Merge "Define a new permission to guard role-based application executing action"

2 files changed, 10 insertions, 0 deletions

diff --git a/core/api/current.txt b/core/api/current.txt
index 141725d1fbbe..a9b9476d6c10 100644
--- a/core/api/current.txt
+++ b/core/api/current.txt
@@ -89,6 +89,7 @@ package android {
     field public static final String DISABLE_KEYGUARD = "android.permission.DISABLE_KEYGUARD";
     field public static final String DUMP = "android.permission.DUMP";
     field public static final String ENFORCE_UPDATE_OWNERSHIP = "android.permission.ENFORCE_UPDATE_OWNERSHIP";
+    field public static final String EXECUTE_APP_ACTION = "android.permission.EXECUTE_APP_ACTION";
     field public static final String EXPAND_STATUS_BAR = "android.permission.EXPAND_STATUS_BAR";
     field public static final String FACTORY_TEST = "android.permission.FACTORY_TEST";
     field public static final String FOREGROUND_SERVICE = "android.permission.FOREGROUND_SERVICE";
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index c43221d35bdf..8ee88ad07d0e 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -6862,6 +6862,15 @@
     <permission android:name="android.permission.READ_HOME_APP_SEARCH_DATA"
         android:protectionLevel="internal|role" />
 
+    <!-- Allows an assistive application to perform actions on behalf of users inside of
+         applications.
+         <p>For now, this permission is only granted to system applications fulfilling the
+         ASSISTANT role.
+         <p>Protection level: internal|role
+    -->
+    <permission android:name="android.permission.EXECUTE_APP_ACTION"
+                android:protectionLevel="internal|role" />
+
     <!-- @SystemApi Allows an application to create virtual devices in VirtualDeviceManager.
          @hide -->
     <permission android:name="android.permission.CREATE_VIRTUAL_DEVICE"