Merge "Added GET_BACKGROUND_INSTALLED_PACKAGES to SYSTEM_APP_PROTECTION_SERVICE role." into main
diff --git a/PermissionController/res/values-hr/strings.xml b/PermissionController/res/values-hr/strings.xml
index d863669..89a3790 100644
--- a/PermissionController/res/values-hr/strings.xml
+++ b/PermissionController/res/values-hr/strings.xml
@@ -405,8 +405,8 @@
<string name="role_notes_search_keywords" msgid="7710756695666744631">"napomene"</string>
<string name="role_wallet_label" msgid="3719419175656204207">"Zadana aplikacija za novčanik"</string>
<string name="role_wallet_short_label" msgid="6521288403762457452">"Aplikacija za novčanik"</string>
- <string name="role_wallet_description" msgid="3726535836165949838">"Aplikacije za novčanik mogu pohraniti vaše kreditne kartice i kartice vjernosti, automobilske ključeve itd. kako biste izvršavali različite oblike transakcija."</string>
- <string name="role_wallet_request_title" msgid="4770217108262737093">"Želite li postaviti <xliff:g id="APP_NAME">%1$s</xliff:g> kao zadanu aplikaciju za novčanik?"</string>
+ <string name="role_wallet_description" msgid="3726535836165949838">"Aplikacije za novčanik mogu pohraniti vaše kreditne kartice i kartice vjernosti, automobilske ključeve i druge stvari kako bi vam razne vrste transakcija bile praktičnije."</string>
+ <string name="role_wallet_request_title" msgid="4770217108262737093">"Želite li aplikaciju <xliff:g id="APP_NAME">%1$s</xliff:g> postaviti kao zadanu aplikaciju za novčanik?"</string>
<string name="role_wallet_request_description" msgid="6305487425777483053">"Dopuštenja nisu potrebna"</string>
<string name="request_role_current_default" msgid="738722892438247184">"Trenutačna zadana"</string>
<string name="request_role_dont_ask_again" msgid="3556017886029520306">"Više me ne pitaj"</string>
diff --git a/PermissionController/res/values-mn/strings.xml b/PermissionController/res/values-mn/strings.xml
index c1b4b06..dae627b 100644
--- a/PermissionController/res/values-mn/strings.xml
+++ b/PermissionController/res/values-mn/strings.xml
@@ -403,10 +403,10 @@
<string name="role_notes_short_label" msgid="8796604147546125285">"Тэмдэглэлийн апп"</string>
<string name="role_notes_description" msgid="8496852798616883551">"Таныг төхөөрөмж дээрээ тэмдэглэл хөтлөх боломж олгодог аппууд"</string>
<string name="role_notes_search_keywords" msgid="7710756695666744631">"тэмдэглэл"</string>
- <string name="role_wallet_label" msgid="3719419175656204207">"Wallet-н өгөгдмөл апп"</string>
- <string name="role_wallet_short_label" msgid="6521288403762457452">"Wallet-н апп"</string>
- <string name="role_wallet_description" msgid="3726535836165949838">"Төрөл бүрийн гүйлгээнд туслахын тулд Wallet-н аппууд таны кредит бa лояалти карт, машины түлхүүр болон бусад зүйлийг хадгалах боломжтой."</string>
- <string name="role_wallet_request_title" msgid="4770217108262737093">"<xliff:g id="APP_NAME">%1$s</xliff:g>-г wallet-н өгөгдмөл аппаараа тохируулах уу?"</string>
+ <string name="role_wallet_label" msgid="3719419175656204207">"Өгөгдмөл түрийвчийн апп"</string>
+ <string name="role_wallet_short_label" msgid="6521288403762457452">"Түрийвчийн апп"</string>
+ <string name="role_wallet_description" msgid="3726535836165949838">"Төрөл бүрийн гүйлгээнд туслахын тулд түрийвчийн аппууд таны кредит ба лояалти карт, машины түлхүүр болон бусад зүйлийг хадгалах боломжтой."</string>
