commit 4aacd8b6685f5879f1fc9137961edbff46d29471
author Jeff Sharkey <jsharkey@android.com> Tue Jul 24 15:24:21 2018 -0600
committer Jeff Sharkey <jsharkey@android.com> Tue Aug 14 09:11:18 2018 -0600
tree c0fb57c08a821a3dede1fde9a207ee61a1ad9eaa
parent 4d472d551a616aea77bf8fbd99869c3001147574

Start defining strongly-typed storage permissions.

We now have separate permissions that correspond to the various
MediaStore tables:

-- READ/WRITE_MEDIA_AUDIO
-- READ/WRITE_MEDIA_VIDEO
-- READ/WRITE_MEDIA_IMAGES

From a product point-of-view, Images and Videos will being treated as
a single permission group of "Visual" media in Q.  We're also defining
two other special permissions:

-- ACCESS_MEDIA_LOCATION: indicating that the app can see any
geographic location related metadata associated with media, such
as being stored in the EXIF data.  We're willing to grant this under
the unbrella of the larger "Visual" runtime permission group, but we
still want apps to request it for full disclosure of their intent.

-- WRITE_OBB: can be held by app stores that need to deliver OBB
files into app-specific sandboxes to keep legacy apps working.

Test: manual
Bug: 111801780, 110228267, 111789719, 111892833
Change-Id: If28247efdd7ac185ad3c6cbceda2e6346c26d032

core/res/AndroidManifest.xml

diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index f9d81ba..5b36d7c 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -764,7 +764,8 @@
     <!-- ====================================================================== -->
     <eat-comment />
 
-    <!-- Used for runtime permissions related to the shared external storage. -->
+    <!-- Used for runtime permissions related to the shared external storage.
+         @deprecated replaced by new strongly-typed permission groups in Q. -->
     <permission-group android:name="android.permission-group.STORAGE"
         android:icon="@drawable/perm_group_storage"
         android:label="@string/permgrouplab_storage"
@@ -792,13 +793,13 @@
      grants your app this permission. If you don't need this permission, be sure your <a
      href="{@docRoot}guide/topics/manifest/uses-sdk-element.html#target">{@code
      targetSdkVersion}</a> is 4 or higher.
-     <p>Protection level: dangerous
+     @deprecated replaced by new strongly-typed permission groups in Q.
      -->
     <permission android:name="android.permission.READ_EXTERNAL_STORAGE"
         android:permissionGroup="android.permission-group.STORAGE"
         android:label="@string/permlab_sdcardRead"
         android:description="@string/permdesc_sdcardRead"
-        android:protectionLevel="dangerous" />
+        android:protectionLevel="normal" />
 
     <!-- Allows an application to write to external storage.
          <p class="note"><strong>Note:</strong> If <em>both</em> your <a
@@ -813,14 +814,87 @@
          read/write files in your application-specific directories returned by
          {@link android.content.Context#getExternalFilesDir} and
          {@link android.content.Context#getExternalCacheDir}.
-         <p>Protection level: dangerous
+         @deprecated replaced by new strongly-typed permission groups in Q.
     -->
     <permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"
         android:permissionGroup="android.permission-group.STORAGE"
         android:label="@string/permlab_sdcardWrite"
         android:description="@string/permdesc_sdcardWrite"
+        android:protectionLevel="normal" />
+
+    <!-- Runtime permission controlling access to the user's shared aural media
+         collection. -->
+    <permission-group android:name="android.permission-group.MEDIA_AURAL"
+        android:icon="@drawable/perm_group_aural"
+        android:label="@string/permgrouplab_aural"
+        android:description="@string/permgroupdesc_aural"
+        android:request="@string/permgrouprequest_aural"
+        android:priority="910" />
+
+    <!-- Allows an application to read the user's shared audio collection. -->
+    <permission android:name="android.permission.READ_MEDIA_AUDIO"
+        android:permissionGroup="android.permission-group.MEDIA_AURAL"
+        android:label="@string/permlab_audioRead"
+        android:description="@string/permdesc_audioRead"
         android:protectionLevel="dangerous" />
 
+    <!-- Allows an application to modify the user's shared audio collection. -->
+    <permission android:name="android.permission.WRITE_MEDIA_AUDIO"
+        android:permissionGroup="android.permission-group.MEDIA_AURAL"
+        android:label="@string/permlab_audioWrite"
+        android:description="@string/permdesc_audioWrite"
+        android:protectionLevel="dangerous" />
+
+    <!-- Runtime permission controlling access to the user's shared visual media
+         collection, including images and videos. -->
+    <permission-group android:name="android.permission-group.MEDIA_VISUAL"
+        android:icon="@drawable/perm_group_visual"
+        android:label="@string/permgrouplab_visual"
+        android:description="@string/permgroupdesc_visual"
+        android:request="@string/permgrouprequest_visual"
+        android:priority="920" />
+
+    <!-- Allows an application to read the user's shared images collection. -->
+    <permission android:name="android.permission.READ_MEDIA_IMAGES"
+        android:permissionGroup="android.permission-group.MEDIA_VISUAL"
+        android:label="@string/permlab_imagesRead"
+        android:description="@string/permdesc_imagesRead"
+        android:protectionLevel="dangerous" />
+
+    <!-- Allows an application to modify the user's shared images collection. -->
+    <permission android:name="android.permission.WRITE_MEDIA_IMAGES"
+        android:permissionGroup="android.permission-group.MEDIA_VISUAL"
+        android:label="@string/permlab_imagesWrite"
+        android:description="@string/permdesc_imagesWrite"
+        android:protectionLevel="dangerous" />
+
+    <!-- Allows an application to read the user's shared video collection. -->
+    <permission android:name="android.permission.READ_MEDIA_VIDEO"
+        android:permissionGroup="android.permission-group.MEDIA_VISUAL"
+        android:label="@string/permlab_videoRead"
+        android:description="@string/permdesc_videoRead"
+        android:protectionLevel="dangerous" />
+
+    <!-- Allows an application to modify the user's shared video collection. -->
+    <permission android:name="android.permission.WRITE_MEDIA_VIDEO"
+        android:permissionGroup="android.permission-group.MEDIA_VISUAL"
+        android:label="@string/permlab_videoWrite"
+        android:description="@string/permdesc_videoWrite"
+        android:protectionLevel="dangerous" />
+
+    <!-- Allows an application to access any geographic locations persisted in the
+         user's shared collection. -->
+    <permission android:name="android.permission.ACCESS_MEDIA_LOCATION"
+        android:permissionGroup="android.permission-group.MEDIA_VISUAL"
+        android:label="@string/permlab_mediaLocation"
+        android:description="@string/permdesc_mediaLocation"
+        android:protectionLevel="dangerous" />
+
+    <!-- @hide @SystemApi
+         Allows an application to modify OBB files visible to other apps. -->
+    <permission android:name="android.permission.WRITE_OBB"
+        android:protectionLevel="signature|privileged" />
+
     <!-- ====================================================================== -->
     <!-- Permissions for accessing the device location                          -->
     <!-- ====================================================================== -->