Add RoleManager into the system.
A role is a unique name within the system associated with certain
privileges. There can be multiple applications qualifying for a role,
but only a subset of them can become role holders. To qualify for a
role, an application must meet certain requirements, including
defining certain components in its manifest. Then the application will
need user consent to become the role holder.
Upon becoming a role holder, the application may be granted certain
privileges that are role specific. When an application loses its role,
these privileges will also be revoked.
Bug: 110557011
Test: build
Change-Id: Icd453a3b032857a8fd157048de8b9609f04e28b8
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 401ffa3..a3a2ad3 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2917,6 +2917,12 @@
<permission android:name="android.permission.BIND_COMPANION_DEVICE_MANAGER_SERVICE"
android:protectionLevel="signature" />
+ <!-- Must be required by the RoleControllerService to ensure that only the system can bind to
+ it.
+ @hide -->
+ <permission android:name="android.permission.BIND_ROLE_CONTROLLER_SERVICE"
+ android:protectionLevel="signature" />
+
<!-- @SystemApi Must be required by the RuntimePermissionPresenterService to ensure
that only the system can bind to it.
@hide -->
@@ -3251,6 +3257,11 @@
<permission android:name="android.permission.OBSERVE_GRANT_REVOKE_PERMISSIONS"
android:protectionLevel="signature|privileged" />
+ <!-- @SystemApi Allows an application to manage the holders of a role.
+ @hide -->
+ <permission android:name="android.permission.MANAGE_ROLE_HOLDERS"
+ android:protectionLevel="signature|installer" />
+
<!-- @SystemApi Allows an application to use SurfaceFlinger's low level features.
<p>Not for use by third-party applications.
@hide