[tor-commits] [tor-browser/tor-browser-68.1.0esr-9.0-1] Bug 25741 - TBA: Conditionally require WIFI and NETWORK permissions
gk at torproject.org
gk at torproject.org
Sat Aug 31 19:46:16 UTC 2019
commit c60818fd0b1922514fab5d4d6dbef05d0ae70217
Author: Matthew Finkel <Matthew.Finkel at gmail.com>
Date: Wed Apr 11 17:52:59 2018 +0000
Bug 25741 - TBA: Conditionally require WIFI and NETWORK permissions
Only require the {ACCESS,CHANGE}_WIFI_STATE and ACCESS_NETWORK_STATE
permissions if MOZ_ANDROID_NETWORK_STATE is defined in the preprocessor.
Also:
Bug 25741 - TBA: Conditionally require *_LOCATION permissions
Only require the {FINE,COURSE}_LOCATION permissions if
MOZ_ANDROID_LOCATION is defined in the preprocessor. Also
include location features (with gps).
Bug 25741 - TBA: Move CAMERA permission within MOZ_WEBRTC
Require the CAMERA permissions if MOZ_WEBRTC is defined in
the preprocessor.
Bug 25741 - TBA: Only include GCM permissions if we want them
Bug 26826 - Disable tab queue and delete SYSTEM_ALERT_WINDOW permission
Bug 24796 - Comment out excess permissions from GeckoView
The GeckoView AndroidManifest.xml is not preprocessed unlike Fennec's
manifest, so we can't use the ifdef preprocessor guards around the
permissions we do not want. Commenting the permissions is the
next-best-thing.
---
.../app/src/main/res/xml/preferences_general.xml | 1 +
.../src/main/res/xml/preferences_general_tablet.xml | 1 +
.../android/base/FennecManifest_permissions.xml.in | 18 ++++++++++++++----
.../android/geckoview/src/main/AndroidManifest.xml | 20 +++++++++++++++++---
mobile/android/moz.configure | 8 ++++++++
.../FxAccountAndroidManifest_permissions.xml.in | 2 ++
mobile/android/torbrowser.configure | 3 +++
7 files changed, 46 insertions(+), 7 deletions(-)
diff --git a/mobile/android/app/src/main/res/xml/preferences_general.xml b/mobile/android/app/src/main/res/xml/preferences_general.xml
index f148ae61b169..ef739db0c3d8 100644
--- a/mobile/android/app/src/main/res/xml/preferences_general.xml
+++ b/mobile/android/app/src/main/res/xml/preferences_general.xml
@@ -31,6 +31,7 @@
<SwitchPreference android:key="android.not_a_preference.tab_queue"
android:title="@string/pref_tab_queue_title"
android:summary="@string/pref_tab_queue_summary"
+ android:selectable="false"
android:defaultValue="false" />
<SwitchPreference android:key="android.not_a_preference.compact_tabs"
diff --git a/mobile/android/app/src/main/res/xml/preferences_general_tablet.xml b/mobile/android/app/src/main/res/xml/preferences_general_tablet.xml
index 903e9e315f59..aee9937f9759 100644
--- a/mobile/android/app/src/main/res/xml/preferences_general_tablet.xml
+++ b/mobile/android/app/src/main/res/xml/preferences_general_tablet.xml
@@ -43,6 +43,7 @@
<SwitchPreference android:key="android.not_a_preference.tab_queue"
android:title="@string/pref_tab_queue_title"
android:summary="@string/pref_tab_queue_summary"
+ android:selectable="false"
android:defaultValue="false" />
</PreferenceScreen>
diff --git a/mobile/android/base/FennecManifest_permissions.xml.in b/mobile/android/base/FennecManifest_permissions.xml.in
index f3e43bb4e3ca..796e28777aad 100644
--- a/mobile/android/base/FennecManifest_permissions.xml.in
+++ b/mobile/android/base/FennecManifest_permissions.xml.in
@@ -8,14 +8,23 @@
them during the same release, which should be Fennec 48. Therefore we
decouple the push permission from MOZ_ANDROID_GCM to let it ride ahead
(potentially) of the push feature. -->
+
+#ifdef MOZ_ANDROID_GCM
#include GcmAndroidManifest_permissions.xml.in
+#endif
#include SamsungAppStoreManifest_permissions.xml.in
+#ifdef MOZ_ANDROID_NETWORK_STATE
+ <!-- Android WIFI state -->
<uses-permission android:name="android.permission.CHANGE_WIFI_STATE"/>
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>
+#endif
+
+#ifdef MOZ_ANDROID_LOCATION
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
+#endif
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
<uses-permission android:name="android.permission.INTERNET"/>
#ifdef MOZ_ANDROID_MLS_STUMBLER
@@ -25,7 +34,9 @@
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
<uses-permission android:name="com.android.launcher.permission.INSTALL_SHORTCUT"/>
<uses-permission android:name="com.android.launcher.permission.UNINSTALL_SHORTCUT"/>
+#ifdef MOZ_ANDROID_LOCATION
<uses-permission android:name="com.android.browser.permission.READ_HISTORY_BOOKMARKS"/>
+#endif
<uses-permission android:name="android.permission.FOREGROUND_SERVICE"/>
<uses-permission android:name="android.permission.WAKE_LOCK"/>
@@ -34,13 +45,12 @@
<uses-permission android:name="android.permission.DOWNLOAD_WITHOUT_NOTIFICATION" />
#endif
+#ifdef MOZ_ANDROID_LOCATION
<uses-feature android:name="android.hardware.location" android:required="false"/>
