Restrict READ_FRAME_BUFFER to signature only
We want to restrict screen reading permissions
to signature only so only the platform and
apps signed with the platform key can access
the device screen.
Add @removed and @hide to the permission so that it's
not in the docs any more without breaking any existing
apps referring to the permissions.
Bug: 111131054
Test: manually tested screenshot & bugreport
Test: atest PermissionsHostTest
Test: make & verified generated file
out/target/common/obj/PACKAGING/hiddenapi-light-greylist.txt
contains READ_FRAME_BUFFER
Change-Id: I8294aff965e889335a495ab792f893957d39ec5d
Change-Id: I8294aff965e889335a495ab792f893957d39ec5d
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 8f176e8..e4e7c197 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -3238,11 +3238,13 @@
<permission android:name="android.permission.ACCESS_SURFACE_FLINGER"
android:protectionLevel="signature" />
- <!-- @SystemApi Allows an application to take screen shots and more generally
+ <!-- Allows an application to take screen shots and more generally
get access to the frame buffer data.
- <p>Not for use by third-party applications. -->
+ <p>Not for use by third-party applications.
+ @hide
+ @removed -->
<permission android:name="android.permission.READ_FRAME_BUFFER"
- android:protectionLevel="signature|privileged" />
+ android:protectionLevel="signature" />
<!-- Allows an application to use InputFlinger's low level features.
@hide -->