diff options
| -rw-r--r-- | api/system-current.txt | 3 | ||||
| -rw-r--r-- | api/test-current.txt | 1 | ||||
| -rw-r--r-- | core/java/android/app/ApplicationPackageManager.java | 9 | ||||
| -rw-r--r-- | core/java/android/content/pm/IPackageManager.aidl | 2 | ||||
| -rw-r--r-- | core/java/android/content/pm/PackageManager.java | 11 | ||||
| -rw-r--r-- | core/java/android/content/pm/PackageManagerInternal.java | 2 | ||||
| -rw-r--r-- | core/java/android/content/pm/PermissionInfo.java | 15 | ||||
| -rw-r--r-- | core/res/AndroidManifest.xml | 8 | ||||
| -rw-r--r-- | core/res/res/values/attrs_manifest.xml | 3 | ||||
| -rw-r--r-- | core/res/res/values/config.xml | 7 | ||||
| -rw-r--r-- | core/res/res/values/symbols.xml | 1 | ||||
| -rw-r--r-- | services/core/java/com/android/server/pm/PackageManagerService.java | 10 | ||||
| -rw-r--r-- | services/core/java/com/android/server/pm/permission/BasePermission.java | 3 | ||||
| -rw-r--r-- | services/core/java/com/android/server/pm/permission/PermissionManagerService.java | 6 |
14 files changed, 77 insertions, 4 deletions
diff --git a/api/system-current.txt b/api/system-current.txt index 5bfa6359ee17..29089b3e908a 100644 --- a/api/system-current.txt +++ b/api/system-current.txt @@ -7,6 +7,7 @@ package android { field public static final java.lang.String ACCESS_CHECKIN_PROPERTIES = "android.permission.ACCESS_CHECKIN_PROPERTIES"; field public static final java.lang.String ACCESS_DRM_CERTIFICATES = "android.permission.ACCESS_DRM_CERTIFICATES"; field public static final deprecated java.lang.String ACCESS_FM_RADIO = "android.permission.ACCESS_FM_RADIO"; + field public static final java.lang.String ACCESS_INSTANT_APPS = "android.permission.ACCESS_INSTANT_APPS"; field public static final java.lang.String ACCESS_MOCK_LOCATION = "android.permission.ACCESS_MOCK_LOCATION"; field public static final java.lang.String ACCESS_MTP = "android.permission.ACCESS_MTP"; field public static final java.lang.String ACCESS_NETWORK_CONDITIONS = "android.permission.ACCESS_NETWORK_CONDITIONS"; @@ -1252,6 +1253,7 @@ package android.content.pm { method public abstract java.util.List<android.content.pm.IntentFilterVerificationInfo> getIntentFilterVerifications(java.lang.String); method public abstract int getIntentVerificationStatusAsUser(java.lang.String, int); method public abstract int getPermissionFlags(java.lang.String, java.lang.String, android.os.UserHandle); + method public java.lang.String getWellbeingPackageName(); method public abstract void grantRuntimePermission(java.lang.String, java.lang.String, android.os.UserHandle); method public abstract int installExistingPackage(java.lang.String) throws android.content.pm.PackageManager.NameNotFoundException; method public abstract int installExistingPackage(java.lang.String, int) throws android.content.pm.PackageManager.NameNotFoundException; @@ -1354,6 +1356,7 @@ package android.content.pm { field public static final int FLAG_REMOVED = 2; // 0x2 field public static final int PROTECTION_FLAG_OEM = 16384; // 0x4000 field public static final int PROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER = 65536; // 0x10000 + field public static final int PROTECTION_FLAG_WELLBEING = 131072; // 0x20000 field public java.lang.String backgroundPermission; field public int requestRes; } diff --git a/api/test-current.txt b/api/test-current.txt index dff3f28721d5..5bedc7244430 100644 --- a/api/test-current.txt +++ b/api/test-current.txt @@ -374,6 +374,7 @@ package android.content.pm { public class PermissionInfo extends android.content.pm.PackageItemInfo implements android.os.Parcelable { field public static final int PROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER = 65536; // 0x10000 field public static final int PROTECTION_FLAG_VENDOR_PRIVILEGED = 32768; // 0x8000 + field public static final int PROTECTION_FLAG_WELLBEING = 131072; // 0x20000 field public java.lang.String backgroundPermission; } diff --git a/core/java/android/app/ApplicationPackageManager.java b/core/java/android/app/ApplicationPackageManager.java index 7312b2c8163e..67d9ad6e93c6 100644 --- a/core/java/android/app/ApplicationPackageManager.java +++ b/core/java/android/app/ApplicationPackageManager.java @@ -2974,6 +2974,15 @@ public class ApplicationPackageManager extends PackageManager { } @Override + public String getWellbeingPackageName() { + try { + return mPM.getWellbeingPackageName(); + } catch (RemoteException e) { + throw e.rethrowAsRuntimeException(); + } + } + + @Override public boolean isPackageStateProtected(String packageName, int userId) { try { return mPM.isPackageStateProtected(packageName, userId); diff --git a/core/java/android/content/pm/IPackageManager.aidl b/core/java/android/content/pm/IPackageManager.aidl index dbea821fab2b..eea2b8873fe7 100644 --- a/core/java/android/content/pm/IPackageManager.aidl +++ b/core/java/android/content/pm/IPackageManager.aidl @@ -675,6 +675,8 @@ interface IPackageManager { String getSystemTextClassifierPackageName(); + String getWellbeingPackageName(); + boolean isPackageStateProtected(String packageName, int userId); void sendDeviceCustomizationReadyBroadcast(); diff --git a/core/java/android/content/pm/PackageManager.java b/core/java/android/content/pm/PackageManager.java index f40be84b180b..0150f6a2765d 100644 --- a/core/java/android/content/pm/PackageManager.java +++ b/core/java/android/content/pm/PackageManager.java @@ -6434,6 +6434,17 @@ public abstract class PackageManager { } /** + * @return the wellbeing app package name, or null if it's not defined by the OEM. + * + * @hide + */ + @SystemApi + public String getWellbeingPackageName() { + throw new UnsupportedOperationException( + "getWellbeingPackageName not implemented in subclass"); + } + + /** * @return whether a given package's state is protected, e.g. package cannot be disabled, * suspended, hidden or force stopped. * diff --git a/core/java/android/content/pm/PackageManagerInternal.java b/core/java/android/content/pm/PackageManagerInternal.java index b49c4476e82d..43c02228499e 100644 --- a/core/java/android/content/pm/PackageManagerInternal.java +++ b/core/java/android/content/pm/PackageManagerInternal.java @@ -53,6 +53,7 @@ public abstract class PackageManagerInternal { public static final int PACKAGE_BROWSER = 4; public static final int PACKAGE_SYSTEM_TEXT_CLASSIFIER = 5; public static final int PACKAGE_PERMISSION_CONTROLLER = 6; + public static final int PACKAGE_WELLBEING = 7; @IntDef(value = { PACKAGE_SYSTEM, PACKAGE_SETUP_WIZARD, @@ -61,6 +62,7 @@ public abstract class PackageManagerInternal { PACKAGE_BROWSER, PACKAGE_SYSTEM_TEXT_CLASSIFIER, PACKAGE_PERMISSION_CONTROLLER, + PACKAGE_WELLBEING, }) @Retention(RetentionPolicy.SOURCE) public @interface KnownPackage {} diff --git a/core/java/android/content/pm/PermissionInfo.java b/core/java/android/content/pm/PermissionInfo.java index d9d6b5f87eac..20997d6c0d11 100644 --- a/core/java/android/content/pm/PermissionInfo.java +++ b/core/java/android/content/pm/PermissionInfo.java @@ -181,6 +181,17 @@ public class PermissionInfo extends PackageItemInfo implements Parcelable { @TestApi public static final int PROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER = 0x10000; + /** + * Additional flag for {${link #protectionLevel}, corresponding + * to the <code>wellbeing</code> value of + * {@link android.R.attr#protectionLevel}. + * + * @hide + */ + @SystemApi + @TestApi + public static final int PROTECTION_FLAG_WELLBEING = 0x20000; + /** @hide */ @IntDef(flag = true, prefix = { "PROTECTION_FLAG_" }, value = { PROTECTION_FLAG_PRIVILEGED, @@ -197,6 +208,7 @@ public class PermissionInfo extends PackageItemInfo implements Parcelable { PROTECTION_FLAG_OEM, PROTECTION_FLAG_VENDOR_PRIVILEGED, PROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER, + PROTECTION_FLAG_WELLBEING, }) @Retention(RetentionPolicy.SOURCE) public @interface ProtectionFlags {} @@ -386,6 +398,9 @@ public class PermissionInfo extends PackageItemInfo implements Parcelable { if ((level & PermissionInfo.PROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER) != 0) { protLevel += "|textClassifier"; } + if ((level & PermissionInfo.PROTECTION_FLAG_WELLBEING) != 0) { + protLevel += "|wellbeing"; + } return protLevel; } diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 1dd42b8162b3..4dedd492fdb3 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -1648,7 +1648,7 @@ @hide --> <permission android:name="android.permission.SUSPEND_APPS" - android:protectionLevel="signature|privileged" /> + android:protectionLevel="signature|wellbeing" /> <!-- Allows applications to discover and pair bluetooth devices. <p>Protection level: normal @@ -4086,10 +4086,10 @@ confirmation UI for full backup/restore --> <uses-permission android:name="android.permission.CONFIRM_FULL_BACKUP"/> - <!-- Allows the holder to access and manage instant applications on the device. - @hide --> + <!-- @SystemApi Allows the holder to access and manage instant applications on the device. + @hide --> <permission android:name="android.permission.ACCESS_INSTANT_APPS" - android:protectionLevel="signature|installer|verifier" /> + android:protectionLevel="signature|installer|verifier|wellbeing" /> <uses-permission android:name="android.permission.ACCESS_INSTANT_APPS"/> <!-- Allows the holder to view the instant applications on the device. diff --git a/core/res/res/values/attrs_manifest.xml b/core/res/res/values/attrs_manifest.xml index 854582b21340..f8004ea78e6a 100644 --- a/core/res/res/values/attrs_manifest.xml +++ b/core/res/res/values/attrs_manifest.xml @@ -268,6 +268,9 @@ <!