Define permission for system apps to query size of block
Allows ManagedProvisioning to determine whether there's a
challenge and thus whether to disable NFC provisioning.
Other implementation option: new hidden boolean API method.
Can't think of benefit of new API method "isBlockInUse", other
than doesn't leak PDB size and is more explicitly tied to the
use case. Open to either impl if anyone has opinions on the matter.
Bug: 18508767
Change-Id: I28d2eb5a0837ff85cb91f140b17ce1dd843fe9d6
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 3aaecc7..dec7f07 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -1130,6 +1130,12 @@
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="signature" />
+ <!-- @hide Allows querying state of PersistentDataBlock
+ <p>Not for use by third-party applications. -->
+ <permission android:name="android.permission.ACCESS_PDB_STATE"
+ android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
+ android:protectionLevel="signature" />
+
<!-- =========================================== -->
<!-- Permissions associated with audio capture -->
diff --git a/services/core/java/com/android/server/PersistentDataBlockService.java b/services/core/java/com/android/server/PersistentDataBlockService.java
index 17edb53..9d4cd99a 100644
--- a/services/core/java/com/android/server/PersistentDataBlockService.java
+++ b/services/core/java/com/android/server/PersistentDataBlockService.java
@@ -433,7 +433,10 @@
@Override
public int getDataBlockSize() {
- enforceUid(Binder.getCallingUid());
+ if (mContext.checkCallingPermission(Manifest.permission.ACCESS_PDB_STATE)
+ != PackageManager.PERMISSION_GRANTED) {
+ enforceUid(Binder.getCallingUid());
+ }
DataInputStream inputStream;
try {