summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--api/current.txt1
-rw-r--r--api/system-current.txt1
-rw-r--r--api/test-current.txt1
-rw-r--r--core/java/android/content/pm/PackageManager.java61
-rw-r--r--non-updatable-api/current.txt1
-rw-r--r--non-updatable-api/system-current.txt1
-rw-r--r--services/core/java/com/android/server/pm/permission/PermissionManagerService.java35
7 files changed, 83 insertions, 18 deletions
diff --git a/api/current.txt b/api/current.txt
index 855f84ab3238..83519a9aaef7 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -12236,6 +12236,7 @@ package android.content.pm {
field public static final String FEATURE_WIFI_DIRECT = "android.hardware.wifi.direct";
field public static final String FEATURE_WIFI_PASSPOINT = "android.hardware.wifi.passpoint";
field public static final String FEATURE_WIFI_RTT = "android.hardware.wifi.rtt";
+ field public static final int FLAG_PERMISSION_ALLOWLIST_ROLE = 8; // 0x8
field public static final int FLAG_PERMISSION_WHITELIST_INSTALLER = 2; // 0x2
field public static final int FLAG_PERMISSION_WHITELIST_SYSTEM = 1; // 0x1
field public static final int FLAG_PERMISSION_WHITELIST_UPGRADE = 4; // 0x4
diff --git a/api/system-current.txt b/api/system-current.txt
index 118184df9d00..76ba14735611 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -2157,6 +2157,7 @@ package android.content.pm {
field public static final int FLAG_PERMISSION_ONE_TIME = 65536; // 0x10000
field public static final int FLAG_PERMISSION_POLICY_FIXED = 4; // 0x4
field public static final int FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT = 2048; // 0x800
+ field public static final int FLAG_PERMISSION_RESTRICTION_ROLE_EXEMPT = 262144; // 0x40000
field public static final int FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT = 4096; // 0x1000
field public static final int FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT = 8192; // 0x2000
field public static final int FLAG_PERMISSION_REVIEW_REQUIRED = 64; // 0x40
diff --git a/api/test-current.txt b/api/test-current.txt
index 128e84f59048..0cc1209d2bf8 100644
--- a/api/test-current.txt
+++ b/api/test-current.txt
@@ -1033,6 +1033,7 @@ package android.content.pm {
field public static final int FLAG_PERMISSION_ONE_TIME = 65536; // 0x10000
field public static final int FLAG_PERMISSION_POLICY_FIXED = 4; // 0x4
field public static final int FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT = 2048; // 0x800
+ field public static final int FLAG_PERMISSION_RESTRICTION_ROLE_EXEMPT = 262144; // 0x40000
field public static final int FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT = 4096; // 0x1000
field public static final int FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT = 8192; // 0x2000
field public static final int FLAG_PERMISSION_REVIEW_REQUIRED = 64; // 0x40
diff --git a/core/java/android/content/pm/PackageManager.java b/core/java/android/content/pm/PackageManager.java
index 0cb3af44e943..7c2c483e9042 100644
--- a/core/java/android/content/pm/PackageManager.java
+++ b/core/java/android/content/pm/PackageManager.java
@@ -3511,6 +3511,17 @@ public abstract class PackageManager {
public static final int FLAG_PERMISSION_AUTO_REVOKED = 1 << 17;
/**
+ * Permission flag: The permission is restricted but the app is exempt
+ * from the restriction and is allowed to hold this permission in its
+ * full form and the exemption is provided by the held roles.
+ *
+ * @hide
+ */
+ @TestApi
+ @SystemApi
+ public static final int FLAG_PERMISSION_RESTRICTION_ROLE_EXEMPT = 1 << 18;
+
+ /**
* Permission flags: Reserved for use by the permission controller. The platform and any
* packages besides the permission controller should not assume any definition about these
* flags.
@@ -3528,7 +3539,8 @@ public abstract class PackageManager {
public static final int FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT =
FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT
| FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT
- | FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT;
+ | FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT
+ | FLAG_PERMISSION_RESTRICTION_ROLE_EXEMPT;
/**
* Mask for all permission flags.
@@ -3574,7 +3586,8 @@ public abstract class PackageManager {
/**
* Permission whitelist flag: permissions whitelisted by the system.
- * Permissions can also be whitelisted by the installer or on upgrade.
+ * Permissions can also be whitelisted by the installer, on upgrade, or on
+ * role grant.
*
* <p>
* <strong>Note: </strong>In retrospect it would have been preferred to use
@@ -3586,7 +3599,8 @@ public abstract class PackageManager {
/**
* Permission whitelist flag: permissions whitelisted by the installer.
