From fa35b426162648cb55ab968537d4230e85d5c941 Mon Sep 17 00:00:00 2001
From: Kangping Dong <wgtdkp@google.com>
Date: Thu, 3 Aug 2023 19:11:51 +0800
Subject: [PATCH] [Thread] add Thread network permissions

Defines permissions for guarding access to Thread network API.

The permissions are also granted to shell for CTS tests, see the
instructions here: go/ctswrite#write-a-test-to-test-an-api-that-requires-system-permission

Design doc: go/thread-android-api

Bug: 262683651
Merged-In: Ib15d5589bbd304d68840ee52a193676d12110512
Change-Id: Ifc6c1d55cc170a5a200dfb5d531f5e0f86a9507a
---
 core/api/system-current.txt               | 1 +
 core/res/AndroidManifest.xml              | 7 +++++++
 data/etc/privapp-permissions-platform.xml | 2 ++
 packages/Shell/AndroidManifest.xml        | 3 +++
 4 files changed, 13 insertions(+)

diff --git a/core/api/system-current.txt b/core/api/system-current.txt
index b6c9678f6cae..3370303e1007 100644
--- a/core/api/system-current.txt
+++ b/core/api/system-current.txt
@@ -357,6 +357,7 @@ package android {
     field public static final String SYSTEM_APPLICATION_OVERLAY = "android.permission.SYSTEM_APPLICATION_OVERLAY";
     field public static final String SYSTEM_CAMERA = "android.permission.SYSTEM_CAMERA";
     field public static final String TETHER_PRIVILEGED = "android.permission.TETHER_PRIVILEGED";
+    field @FlaggedApi("com.android.net.thread.flags.thread_enabled") public static final String THREAD_NETWORK_PRIVILEGED = "android.permission.THREAD_NETWORK_PRIVILEGED";
     field public static final String TIS_EXTENSION_INTERFACE = "android.permission.TIS_EXTENSION_INTERFACE";
     field public static final String TOGGLE_AUTOMOTIVE_PROJECTION = "android.permission.TOGGLE_AUTOMOTIVE_PROJECTION";
     field public static final String TRIGGER_LOST_MODE = "android.permission.TRIGGER_LOST_MODE";
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 7d9d99113663..0e753e51f597 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2225,6 +2225,13 @@
     <permission android:name="android.permission.MANAGE_LOWPAN_INTERFACES"
         android:protectionLevel="signature|privileged" />
 
+    <!-- @SystemApi @hide Allows changing Thread network state and access to Thread network
+        credentials such as Network Key and PSKc.
+        <p>Not for use by third-party applications.
+        @FlaggedApi("com.android.net.thread.flags.thread_enabled") -->
+    <permission android:name="android.permission.THREAD_NETWORK_PRIVILEGED"
+                android:protectionLevel="signature|privileged" />
+
     <!-- #SystemApi @hide Allows an app to bypass Private DNS.
          <p>Not for use by third-party applications.
          TODO: publish as system API in next API release. -->
diff --git a/data/etc/privapp-permissions-platform.xml b/data/etc/privapp-permissions-platform.xml
index b05507e7e128..c1018f59ffb5 100644
--- a/data/etc/privapp-permissions-platform.xml
+++ b/data/etc/privapp-permissions-platform.xml
@@ -438,6 +438,8 @@ applications that come with the platform
         <permission name="android.permission.MANAGE_WIFI_NETWORK_SELECTION" />
         <!-- Permission needed for CTS test - ConcurrencyTest#testP2pSetWfdInfo -->
         <permission name="android.permission.CONFIGURE_WIFI_DISPLAY" />
+        <!-- Permission required for CTS test - CtsThreadNetworkTestCases -->
+        <permission name="android.permission.THREAD_NETWORK_PRIVILEGED"/>
         <!-- Permission required for CTS test CarrierMessagingServiceWrapperTest -->
         <permission name="android.permission.BIND_CARRIER_SERVICES"/>
         <!-- Permission required for CTS test - MusicRecognitionManagerTest -->
diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index ee9883b0b0af..1edb89c82065 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml
@@ -588,6 +588,9 @@
     <!-- Permission needed for CTS test - ConcurrencyTest#testP2pSetWfdInfo -->
     <uses-permission android:name="android.permission.CONFIGURE_WIFI_DISPLAY" />
 
+    <!-- Permission required for CTS test - CtsThreadNetworkTestCases -->
+    <uses-permission android:name="android.permission.THREAD_NETWORK_PRIVILEGED"/>
+
     <!-- Permission required for CTS tests to enable/disable rate limiting toasts. -->
     <uses-permission android:name="android.permission.MANAGE_TOAST_RATE_LIMITING" />
 
-- 
GitLab