commit 60ced8efc641be6698bcb1f9f035c2358958c445
author Nicholas Ambur <nambur@google.com> Fri Mar 20 11:17:35 2020 -0700
committer Nicholas Ambur <nambur@google.com> Fri Mar 20 12:11:44 2020 -0700
tree 5f2dede0eb555c142d78b755e21cb9caa5d1f3b2
parent 69a1926280355194514a78960c461f259516c998

permission test KEYPHRASE_ENROLLMENT_APPLICATION

Bug: 151405284
Test: atest CtsPermission2TestCases:android.permission2.cts. \
PermissionPolicyTest#platformPermissionPolicyIsUnaltered -- \
--abi arm64-v8a

Change-Id: I623d8c9c3bf98f2fe7a2ea4f3b1780a1dfca0c80

tests/tests/permission2/res/raw/android_manifest.xml

diff --git a/tests/tests/permission2/res/raw/android_manifest.xml b/tests/tests/permission2/res/raw/android_manifest.xml
index b334846..181f268 100644
--- a/tests/tests/permission2/res/raw/android_manifest.xml
+++ b/tests/tests/permission2/res/raw/android_manifest.xml
@@ -3434,11 +3434,24 @@
     <permission android:name="android.permission.BIND_AUGMENTED_AUTOFILL_SERVICE"
                 android:protectionLevel="signature" />
 
-    <!-- Must be required by hotword enrollment application,
-         to ensure that only the system can interact with it.
-         @hide <p>Not for use by third-party applications.</p> -->
+    <!-- Must be required by a {@link android.service.voice.VoiceInteractionService} implementation
+      to enroll its own sound models. This is a more restrictive permission than the higher-level
+      permission KEYPHRASE_ENROLLMENT_APPLICATION. For the caller to enroll sound models with
+      this permission, it must hold the permission and be the active VoiceInteractionService in
+      the system.
+      {@see Settings.Secure.VOICE_INTERACTION_SERVICE}
+      @hide -->
     <permission android:name="android.permission.MANAGE_VOICE_KEYPHRASES"
-        android:protectionLevel="signature|privileged" />
+                android:protectionLevel="signature|privileged" />
+
+    <!-- Must be required by a keyphrase enrollment application, to enroll sound models. This is
+         treated as a higher-level permission to MANAGE_VOICE_KEYPHRASES as a caller can enroll
+         sound models at any time. This permission should be reserved for system enrollment
+         applications detected by {@link android.hardware.soundtrigger.KeyphraseEnrollmentInfo}
+         only.
+         @hide <p>Not for use by third-party applications.</p> -->
+    <permission android:name="android.permission.KEYPHRASE_ENROLLMENT_APPLICATION"
+                android:protectionLevel="signature|privileged" />
 
     <!-- Must be required by a {@link com.android.media.remotedisplay.RemoteDisplayProvider},
          to ensure that only the system can bind to it.