uses-permissions in AndroidManifest.xml are not exported to App

[steeve]

Description of the problem / feature request:

As per the documentation, uses-permissions attributes are never exported to the main app. What is the rationale behind this decision?
Is there any way to have an android_library export its permissions to an app that includes it ?

Thanks!

What operating system are you running Bazel on?

macOS

What's the output of bazel info release?

release 0.14.1-homebrew

Have you found anything relevant by searching the web?

They are manually removed here:

bazel/src/tools/android/java/com/google/devtools/build/android/ManifestMergerAction.java

Lines 157 to 185 in bb4ffd6

	private static final String[] PERMISSION_TAGS =
	new String[] {"uses-permission", "uses-permission-sdk-23"};
	private static final StdLogger stdLogger = new StdLogger(StdLogger.Level.WARNING);
	private static final Logger logger = Logger.getLogger(ManifestMergerAction.class.getName());
	private static Options options;
	private static Path removePermissions(Path manifest, Path outputDir)
	throws IOException, ParserConfigurationException, TransformerConfigurationException,
	TransformerException, TransformerFactoryConfigurationError, SAXException {
	DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
	Document doc = docBuilder.parse(manifest.toFile());
	for (String tag : PERMISSION_TAGS) {
	NodeList permissions = doc.getElementsByTagName(tag);
	if (permissions != null) {
	for (int i = permissions.getLength() - 1; i >= 0; i--) {
	Node permission = permissions.item(i);
	permission.getParentNode().removeChild(permission);
	}
	}
	}
	// Write resulting manifest to the output directory, maintaining full path to prevent collisions
	Path output = outputDir.resolve(manifest.toString().replaceFirst("^/", ""));
	Files.createDirectories(output.getParent());
	TransformerFactory.newInstance()
	.newTransformer()
	.transform(new DOMSource(doc), new StreamResult(output.toFile()));
	return output;
	}

[jin]

I have no idea - @asteinb @ahumesky?

[ahumesky]

It's mostly because changing the permissions of your app prevents auto-updating on the play store.

If you have a code base where there are many apps that are independently owned by different teams, and you have many libraries that are similarly independently owned by other teams, and if you inherit permissions from your dependencies, then it means that other teams can change the permissions of your app without your permission or noticing. Another way to put it is that app owners should own the permissions their app asks for. If a new permission gets by and ends up in a release, then your app can't be auto-updated.

One possible response is that this could instead be taken care of in a test where the test asserts the set of permissions that the app has. But this results in basically the same situation: a flat list somewhere of the permissions the app is allowed, just in a test rather than the top-level manifest.

That said, it should be possible to add an attribute to android_binary that will enable permissions inheritance. It should also be possible to write a skylark aspect that traverses the dependencies of an android_binary that will at least give you all the permissions from the dependencies.

[steeve]

I'm closing this as the rationale makes sense.