Change Permission Group methods to be callback, gate behind perm (7590ff96) · Commits · e / os / android_frameworks_base

core/api/system-current.txt

+4 −2

Original line number	Diff line number	Diff line
		@@ -105,6 +105,7 @@ package android {
		field public static final String GET_APP_OPS_STATS = "android.permission.GET_APP_OPS_STATS";
		field public static final String GET_PROCESS_STATE_AND_OOM_SCORE = "android.permission.GET_PROCESS_STATE_AND_OOM_SCORE";
		field public static final String GET_RUNTIME_PERMISSIONS = "android.permission.GET_RUNTIME_PERMISSIONS";
		field public static final String GET_RUNTIME_PERMISSION_GROUP_MAPPING = "android.permission.GET_RUNTIME_PERMISSION_GROUP_MAPPING";
		field public static final String GET_TOP_ACTIVITY_INFO = "android.permission.GET_TOP_ACTIVITY_INFO";
		field @Deprecated public static final String GRANT_PROFILE_OWNER_DEVICE_IDS_ACCESS = "android.permission.GRANT_PROFILE_OWNER_DEVICE_IDS_ACCESS";
		field public static final String GRANT_RUNTIME_PERMISSIONS = "android.permission.GRANT_RUNTIME_PERMISSIONS";
		@@ -2309,6 +2310,7 @@ package android.content {
		field public static final String NETD_SERVICE = "netd";
		field public static final String NETWORK_SCORE_SERVICE = "network_score";
		field public static final String OEM_LOCK_SERVICE = "oem_lock";
		field public static final String PERMISSION_CONTROLLER_SERVICE = "permission_controller";
		field public static final String PERMISSION_SERVICE = "permission";
		field public static final String PERSISTENT_DATA_BLOCK_SERVICE = "persistent_data_block";
		field public static final String REBOOT_READINESS_SERVICE = "reboot_readiness";
		@@ -8802,8 +8804,8 @@ package android.permission {

		public final class PermissionControllerManager {
		method @RequiresPermission(anyOf={android.Manifest.permission.GRANT_RUNTIME_PERMISSIONS, android.Manifest.permission.RESTORE_RUNTIME_PERMISSIONS}) public void applyStagedRuntimePermissionBackup(@NonNull String, @NonNull android.os.UserHandle, @NonNull java.util.concurrent.Executor, @NonNull java.util.function.Consumer<java.lang.Boolean>);
		method @Nullable public String getGroupOfPlatformPermission(@NonNull String);
		method @NonNull public java.util.Set<java.lang.String> getPlatformPermissionsForGroup(@NonNull String);
		method @RequiresPermission(android.Manifest.permission.GET_RUNTIME_PERMISSION_GROUP_MAPPING) public void getGroupOfPlatformPermission(@NonNull String, @NonNull java.util.function.Consumer<java.lang.String>);
		method @RequiresPermission(android.Manifest.permission.GET_RUNTIME_PERMISSION_GROUP_MAPPING) public void getPlatformPermissionsForGroup(@NonNull String, @NonNull java.util.function.Consumer<java.util.List<java.lang.String>>);
		method @RequiresPermission(android.Manifest.permission.GET_RUNTIME_PERMISSIONS) public void getRuntimePermissionBackup(@NonNull android.os.UserHandle, @NonNull java.util.concurrent.Executor, @NonNull java.util.function.Consumer<byte[]>);
		method @RequiresPermission(android.Manifest.permission.REVOKE_RUNTIME_PERMISSIONS) public void revokeRuntimePermissions(@NonNull java.util.Map<java.lang.String,java.util.List<java.lang.String>>, boolean, int, @NonNull java.util.concurrent.Executor, @NonNull android.permission.PermissionControllerManager.OnRevokeRuntimePermissionsCallback);
		method @RequiresPermission(anyOf={android.Manifest.permission.GRANT_RUNTIME_PERMISSIONS, android.Manifest.permission.RESTORE_RUNTIME_PERMISSIONS}) public void stageAndApplyRuntimePermissionsBackup(@NonNull byte[], @NonNull android.os.UserHandle);

core/java/android/content/Context.java

+1 −0

Original line number	Diff line number	Diff line
		@@ -4814,6 +4814,7 @@ public abstract class Context {
		* @see #getSystemService(String)
		* @hide
		*/
		@SystemApi
		public static final String PERMISSION_CONTROLLER_SERVICE = "permission_controller";

		/**

core/java/android/permission/PermissionControllerManager.java

+43 −32

Original line number	Diff line number	Diff line
		@@ -45,7 +45,6 @@ import android.os.Handler;
		import android.os.Process;
		import android.os.UserHandle;
		import android.util.ArrayMap;
		import android.util.ArraySet;
		import android.util.Log;
		import android.util.Pair;