+ <string name="role_wallet_request_title" msgid="4770217108262737093">"<xliff:g id="APP_NAME">%1$s</xliff:g>-г таны өгөгдмөл түрийвчийн аппаар тохируулах уу?"</string>
<string name="role_wallet_request_description" msgid="6305487425777483053">"Ямар ч зөвшөөрөл шаардлагагүй"</string>
<string name="request_role_current_default" msgid="738722892438247184">"Одоогийн өгөгдмөл апп"</string>
<string name="request_role_dont_ask_again" msgid="3556017886029520306">"Дахиж бүү асуу"</string>
diff --git a/PermissionController/res/xml/roles.xml b/PermissionController/res/xml/roles.xml
index c160c4e..6f2cf3a 100644
--- a/PermissionController/res/xml/roles.xml
+++ b/PermissionController/res/xml/roles.xml
@@ -141,6 +141,8 @@
minSdkVersion="33" />
<permission name="android.permission.EXECUTE_APP_ACTION"
minSdkVersion="34" />
+ <permission name="android.permission.EMBED_ANY_APP_IN_UNTRUSTED_MODE"
+ minSdkVersion="35" />
</permissions>
<app-op-permissions>
<app-op-permission name="android.permission.SYSTEM_ALERT_WINDOW" />
@@ -444,6 +446,7 @@
</preferred-activity>
</preferred-activities>
<permissions>
+ <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/>
<permission name="android.permission.READ_HOME_APP_SEARCH_DATA" minSdkVersion="33"/>
</permissions>
</role>
@@ -676,6 +679,8 @@
<permission name="android.permission.SET_TIME_ZONE" minSdkVersion="34" />
<permission name="android.permission.SATELLITE_COMMUNICATION" minSdkVersion="34" />
<permission name="android.permission.ALWAYS_UPDATE_WALLPAPER" minSdkVersion="35" />
+ <permission name="android.permission.EMBED_ANY_APP_IN_UNTRUSTED_MODE"
+ minSdkVersion="35" />
</permissions>
</role>
@@ -1349,6 +1354,7 @@
<permission name="android.permission.MANAGE_DEVICE_POLICY_USB_FILE_TRANSFER" minSdkVersion="34" />
<permission name="android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL" minSdkVersion="34" />
<permission name="android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS" minSdkVersion="34" />
+ <permission name="android.permission.MANAGE_DEVICE_POLICY_CONTENT_PROTECTION" minSdkVersion="35" />
</permissions>
</role>
diff --git a/PermissionController/role-controller/java/com/android/role/controller/behavior/WalletRoleBehavior.java b/PermissionController/role-controller/java/com/android/role/controller/behavior/WalletRoleBehavior.java
index 3e209aa..a689db8 100644
--- a/PermissionController/role-controller/java/com/android/role/controller/behavior/WalletRoleBehavior.java
+++ b/PermissionController/role-controller/java/com/android/role/controller/behavior/WalletRoleBehavior.java
@@ -108,7 +108,8 @@
Intent intent = new Intent(action).setPackage(packageName);
PackageManager packageManager = context.getPackageManager();
List<ResolveInfo> resolveInfos = packageManager
- .queryIntentServicesAsUser(intent, 0, user);
+ .queryIntentServicesAsUser(intent, PackageManager.MATCH_DIRECT_BOOT_AWARE
+ | PackageManager.MATCH_DIRECT_BOOT_UNAWARE, user);
Set<String> packageNames = new ArraySet<>();
int resolveInfosSize = resolveInfos.size();
for (int i = 0; i < resolveInfosSize; i++) {
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/ui/wear/GrantPermissionsWearViewHandler.java b/PermissionController/src/com/android/permissioncontroller/permission/ui/wear/GrantPermissionsWearViewHandler.java
index cc32c5f..c9e9a2e 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/ui/wear/GrantPermissionsWearViewHandler.java
+++ b/PermissionController/src/com/android/permissioncontroller/permission/ui/wear/GrantPermissionsWearViewHandler.java
@@ -168,7 +168,8 @@
