Make RollbackManager @SystemApi.
Require callers hold a new MANAGE_ROLLBACKS permission to interact with
the RollbackManager.
Bug: 112431924
Test: atest RollbackTest, with new test for permissions added,
and with selinux in permissive mode.
Test: atest CtsPermission2TestCases:PermissionPolicyTest
Change-Id: I73f4f3457d85be580670cd69c89066d2cc348186
diff --git a/core/java/android/content/Context.java b/core/java/android/content/Context.java
index 125c4c6..0aa6a8c 100644
--- a/core/java/android/content/Context.java
+++ b/core/java/android/content/Context.java
@@ -4009,9 +4009,9 @@
* with the rollback manager
*
* @see #getSystemService(String)
- * @hide TODO(ruhler): hidden, @TestApi until we decide on public vs. @SystemApi.
+ * @hide
*/
- @TestApi
+ @SystemApi
public static final String ROLLBACK_SERVICE = "rollback";
/**
diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java
index 1e3908c..4d0f4cd 100644
--- a/core/java/android/content/Intent.java
+++ b/core/java/android/content/Intent.java
@@ -27,7 +27,6 @@
import android.annotation.SdkConstant;
import android.annotation.SdkConstant.SdkConstantType;
import android.annotation.SystemApi;
-import android.annotation.TestApi;
import android.annotation.UnsupportedAppUsage;
import android.content.pm.ActivityInfo;
import android.content.pm.ApplicationInfo;
@@ -2268,9 +2267,9 @@
* <p class="note">This is a protected intent that can only be sent
* by the system.
*
- * @hide TODO: hidden, @TestApi until we decide on public vs. @SystemApi.
+ * @hide
*/
- @TestApi
+ @SystemApi
@SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
public static final String ACTION_PACKAGE_ROLLBACK_EXECUTED =
"android.intent.action.PACKAGE_ROLLBACK_EXECUTED";
diff --git a/core/java/android/content/pm/PackageInstaller.java b/core/java/android/content/pm/PackageInstaller.java
index a2fd83f..94b7c45 100644
--- a/core/java/android/content/pm/PackageInstaller.java
+++ b/core/java/android/content/pm/PackageInstaller.java
@@ -24,7 +24,6 @@
import android.annotation.SdkConstant;
import android.annotation.SdkConstant.SdkConstantType;
import android.annotation.SystemApi;
-import android.annotation.TestApi;
import android.annotation.UnsupportedAppUsage;
import android.app.ActivityManager;
import android.app.AppGlobals;
@@ -1428,9 +1427,9 @@
/**
* Request that rollbacks be enabled for the given upgrade.
- * @hide TODO: hidden, @TestApi until we decide on public vs. @SystemApi.
+ * @hide
*/
- @TestApi
+ @SystemApi
public void setEnableRollback() {
installFlags |= PackageManager.INSTALL_ENABLE_ROLLBACK;
}
diff --git a/core/java/android/content/rollback/PackageRollbackInfo.java b/core/java/android/content/rollback/PackageRollbackInfo.java
index 0c05765..2040024 100644
--- a/core/java/android/content/rollback/PackageRollbackInfo.java
+++ b/core/java/android/content/rollback/PackageRollbackInfo.java
@@ -16,7 +16,7 @@
package android.content.rollback;
-import android.annotation.TestApi;
+import android.annotation.SystemApi;
import android.os.Parcel;
import android.os.Parcelable;
@@ -25,9 +25,9 @@
/**
* Information about a rollback available for a particular package.
*
- * @hide TODO: hidden, @TestApi until we decide on public vs. @SystemApi.
+ * @hide
*/
-@TestApi
+@SystemApi
public final class PackageRollbackInfo implements Parcelable {
/**
* The name of a package being rolled back.
diff --git a/core/java/android/content/rollback/RollbackInfo.java b/core/java/android/content/rollback/RollbackInfo.java
index 5fa4e57..66df4fe 100644
--- a/core/java/android/content/rollback/RollbackInfo.java
+++ b/core/java/android/content/rollback/RollbackInfo.java
@@ -16,7 +16,7 @@
package android.content.rollback;
-import android.annotation.TestApi;
+import android.annotation.SystemApi;
import android.os.Parcel;
import android.os.Parcelable;
@@ -24,9 +24,9 @@
* Information about a set of packages that can be, or already have been
* rolled back together.
*
- * @hide TODO: hidden, @TestApi until we decide on public vs. @SystemApi.
+ * @hide
*/
-@TestApi
+@SystemApi
public final class RollbackInfo implements Parcelable {
/**
@@ -39,6 +39,7 @@
// TODO: Add a flag to indicate if reboot is required, when rollback of
// staged installs is supported.
