bug: 206106797
Test: N/A
Change-Id: I7c8bba963d18994e9750af9ba9ca4524a9fe3b54

diff --git a/core/api/system-current.txt b/core/api/system-current.txt
index 992789b..1437ab6 100644
--- a/core/api/system-current.txt
+++ b/core/api/system-current.txt

@@ -219,6 +219,7 @@
     field public static final String PROVIDE_TRUST_AGENT = "android.permission.PROVIDE_TRUST_AGENT";
     field public static final String QUERY_ADMIN_POLICY = "android.permission.QUERY_ADMIN_POLICY";
     field public static final String QUERY_TIME_ZONE_RULES = "android.permission.QUERY_TIME_ZONE_RULES";
+    field public static final String QUERY_USERS = "android.permission.QUERY_USERS";
     field public static final String RADIO_SCAN_WITHOUT_LOCATION = "android.permission.RADIO_SCAN_WITHOUT_LOCATION";
     field public static final String READ_ACTIVE_EMERGENCY_SESSION = "android.permission.READ_ACTIVE_EMERGENCY_SESSION";
     field public static final String READ_APP_SPECIFIC_LOCALES = "android.permission.READ_APP_SPECIFIC_LOCALES";

diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 04d6171..d5407fe 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml

@@ -2791,6 +2791,11 @@
     <permission android:name="android.permission.CREATE_USERS"
         android:protectionLevel="signature" />
 
+    <!-- @SystemApi @hide Allows an application to call APIs that allow it to query users on the
+         device. -->
+    <permission android:name="android.permission.QUERY_USERS"
+                android:protectionLevel="signature|role" />
+
     <!-- Allows an application to access data blobs across users. -->
     <permission android:name="android.permission.ACCESS_BLOBS_ACROSS_USERS"
         android:protectionLevel="signature|privileged|development|role" />

diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index 262cf53..bb6fd59 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml

@@ -200,6 +200,7 @@
     <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS" />
     <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL" />
     <uses-permission android:name="android.permission.CREATE_USERS" />
+    <uses-permission android:name="android.permission.QUERY_USERS" />
     <uses-permission android:name="android.permission.CREATE_VIRTUAL_DEVICE" />
     <uses-permission android:name="android.permission.MANAGE_CREDENTIAL_MANAGEMENT_APP" />
     <uses-permission android:name="android.permission.MANAGE_DEVICE_ADMINS" />