private void updateScreen() {
mViewModel.getIconLiveData().setValue(
mGroupIcon == null ? null : mGroupIcon.loadDrawable(mActivity));
- mViewModel.getGroupMessageLiveData().setValue(mGroupMessage.toString());
+ mViewModel.getGroupMessageLiveData().setValue(
+ mGroupMessage == null ? "" : mGroupMessage.toString());
mViewModel.getDetailMessageLiveData().setValue(mDetailMessage);
int numButtons = BUTTON_RES_ID_TO_NUM.size();
List<Boolean> buttonVisibilityList = Arrays.asList(new Boolean[NEXT_BUTTON]);
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/ui/wear/WearAppPermissionScreen.kt b/PermissionController/src/com/android/permissioncontroller/permission/ui/wear/WearAppPermissionScreen.kt
index bec633f..ccbd51f 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/ui/wear/WearAppPermissionScreen.kt
+++ b/PermissionController/src/com/android/permissioncontroller/permission/ui/wear/WearAppPermissionScreen.kt
@@ -52,7 +52,7 @@
onAdvancedConfirmDialogOkButtonClick: (AdvancedConfirmDialogArgs) -> Unit,
onAdvancedConfirmDialogCancelButtonClick: () -> Unit
) {
- val buttonState = viewModel.buttonStateLiveData.observeAsState(emptyMap())
+ val buttonState = viewModel.buttonStateLiveData.observeAsState(null)
val detailResIds = viewModel.detailResIdLiveData.observeAsState(null)
val admin = viewModel.showAdminSupportLiveData.observeAsState(null)
var isLoading by remember { mutableStateOf(true) }
@@ -84,7 +84,7 @@
>
)
}
- if (isLoading && buttonState.value.isNotEmpty()) {
+ if (isLoading && !buttonState.value.isNullOrEmpty()) {
isLoading = false
}
}
@@ -92,7 +92,7 @@
@Composable
internal fun WearAppPermissionContent(
title: String,
- buttonState: Map<ButtonType, ButtonState>,
+ buttonState: Map<ButtonType, ButtonState>?,
detailResIds: Pair<Int, Int?>?,
admin: RestrictedLockUtils.EnforcedAdmin?,
isLoading: Boolean,
@@ -101,7 +101,7 @@
onFooterClicked: (RestrictedLockUtils.EnforcedAdmin) -> Unit
) {
ScrollableScreen(title = title, isLoading = isLoading) {
- buttonState[ButtonType.LOCATION_ACCURACY]?.let {
+ buttonState?.get(ButtonType.LOCATION_ACCURACY)?.let {
if (it.isShown) {
item {
ToggleChip(
@@ -116,7 +116,7 @@
}
}
for (buttonType in buttonTypeOrder) {
- buttonState[buttonType]?.let {
+ buttonState?.get(buttonType)?.let {
if (it.isShown) {
item {
ToggleChip(
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/ui/wear/WearUnusedAppsFragment.kt b/PermissionController/src/com/android/permissioncontroller/permission/ui/wear/WearUnusedAppsFragment.kt
index 9b8047a..30c5976 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/ui/wear/WearUnusedAppsFragment.kt
+++ b/PermissionController/src/com/android/permissioncontroller/permission/ui/wear/WearUnusedAppsFragment.kt
@@ -148,17 +148,18 @@
private fun updatePackages(categorizedPackages: Map<UnusedPeriod, List<UnusedPackageInfo>>) {
// Remove stale unused app chips
for (period in allPeriods) {
- val it: MutableIterator<Map.Entry<String, UnusedAppChip>> =
- unusedAppsMap[period]!!.entries.iterator()
- while (it.hasNext()) {
- val contains =
- categorizedPackages[period]?.any { (pkgName, user, _) ->
- val key = createKey(pkgName, user)
- it.next().key == key
- }
- if (contains != true) {
- it.remove()
- }
+ val unUsedAppsInAPeriod = unusedAppsMap[period] ?: continue
+ val categorizedPackagesOfAPeriod = categorizedPackages[period]
+ if (categorizedPackagesOfAPeriod == null) {
+ unUsedAppsInAPeriod.clear()
+ continue
+ }
+ val categorizedPackageKeys =