+ /** @hide */
public RollbackInfo(PackageRollbackInfo targetPackage) {
this.targetPackage = targetPackage;
}
diff --git a/core/java/android/content/rollback/RollbackManager.java b/core/java/android/content/rollback/RollbackManager.java
index 294151a..c1c0bc1 100644
--- a/core/java/android/content/rollback/RollbackManager.java
+++ b/core/java/android/content/rollback/RollbackManager.java
@@ -18,8 +18,9 @@
import android.annotation.NonNull;
import android.annotation.Nullable;
+import android.annotation.RequiresPermission;
+import android.annotation.SystemApi;
import android.annotation.SystemService;
-import android.annotation.TestApi;
import android.content.Context;
import android.content.IntentSender;
import android.os.RemoteException;
@@ -33,12 +34,10 @@
* used to initiate rollback of those packages for a limited time period after
* upgrade.
*
- * TODO: Require an appropriate permission for apps to use these APIs.
- *
* @see PackageInstaller.SessionParams#setEnableRollback()
- * @hide TODO: hidden, @TestApi until we decide on public vs. @SystemApi.
+ * @hide
*/
-@TestApi
+@SystemApi
@SystemService(Context.ROLLBACK_SERVICE)
public final class RollbackManager {
private final String mCallerPackageName;
@@ -63,7 +62,10 @@
* @param packageName name of the package to get the availble RollbackInfo for.
* @return the rollback available for the package, or null if no rollback
* is available for the package.
+ * @throws SecurityException if the caller does not have the
+ * MANAGE_ROLLBACKS permission.
*/
+ @RequiresPermission(android.Manifest.permission.MANAGE_ROLLBACKS)
public @Nullable RollbackInfo getAvailableRollback(@NonNull String packageName) {
try {
return mBinder.getAvailableRollback(packageName);
@@ -78,7 +80,10 @@
* about the rollback available for a particular package.
*
* @return the names of packages that are available for rollback.
+ * @throws SecurityException if the caller does not have the
+ * MANAGE_ROLLBACKS permission.
*/
+ @RequiresPermission(android.Manifest.permission.MANAGE_ROLLBACKS)
public @NonNull List<String> getPackagesWithAvailableRollbacks() {
try {
return mBinder.getPackagesWithAvailableRollbacks().getList();
@@ -103,7 +108,10 @@
* rolled back from.
*
* @return the recently executed rollbacks
+ * @throws SecurityException if the caller does not have the
+ * MANAGE_ROLLBACKS permission.
*/
+ @RequiresPermission(android.Manifest.permission.MANAGE_ROLLBACKS)
public @NonNull List<RollbackInfo> getRecentlyExecutedRollbacks() {
try {
return mBinder.getRecentlyExecutedRollbacks().getList();
@@ -127,7 +135,10 @@
*
* @param rollback to execute
* @param statusReceiver where to deliver the results
+ * @throws SecurityException if the caller does not have the
+ * MANAGE_ROLLBACKS permission.
*/
+ @RequiresPermission(android.Manifest.permission.MANAGE_ROLLBACKS)
public void executeRollback(@NonNull RollbackInfo rollback,
@NonNull IntentSender statusReceiver) {
try {
@@ -143,9 +154,10 @@
* across device reboot, by simulating what happens on reboot without
* actually rebooting the device.
*
- * @hide
+ * @throws SecurityException if the caller does not have the
+ * MANAGE_ROLLBACKS permission.
*/
- @TestApi
+ @RequiresPermission(android.Manifest.permission.MANAGE_ROLLBACKS)
public void reloadPersistedData() {
try {
mBinder.reloadPersistedData();
@@ -160,10 +172,10 @@
* expiring rollback data.
*
* @param packageName the name of the package to expire data for.
- *
- * @hide
+ * @throws SecurityException if the caller does not have the
+ * MANAGE_ROLLBACKS permission.
*/
- @TestApi
+ @RequiresPermission(android.Manifest.permission.MANAGE_ROLLBACKS)
public void expireRollbackForPackage(@NonNull String packageName) {
try {
mBinder.expireRollbackForPackage(packageName);
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index b16c16d..be37ca9 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -3854,6 +3854,10 @@
<permission android:name="android.permission.PACKAGE_ROLLBACK_AGENT"
android:protectionLevel="signature" />
+ <!-- @SystemApi @hide Allows managing apk level rollbacks. -->
+ <permission android:name="android.permission.MANAGE_ROLLBACKS"
+ android:protectionLevel="signature|installer" />
+
<!-- @SystemApi @hide Allows an application to mark other applications as harmful -->
<permission android:name="android.permission.SET_HARMFUL_APP_WARNINGS"
android:protectionLevel="signature|verifier" />