Work on issue #21589105: Scope WRITE_SETTINGS and SYSTEM_ALERT_WINDOW...

...to an explicit toggle to enable in Settings

Add a new permission flag, saying the permission can be automatically
granted to pre-api-23 apps.  Apply this to SYSTEM_ALERT_WINDOW.

Change-Id: I24a0ceabe7e9f5e458a864d30eda2696ad14a699

4 files changed, 18 insertions, 2 deletions

diff --git a/core/java/android/content/pm/PermissionInfo.java b/core/java/android/content/pm/PermissionInfo.java
index 04dbff2..0a1f148 100644
--- a/core/java/android/content/pm/PermissionInfo.java
+++ b/core/java/android/content/pm/PermissionInfo.java
@@ -76,6 +76,13 @@ public class PermissionInfo extends PackageItemInfo implements Parcelable {
     public static final int PROTECTION_FLAG_APPOP = 0x40;
 
     /**
+     * Additional flag for {@link #protectionLevel}, corresponding
+     * to the <code>pre23</code> value of
+     * {@link android.R.attr#protectionLevel}.
+     */
+    public static final int PROTECTION_FLAG_PRE23 = 0x80;
+
+    /**
      * Mask for {@link #protectionLevel}: the basic protection type.
      */
     public static final int PROTECTION_MASK_BASE = 0xf;
@@ -171,6 +178,9 @@ public class PermissionInfo extends PackageItemInfo implements Parcelable {
         if ((level&PermissionInfo.PROTECTION_FLAG_APPOP) != 0) {
             protLevel += "|appop";
         }
+        if ((level&PermissionInfo.PROTECTION_FLAG_PRE23) != 0) {
+            protLevel += "|pre23";
+        }
         return protLevel;
     }
 
diff --git a/core/java/android/widget/AppSecurityPermissions.java b/core/java/android/widget/AppSecurityPermissions.java
index bb4a948..c54b28d 100644
--- a/core/java/android/widget/AppSecurityPermissions.java
+++ b/core/java/android/widget/AppSecurityPermissions.java
@@ -553,7 +553,8 @@ public class AppSecurityPermissions {
             int existingReqFlags) {
         final int base = pInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE;
         final boolean isNormal = (base == PermissionInfo.PROTECTION_NORMAL);
-        final boolean isDangerous = (base == PermissionInfo.PROTECTION_DANGEROUS);
+        final boolean isDangerous = (base == PermissionInfo.PROTECTION_DANGEROUS)
+                || ((pInfo.protectionLevel&PermissionInfo.PROTECTION_FLAG_PRE23) != 0);
         final boolean isRequired =
                 ((newReqFlags&PackageInfo.REQUESTED_PERMISSION_REQUIRED) != 0);
         final boolean isDevelopment =
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index bd9b014..c40ae60 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -1414,7 +1414,7 @@
     <permission android:name="android.permission.SYSTEM_ALERT_WINDOW"
         android:label="@string/permlab_systemAlertWindow"
         android:description="@string/permdesc_systemAlertWindow"
-        android:protectionLevel="signature|system|appop" />
+        android:protectionLevel="signature|system|appop|pre23" />
 
     <!-- ================================== -->
     <!-- Permissions affecting the system wallpaper -->
diff --git a/core/res/res/values/attrs_manifest.xml b/core/res/res/values/attrs_manifest.xml
index 3cb4d7c..70f9db9 100644
--- a/core/res/res/values/attrs_manifest.xml
+++ b/core/res/res/values/attrs_manifest.xml
@@ -215,6 +215,11 @@
         <!-- Additional flag from base permission type: this permission is closely
              associated with an app op for controlling access. -->
         <flag name="appop" value="0x40" />
+        <!-- Additional flag from base permission type: this permission can be automatically
+             granted to apps that target API levels below
+             {@link android.os.Build.VERSION_CODES#MNC} (before runtime permissions
+             were introduced). -->
+        <flag name="pre23" value="0x80" />
     </attr>
 
     <!-- Flags indicating more context for a permission group. -->