+ categorizedPackagesOfAPeriod.map { createKey(it.packageName, it.user) }
+ // Do not remove apps that are still in the unused category
+ val keysToRemove = unUsedAppsInAPeriod.keys.filterNot { it in categorizedPackageKeys }
+ for (key in keysToRemove) {
+ unUsedAppsInAPeriod.remove(key)
}
}
diff --git a/framework-s/api/system-current.txt b/framework-s/api/system-current.txt
index 02ab5b5..183de36 100644
--- a/framework-s/api/system-current.txt
+++ b/framework-s/api/system-current.txt
@@ -6,6 +6,7 @@
method @NonNull public android.app.PendingIntent getRestrictedSettingDialogIntent(@NonNull String) throws android.content.pm.PackageManager.NameNotFoundException;
method @RequiresPermission(android.Manifest.permission.MANAGE_ENHANCED_CONFIRMATION_STATES) public boolean isClearRestrictionAllowed(@NonNull String) throws android.content.pm.PackageManager.NameNotFoundException;
method @RequiresPermission(android.Manifest.permission.MANAGE_ENHANCED_CONFIRMATION_STATES) public boolean isRestricted(@NonNull String, @NonNull String) throws android.content.pm.PackageManager.NameNotFoundException;
+ method @RequiresPermission(android.Manifest.permission.MANAGE_ENHANCED_CONFIRMATION_STATES) public void setClearRestrictionAllowed(@NonNull String) throws android.content.pm.PackageManager.NameNotFoundException;
}
}
diff --git a/framework-s/java/android/app/ecm/EnhancedConfirmationManager.java b/framework-s/java/android/app/ecm/EnhancedConfirmationManager.java
index 6feae2e..4db1792 100644
--- a/framework-s/java/android/app/ecm/EnhancedConfirmationManager.java
+++ b/framework-s/java/android/app/ecm/EnhancedConfirmationManager.java
@@ -307,7 +307,6 @@
*
* @param packageName package name of the application which should be considered acknowledged
* @throws NameNotFoundException if the provided package was not found
- * @hide
*/
@RequiresPermission(android.Manifest.permission.MANAGE_ENHANCED_CONFIRMATION_STATES)
public void setClearRestrictionAllowed(@NonNull String packageName)
diff --git a/tests/cts/permission/src/android/permission/cts/RevokePermissionTest.kt b/tests/cts/permission/src/android/permission/cts/RevokePermissionTest.kt
index 05235e1..c67707f 100644
--- a/tests/cts/permission/src/android/permission/cts/RevokePermissionTest.kt
+++ b/tests/cts/permission/src/android/permission/cts/RevokePermissionTest.kt
@@ -53,13 +53,7 @@
fun testRevokePermissionNotRequested() {
testRevoke(
packageName = APP_PKG_NAME,
- permission = CAMERA,
- throwableType = SecurityException::class.java,
- throwableMessages =
- listOf(
- "has not requested permission",
- "Permission $CAMERA isn't requested by package $APP_PKG_NAME"
- )
+ permission = CAMERA
)
}
@@ -104,13 +98,7 @@
testRevoke(
packageName = APP_PKG_NAME,
permission = CAMERA,
- reason = "test reason",
- throwableType = SecurityException::class.java,
- throwableMessages =
- listOf(
- "has not requested permission",
- "Permission $CAMERA isn't requested by package $APP_PKG_NAME"
- )
+ reason = "test reason"
)
}
diff --git a/tests/cts/permissionpolicy/res/raw/android_manifest.xml b/tests/cts/permissionpolicy/res/raw/android_manifest.xml
index 18b70ae..15f1d7e 100644
--- a/tests/cts/permissionpolicy/res/raw/android_manifest.xml
+++ b/tests/cts/permissionpolicy/res/raw/android_manifest.xml
@@ -3643,6 +3643,13 @@
<permission android:name="android.permission.MANAGE_DEVICE_POLICY_DEVICE_IDENTIFIERS"
android:protectionLevel="internal|role" />
+ <!-- Allows an application to manage policy related to content protection.
