diff options
author | Dianne Hackborn <hackbod@google.com> | 2012-02-21 15:11:13 -0800 |
---|---|---|
committer | Dianne Hackborn <hackbod@google.com> | 2012-02-23 16:39:15 -0800 |
commit | e639da7baa23121e35aa06d6e182558e0e755696 (patch) | |
tree | 7d956fc301eb1988a8646ff3a62786639a843da0 /cmds | |
parent | b8678d76c3e09d0d65255f3971b6112a48e19099 (diff) | |
download | frameworks_base-e639da7baa23121e35aa06d6e182558e0e755696.zip frameworks_base-e639da7baa23121e35aa06d6e182558e0e755696.tar.gz frameworks_base-e639da7baa23121e35aa06d6e182558e0e755696.tar.bz2 |
New development permissions.
These are permissions that an application can request, but won't
normally be granted. To have the permission granted, the user
must explicitly do so through a new "adb shell pm grant" command.
I put these permissions in the "development tools" permission
group. Looking at the stuff there, I think all of the permissions
we already had in that group should be turned to development
permissions; I don't think any of them are protecting public APIs,
and they are really not things normal applications should use.
The support this, the protectionLevel of a permission has been
modified to consist of a base protection type with additional
flags. The signatureOrSystem permission has thus been converted
to a signature base type with a new "system" flag; you can use
"system" and/or "dangerous" flags with signature permissions as
desired.
The permissions UI has been updated to understand these new types
of permissions and know when to display them. Along with doing
that, it also now shows you which permissions are new when updating
an existing application.
This also starts laying the ground-work for "optional" permissions
(which development permissions are a certain specialized form of).
Completing that work requires some more features in the package
manager to understand generic optional permissions (having a
facility to not apply them when installing), along with the
appropriate UI for the app and user to manage those permissions.
Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
Diffstat (limited to 'cmds')
-rw-r--r-- | cmds/pm/src/com/android/commands/pm/Pm.java | 69 |
1 files changed, 51 insertions, 18 deletions
diff --git a/cmds/pm/src/com/android/commands/pm/Pm.java b/cmds/pm/src/com/android/commands/pm/Pm.java index f457842..ac5bffe 100644 --- a/cmds/pm/src/com/android/commands/pm/Pm.java +++ b/cmds/pm/src/com/android/commands/pm/Pm.java @@ -126,6 +126,16 @@ public final class Pm { return; } + if ("grant".equals(op)) { + runGrantRevokePermission(true); + return; + } + + if ("revoke".equals(op)) { + runGrantRevokePermission(false); + return; + } + if ("set-install-location".equals(op)) { runSetInstallLocation(); return; @@ -596,8 +606,9 @@ public final class Pm { if (groups && groupName == null && pi.group != null) { continue; } - if (pi.protectionLevel < startProtectionLevel - || pi.protectionLevel > endProtectionLevel) { + final int base = pi.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE; + if (base < startProtectionLevel + || base > endProtectionLevel) { continue; } if (summary) { @@ -627,22 +638,8 @@ public final class Pm { + loadText(pi, pi.descriptionRes, pi.nonLocalizedDescription)); } - String protLevel = "unknown"; - switch(pi.protectionLevel) { - case PermissionInfo.PROTECTION_DANGEROUS: - protLevel = "dangerous"; - break; - case PermissionInfo.PROTECTION_NORMAL: - protLevel = "normal"; - break; - case PermissionInfo.PROTECTION_SIGNATURE: - protLevel = "signature"; - break; - case PermissionInfo.PROTECTION_SIGNATURE_OR_SYSTEM: - protLevel = "signatureOrSystem"; - break; - } - System.out.println(prefix + " protectionLevel:" + protLevel); + System.out.println(prefix + " protectionLevel:" + + PermissionInfo.protectionToString(pi.protectionLevel)); } } } @@ -1063,6 +1060,36 @@ public final class Pm { } } + private void runGrantRevokePermission(boolean grant) { + String pkg = nextArg(); + if (pkg == null) { + System.err.println("Error: no package specified"); + showUsage(); + return; + } + String perm = nextArg(); + if (perm == null) { + System.err.println("Error: no permission specified"); + showUsage(); + return; + } + try { + if (grant) { + mPm.grantPermission(pkg, perm); + } else { + mPm.revokePermission(pkg, perm); + } + } catch (RemoteException e) { + System.err.println(e.toString()); + System.err.println(PM_NOT_RUNNING_ERR); + } catch (IllegalArgumentException e) { + System.err.println("Bad argument: " + e.toString()); + showUsage(); + } catch (SecurityException e) { + System.err.println("Operation not allowed: " + e.toString()); + } + } + /** * Displays the package file for a package. * @param pckg @@ -1158,6 +1185,8 @@ public final class Pm { System.err.println(" pm enable PACKAGE_OR_COMPONENT"); System.err.println(" pm disable PACKAGE_OR_COMPONENT"); System.err.println(" pm disable-user PACKAGE_OR_COMPONENT"); + System.err.println(" pm grant PACKAGE PERMISSION"); + System.err.println(" pm revoke PACKAGE PERMISSION"); System.err.println(" pm set-install-location [0/auto] [1/internal] [2/external]"); System.err.println(" pm get-install-location"); System.err.println(" pm create-profile USER_NAME"); @@ -1208,6 +1237,10 @@ public final class Pm { System.err.println("pm enable, disable, disable-user: these commands change the enabled state"); System.err.println(" of a given package or component (written as \"package/class\")."); System.err.println(""); + System.err.println("pm grant, revoke: these commands either grant or revoke permissions"); + System.err.println(" to applications. Only optional permissions the application has"); + System.err.println(" declared can be granted or revoked."); + System.err.println(""); System.err.println("pm get-install-location: returns the current install location."); System.err.println(" 0 [auto]: Let system decide the best location"); System.err.println(" 1 [internal]: Install on internal device storage"); |