Merge changes from topic "ae_assistant_permission" into main (74729400) · Commits · e / os / android_frameworks_base

core/api/system-current.txt

+1 −0

Original line number	Diff line number	Diff line
		@@ -129,6 +129,7 @@ package android {
		field public static final String DISABLE_SYSTEM_SOUND_EFFECTS = "android.permission.DISABLE_SYSTEM_SOUND_EFFECTS";
		field public static final String DISPATCH_PROVISIONING_MESSAGE = "android.permission.DISPATCH_PROVISIONING_MESSAGE";
		field public static final String DOMAIN_VERIFICATION_AGENT = "android.permission.DOMAIN_VERIFICATION_AGENT";
		field @FlaggedApi("com.android.window.flags.untrusted_embedding_any_app_permission") public static final String EMBED_ANY_APP_IN_UNTRUSTED_MODE = "android.permission.EMBED_ANY_APP_IN_UNTRUSTED_MODE";
		field @FlaggedApi("android.content.pm.emergency_install_permission") public static final String EMERGENCY_INSTALL_PACKAGES = "android.permission.EMERGENCY_INSTALL_PACKAGES";
		field public static final String ENTER_CAR_MODE_PRIORITIZED = "android.permission.ENTER_CAR_MODE_PRIORITIZED";
		field public static final String EXEMPT_FROM_AUDIO_RECORD_RESTRICTIONS = "android.permission.EXEMPT_FROM_AUDIO_RECORD_RESTRICTIONS";

+8 −0

Original line number	Diff line number	Diff line
		@@ -40,6 +40,14 @@ flag {
		bug: "293654166"
		}

		flag {
		namespace: "windowing_sdk"
		name: "untrusted_embedding_any_app_permission"
		description: "Feature flag to enable the permission to embed any app in untrusted mode."
		bug: "289199433"
		is_fixed_read_only: true
		}

		flag {
		namespace: "windowing_sdk"
		name: "activity_window_info_flag"

+12 −0

Original line number	Diff line number	Diff line
		@@ -3828,6 +3828,18 @@
		<permission android:name="android.permission.ACTIVITY_EMBEDDING"
		android:protectionLevel="signature\|privileged" />

		<!-- Allows an application to embed any other apps in untrusted embedding mode without the need
		for the embedded app to consent.
		<p>For now, this permission is only granted to the Assistant application selected by
		the user.
		{@see https://developer.android.com/guide/topics/large-screens/activity-embedding#trust_model}
		@SystemApi
		@FlaggedApi("com.android.window.flags.untrusted_embedding_any_app_permission")
		@hide
		-->
		<permission android:name="android.permission.EMBED_ANY_APP_IN_UNTRUSTED_MODE"
		android:protectionLevel="internal\|role" />

		<!-- Allows an application to start any activity, regardless of permission
		protection or exported state.
		@hide -->

+3 −0

Original line number	Diff line number	Diff line
		@@ -899,6 +899,9 @@
		<!-- Permission required for Cts test - CtsNotificationTestCases -->
		<uses-permission android:name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" />

		<!-- Permission required for Cts test - CtsWindowManagerJetpackTestCases -->
		<uses-permission android:name="android.permission.EMBED_ANY_APP_IN_UNTRUSTED_MODE" />

		<!-- Permission required for BinaryTransparencyService shell API and host test -->
		<uses-permission android:name="android.permission.GET_BACKGROUND_INSTALLED_PACKAGES" />

+13 −0

Original line number	Diff line number	Diff line
		@@ -16,6 +16,7 @@

		package com.android.server.wm;

		import static android.Manifest.permission.EMBED_ANY_APP_IN_UNTRUSTED_MODE;
		import static android.Manifest.permission.MANAGE_ACTIVITY_TASKS;
		import static android.app.ActivityTaskManager.INVALID_TASK_ID;
		import static android.app.WindowConfiguration.ACTIVITY_TYPE_ASSISTANT;
		@@ -725,6 +726,9 @@ class TaskFragment extends WindowContainer<WindowContainer> {
		// TaskFragment to have bounds outside of the parent bounds.
		return false;
		}
		if (hasEmbedAnyAppInUntrustedModePermission(mTaskFragmentOrganizerUid)) {
		return true;
		}
		return (a.info.flags & FLAG_ALLOW_UNTRUSTED_ACTIVITY_EMBEDDING)
		== FLAG_ALLOW_UNTRUSTED_ACTIVITY_EMBEDDING;
		}
		@@ -795,6 +799,15 @@ class TaskFragment extends WindowContainer<WindowContainer> {
		== PackageManager.PERMISSION_GRANTED;
		}

		/**
		* Checks if a particular app uid has the {@link EMBED_ANY_APP_IN_UNTRUSTED_MODE} permission.
		*/
		private static boolean hasEmbedAnyAppInUntrustedModePermission(int uid) {
		return Flags.untrustedEmbeddingAnyAppPermission()
		&& checkPermission(EMBED_ANY_APP_IN_UNTRUSTED_MODE,
		PermissionChecker.PID_UNKNOWN, uid) == PackageManager.PERMISSION_GRANTED;
		}

		/**
		* Checks if all activities in the task fragment are embedded as fully trusted.
		* @see #isFullyTrustedEmbedding(ActivityRecord, int)