<uses-feature android:name="android.hardware.location.gps" android:required="false"/>
+#endif
<uses-feature android:name="android.hardware.touchscreen"/>
- <!-- Tab Queue -->
- <uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>
-
<!-- To be able to install updates and other downloaded APKs on API 26+ -->
<uses-permission-sdk-23 android:name="android.permission.REQUEST_INSTALL_PACKAGES"/>
@@ -55,10 +65,10 @@
<uses-feature android:name="android.hardware.audio.low_latency" android:required="false"/>
<uses-feature android:name="android.hardware.camera.any" android:required="false"/>
<uses-feature android:name="android.hardware.microphone" android:required="false"/>
-#endif
<uses-permission android:name="android.permission.CAMERA" />
<uses-feature android:name="android.hardware.camera" android:required="false"/>
<uses-feature android:name="android.hardware.camera.autofocus" android:required="false"/>
+#endif
<!-- App requires OpenGL ES 2.0 -->
<uses-feature android:glEsVersion="0x00020000" android:required="true" />
diff --git a/mobile/android/geckoview/src/main/AndroidManifest.xml b/mobile/android/geckoview/src/main/AndroidManifest.xml
index a14bb6b1750e..0d93ee53ee4b 100644
--- a/mobile/android/geckoview/src/main/AndroidManifest.xml
+++ b/mobile/android/geckoview/src/main/AndroidManifest.xml
@@ -2,20 +2,32 @@
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="org.mozilla.geckoview">
+<!--#ifdef MOZ_ANDROID_NETWORK_STATE-->
+ <!--
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
+ -->
+<!--#endif-->
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.WAKE_LOCK"/>
<uses-permission android:name="android.permission.MODIFY_AUDIO_SETTINGS" />
+<!--#ifdef MOZ_ANDROID_LOCATION-->
+ <!--
<uses-feature
android:name="android.hardware.location"
android:required="false"/>
<uses-feature
android:name="android.hardware.location.gps"
android:required="false"/>
+ -->
+<!--#endif-->
<uses-feature
android:name="android.hardware.touchscreen"
android:required="false"/>
+<!--#ifdef MOZ_WEBRTC-->
+ <!-- TODO preprocess AndroidManifest.xml so that we can
+ conditionally include WebRTC permissions based on MOZ_WEBRTC. -->
+ <!--
<uses-feature
android:name="android.hardware.camera"
android:required="false"/>
@@ -24,14 +36,16 @@
android:required="false"/>
<uses-feature
- android:name="android.hardware.audio.low_latency"
+ android:name="android.hardware.camera.any"
android:required="false"/>
<uses-feature
- android:name="android.hardware.microphone"
+ android:name="android.hardware.audio.low_latency"
android:required="false"/>
<uses-feature
- android:name="android.hardware.camera.any"
+ android:name="android.hardware.microphone"
android:required="false"/>
+ -->
+<!--#endif-->
<!-- GeckoView requires OpenGL ES 2.0 -->
<uses-feature
diff --git a/mobile/android/moz.configure b/mobile/android/moz.configure
index def87ba268f1..c8ed3a9a59e1 100644
--- a/mobile/android/moz.configure
+++ b/mobile/android/moz.configure
@@ -193,3 +193,11 @@ def check_android_gcm(android_gcm,
if not google_play_services:
die('You must specify --with-google-play-services when'
' building with MOZ_ANDROID_GCM=1')
+
+project_flag('MOZ_ANDROID_NETWORK_STATE',
+ help='Include permission for accessing WiFi/network state on Android',
+ default=False)
+
+project_flag('MOZ_ANDROID_LOCATION',
+ help='Include permission for accessing fine and course-grain Location on Android',
+ default=False)
diff --git a/mobile/android/services/manifests/FxAccountAndroidManifest_permissions.xml.in b/mobile/android/services/manifests/FxAccountAndroidManifest_permissions.xml.in
index d5c7e3e5c7dc..8498b8015855 100644
--- a/mobile/android/services/manifests/FxAccountAndroidManifest_permissions.xml.in
+++ b/mobile/android/services/manifests/FxAccountAndroidManifest_permissions.xml.in
@@ -1,5 +1,7 @@
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
+#ifdef MOZ_ANDROID_NETWORK_STATE
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
+#endif
<uses-permission android:name="android.permission.MANAGE_ACCOUNTS" />
<uses-permission android:name="android.permission.USE_CREDENTIALS" />
<uses-permission android:name="android.permission.AUTHENTICATE_ACCOUNTS" />
diff --git a/mobile/android/torbrowser.configure b/mobile/android/torbrowser.configure
index 5e3ab67dca6a..ac30fde888a6 100644
--- a/mobile/android/torbrowser.configure
+++ b/mobile/android/torbrowser.configure
@@ -41,3 +41,6 @@ imply_option('MOZ_SERVICES_HEALTHREPORT', False)
# them here, as well.
#imply_option('MOZ_TELEMETRY_REPORTING', False)
#imply_option('MOZ_DATA_REPORTING', False)
+
+imply_option('MOZ_ANDROID_NETWORK_STATE', False);
+imply_option('MOZ_ANDROID_LOCATION', False);
More information about the tor-commits
mailing list