- * Permissions can also be whitelisted by the system or on upgrade.
+ * Permissions can also be whitelisted by the system, on upgrade, or on role
+ * grant.
*
* <p>
* <strong>Note: </strong>In retrospect it would have been preferred to use
@@ -3600,7 +3614,8 @@ public abstract class PackageManager {
* Permission whitelist flag: permissions whitelisted by the system
* when upgrading from an OS version where the permission was not
* restricted to an OS version where the permission is restricted.
- * Permissions can also be whitelisted by the installer or the system.
+ * Permissions can also be whitelisted by the installer, the system, or on
+ * role grant.
*
* <p>
* <strong>Note: </strong>In retrospect it would have been preferred to use
@@ -3610,11 +3625,20 @@ public abstract class PackageManager {
*/
public static final int FLAG_PERMISSION_WHITELIST_UPGRADE = 1 << 2;
+ /**
+ * Permission allowlist flag: permissions exempted by the system
+ * when being granted a role.
+ * Permissions can also be exempted by the installer, the system, or on
+ * upgrade.
+ */
+ public static final int FLAG_PERMISSION_ALLOWLIST_ROLE = 1 << 3;
+
/** @hide */
@IntDef(flag = true, prefix = {"FLAG_PERMISSION_WHITELIST_"}, value = {
FLAG_PERMISSION_WHITELIST_SYSTEM,
FLAG_PERMISSION_WHITELIST_INSTALLER,
- FLAG_PERMISSION_WHITELIST_UPGRADE
+ FLAG_PERMISSION_WHITELIST_UPGRADE,
+ FLAG_PERMISSION_ALLOWLIST_ROLE
})
@Retention(RetentionPolicy.SOURCE)
public @interface PermissionWhitelistFlags {}
@@ -4560,7 +4584,7 @@ public abstract class PackageManager {
* allows for the to hold that permission and whitelisting a soft restricted
* permission allows the app to hold the permission in its full, unrestricted form.
*
- * <p><ol>There are three whitelists:
+ * <p><ol>There are four allowlists:
*
* <li>one for cases where the system permission policy whitelists a permission
* This list corresponds to the{@link #FLAG_PERMISSION_WHITELIST_SYSTEM} flag.
@@ -4576,6 +4600,10 @@ public abstract class PackageManager {
* This list corresponds to the {@link #FLAG_PERMISSION_WHITELIST_INSTALLER} flag.
* Can be accessed by pre-installed holders of a dedicated permission or the
* installer on record.
+ *
+ * <li>one for cases where the system exempts the permission when granting a role.
+ * This list corresponds to the {@link #FLAG_PERMISSION_ALLOWLIST_ROLE} flag. Can
+ * be accessed by pre-installed holders of a dedicated permission.
* </ol>
*
* <p>
@@ -4594,6 +4622,7 @@ public abstract class PackageManager {
* @see #FLAG_PERMISSION_WHITELIST_SYSTEM
* @see #FLAG_PERMISSION_WHITELIST_UPGRADE
* @see #FLAG_PERMISSION_WHITELIST_INSTALLER
+ * @see #FLAG_PERMISSION_ALLOWLIST_ROLE
*
* @throws SecurityException if you try to access a whitelist that you have no access to.
*/
@@ -4615,7 +4644,7 @@ public abstract class PackageManager {
* allows for the to hold that permission and whitelisting a soft restricted
* permission allows the app to hold the permission in its full, unrestricted form.
*
- * <p><ol>There are three whitelists:
+ * <p><ol>There are four whitelists:
*
* <li>one for cases where the system permission policy whitelists a permission
* This list corresponds to the {@link #FLAG_PERMISSION_WHITELIST_SYSTEM} flag.
@@ -4633,10 +4662,14 @@ public abstract class PackageManager {
* Can be modified by pre-installed holders of a dedicated permission or the installer
* on record.
*
+ * <li>one for cases where the system exempts the permission when permission when
+ * granting a role. This list corresponds to the {@link #FLAG_PERMISSION_ALLOWLIST_ROLE}
+ * flag. Can be modified by pre-installed holders of a dedicated permission.
+ * </ol>
+ *
* <p>You need to specify the whitelists for which to set the whitelisted permissions
* which will clear the previous whitelisted permissions and replace them with the
* provided ones.
