Adding a permission to platform.xml

[Jin Chiu]

I am attempting to add a new permission/group mapping to platform.xml,
as follows:

<permission name="android.permission.NET_ADMIN" >
<group gid="net_admin" />
</permission>

According to debug logs, this permission was successfully added to
PackageManagerService's HashMap via readPermissionsFromXml()

However, when I later attempt to use this permission in an Android
test app, I keep getting "Unknown permission" error. Apparently, this
permission was somehow removed from the HashMap, and I cannot track
down exactly where my permission getting removed. It is not
removePermission() doing it, as debug logs confirmed.

Any insights regarding this issue would be greatly appreciated!

[Dianne Hackborn]

This just associates it with a uid (which is an optional part of declaring a permission).  You still need to declare the permission, in core/res/res/AndroidManifest.xml.

--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To post to this group, send email to android-...@googlegroups.com.
To unsubscribe from this group, send email to android-platfo...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/android-platform?hl=en.

--
Dianne Hackborn
Android framework engineer
hac...@android.com

Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails.  All such questions should be posted on public forums, where I and others can see and answer them.

[Samuel Skånberg]

Hello Dianne,

Where can I find that file? There is no AndroidManifest.xml in
frameworks/base/core/res/res.

Thanks!

On Nov 12, 4:11 am, Dianne Hackborn <hack...@android.com> wrote:
> This just associates it with a uid (which is an optional part of declaring a
> permission).  You still need to declare the permission, in
> core/res/res/AndroidManifest.xml.
>
>
>
>
>
>
>
>
>
> On Thu, Nov 11, 2010 at 9:37 AM, Jin Chiu <live2drea...@gmail.com> wrote:
> > I am attempting to add a new permission/group mapping to platform.xml,
> > as follows:
>
> > <permission name="android.permission.NET_ADMIN" >
> >       <group gid="net_admin" />
> > </permission>
>
> > According to debug logs, this permission was successfully added to
> > PackageManagerService's HashMap via readPermissionsFromXml()
>
> > However, when I later attempt to use this permission in an Android
> > test app, I keep getting "Unknown permission" error. Apparently, this
> > permission was somehow removed from the HashMap, and I cannot track
> > down exactly where my permission getting removed. It is not
> > removePermission() doing it, as debug logs confirmed.
>
> > Any insights regarding this issue would be greatly appreciated!
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "android-platform" group.
> > To post to this group, send email to android-...@googlegroups.com.
> > To unsubscribe from this group, send email to

> > android-platfo...@googlegroups.com<android-platform%2Bunsubscrib e...@googlegroups.com>
> > .

> > For more options, visit this group at
> >http://groups.google.com/group/android-platform?hl=en.
>
> --
> Dianne Hackborn
> Android framework engineer

> hack...@android.com

[Dianne Hackborn]

Sorry it is core/res/AndroidManifest.xml

2010/11/22 Samuel Skånberg <dt0...@student.lth.se>

To unsubscribe from this group, send email to android-platfo...@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/android-platform?hl=en.

--
Dianne Hackborn
Android framework engineer

hac...@android.com

[roy.be...@gmail.com]

Hi,
could you please clarify: in order to add a new permission to an Android platform, should the platform.xml or AndroidManifest.xml be updated? or both?
(not clear to me what is the role of each of the two XMLs'..)

cheers!

[Xun Sun]

As Dianne said, you need to declare the permission in AndroidManifest.xml. 

In rare cases you would also need to update platform.xml. This is when you want the new permission to associate with a group id that the system knows. If you associate the permission with "sdcard_rw", applications requesting your permission will be able to read from and write to external storage.

Hope this helps.

--
You received this message because you are subscribed to the Google Groups "android-platform" group.

To unsubscribe from this group and stop receiving emails from it, send an email to android-platfo...@googlegroups.com.

To post to this group, send email to android-...@googlegroups.com.

Visit this group at http://groups.google.com/group/android-platform.
For more options, visit https://groups.google.com/groups/opt_out.

--
Thanks & regards
Xun Sun

[roy.be...@gmail.com]

Hi Xun, yes, it does help :->

looks like I actually need to do both:
1. update the platform.xml under framework/base/data/etc/
    <permission name="android.permission.FOO" >         <group gid="foo_grp" />   </permission>
note: that probably implies that any relevant OEM libs, should be member of group <foo_grp> also?