+ <p>Protection level: internal|role
+ @FlaggedApi("android.view.contentprotection.flags.manage_device_policy_enabled")
+ -->
+ <permission android:name="android.permission.MANAGE_DEVICE_POLICY_CONTENT_PROTECTION"
+ android:protectionLevel="internal|role" />
+
<!-- Allows an application to set device policies outside the current user
that are critical for securing data within the current user.
<p>Holding this permission allows the use of other held MANAGE_DEVICE_POLICY_*
@@ -3725,6 +3732,18 @@
<permission android:name="android.permission.ACTIVITY_EMBEDDING"
android:protectionLevel="signature|privileged" />
+ <!-- Allows an application to embed any other apps in untrusted embedding mode without the need
+ for the embedded app to consent.
+ <p>For now, this permission is only granted to the Assistant application selected by
+ the user.
+ {@see https://developer.android.com/guide/topics/large-screens/activity-embedding#trust_model}
+ @SystemApi
+ @FlaggedApi("com.android.window.flags.untrusted_embedding_any_app_permission")
+ @hide
+ -->
+ <permission android:name="android.permission.EMBED_ANY_APP_IN_UNTRUSTED_MODE"
+ android:protectionLevel="internal|role" />
+
<!-- Allows an application to start any activity, regardless of permission
protection or exported state.
@hide -->
diff --git a/tests/cts/permissionui/src/android/permissionui/cts/EnhancedConfirmationManagerTest.kt b/tests/cts/permissionui/src/android/permissionui/cts/EnhancedConfirmationManagerTest.kt
index 7ef050f..83f53b2 100644
--- a/tests/cts/permissionui/src/android/permissionui/cts/EnhancedConfirmationManagerTest.kt
+++ b/tests/cts/permissionui/src/android/permissionui/cts/EnhancedConfirmationManagerTest.kt
@@ -112,7 +112,7 @@
installPackageWithInstallSourceAndMetadataFromDownloadedFile(apkName)
runWithShellPermissionIdentity {
eventually { assertTrue(ecm.isRestricted(APP_PACKAGE_NAME, PROTECTED_SETTING)) }
- setClearRestrictionAllowed(context, APP_PACKAGE_NAME)
+ ecm.setClearRestrictionAllowed(APP_PACKAGE_NAME)
eventually { assertTrue(ecm.isClearRestrictionAllowed(APP_PACKAGE_NAME)) }
ecm.clearRestriction(APP_PACKAGE_NAME)
eventually { assertFalse(ecm.isRestricted(APP_PACKAGE_NAME, PROTECTED_SETTING)) }
@@ -122,17 +122,8 @@
companion object {
private const val NON_PROTECTED_SETTING = "example_setting_which_is_not_protected"
private const val PROTECTED_SETTING = "android:bind_accessibility_service"
- private const val MODE_IGNORED = 1
private const val MODE_ERRORED = 2
- // TODO(b/320517290): Since setClearRestrictionAllowed is not API, we're currently
- // simulating its behavior. We should instead actually invoke this method on
- // EnhancedConfirmationManager.
- @Throws(PackageManager.NameNotFoundException::class)
- private fun setClearRestrictionAllowed(context: Context, packageName: String) {
- setAppEcmState(context, packageName, MODE_IGNORED)
- }
-
@Throws(PackageManager.NameNotFoundException::class)
private fun setAppEcmState(context: Context, packageName: String, mode: Int) {
val appOpsManager = context.getSystemService(AppOpsManager::class.java)!!