Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 8bd1395881446e807924d6f320966d7c26d3d527^! / . / core / res / AndroidManifest.xml
commit8bd1395881446e807924d6f320966d7c26d3d527[log] [tgz]
authorSvet Ganov <svetoslavganov@google.com>Mon Jan 15 21:32:00 2018 -0800
committerSvet Ganov <svetoslavganov@google.com>Tue Jan 16 21:43:35 2018 -0800
tree47b90f83aa052dde6c48ce3b61f0526d0b15221d
parent2bb444136a10731f73fe7e7052a0fcbec0472262 [diff] [blame]
No sensor access to idle UIDs - framework

Idle UIDs are ones that were in the background for long enough time.
Currently such apps can access sensor data even though they have no
user perceptible components running. This affects the user's privacy
since an app in the background can use sensor data to infer location,
activity, habbits, etc.

The goal is to restrict sensor access for all apps in the ecosystem
regardless of target SDK which means the solution should be backwards
compatible. At the high level the sesnor service observes UID state
changes and applies policy like this:

Continuous sensors: for sensros in this reporting mode when the UID
goes in the background we will stop dispatching events. Once the UID
goes active we will start reporting the events. While this is an
app visible behavior change we would rather do that vs delivering
fake events.

Flush events: there is no change in behavior based on the UID state.
Hence, idle apps can request a flush and would get the completion
callback. From an app perspective flushing works at any point.

Trigger events: for sensors in this reporting mode when the UID
goes in the background we will not report any trigger events. From
an app perspective the sensor just did not pick up any events.

On-change events: for sensors in this reporting mode when the UID
goes in the background we will not report any change events. From
an app perspective the sensor just did not pick up any events.

Wake locks: since UIDs in idle state cannot acquire wakelocks we
will not be grabbing a wakelock on behalf of apps in that state.

Test: Added - SensorTest#testSanitizedContinuousEventsUidIdle
      Added - SensorTest#testBatchAndFlushUidIdle
      Pass - cts-tradefed run cts-dev -m CtsSensorTestCases

bug:63938985

Change-Id: Iee73dc034f5fe7fbea789a3b60db4290757c5052

diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index cb6701e..1598761 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml

@@ -1751,6 +1751,12 @@
     <permission android:name="android.permission.SEND_EMBMS_INTENTS"
         android:protectionLevel="signature|privileged" />
 
+
+    <!-- Allows internal management of the sensor framework
+         @hide -->
+    <permission android:name="android.permission.MANAGE_SENSORS"
+        android:protectionLevel="signature" />
+
     <!-- Must be required by an ImsService to ensure that only the
          system can bind to it.
          <p>Protection level: signature|privileged