Hi, Elliot See my comments inline.
Thanks, Shiliu. From: Crosswalk-help [mailto:[email protected]] On Behalf Of Smith, Elliot Sent: Tuesday, June 10, 2014 9:21 PM To: [email protected] Subject: [Crosswalk-help] Do manifest.json permissions have any runtime effects on Android? (This relates to the question I asked yesterday about whether the embedding API for Crosswalk does anything with the permissions field when running on Android.) Shiliu: Crosswalk doesn’t do extra permission check for Android. For two reasons: 1. On Android, permissions are only granted at installation time. No such mechanism to dynamically/temporally grant one permission to some app. 2. For Crosswalk on android, unlike Tizen. Each App is running completely separated. Crosswalk doesn’t need to manage multiple app’s permissions. For detail, you can refer XWALK-555. I've been having a close look at the permissions field in the manifest, and how it's managed by make_apk.py. This mapping table is what I'm working from: permission_mapping_table = { 'contacts': ['android.permission.READ_CONTACTS', 'android.permission.WRITE_CONTACTS'], 'geolocation': ['android.permission.ACCESS_FINE_LOCATION'], 'messaging': ['android.permission.READ_SMS', 'android.permission.READ_PHONE_STATE', 'android.permission.RECEIVE_SMS', 'android.permission.SEND_SMS', 'android.permission.WRITE_SMS'], 'devicecapabilities': [], 'fullscreen': [], 'presentation': [], 'rawsockets': [], 'screenorientation': [], 'vibration': ['android.permission.VIBRATE'] } Some of the fields are used to set <uses-permission> elements in AndroidManifest.xml. Some of the entries don't affect packaging (presentation, fullscreen, rawsockets, screenorientation etc.). Do they instead affect the application when the manifest is loaded (e.g. if you use loadAppFromManifest())? Shiliu: No, currently if a feature doesn’t request any Android system permission, crosswalk will not disable even it’s not specified in manifest. The thought is on android, each Crosswalk app is an independent native app from OS perspective. If Android system doesn’t think such operation need extra permission, crosswalk won’t block it as well. The manifest is only for package tool to easily declare <uses-permission> elements so far. And will a feature be disabled unless the permission is specified (so you have to enable fullscreen explicitly, for example)? Or does specifying this permission just prevent the user from getting a "grant permission?" popup when these APIs are accessed? Shiliu: In this case, fullscreen will work with/without “fullscreen” permission specified in manifest. Even loading a url (remote or local) can use fullscreen js api. Because Android system doesn’t take fullscreen as privilege operation.. Finally, is there a mechanism in the embedding API to set a permission without specifying it in a manifest.json file? (I can't see one.) Shiliu: There is not, and not needed. However, to help set <uses-permission> for Android.manifest is a problem for Embedding API. In embedding API’s usage, we can’t cover the apk packaging part for developer, so that we can’t do what we do in make_apk.py to help developers add the permissions in manifest automatically. We do need some tool to at least warn developer the permissions needed. Thanks. Elliot -- Elliot Smith Senior Software Engineer Intel Open Source Technology Centre
_______________________________________________ Crosswalk-help mailing list [email protected] https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-help
