[Question] How is onDemand handled during submition

[an0n981]

For an app that for example needs access to ID/build.prop I have to deny but ask. This way it can only access build.prop when I explicitly allow it. How are these exceptions handled when submitting? Could this setup possibly lead to issues for users with onDemand off?

[M66B]

Whitelisted stuff is not submitted and I don't think it is a good idea to submit it, since it could contain privacy sensitive stuff.

[M66B]

Maybe we should handle this like the accounts, applications and contacts and just submit there are exceptions.

[an0n981]

I don't think you understood what I meant.

Example: App XYZ needs access to Internet:inet to function.
My setup for Internet:inet: Deny but ask, then I allow once when needed. This way the app cannot access inet unless I explicitly allow once.

How is this setup handled?

[M66B]

It is not handled yet.

[Cerberus-tm]

So it is basically submitted as "deny"? Or is it not submitted at all because it's different?

[M66B]

This will be changed in the next release, these functions will be submitted as deny with having an exception. While fetching the server will take into account the exceptions (and basically allow the restriction). Later we can improve this, by checking the number of submitted exceptions versus the number of submitted restrictions.

[jpeg729]

How about only submitting functions marked used?
And if a function is marked used & on-demand we could take exceptions into account as you propose.

[M66B]

We cannot be sure if the function wasn't used so far, it will never be used.
Better safe than sorry here.

[jpeg729]

Fetching could start by applying the template and then tweaking according to the received data.
Just an idea, but I've got the feeling that the usage data properly combined with the restriction data could be used to good effect.