Add permission for instant apps creating foreground services
Foreground services could potentially be abused to get around the
lifecycle requirements of Instant Apps, so limit that behavior with a
perission that will need to be granted by the installer.
Test: Manually verified
Change-Id: Ia162077971e914960ebdb8293a33faa8038ed850
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
index 603126b..fb927e9 100644
--- a/core/java/android/app/AppOpsManager.java
+++ b/core/java/android/app/AppOpsManager.java
@@ -247,8 +247,10 @@
public static final int OP_REQUEST_INSTALL_PACKAGES = 66;
/** @hide Enter picture-in-picture when hidden. */
public static final int OP_ENTER_PICTURE_IN_PICTURE_ON_HIDE = 67;
+ /** @hide Instant app start foreground service. */
+ public static final int OP_INSTANT_APP_START_FOREGROUND = 68;
/** @hide */
- public static final int _NUM_OP = 68;
+ public static final int _NUM_OP = 69;
/** Access to coarse location information. */
public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
@@ -351,6 +353,9 @@
= "android:get_accounts";
public static final String OPSTR_READ_PHONE_NUMBER
= "android:read_phone_number";
+ /** @hide */
+ public static final String OPSTR_INSTANT_APP_START_FOREGROUND
+ = "android:instant_app_start_foreground";
private static final int[] RUNTIME_PERMISSIONS_OPS = {
// Contacts
@@ -467,6 +472,7 @@
OP_READ_PHONE_NUMBER,
OP_REQUEST_INSTALL_PACKAGES,
OP_ENTER_PICTURE_IN_PICTURE_ON_HIDE,
+ OP_INSTANT_APP_START_FOREGROUND,
};
/**
@@ -542,6 +548,7 @@
OPSTR_READ_PHONE_NUMBER,
null, // OP_REQUEST_INSTALL_PACKAGES
null,
+ OPSTR_INSTANT_APP_START_FOREGROUND,
};
/**
@@ -617,6 +624,7 @@
"READ_PHONE_NUMBER",
"REQUEST_INSTALL_PACKAGES",
"OP_ENTER_PICTURE_IN_PICTURE_ON_HIDE",
+ "INSTANT_APP_START_FOREGROUND",
};
/**
@@ -692,6 +700,7 @@
Manifest.permission.READ_PHONE_NUMBER,
Manifest.permission.REQUEST_INSTALL_PACKAGES,
null, // no permission for entering picture-in-picture on hide
+ Manifest.permission.INSTANT_APP_FOREGROUND_SERVICE,
};
/**
@@ -768,6 +777,7 @@
null, // READ_PHONE_NUMBER
null, // REQUEST_INSTALL_PACKAGES
null, // ENTER_PICTURE_IN_PICTURE_ON_HIDE
+ null, // INSTANT_APP_START_FOREGROUND
};
/**
@@ -843,6 +853,7 @@
false, // READ_PHONE_NUMBER
false, // REQUEST_INSTALL_PACKAGES
false, // ENTER_PICTURE_IN_PICTURE_ON_HIDE
+ false, // INSTANT_APP_START_FOREGROUND
};
/**
@@ -917,6 +928,7 @@
AppOpsManager.MODE_ALLOWED,
AppOpsManager.MODE_DEFAULT, // OP_REQUEST_INSTALL_PACKAGES
AppOpsManager.MODE_ALLOWED, // OP_ENTER_PICTURE_IN_PICTURE_ON_HIDE
+ AppOpsManager.MODE_DEFAULT, // OP_INSTANT_APP_START_FOREGROUND
};
/**
@@ -995,6 +1007,7 @@
false,
false, // OP_REQUEST_INSTALL_PACKAGES
false, // OP_ENTER_PICTURE_IN_PICTURE_ON_HIDE
+ false,
};
/**
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index a6e43ff..6dd1f17 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -3247,6 +3247,10 @@
<permission android:name="android.permission.MODIFY_THEME_OVERLAY"
android:protectionLevel="signature" />
+ <!-- Allows an instant app to create foreground services. -->
+ <permission android:name="android.permission.INSTANT_APP_FOREGROUND_SERVICE"
+ android:protectionLevel="signature|development|ephemeral|appop" />
+
<application android:process="system"
android:persistent="true"
android:hasCode="false"