Print spooler security and some new print service facing APIs.
1. Updated the security mode of the print spooler. Now the spooler
is not signed with the system key, it is not a privileged app so if
it gets compromised (PDF rendering is a potential attack vector)
it cannot access dangerous permissions. Also only the system
can bind to the spooler.
2. Added APIs for asking a print service to start and stop tracking
a given printer. This is need for the case when the user selects
the printer and the print service should do a best effort to keep
the system updated for the current state of the printer.
3. Added APIs for putting a print job in a blocked state. A print
service would report the print job as blocked if for some reason
the printer cannot proceed, e.g. 99 pages are printed but there
is no paper for the last one. The user has to add more paper
and the print service can resume the job.
4. Changed the read/write APIs to use ParcelFileDescriptor instead
of FileDescriptor since the latter does not have a clean API for
detaching the wrapped Linux file descriptor when one wants to
push it to native.
5. Added API for getting the size of the printed document so the
print service can avoid handling big filed over cellular network
or ask the user if needed.
6. Now the print services that are preinstalled on the system image
are automatically enabled.
Change-Id: Ia06c311d3d21cabb9e1368f13928e11cd0030918
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index faf6e63..b749aa6 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -1915,13 +1915,10 @@
android:description="@string/permdesc_bindNfcService"
android:protectionLevel="signature" />
- <!-- Allows an application to call APIs that give it access to all print jobs
- on the device. Usually an app can access only the print jobts it created.
- This permission is not available to third party applications.
- @hide -->
- <permission android:name="android.permission.ACCESS_ALL_PRINT_JOBS"
- android:label="@string/permlab_accessAllPrintJobs"
- android:description="@string/permdesc_accessAllPrintJobs"
+ <!-- Must be required by the PrintSpooler to ensure that only the system can bind to it. -->
+ <permission android:name="android.permission.BIND_PRINT_SPOOLER_SERVICE"
+ android:label="@string/permlab_bindPrintSpoolerService"
+ android:description="@string/permdesc_bindPrintSpoolerService"
android:protectionLevel="signature" />
<!-- Must be required by a TextService (e.g. SpellCheckerService)
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index ead46c2..4b32e2b 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -984,12 +984,13 @@
<string name="permdesc_bindPrintService">Allows the holder to bind to the top-level
interface of a print service. Should never be needed for normal apps.</string>
- <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
- <string name="permlab_accessAllPrintJobs">access all print jobs</string>
- <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
- <string name="permdesc_accessAllPrintJobs">Allows the holder to access print jobs
- created by another app. Should never be needed for normal apps.</string>
-
+ <!-- Title of an application permission, listed so the user can choose
+ whether they want to allow the application to do this. -->
+ <string name="permlab_bindPrintSpoolerService">bind to a print spooler service</string>
+ <!-- Description of an application permission, listed so the user can
+ choose whether they want to allow the application to do this. -->
+ <string name="permdesc_bindPrintSpoolerService">Allows the holder to bind to the top-level
+ interface of a print spooler service. Should never be needed for normal apps.</string>
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permlab_bindNfcService">bind to NFC service</string>
@@ -4292,6 +4293,9 @@
<!-- Write fail reason: couldn't write the printed content. [CHAR LIMIT=none] -->
<string name="write_fail_reason_cannot_write">Error writing content</string>
+ <!-- Print fail reason: unknown. [CHAR LIMIT=25] -->
+ <string name="reason_unknown">unknown</string>
+
<!-- PIN entry dialog label/hint for PIN [CHAR LIMIT=none] -->
<string name="restr_pin_enter_pin">Enter PIN</string>
<!-- PIN entry dialog label/hint for old PIN [CHAR LIMIT=none] -->
diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml
index a9c812e..67f25d1 100755
--- a/core/res/res/values/symbols.xml
+++ b/core/res/res/values/symbols.xml
@@ -868,6 +868,7 @@
<java-symbol type="string" name="mediaSize_na_junior_legal" />
<java-symbol type="string" name="mediaSize_na_ledger" />
<java-symbol type="string" name="mediaSize_na_tabloid" />
+ <java-symbol type="string" name="reason_unknown" />
<java-symbol type="string" name="restr_pin_enter_pin" />
<java-symbol type="string" name="write_fail_reason_cancelled" />
<java-symbol type="string" name="write_fail_reason_cannot_write" />