Merge "Suppress PermissionUsageV2FragmentTest on R." into sc-dev am: 88169051f2 am: d6b78a467d
Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Permission/+/15236943
Change-Id: I9b94e618bf443cd39c5be13c7bf3dd51519ac7a0
diff --git a/PermissionController/res/values-fr-rCA/strings.xml b/PermissionController/res/values-fr-rCA/strings.xml
index e05f384..23afc2e 100644
--- a/PermissionController/res/values-fr-rCA/strings.xml
+++ b/PermissionController/res/values-fr-rCA/strings.xml
@@ -65,8 +65,8 @@
</plurals>
<string name="old_sdk_deny_warning" msgid="2382236998845153919">"Cette application a été conçue pour une version antérieure d\'Android. Si vous n\'accordez pas l\'autorisation, il se peut qu\'elle ne fonctionne plus correctement."</string>
<string name="default_permission_description" msgid="4624464917726285203">"effectuer une action inconnue"</string>
- <string name="app_permissions_group_summary" msgid="8788419008958284002">"<xliff:g id="COUNT_0">%1$d</xliff:g> application(s) autorisée(s) sur <xliff:g id="COUNT_1">%2$d</xliff:g>"</string>
- <string name="app_permissions_group_summary2" msgid="4329922444840521150">"<xliff:g id="COUNT_0">%1$d</xliff:g> application(s) autorisée(s) sur <xliff:g id="COUNT_1">%2$d</xliff:g>"</string>
+ <string name="app_permissions_group_summary" msgid="8788419008958284002">"<xliff:g id="COUNT_0">%1$d</xliff:g> application autorisée sur <xliff:g id="COUNT_1">%2$d</xliff:g>"</string>
+ <string name="app_permissions_group_summary2" msgid="4329922444840521150">"<xliff:g id="COUNT_0">%1$d</xliff:g> applications autorisées sur <xliff:g id="COUNT_1">%2$d</xliff:g>"</string>
<string name="menu_show_system" msgid="4254021607027872504">"Afficher le système"</string>
<string name="menu_hide_system" msgid="3855390843744028465">"Masquer le système"</string>
<string name="manage_permission" msgid="2895385393037061964">"Gérer les autorisations"</string>
diff --git a/PermissionController/res/values-nl/strings.xml b/PermissionController/res/values-nl/strings.xml
index 018a17d..59fdc09 100644
--- a/PermissionController/res/values-nl/strings.xml
+++ b/PermissionController/res/values-nl/strings.xml
@@ -240,7 +240,7 @@
<string name="last_opened_summary_short" msgid="1646067226191176825">"Laatst geopend op <xliff:g id="DATE">%s</xliff:g>"</string>
<string name="app_permission_footer_special_file_access" msgid="1884202176147657788">"Als je het beheer van alle bestanden toestaat, kan deze app alle bestanden in de algemene opslag van dit apparaat of gekoppelde opslagapparaten openen, bewerken en verwijderen. De app kan toegang tot bestanden krijgen zonder je dat te vragen."</string>
<string name="special_file_access_dialog" msgid="583804114020740610">"Toestaan dat deze app bestanden op het apparaat of gekoppelde opslagapparaten kan openen, aanpassen of verwijderen? Deze app kan toegang tot bestanden krijgen zonder dat aan je te vragen."</string>
- <string name="permission_description_summary_generic" msgid="5401399408814903391">"Apps met dit recht kunnen/hebben <xliff:g id="DESCRIPTION">%1$s</xliff:g>"</string>
+ <string name="permission_description_summary_generic" msgid="5401399408814903391">"Apps met dit recht kunnen <xliff:g id="DESCRIPTION">%1$s</xliff:g>"</string>
<string name="permission_description_summary_activity_recognition" msgid="2652850576497070146">"Apps met dit recht hebben toegang tot je fysieke activiteit, zoals wandelen, fietsen, autorijden, aantal stappen en meer"</string>
