Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dab68dcd authored by Joanne's avatar Joanne
Browse files

Define a new permission to guard role-based application executing action 

The system would like to enable Assistant to perform actions on
behalf of users inside of applications. We introduce a permission
that will be automatically granted to the assistant role. The
application exposes some services that allow only the assistant to
use the service, so application can use this permission to check the
caller that calls app’s service is the Assistant

Bug: 264324827
Test: atest PermissionPolicyTest#platformPermissionPolicyIsUnaltered
Change-Id: Ib0ad7a865e2bd89a32b4b2df955baeea293ff7dc
parent 8b0fad3c

core/api/current.txt

+1 −0
Original line number Diff line number Diff line
@@ -89,6 +89,7 @@ package android { 
    field public static final String DISABLE_KEYGUARD = "android.permission.DISABLE_KEYGUARD";

    field public static final String DUMP = "android.permission.DUMP";

    field public static final String ENFORCE_UPDATE_OWNERSHIP = "android.permission.ENFORCE_UPDATE_OWNERSHIP";

    field public static final String EXECUTE_APP_ACTION = "android.permission.EXECUTE_APP_ACTION";

    field public static final String EXPAND_STATUS_BAR = "android.permission.EXPAND_STATUS_BAR";

    field public static final String FACTORY_TEST = "android.permission.FACTORY_TEST";

    field public static final String FOREGROUND_SERVICE = "android.permission.FOREGROUND_SERVICE";

core/res/AndroidManifest.xml

+9 −0
Original line number Diff line number Diff line
@@ -6862,6 +6862,15 @@ 
    <permission android:name="android.permission.READ_HOME_APP_SEARCH_DATA"

        android:protectionLevel="internal|role" />



    <!-- Allows an assistive application to perform actions on behalf of users inside of

         applications.

         <p>For now, this permission is only granted to system applications fulfilling the

         ASSISTANT role.

         <p>Protection level: internal|role

    -->

    <permission android:name="android.permission.EXECUTE_APP_ACTION"

                android:protectionLevel="internal|role" />



    <!-- @SystemApi Allows an application to create virtual devices in VirtualDeviceManager.

         @hide -->

    <permission android:name="android.permission.CREATE_VIRTUAL_DEVICE"