Merge "Add security state API." into main

    field public static final String RESTRICTIONS_SERVICE = "restrictions";

    field public static final String ROLE_SERVICE = "role";

    field public static final String SEARCH_SERVICE = "search";

    field @FlaggedApi("android.os.security_state_service") public static final String SECURITY_STATE_SERVICE = "security_state";

    field public static final String SENSOR_SERVICE = "sensor";

    field public static final String SHORTCUT_SERVICE = "shortcut";

    field public static final String STATUS_BAR_SERVICE = "statusbar";

    field @NonNull public static final android.os.Parcelable.Creator<android.os.ResultReceiver> CREATOR;

  }

  @FlaggedApi("android.os.security_state_service") public class SecurityStateManager {

    method @FlaggedApi("android.os.security_state_service") @NonNull public android.os.Bundle getGlobalSecurityState();

    field public static final String KEY_KERNEL_VERSION = "kernel_version";

    field public static final String KEY_SYSTEM_SPL = "system_spl";

    field public static final String KEY_VENDOR_SPL = "vendor_spl";

  }

  public final class SharedMemory implements java.io.Closeable android.os.Parcelable {

    method public void close();

    method @NonNull public static android.os.SharedMemory create(@Nullable String, int) throws android.system.ErrnoException;

import android.os.IPowerManager;

import android.os.IPowerStatsService;

import android.os.IRecoverySystem;

import android.os.ISecurityStateManager;

import android.os.ISystemUpdateManager;

import android.os.IThermalService;

import android.os.IUserManager;

import android.os.PermissionEnforcer;

import android.os.PowerManager;

import android.os.RecoverySystem;

import android.os.SecurityStateManager;

import android.os.ServiceManager;

import android.os.ServiceManager.ServiceNotFoundException;

import android.os.StatsFrameworkInitializer;

                        ctx.mMainThread.getHandler());

            }});

        registerService(Context.SECURITY_STATE_SERVICE, SecurityStateManager.class,

                new CachedServiceFetcher<SecurityStateManager>() {

                    @Override

                    public SecurityStateManager createService(ContextImpl ctx)

                            throws ServiceNotFoundException {

                        IBinder b = ServiceManager.getServiceOrThrow(

                                Context.SECURITY_STATE_SERVICE);

                        ISecurityStateManager service = ISecurityStateManager.Stub.asInterface(b);

                        return new SecurityStateManager(service);

                    }});

        registerService(Context.SENSOR_SERVICE, SensorManager.class,

                new CachedServiceFetcher<SensorManager>() {

            @Override

import android.os.Build;

import android.os.Bundle;

import android.os.Environment;

import android.os.Flags;

import android.os.Handler;

import android.os.HandlerExecutor;

import android.os.IBinder;

            DEVICE_LOCK_SERVICE,

            VIRTUALIZATION_SERVICE,

            GRAMMATICAL_INFLECTION_SERVICE,

            SECURITY_STATE_SERVICE,

    })

    @Retention(RetentionPolicy.SOURCE)

    @SystemApi

    public static final String SHARED_CONNECTIVITY_SERVICE = "shared_connectivity";

    /**

     * Use with {@link #getSystemService(String)} to retrieve a

     * {@link android.os.SecurityStateManager} for accessing the security state manager service.

     *

     * @see #getSystemService(String)

     * @see android.os.SecurityStateManager

     */

    @FlaggedApi(Flags.FLAG_SECURITY_STATE_SERVICE)

    public static final String SECURITY_STATE_SERVICE = "security_state";

    /**

     * Determine whether the given permission is allowed for a particular

     * process and user ID running in the system.

/* //device/java/android/android/os/ISecurityStateManager.aidl

**

** Copyright 2023, The Android Open Source Project

**

** Licensed under the Apache License, Version 2.0 (the "License");

** you may not use this file except in compliance with the License.

** You may obtain a copy of the License at

**

**     http://www.apache.org/licenses/LICENSE-2.0

**

** Unless required by applicable law or agreed to in writing, software

** distributed under the License is distributed on an "AS IS" BASIS,

** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

** See the License for the specific language governing permissions and

** limitations under the License.

*/

package android.os;

import android.os.Bundle;

import android.os.PersistableBundle;

/** @hide */

interface ISecurityStateManager {

    Bundle getGlobalSecurityState();

}

/*

 * Copyright (C) 2023 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.os;

import static java.util.Objects.requireNonNull;

import android.annotation.FlaggedApi;

import android.annotation.NonNull;

import android.annotation.SystemService;

import android.content.Context;

/**

 * SecurityStateManager provides the functionality to query the security status of the system and

 * platform components. For example, this includes the system and vendor security patch level.

 */

@FlaggedApi(Flags.FLAG_SECURITY_STATE_SERVICE)

@SystemService(Context.SECURITY_STATE_SERVICE)

public class SecurityStateManager {

    /**

     * The system SPL key returned as part of the {@code Bundle} from

     * {@code getGlobalSecurityState}.

     */

    public static final String KEY_SYSTEM_SPL = "system_spl";

    /**

     * The vendor SPL key returned as part of the {@code Bundle} from

     * {@code getGlobalSecurityState}.

     */

    public static final String KEY_VENDOR_SPL = "vendor_spl";

    /**

     * The kernel version key returned as part of the {@code Bundle} from

     * {@code getGlobalSecurityState}.

     */

    public static final String KEY_KERNEL_VERSION = "kernel_version";

    private final ISecurityStateManager mService;

    /**

     * @hide

     */

    public SecurityStateManager(ISecurityStateManager service) {

        mService = requireNonNull(service, "missing ISecurityStateManager");

    }

    /**

     * Returns the current global security state. Each key-value pair is a mapping of a component

     * of the global security state to its current version/SPL (security patch level). For example,

     * the {@code KEY_SYSTEM_SPL} key will map to the SPL of the system as defined in

     * {@link android.os.Build.VERSION}. The bundle will also include mappings from WebView packages

     * and packages listed under config {@code config_securityStatePackages} to their respective

     * versions as defined in {@link android.content.pm.PackageInfo#versionName}.

     *

     * @return A {@code Bundle} that contains the global security state information as

     * string-to-string key-value pairs.

     */

    @FlaggedApi(Flags.FLAG_SECURITY_STATE_SERVICE)

    @NonNull

    public Bundle getGlobalSecurityState() {

        try {

            return mService.getGlobalSecurityState();

        } catch (RemoteException re) {

            throw re.rethrowFromSystemServer();

        }

    }

}