-- Additional flag from base permission type: this permission can be automatically granted to the system default text classifier --> <flag name="textClassifier" value="0x10000" /> + <!-- Additional flag from base permission type: this permission will be granted to the + wellbeing app, as defined by the OEM. --> + <flag name="wellbeing" value="0x20000" /> </attr> <!-- Flags indicating more context for a permission group. --> diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml index 62ec5c474297..101f92b2097c 100644 --- a/core/res/res/values/config.xml +++ b/core/res/res/values/config.xml @@ -3349,6 +3349,13 @@ See android.view.textclassifier.TextClassificationManager. --> <string name="config_defaultTextClassifierPackage" translatable="false"></string> + + <!-- The package name for the default wellbeing app. + This package must be trusted, as it has the permissions to control other applications + on the device. + Example: "com.android.wellbeing" + --> + <string name="config_defaultWellbeingPackage" translatable="false"></string> <!-- The package name for the system's content capture service. This service must be trusted, as it can be activated without explicit consent of the user. diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml index 82a679e14534..b24cdba5ec47 100644 --- a/core/res/res/values/symbols.xml +++ b/core/res/res/values/symbols.xml @@ -3265,6 +3265,7 @@ <java-symbol type="string" name="notification_channel_do_not_disturb" /> <java-symbol type="string" name="config_defaultAutofillService" /> <java-symbol type="string" name="config_defaultTextClassifierPackage" /> + <java-symbol type="string" name="config_defaultWellbeingPackage" /> <java-symbol type="string" name="config_defaultContentCaptureService" /> <java-symbol type="string" name="config_defaultAugmentedAutofillService" /> diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index b12d4b6b504e..4a95f615e664 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -1301,6 +1301,7 @@ public class PackageManagerService extends IPackageManager.Stub final @Nullable String mSetupWizardPackage; final @Nullable String mStorageManagerPackage; final @Nullable String mSystemTextClassifierPackage; + final @Nullable String mWellbeingPackage; final @NonNull String mServicesSystemSharedLibraryPackageName; final @NonNull String mSharedSystemSharedLibraryPackageName; @@ -2790,6 +2791,8 @@ public class PackageManagerService extends IPackageManager.Stub mSystemTextClassifierPackage = getSystemTextClassifierPackageName(); + mWellbeingPackage = getWellbeingPackageName(); + // Now that we know all of the shared libraries, update all clients to have // the correct library paths. updateAllSharedLibrariesLPw(null); @@ -19564,6 +19567,11 @@ public class PackageManagerService extends IPackageManager.Stub } @Override + public String getWellbeingPackageName() { + return mContext.getString(R.string.config_defaultWellbeingPackage); + } + + @Override public void setApplicationEnabledSetting(String appPackageName, int newState, int flags, int userId, String callingPackage) { if (!sUserManager.exists(userId)) return; @@ -22719,6 +22727,8 @@ public class PackageManagerService extends IPackageManager.Stub return mSystemTextClassifierPackage; case PackageManagerInternal.PACKAGE_PERMISSION_CONTROLLER: return mRequiredPermissionControllerPackage; + case PackageManagerInternal.PACKAGE_WELLBEING: + return mWellbeingPackage; } return null; } diff --git a/services/core/java/com/android/server/pm/permission/BasePermission.java b/services/core/java/com/android/server/pm/permission/BasePermission.java index 2d583ca39adb..11701af1c45d 100644 --- a/services/core/java/com/android/server/pm/permission/BasePermission.java +++ b/services/core/java/com/android/server/pm/permission/BasePermission.java @@ -235,6 +235,9 @@ public final class BasePermission { return (protectionLevel & PermissionInfo.PROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER) != 0; } + public boolean isWellbeing() { + return (protectionLevel & PermissionInfo.PROTECTION_FLAG_WELLBEING) != 0; + } public void transfer(@NonNull String origPackageName, @NonNull String newPackageName) { if (!origPackageName.equals(sourcePackageName)) { diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java index 4406fdde6454..4ef79702cd8b 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java @@ -1637,6 +1637,12 @@ public class PermissionManagerService { // Special permissions for the system default text classifier. allowed = true; } + if (!allowed && bp.isWellbeing() + && pkg.packageName.equals(mPackageManagerInt.getKnownPackageName( + PackageManagerInternal.PACKAGE_WELLBEING, UserHandle.USER_SYSTEM))) { + // Special permission granted only to the OEM specified wellbeing app + allowed = true; + } } return allowed; } |