<string name="permission_description_summary_calendar" msgid="103329982944411010">"Apps met dit recht hebben toegang tot je agenda"</string>
<string name="permission_description_summary_call_log" msgid="7321437186317577624">"Apps met dit recht kunnen de gesprekslijst van je telefoon lezen en erin schrijven"</string>
diff --git a/PermissionController/res/values-pl/strings.xml b/PermissionController/res/values-pl/strings.xml
index 6fe040e..3feb855 100644
--- a/PermissionController/res/values-pl/strings.xml
+++ b/PermissionController/res/values-pl/strings.xml
@@ -225,7 +225,7 @@
<string name="app_permission_usage_title" msgid="6676802437831981822">"Użycie uprawnień aplikacji"</string>
<string name="app_permission_usage_summary" msgid="390383661936709672">"Dostęp: <xliff:g id="NUM">%1$s</xliff:g> razy. Całkowity czas trwania: <xliff:g id="DURATION">%2$s</xliff:g>. Ostatnio użyto <xliff:g id="TIME">%3$s</xliff:g> temu."</string>
<string name="app_permission_usage_summary_no_duration" msgid="3698475875179457400">"Dostęp: <xliff:g id="NUM">%1$s</xliff:g> razy. Ostatnio użyto <xliff:g id="TIME">%2$s</xliff:g> temu."</string>
- <string name="app_permission_button_allow" msgid="5808039516494774647">"Zezwalaj"</string>
+ <string name="app_permission_button_allow" msgid="5808039516494774647">"Zezwól"</string>
<string name="app_permission_button_allow_all_files" msgid="1792232272599018825">"Pozwól zarządzać wszystkimi plikami"</string>
<string name="app_permission_button_allow_media_only" msgid="2834282724426046154">"Pozwól na dostęp tylko do multimediów"</string>
<string name="app_permission_button_allow_always" msgid="4573292371734011171">"Zawsze zezwalaj"</string>
diff --git a/PermissionController/res/xml/roles.xml b/PermissionController/res/xml/roles.xml
index 5019e06..b46d5b0 100644
--- a/PermissionController/res/xml/roles.xml
+++ b/PermissionController/res/xml/roles.xml
@@ -882,6 +882,39 @@
</role>
<!---
+ ~ A role for the system package that is allowed to manage documents (e.g., attach files etc.)
+ ~ on the device.
+ ~ A package holding this role must comply with the requirements outlined in the Android CDD
+ ~ section "2.2.3. Software" under heading "3.2.3.1/H-0-1".
+ ~ Example link for Android 11:
+ ~ https://source.android.com/compatibility/11/android-11-cdd#2_2_3_software
+ -->
+ <role
+ name="android.app.role.SYSTEM_DOCUMENT_MANAGER"
+ behavior="DocumentManagerRoleBehavior"
+ exclusive="true"
+ minSdkVersion="33"
+ static="true"
+ systemOnly="true"
+ visible="false">
+ <required-components>
+ <!--- Flag value is MATCH_DISABLED_COMPONENTS-->
+ <activity queryFlags="0x00000200">
+ <intent-filter>
+ <action name="android.intent.action.OPEN_DOCUMENT" />
+ <category name="android.intent.category.OPENABLE" />
+ <data mimeType="*/*" />
+ </intent-filter>
+ </activity>
+ </required-components>
+ <permissions>
+ <permission name="android.permission.MANAGE_DOCUMENTS" />
+ <permission name="android.permission.CACHE_CONTENT" />
+ <permission name="android.permission.REMOVE_TASKS" />
+ </permissions>
+ </role>
+
+ <!---
~ A role for the system package that serves as the activity recognizer on the device.
~ This is the application that provides the data behind the activity recognition
~ runtime permission.
