cmsdk: Enforce cyanogenmod.permission.MODIFY_PROFILES for profiles.

Change-Id: Id14bfd9b214b4f53960c55d8abab2764f990b1b6

cm/lib/main/java/org/cyanogenmod/platform/internal/ProfileManagerService.java

@@ -64,8 +64,6 @@ public class ProfileManagerService extends SystemService {
     // Enable the below for detailed logging of this class
     private static final boolean LOCAL_LOGV = false;
 
-    public static final String PERMISSION_CHANGE_SETTINGS = "android.permission.WRITE_SETTINGS";
-
     public static final String KEYGUARD_PACKAGE = "com.android.systemui";
     public static final String KEYGUARD_CLASS = "com.android.systemui.keyguard.KeyguardService";
 
@@ -520,7 +518,8 @@ public class ProfileManagerService extends SystemService {
     }
 
     private void enforceChangePermissions() {
-        mContext.enforceCallingOrSelfPermission(PERMISSION_CHANGE_SETTINGS,
+        mContext.enforceCallingOrSelfPermission(
+                cyanogenmod.platform.Manifest.permission.MODIFY_PROFILES,
                 "You do not have permissions to change the Profile Manager.");
     }
 

cm/res/AndroidManifest.xml

@@ -75,6 +75,12 @@
                 android:description="@string/permdesc_writeSettings"
                 android:protectionLevel="normal" />
 
+    <!-- Allows an application to modify system profiles -->
+    <permission android:name="cyanogenmod.permission.MODIFY_PROFILES"
+                android:label="@string/permlab_modifyProfiles"
+                android:description="@string/permdesc_modifyProfiles"
+                android:protectionLevel="normal" />
+
     <!-- Allows an application to write to secure CM system settings.
         <p>Not for use by third-party applications. -->
     <permission android:name="cyanogenmod.permission.WRITE_SECURE_SETTINGS"

cm/res/res/values/strings.xml

@@ -38,6 +38,10 @@
     <string name="permlab_modifyMSPhoneState">modify the phone state and data connection with support to multiple SIMs</string>
     <string name="permdesc_modifyMSPhoneState">Allows an app to modify the phone state and data connection with support to multiple SIMs.</string>
 
+    <!-- Labels for the MODIFY_PROFILES permission. -->
+    <string name="permlab_modifyProfiles">modify system profiles</string>
+    <string name="permdesc_modifyProfiles">Allows an application to modify system profiles</string>
+
     <!-- Labels for the HARDWARE_ABSTRACTION_ACCESS permission. -->
     <string name="permlab_useHardwareFramework">use hardware framework</string>
     <string name="permdesc_useHardwareFramework">Allows an app access to the CM hardware framework.</string>

samples/gradle-sample/ExampleApplication/app/src/main/AndroidManifest.xml

@@ -3,10 +3,9 @@
     package="com.example.test.myapplication" >
 
     <uses-permission android:name="android.permission.CALL_PHONE" />
-    <uses-permission android:name="android.permission.WRITE_SETTINGS" />
     <uses-permission android:name="cyanogenmod.permission.PUBLISH_CUSTOM_TILE" />
     <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
-    <uses-permission android:name="android.permission.WRITE_SETTINGS" />
+    <uses-permission android:name="cyanogenmod.permission.MODIFY_PROFILES" />
 
     <application
         android:allowBackup="true"

samples/profiles/AndroidManifest.xml

@@ -5,7 +5,7 @@
           android:versionName="1.0">
 
     <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
-    <uses-permission android:name="android.permission.WRITE_SETTINGS" />
+    <uses-permission android:name="cyanogenmod.permission.MODIFY_PROFILES" />
 
     <application android:label="@string/app_name" android:icon="@drawable/ic_launcher">
         <activity android:name="MainActivity"

src/java/cyanogenmod/app/ProfileManager.java

@@ -51,7 +51,8 @@ import com.android.internal.R;
  *
  * To get the instance of this class, utilize ProfileManager#getInstance(Context context)
  *
- * This manager requires the android.permission.WRITE_SETTINGS permission.
+ * This manager requires the {@link cyanogenmod.platform.Manifest.permission.MODIFY_PROFILES}
+ * permission.
  *
  * @see cyanogenmod.app.Profile
  * @see cyanogenmod.app.ProfileGroup

tests/AndroidManifest.xml

@@ -4,19 +4,20 @@
           android:versionCode="1"
           android:versionName="1.0">
 
+    <uses-permission android:name="android.permission.REBOOT" />
+    <uses-permission android:name="com.android.alarm.permission.SET_ALARM" />
+
     <uses-permission android:name="cyanogenmod.permission.PUBLISH_CUSTOM_TILE" />
-    <uses-permission android:name="android.permission.WRITE_SETTINGS"/>
     <uses-permission android:name="cyanogenmod.permission.WRITE_SETTINGS"/>
     <uses-permission android:name="cyanogenmod.permission.WRITE_SECURE_SETTINGS"/>
     <uses-permission android:name="cyanogenmod.permission.MODIFY_NETWORK_SETTINGS" />
     <uses-permission android:name="cyanogenmod.permission.MODIFY_SOUND_SETTINGS" />
-    <uses-permission android:name="android.permission.REBOOT" />
-    <uses-permission android:name="com.android.alarm.permission.SET_ALARM" />
     <uses-permission android:name="cyanogenmod.alarmclock.permission.MANAGE_ALARMS" />
     <uses-permission android:name="cyanogenmod.alarmclock.permission.READ_ALARMS" />
     <uses-permission android:name="cyanogenmod.permission.MODIFY_MSIM_PHONE_STATE" />
     <uses-permission android:name="cyanogenmod.permission.READ_MSIM_PHONE_STATE" />
     <uses-permission android:name="cyanogenmod.permission.HARDWARE_ABSTRACTION_ACCESS" />
+    <uses-permission android:name="cyanogenmod.permission.MODIFY_PROFILES" />
 
     <application android:label="@string/app_name" android:icon="@drawable/ic_launcher">
         <uses-library android:name="android.test.runner" />