2. update the core/res/AndroidManifest.xml
    <permission android:name="android.permission.FOO"
        android:permissionGroup="android.permission-group.HARDWARE_CONTROLS"
        android:protectionLevel="signature|system"
        android:label="@string/..."
        android:description="@string/..." />

- does it require rebuilding the Android OS after the change?
- is this something that on Android phones, only the OEM can do?

thank you!

[Xun Sun]

Hi,

On Mon, Jan 13, 2014 at 2:22 PM, roy....@googlemail.com <roy.be...@gmail.com> wrote:

Hi Xun, yes, it does help :->

looks like I actually need to do both:
1. update the platform.xml under framework/base/data/etc/
    <permission name="android.permission.FOO" >         <group gid="foo_grp" />   </permission>
note: that probably implies that any relevant OEM libs, should be member of group <foo_grp> also?

I'm not sure I understand this question... 

 

2. update the core/res/AndroidManifest.xml
    <permission android:name="android.permission.FOO"
        android:permissionGroup="android.permission-group.HARDWARE_CONTROLS"
        android:protectionLevel="signature|system"

I believe this protection level means the permission is not available to user applications. Is this your intention?

 

        android:label="@string/..."
        android:description="@string/..." />

- does it require rebuilding the Android OS after the change?

Yes.

 

- is this something that on Android phones, only the OEM can do?

I think so. Why would others want to add a new permission to the platform (vs. only used by your own applications)?

[roy.be...@gmail.com]

Hi Xun,
thanks again!
one more question: anything additional that needs to be done to make it compliant with all\any application stores?

cheers!

On Tuesday, January 14, 2014 5:00:00 AM UTC+2, Xun Sun wrote:

Hi,

On Mon, Jan 13, 2014 at 2:22 PM, roy....@googlemail.com <roy.be...@gmail.com> wrote:

Hi Xun, yes, it does help :->

looks like I actually need to do both:
1. update the platform.xml under framework/base/data/etc/
    <permission name="android.permission.FOO" >         <group gid="foo_grp" />   </permission>
note: that probably implies that any relevant OEM libs, should be member of group <foo_grp> also?

I'm not sure I understand this question... 

updated this way, the linux uid of the Dalvik VM in which the apps runs, will be able to use native libraries which require the linux uid to be in the associated group.

 

2. update the core/res/AndroidManifest.xml
    <permission android:name="android.permission.FOO"
        android:permissionGroup="android.permission-group.HARDWARE_CONTROLS"
        android:protectionLevel="signature|system"

I believe this protection level means the permission is not available to user applications. Is this your intention?

good point. this is not clear yet. could be would probably want it to be either highly restricted or open.

 

        android:label="@string/..."
        android:description="@string/..." />

- does it require rebuilding the Android OS after the change?

Yes.

 

- is this something that on Android phones, only the OEM can do?

I think so.

ok. thanks.
 

Why would others want to add a new permission to the platform (vs. only used by your own applications)?

 
there are good reasons and also bad reasons :->

[Xun Sun]

Hi,

On Wed, Jan 15, 2014 at 7:34 AM, roy....@googlemail.com <roy.be...@gmail.com> wrote:

Hi Xun,

thanks again!
one more question: anything additional that needs to be done to make it compliant with all\any application stores?

I don't have any in my mind because I'm not familiar with the app store requirements.

 

cheers!

On Tuesday, January 14, 2014 5:00:00 AM UTC+2, Xun Sun wrote:

Hi,

On Mon, Jan 13, 2014 at 2:22 PM, roy....@googlemail.com <roy.be...@gmail.com> wrote:

Hi Xun, yes, it does help :->

looks like I actually need to do both:
1. update the platform.xml under framework/base/data/etc/
    <permission name="android.permission.FOO" >         <group gid="foo_grp" />   </permission>
note: that probably implies that any relevant OEM libs, should be member of group <foo_grp> also?

I'm not sure I understand this question... 

updated this way, the linux uid of the Dalvik VM in which the apps runs, will be able to use native libraries which require the linux uid to be in the associated group.

That's about it. "the linux uid" should be interpreted as "one of the supplementary group ids". The app uid does not have access by itself.