summaryrefslogtreecommitdiffstats
path: root/cmds/pm
diff options
context:
space:
mode:
authorDianne Hackborn <hackbod@google.com>2012-02-21 15:11:13 -0800
committerDianne Hackborn <hackbod@google.com>2012-02-23 16:39:15 -0800
commite639da7baa23121e35aa06d6e182558e0e755696 (patch)
tree7d956fc301eb1988a8646ff3a62786639a843da0 /cmds/pm
parentb8678d76c3e09d0d65255f3971b6112a48e19099 (diff)
downloadframeworks_base-e639da7baa23121e35aa06d6e182558e0e755696.zip
frameworks_base-e639da7baa23121e35aa06d6e182558e0e755696.tar.gz
frameworks_base-e639da7baa23121e35aa06d6e182558e0e755696.tar.bz2
New development permissions.
These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
Diffstat (limited to 'cmds/pm')
-rw-r--r--cmds/pm/src/com/android/commands/pm/Pm.java69
1 files changed, 51 insertions, 18 deletions
diff --git a/cmds/pm/src/com/android/commands/pm/Pm.java b/cmds/pm/src/com/android/commands/pm/Pm.java
index f457842..ac5bffe 100644
--- a/cmds/pm/src/com/android/commands/pm/Pm.java
+++ b/cmds/pm/src/com/android/commands/pm/Pm.java
@@ -126,6 +126,16 @@ public final class Pm {
return;
}
+ if ("grant".equals(op)) {
+ runGrantRevokePermission(true);
+ return;
+ }
+
+ if ("revoke".equals(op)) {
+ runGrantRevokePermission(false);
+ return;
+ }
+
if ("set-install-location".equals(op)) {
runSetInstallLocation();
return;
@@ -596,8 +606,9 @@ public final class Pm {
if (groups && groupName == null && pi.group != null) {
continue;
}
- if (pi.protectionLevel < startProtectionLevel
- || pi.protectionLevel > endProtectionLevel) {
+ final int base = pi.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE;
+ if (base < startProtectionLevel
+ || base > endProtectionLevel) {
continue;
}
if (summary) {
@@ -627,22 +638,8 @@ public final class Pm {
+ loadText(pi, pi.descriptionRes,
pi.nonLocalizedDescription));
}
- String protLevel = "unknown";
- switch(pi.protectionLevel) {
- case PermissionInfo.PROTECTION_DANGEROUS:
- protLevel = "dangerous";
- break;
- case PermissionInfo.PROTECTION_NORMAL:
- protLevel = "normal";
- break;
- case PermissionInfo.PROTECTION_SIGNATURE:
- protLevel = "signature";
- break;
- case PermissionInfo.PROTECTION_SIGNATURE_OR_SYSTEM:
- protLevel = "signatureOrSystem";
- break;
- }
- System.out.println(prefix + " protectionLevel:" + protLevel);
+ System.out.println(prefix + " protectionLevel:"
+ + PermissionInfo.protectionToString(pi.protectionLevel));
}
}
}
@@ -1063,6 +1060,36 @@ public final class Pm {
}
}
+ private void runGrantRevokePermission(boolean grant) {
+ String pkg = nextArg();
+ if (pkg == null) {
+ System.err.println("Error: no package specified");
+ showUsage();
+ return;
+ }
+ String perm = nextArg();
+ if (perm == null) {
+ System.err.println("Error: no permission specified");
+ showUsage();
+ return;
+ }
+ try {
+ if (grant) {
+ mPm.grantPermission(pkg, perm);
+ } else {
+ mPm.revokePermission(pkg, perm);
+ }
+ } catch (RemoteException e) {
+ System.err.println(e.toString());
+ System.err.println(PM_NOT_RUNNING_ERR);
+ } catch (IllegalArgumentException e) {
+ System.err.println("Bad argument: " + e.toString());
+ showUsage();
+ } catch (SecurityException e) {
+ System.err.println("Operation not allowed: " + e.toString());
+ }
+ }
+
/**
* Displays the package file for a package.
* @param pckg
@@ -1158,6 +1185,8 @@ public final class Pm {
System.err.println(" pm enable PACKAGE_OR_COMPONENT");
System.err.println(" pm disable PACKAGE_OR_COMPONENT");
System.err.println(" pm disable-user PACKAGE_OR_COMPONENT");
+ System.err.println(" pm grant PACKAGE PERMISSION");
+ System.err.println(" pm revoke PACKAGE PERMISSION");
System.err.println(" pm set-install-location [0/auto] [1/internal] [2/external]");
System.err.println(" pm get-install-location");
System.err.println(" pm create-profile USER_NAME");
@@ -1208,6 +1237,10 @@ public final class Pm {
System.err.println("pm enable, disable, disable-user: these commands change the enabled state");
System.err.println(" of a given package or component (written as \"package/class\").");
System.err.println("");
+ System.err.println("pm grant, revoke: these commands either grant or revoke permissions");
+ System.err.println(" to applications. Only optional permissions the application has");
+ System.err.println(" declared can be granted or revoked.");
+ System.err.println("");
System.err.println("pm get-install-location: returns the current install location.");
System.err.println(" 0 [auto]: Let system decide the best location");
System.err.println(" 1 [internal]: Install on internal device storage");