diff --git a/PermissionController/src/com/android/permissioncontroller/role/model/AppOpPermissions.java b/PermissionController/src/com/android/permissioncontroller/role/model/AppOpPermissions.java
index 1e0e3d0..d61c13a 100644
--- a/PermissionController/src/com/android/permissioncontroller/role/model/AppOpPermissions.java
+++ b/PermissionController/src/com/android/permissioncontroller/role/model/AppOpPermissions.java
@@ -54,7 +54,11 @@
return false;
}
String appOp = AppOpsManager.permissionToOp(appOpPermission);
- return setAppOpMode(packageName, appOp, AppOpsManager.MODE_ALLOWED, context);
+ boolean changed = setAppOpMode(packageName, appOp, AppOpsManager.MODE_ALLOWED, context);
+ if (changed) {
+ Permissions.setPermissionGrantedByRole(packageName, appOpPermission, true, context);
+ }
+ return changed;
}
/**
@@ -68,9 +72,14 @@
*/
public static boolean revoke(@NonNull String packageName, @NonNull String appOpPermission,
@NonNull Context context) {
+ if (!Permissions.isPermissionGrantedByRole(packageName, appOpPermission, context)) {
+ return false;
+ }
String appOp = AppOpsManager.permissionToOp(appOpPermission);
int defaultMode = Permissions.getDefaultAppOpMode(appOp);
- return setAppOpMode(packageName, appOp, defaultMode, context);
+ boolean changed = setAppOpMode(packageName, appOp, defaultMode, context);
+ Permissions.setPermissionGrantedByRole(packageName, appOpPermission, false, context);
+ return changed;
}
private static boolean setAppOpMode(@NonNull String packageName, @NonNull String appOp,
diff --git a/PermissionController/src/com/android/permissioncontroller/role/model/DocumentManagerRoleBehavior.java b/PermissionController/src/com/android/permissioncontroller/role/model/DocumentManagerRoleBehavior.java
new file mode 100644
index 0000000..ce307fd
--- /dev/null
+++ b/PermissionController/src/com/android/permissioncontroller/role/model/DocumentManagerRoleBehavior.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.permissioncontroller.role.model;
+
+import android.content.Context;
+import android.os.Process;
+import android.util.Log;
+
+import androidx.annotation.NonNull;
+
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * Class for behavior of the Document Manager role.
+ */
+public class DocumentManagerRoleBehavior implements RoleBehavior {
+ private static final String TAG = "DocumentManagerRoleBehavior";
+
+ @NonNull
+ @Override
+ public List<String> getDefaultHolders(@NonNull Role role, @NonNull Context context) {
+ List<String> qualifyingPackageNames = role.getQualifyingPackagesAsUser(
+ Process.myUserHandle(), context);
+ if (qualifyingPackageNames.size() == 1) {
+ return qualifyingPackageNames;
+ } else {
+ Log.e(TAG, "There should be exactly one documenter; found "
+ + qualifyingPackageNames.size() + ": matches=" + qualifyingPackageNames);
+ return Collections.emptyList();
+ }
+ }
+}
diff --git a/PermissionController/src/com/android/permissioncontroller/role/model/Permissions.java b/PermissionController/src/com/android/permissioncontroller/role/model/Permissions.java
index dee675b..e01ba52 100644
--- a/PermissionController/src/com/android/permissioncontroller/role/model/Permissions.java
+++ b/PermissionController/src/com/android/permissioncontroller/role/model/Permissions.java
@@ -618,7 +618,7 @@
return (flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0;
}
- private static boolean isPermissionGrantedByRole(@NonNull String packageName,
+ static boolean isPermissionGrantedByRole(@NonNull String packageName,
@NonNull String permission, @NonNull Context context) {
int flags = getPermissionFlags(packageName, permission, context);
return (flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_ROLE) != 0;
@@ -637,6 +637,13 @@
packageManager.updatePermissionFlags(permission, packageName, mask, flags, user);
}
+ static void setPermissionGrantedByRole(@NonNull String packageName,
+ @NonNull String permission, boolean grantedByRole, @NonNull Context context) {
+ setPermissionFlags(packageName, permission,
+ grantedByRole ? PackageManager.FLAG_PERMISSION_GRANTED_BY_ROLE : 0,
+ PackageManager.FLAG_PERMISSION_GRANTED_BY_ROLE, context);
+ }
+
/**
* Most of the time {@link #isPermissionAndAppOpGranted(String, String, Context)} should be used
* instead.
diff --git a/TEST_MAPPING b/TEST_MAPPING
index 6e67ce9..aa594e8 100644
--- a/TEST_MAPPING
+++ b/TEST_MAPPING
@@ -3,5 +3,10 @@
{
"name" : "PermissionApexTests"
}
+ ],
+ "carpermission-presubmit" : [
+ {
+ "name" : "CtsPermission3TestCases"
+ }
]
}