		@@ -67,7 +66,6 @@ import java.util.Collections;
		import java.util.List;
		import java.util.Map;
		import java.util.Objects;
		import java.util.Set;
		import java.util.concurrent.Executor;
		import java.util.concurrent.TimeUnit;
		import java.util.function.Consumer;
		@@ -724,44 +722,57 @@ public final class PermissionControllerManager {
		}

		/**
		* Get the platform permissions which belong to a particular permission group
		* Get the platform permissions which belong to a particular permission group.
		*
		* @param permissionGroupName The permission group whose permissions are desired
		* @return A list of the platform permissions in the group, or empty if the group is not a valid
		* platform group.
		* @param callback A callback which will receive a list of the platform permissions in the
		* group, or empty if the group is not a valid platform group, or there
		* was an exception.
		*/
		public @NonNull Set<String> getPlatformPermissionsForGroup(
		@NonNull String permissionGroupName) {
		try {
		return new ArraySet<>(mRemoteService.postAsync(service -> {
		@RequiresPermission(Manifest.permission.GET_RUNTIME_PERMISSION_GROUP_MAPPING)
		public void getPlatformPermissionsForGroup(@NonNull String permissionGroupName,
		@NonNull Consumer<List<String>> callback) {
		enforceSomePermissionsGrantedToSelf(
		Manifest.permission.GET_RUNTIME_PERMISSION_GROUP_MAPPING);
		mRemoteService.postAsync(service -> {
		AndroidFuture<List<String>> future = new AndroidFuture<>();
		service.getPlatformPermissionsForGroup(permissionGroupName, future);
		return future;
		}).get(REQUEST_TIMEOUT_MILLIS, TimeUnit.MILLISECONDS));
		} catch (Exception e) {
		Log.e(TAG, "Failed to get permissions of " + permissionGroupName, e);
		return null;
		}).whenComplete((result, err) -> {
		if (err != null) {
		Log.e(TAG, "Failed to get permissions of " + permissionGroupName, err);
		callback.accept(new ArrayList<>());
		} else {
		callback.accept(result);
		}
		});
		}

		/**
		* Get the platform group of a particular permission, if the permission is a platform permission
		* Get the platform group of a particular permission, if the permission is a platform
		* permission.
		*
		* @param permissionName The permission name whose group is desired
		* @return The name of the permission group this permission belongs to, or null if it has no
		* group, or is not a platform permission
		* @param callback A callback which will receive the name of the permission group this
		* permission belongs to, or null if it has no group, is not a platform
		* permission, or there was an exception.
		*/
		public @Nullable String getGroupOfPlatformPermission(
		@NonNull String permissionName) {
		try {
		return mRemoteService.postAsync(service -> {
		@RequiresPermission(Manifest.permission.GET_RUNTIME_PERMISSION_GROUP_MAPPING)
		public void getGroupOfPlatformPermission(@NonNull String permissionName,
		@NonNull Consumer<String> callback) {
		enforceSomePermissionsGrantedToSelf(
		Manifest.permission.GET_RUNTIME_PERMISSION_GROUP_MAPPING);
		mRemoteService.postAsync(service -> {
		AndroidFuture<String> future = new AndroidFuture<>();
		service.getGroupOfPlatformPermission(permissionName, future);
		return future;
		}).get(REQUEST_TIMEOUT_MILLIS, TimeUnit.MILLISECONDS);
		} catch (Exception e) {
		Log.e(TAG, "Failed to get group of " + permissionName, e);
		return null;
		}).whenComplete((result, err) -> {
		if (err != null) {
		Log.e(TAG, "Failed to get group of " + permissionName, err);
		callback.accept(null);
		} else {
		callback.accept(result);
		}
		});
		}
		}

core/res/AndroidManifest.xml

+5 −0

Original line number	Diff line number	Diff line
		@@ -4205,6 +4205,11 @@
		<permission android:name="android.permission.GET_RUNTIME_PERMISSIONS"
		android:protectionLevel="signature" />

		<!-- @SystemApi Allows the system to read the mapping between permission and permission group.
		@hide -->
		<permission android:name="android.permission.GET_RUNTIME_PERMISSION_GROUP_MAPPING"
		android:protectionLevel="signature\|privileged" />

		<!-- @SystemApi Allows the system to restore runtime permission state. This might grant
		permissions, hence this is a more scoped, less powerful variant of GRANT_RUNTIME_PERMISSIONS.
		Among other restrictions this cannot override user choices.

data/etc/privapp-permissions-platform.xml

+1 −0

Original line number	Diff line number	Diff line
		@@ -153,6 +153,7 @@ applications that come with the platform
		<permission name="android.permission.PACKAGE_USAGE_STATS" />
		<permission name="android.permission.CHANGE_COMPONENT_ENABLED_STATE" />
		<permission name="android.permission.MODIFY_AUDIO_ROUTING" />
		<permission name="android.permission.GET_RUNTIME_PERMISSION_GROUP_MAPPING" />

		<!-- For permission hub 2 debugging only -->
		<permission name="android.permission.GET_ACCOUNTS_PRIVILEGED"/>