Add READ_MEDIA_VISUAL_USER_SELECTED to apps automatically
If an app requests READ_MEDIA_VIDEO/IMAGES, we should add
READ_MEDIA_VISUAL_USER_SELECTED automatically.
Also updates documentation
Bug: 256921561
Bug: 251783841
Test: atest PhotoPickerPermissionTest
Change-Id: I2ddb2caeeacd8c1d65b7892ea7fc22c024f69325
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 16e0a59..91695ff 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -1153,8 +1153,16 @@
<!-- Allows an application to read image or video files from external storage that a user has
selected via the permission prompt photo picker. Apps can check this permission to verify that
a user has decided to use the photo picker, instead of granting access to
- {@link #READ_MEDIA_IMAGES or #READ_MEDIA_VIDEO}. It does not prevent apps from accessing the
- standard photo picker manually.
+ {@link #READ_MEDIA_IMAGES} or {@link #READ_MEDIA_VIDEO}. It does not prevent apps from
+ accessing the standard photo picker manually. This permission should be requested alongside
+ {@link #READ_MEDIA_IMAGES} and/or {@link #READ_MEDIA_VIDEO}, depending on which type of media
+ is desired.
+ <p> This permission will be automatically added to an app's manifest if the app requests
+ {@link #READ_MEDIA_IMAGES}, {@link #READ_MEDIA_VIDEO}, or {@link #ACCESS_MEDIA_LOCATION}
+ regardless of target SDK. If an app does not request this permission, then the grant dialog
+ will return `PERMISSION_GRANTED` for {@link #READ_MEDIA_IMAGES} and/or
+ {@link #READ_MEDIA_VIDEO}, but the app will only have access to the media selected by the
+ user. This false grant state will persist until the app goes into the background.
<p>Protection level: dangerous -->
<permission android:name="android.permission.READ_MEDIA_VISUAL_USER_SELECTED"
android:permissionGroup="android.permission-group.UNDEFINED"
diff --git a/data/etc/platform.xml b/data/etc/platform.xml
index 9a1b8a9..6328b02 100644
--- a/data/etc/platform.xml
+++ b/data/etc/platform.xml
@@ -288,6 +288,15 @@
targetSdk="33">
<new-permission name="android.permission.READ_MEDIA_IMAGES" />
</split-permission>
+ <split-permission name="android.permission.READ_MEDIA_IMAGES">
+ <new-permission name="android.permission.READ_MEDIA_VISUAL_USER_SELECTED" />
+ </split-permission>
+ <split-permission name="android.permission.READ_MEDIA_VIDEO">
+ <new-permission name="android.permission.READ_MEDIA_VISUAL_USER_SELECTED" />
+ </split-permission>
+ <split-permission name="android.permission.ACCESS_MEDIA_LOCATION">
+ <new-permission name="android.permission.READ_MEDIA_VISUAL_USER_SELECTED" />
+ </split-permission>
<!-- This is a list of all the libraries available for application
code to link against. -->
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
index ab223ef..5ffbbdc 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
@@ -231,6 +231,7 @@
READ_MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_VIDEO);
READ_MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_IMAGES);
READ_MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.ACCESS_MEDIA_LOCATION);
+ READ_MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_VISUAL_USER_SELECTED);
NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.BLUETOOTH_ADVERTISE);
NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.BLUETOOTH_CONNECT);
NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.BLUETOOTH_SCAN);
