Add a new permission for external time sources
This CL adds a new permission called SUGGEST_EXTERNAL_TIME that
gates TimeManager.suggestExternalTime calls.
The new permission is marked as 'privileged' as protection level. This
could result in third party apps preinstalled on the system image to
potentially get this permission. This is OK for the following reasons:
- OEM coordination is needed to grant 3P apps this permission, so
adding "privileged" doesn't introduce significant risk.
- This permission/API doesn't guarantee that the suggested timestamp
will immediately be used as the new system timestamp. The system must
be configured so that the external time source has a higher priority
than other time sources (e.g. GNSS) for the external time suggestion to
be used. This configuration is also done by the OEM. That introduces
significant roadblock for a malicious app to do anything useful with
this permission.
- More importantly, apps can set system time directly using
TimeManager.setTime() which requires SET_TIME permission. This
permission is also signature|privileged, so this change is consistent
with it.
Bug: 157504928, 177079827
CTS-Coverage-Bug: 182275086
Test: atest android.app.time
Change-Id: I0098ab7565b647fb220d39575f0616d2a47bdc89
5 files changed