- * </ol>
*
* <p>
* <strong>Note: </strong>In retrospect it would have been preferred to use
@@ -4655,6 +4688,7 @@ public abstract class PackageManager {
* @see #FLAG_PERMISSION_WHITELIST_SYSTEM
* @see #FLAG_PERMISSION_WHITELIST_UPGRADE
* @see #FLAG_PERMISSION_WHITELIST_INSTALLER
+ * @see #FLAG_PERMISSION_ALLOWLIST_ROLE
*
* @throws SecurityException if you try to modify a whitelist that you have no access to.
*/
@@ -4676,7 +4710,7 @@ public abstract class PackageManager {
* allows for the to hold that permission and whitelisting a soft restricted
* permission allows the app to hold the permission in its full, unrestricted form.
*
- * <p><ol>There are three whitelists:
+ * <p><ol>There are four whitelists:
*
* <li>one for cases where the system permission policy whitelists a permission
* This list corresponds to the {@link #FLAG_PERMISSION_WHITELIST_SYSTEM} flag.
@@ -4694,6 +4728,14 @@ public abstract class PackageManager {
* Can be modified by pre-installed holders of a dedicated permission or the installer
* on record.
*
+ * <li>one for cases where the system exempts the permission when upgrading
+ * from an OS version in which the permission was not restricted to an OS version
+ * in which the permission is restricted. This list corresponds to the {@link
+ * #FLAG_PERMISSION_WHITELIST_UPGRADE} flag. Can be modified by pre-installed
+ * holders of a dedicated permission. The installer on record can only remove
+ * permissions from this allowlist.
+ * </ol>
+ *
* <p>You need to specify the whitelists for which to set the whitelisted permissions
* which will clear the previous whitelisted permissions and replace them with the
* provided ones.
@@ -4715,6 +4757,7 @@ public abstract class PackageManager {
* @see #FLAG_PERMISSION_WHITELIST_SYSTEM
* @see #FLAG_PERMISSION_WHITELIST_UPGRADE
* @see #FLAG_PERMISSION_WHITELIST_INSTALLER
+ * @see #FLAG_PERMISSION_ALLOWLIST_ROLE
*
* @throws SecurityException if you try to modify a whitelist that you have no access to.
*/
diff --git a/non-updatable-api/current.txt b/non-updatable-api/current.txt
index 86a9d3908fd8..b4ce0ad0bb96 100644
--- a/non-updatable-api/current.txt
+++ b/non-updatable-api/current.txt
@@ -12236,6 +12236,7 @@ package android.content.pm {
field public static final String FEATURE_WIFI_DIRECT = "android.hardware.wifi.direct";
field public static final String FEATURE_WIFI_PASSPOINT = "android.hardware.wifi.passpoint";
field public static final String FEATURE_WIFI_RTT = "android.hardware.wifi.rtt";
+ field public static final int FLAG_PERMISSION_ALLOWLIST_ROLE = 8; // 0x8
field public static final int FLAG_PERMISSION_WHITELIST_INSTALLER = 2; // 0x2
field public static final int FLAG_PERMISSION_WHITELIST_SYSTEM = 1; // 0x1
field public static final int FLAG_PERMISSION_WHITELIST_UPGRADE = 4; // 0x4
diff --git a/non-updatable-api/system-current.txt b/non-updatable-api/system-current.txt
index e27ca09f8e86..f89be8dd24e9 100644
--- a/non-updatable-api/system-current.txt
+++ b/non-updatable-api/system-current.txt
@@ -2097,6 +2097,7 @@ package android.content.pm {
field public static final int FLAG_PERMISSION_ONE_TIME = 65536; // 0x10000
field public static final int FLAG_PERMISSION_POLICY_FIXED = 4; // 0x4
field public static final int FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT = 2048; // 0x800
+ field public static final int FLAG_PERMISSION_RESTRICTION_ROLE_EXEMPT = 262144; // 0x40000
field public static final int FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT = 4096; // 0x1000
field public static final int FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT = 8192; // 0x2000
field public static final int FLAG_PERMISSION_REVIEW_REQUIRED = 64; // 0x40
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index ce2e68f9f875..1dc5dd31622d 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -24,12 +24,14 @@ import static android.app.AppOpsManager.MODE_IGNORED;
import static android.content.pm.ApplicationInfo.AUTO_REVOKE_DISALLOWED;
import static android.content.pm.ApplicationInfo.AUTO_REVOKE_DISCOURAGED;
import static android.content.pm.PackageManager.FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT;
+import static android.content.pm.PackageManager.FLAG_PERMISSION_ALLOWLIST_ROLE;
import static android.content.pm.PackageManager.FLAG_PERMISSION_APPLY_RESTRICTION;
import static android.content.pm.PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
import static android.content.pm.PackageManager.FLAG_PERMISSION_GRANTED_BY_ROLE;
import static android.content.pm.PackageManager.FLAG_PERMISSION_ONE_TIME;
