Refactoring app widgets to address security/performance issues. - Moving the service binding to AppWidgetService to prevent arbitrary apps from binding to widget services - Requiring RemoteViewsServices to require android.permission.BIND_REMOTEVIEWS permission Change-Id: Id135bafba998299eb278067712b8a5d8487cfd04

commit: 81f39eb6e76d0be1dd341af835e8002a0f80524e [log] [tgz]
author: Winson Chung <winsonc@google.com> Tue Jan 11 18:05:01 2011 -0800
committer: Winson Chung <winsonc@google.com> Tue Jan 18 22:57:09 2011 -0800
tree: c4e0d4f4e531b779ae0ea16b1eb3cd783c633564
parent: 5fb60c7af2cbf59a99ae324c4284c7860b37c723 [diff] [blame]
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 41c911a..9b890fa 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml

@@ -1210,6 +1210,13 @@
         android:description="@string/permdesc_backup"
         android:protectionLevel="signatureOrSystem" />
 
+    <!-- Must be required by a {@link android.widget.RemoteViewsService},
+         to ensure that only the system can bind to it. -->
+    <permission android:name="android.permission.BIND_REMOTEVIEWS"
+        android:label="@string/permlab_bindRemoteViews"
+        android:description="@string/permdesc_bindRemoteViews"
+        android:protectionLevel="signatureOrSystem" />
+
     <!-- Allows an application to tell the AppWidget service which application
          can access AppWidget's data.  The normal user flow is that a user
          picks an AppWidget to go into a particular host, thereby giving that
commit	81f39eb6e76d0be1dd341af835e8002a0f80524e	[log] [tgz]
author	Winson Chung <winsonc@google.com>	Tue Jan 11 18:05:01 2011 -0800
committer	Winson Chung <winsonc@google.com>	Tue Jan 18 22:57:09 2011 -0800
tree	c4e0d4f4e531b779ae0ea16b1eb3cd783c633564
parent	5fb60c7af2cbf59a99ae324c4284c7860b37c723 [diff] [blame]