diff options
| author | 2024-06-14 22:40:28 +0000 | |
|---|---|---|
| committer | 2024-06-14 22:40:28 +0000 | |
| commit | f7aa3f59343e497d0abcfdb124dc6f00fa8e7ece (patch) | |
| tree | 920aa9c6224cc97fc97e44f37ba4d8bc95ab4f3f | |
| parent | 78cb990ce3d6fcb4dc4e320cfc24e06862a11a12 (diff) | |
| parent | 3ace85cfd0178e8b78a0d29749588152c135443e (diff) | |
Merge "Add receive_sensitive_notifications app op to roles" into main
3 files changed, 50 insertions, 7 deletions
diff --git a/PermissionController/res/xml/roles.xml b/PermissionController/res/xml/roles.xml index 842472d02..6e65b96e3 100644 --- a/PermissionController/res/xml/roles.xml +++ b/PermissionController/res/xml/roles.xml @@ -452,6 +452,9 @@ <permission name="android.permission.ALLOW_SLIPPERY_TOUCHES" minSdkVersion="33" optionalMinSdkVersion="30" /> <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35" /> </permissions> + <app-ops> + <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> + </app-ops> </role> <!--- @see android.telecom.CallRedirectionService --> @@ -561,6 +564,9 @@ <app-op-permission name="android.permission.USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER" /> <app-op-permission name="android.permission.MEDIA_ROUTING_CONTROL" minSdkVersion="35" /> </app-op-permissions> + <app-ops> + <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> + </app-ops> </role> <role @@ -594,6 +600,9 @@ <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/> <permission name="android.permission.CAPTURE_SECURE_VIDEO_OUTPUT" minSdkVersion="35" /> </permissions> + <app-ops> + <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> + </app-ops> </role> <role @@ -984,6 +993,9 @@ notifications with sensitive content unredacted--> <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/> </permissions> + <app-ops> + <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> + </app-ops> </role> <!--- @@ -1140,6 +1152,9 @@ notifications with sensitive content unredacted--> <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/> </permissions> + <app-ops> + <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> + </app-ops> </role> <!--- @@ -1205,6 +1220,9 @@ notifications with sensitive content unredacted--> <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/> </permissions> + <app-ops> + <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> + </app-ops> </role> <role @@ -1228,6 +1246,9 @@ <app-op-permissions> <app-op-permission name="android.permission.MANAGE_ONGOING_CALLS" /> </app-op-permissions> + <app-ops> + <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> + </app-ops> </role> <role diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/AppOp.java b/PermissionController/role-controller/java/com/android/role/controller/model/AppOp.java index 6647a4f94..11cfff114 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/AppOp.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/AppOp.java @@ -18,11 +18,13 @@ package com.android.role.controller.model; import android.content.Context; import android.content.pm.ApplicationInfo; +import android.os.Build; import android.os.UserHandle; import androidx.annotation.NonNull; import androidx.annotation.Nullable; +import com.android.modules.utils.build.SdkLevel; import com.android.role.controller.util.PackageUtils; import java.util.Objects; @@ -45,13 +47,20 @@ public class AppOp { private final Integer mMaxTargetSdkVersion; /** + * The minimum device SDK version for this app op to be granted + */ + private final int mMinSdkVersion; + + /** * The mode of this app op when granted. */ private final int mMode; - public AppOp(@NonNull String name, @Nullable Integer maxTargetSdkVersion, int mode) { + public AppOp(@NonNull String name, @Nullable Integer maxTargetSdkVersion, int minSdkVersion, + int mode) { mName = name; mMaxTargetSdkVersion = maxTargetSdkVersion; + mMinSdkVersion = minSdkVersion; mMode = mode; } @@ -65,6 +74,10 @@ public class AppOp { return mMaxTargetSdkVersion; } + public int getMindSdkVersion() { + return mMinSdkVersion; + } + public int getMode() { return mMode; } @@ -80,7 +93,7 @@ public class AppOp { */ public boolean grantAsUser(@NonNull String packageName, @NonNull UserHandle user, @NonNull Context context) { - if (!checkTargetSdkVersionAsUser(packageName, user, context)) { + if (!isAvailableAsUser(packageName, user, context)) { return false; } return Permissions.setAppOpUidModeAsUser(packageName, mName, mMode, user, context); @@ -97,15 +110,20 @@ public class AppOp { */ public boolean revokeAsUser(@NonNull String packageName, @NonNull UserHandle user, @NonNull Context context) { - if (!checkTargetSdkVersionAsUser(packageName, user, context)) { + if (!isAvailableAsUser(packageName, user, context)) { return false; } int defaultMode = Permissions.getDefaultAppOpMode(mName); return Permissions.setAppOpUidModeAsUser(packageName, mName, defaultMode, user, context); } - private boolean checkTargetSdkVersionAsUser(@NonNull String packageName, + private boolean isAvailableAsUser(@NonNull String packageName, @NonNull UserHandle user, @NonNull Context context) { + if (!(Build.VERSION.SDK_INT >= mMinSdkVersion + // Workaround to match the value 35 for V in roles.xml before SDK finalization. + || (mMinSdkVersion == 35 && SdkLevel.isAtLeastV()))) { + return false; + } if (mMaxTargetSdkVersion == null) { return true; } @@ -122,6 +140,7 @@ public class AppOp { return "AppOp{" + "mName='" + mName + '\'' + ", mMaxTargetSdkVersion=" + mMaxTargetSdkVersion + + ", mMinSdkVersion=" + mMinSdkVersion + ", mMode=" + mMode + '}'; } @@ -135,13 +154,14 @@ public class AppOp { return false; } AppOp appOp = (AppOp) object; - return mMode == appOp.mMode + return mMinSdkVersion == appOp.mMinSdkVersion + && mMode == appOp.mMode && Objects.equals(mName, appOp.mName) && Objects.equals(mMaxTargetSdkVersion, appOp.mMaxTargetSdkVersion); } @Override public int hashCode() { - return Objects.hash(mName, mMaxTargetSdkVersion, mMode); + return Objects.hash(mName, mMaxTargetSdkVersion, mMinSdkVersion, mMode); } } diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/RoleParser.java b/PermissionController/role-controller/java/com/android/role/controller/model/RoleParser.java index ad9054727..30a6f1638 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/RoleParser.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/RoleParser.java @@ -881,6 +881,8 @@ public class RoleParser { throwOrLogMessage("Invalid value for \"maxTargetSdkVersion\": " + maxTargetSdkVersion); } + int minSdkVersion = getAttributeIntValue(parser, + ATTRIBUTE_MIN_SDK_VERSION, Build.VERSION_CODES.BASE); String modeName = requireAttributeValue(parser, ATTRIBUTE_MODE, TAG_APP_OP); if (modeName == null) { continue; @@ -891,7 +893,7 @@ public class RoleParser { continue; } int mode = sModeNameToMode.valueAt(modeIndex); - AppOp appOp = new AppOp(name, maxTargetSdkVersion, mode); + AppOp appOp = new AppOp(name, maxTargetSdkVersion, minSdkVersion, mode); appOps.add(appOp); } else { throwOrLogForUnknownTag(parser); |