import static android.content.pm.PackageManager.FLAG_PERMISSION_POLICY_FIXED;
import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT;
+import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_ROLE_EXEMPT;
import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT;
import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT;
import static android.content.pm.PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED;
@@ -1102,7 +1104,8 @@ public class PermissionManagerService extends IPermissionManager.Stub {
Preconditions.checkFlagsArgument(flags,
PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE
| PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM
- | PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER);
+ | PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER
+ | PackageManager.FLAG_PERMISSION_ALLOWLIST_ROLE);
Preconditions.checkArgumentNonNegative(userId, null);
if (UserHandle.getCallingUserId() != userId) {
@@ -1126,16 +1129,16 @@ public class PermissionManagerService extends IPermissionManager.Stub {
final boolean isCallerInstallerOnRecord =
mPackageManagerInt.isCallerInstallerOfRecord(pkg, callingUid);
- if ((flags & PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM) != 0
- && !isCallerPrivileged) {
- throw new SecurityException("Querying system whitelist requires "
+ if ((flags & (PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM
+ | PackageManager.FLAG_PERMISSION_ALLOWLIST_ROLE)) != 0 && !isCallerPrivileged) {
+ throw new SecurityException("Querying system or role allowlist requires "
+ Manifest.permission.WHITELIST_RESTRICTED_PERMISSIONS);
}
if ((flags & (PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE
| PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER)) != 0) {
if (!isCallerPrivileged && !isCallerInstallerOnRecord) {
- throw new SecurityException("Querying upgrade or installer whitelist"
+ throw new SecurityException("Querying upgrade or installer allowlist"
+ " requires being installer on record or "
+ Manifest.permission.WHITELIST_RESTRICTED_PERMISSIONS);
}
@@ -1159,6 +1162,9 @@ public class PermissionManagerService extends IPermissionManager.Stub {
if ((flags & PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER) != 0) {
queryFlags |= FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT;
}
+ if ((flags & PackageManager.FLAG_PERMISSION_ALLOWLIST_ROLE) != 0) {
+ queryFlags |= FLAG_PERMISSION_RESTRICTION_ROLE_EXEMPT;
+ }
ArrayList<String> whitelistedPermissions = null;
@@ -1251,7 +1257,8 @@ public class PermissionManagerService extends IPermissionManager.Stub {
Preconditions.checkFlagsArgument(flags,
PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE
| PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM
- | PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER);
+ | PackageManager.FLAG_PERMISSION_WHITELIST_INSTALLER
+ | PackageManager.FLAG_PERMISSION_ALLOWLIST_ROLE);
Preconditions.checkArgument(Integer.bitCount(flags) == 1);
Preconditions.checkArgumentNonNegative(userId, null);
@@ -1277,15 +1284,16 @@ public class PermissionManagerService extends IPermissionManager.Stub {
final boolean isCallerInstallerOnRecord =
mPackageManagerInt.isCallerInstallerOfRecord(pkg, callingUid);
- if ((flags & PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM) != 0
+ if ((flags & (PackageManager.FLAG_PERMISSION_WHITELIST_SYSTEM
+ | PackageManager.FLAG_PERMISSION_ALLOWLIST_ROLE)) != 0
&& !isCallerPrivileged) {
- throw new SecurityException("Modifying system whitelist requires "
+ throw new SecurityException("Modifying system or role allowlist requires "
+ Manifest.permission.WHITELIST_RESTRICTED_PERMISSIONS);
}
if ((flags & PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE) != 0) {
if (!isCallerPrivileged && !isCallerInstallerOnRecord) {
- throw new SecurityException("Modifying upgrade whitelist requires"
+ throw new SecurityException("Modifying upgrade allowlist requires"
+ " being installer on record or "
+ Manifest.permission.WHITELIST_RESTRICTED_PERMISSIONS);
}
@@ -3875,6 +3883,15 @@ public class PermissionManagerService extends IPermissionManager.Stub {
}
}
break;
+ case FLAG_PERMISSION_ALLOWLIST_ROLE: {
+ mask |= FLAG_PERMISSION_RESTRICTION_ROLE_EXEMPT;
+ if (permissions != null && permissions.contains(permissionName)) {
+ newFlags |= FLAG_PERMISSION_RESTRICTION_ROLE_EXEMPT;
+ } else {
+ newFlags &= ~FLAG_PERMISSION_RESTRICTION_ROLE_EXEMPT;
+ }
+ }
+ break;
}
}
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2026-01-06 20:34:28 +0000