Create new role for dependency installer.

NO_IFTTT=flag jarjar logic already covered Relnote: Creating a new role to be held by a system app responsible for installing shared library dependencies required by the current active install session. Bug: 372862084 Test: local testing FLAG: android.content.pm.sdk_dependency_installer Change-Id: I776e7b494f94b55f4ef92e686ae7a498b521682b
author: Sorin Dinu <sorindinu@google.com> 2024-11-04 13:30:09 +0000
committer: Sorin Dinu <sorindinu@google.com> 2024-11-14 20:11:19 +0000
commit: dd962fc881107655bc8ff98afff1b3fbacd1eeac (patch)
tree: e6d9aaf67f3321a917d3d476e3fa7a679fe08dd5
parent: 12e30aec1519e2306a8c74781aa1d87f27f49376 (diff)
4 files changed, 53 insertions, 1 deletions
diff --git a/PermissionController/res/xml/roles.xml b/PermissionController/res/xml/roles.xml
index 64642f403..16aac230a 100644
--- a/PermissionController/res/xml/roles.xml
+++ b/PermissionController/res/xml/roles.xml
@@ -1830,4 +1830,27 @@
         shortLabel="@string/role_wallet_short_label"
         uiBehavior="v35.WalletRoleUiBehavior"/>
 
+    <role
+        name="android.app.role.SYSTEM_DEPENDENCY_INSTALLER"
+        allowBypassingQualification="true"
+        defaultHolders="config_systemDependencyInstaller"
+        exclusive="true"
+        exclusivity="user"
+        featureFlag="android.content.pm.Flags.sdkDependencyInstaller"
+        static="true"
+        systemOnly="true"
+        visible="false">
+        <required-components>
+            <service permission="android.permission.BIND_DEPENDENCY_INSTALLER">
+                <intent-filter>
+                    <action name="android.content.pm.action.INSTALL_DEPENDENCY" />
+                </intent-filter>
+            </service>
+        </required-components>
+        <permissions>
+            <permission name="android.permission.ACCESS_SHARED_LIBRARIES" />
+            <permission name="android.permission.INSTALL_DEPENDENCY_SHARED_LIBRARIES" />
+        </permissions>
+    </role>
+
 </roles>
diff --git a/PermissionController/role-controller/Android.bp b/PermissionController/role-controller/Android.bp
index 612c979b5..9a046a397 100644
--- a/PermissionController/role-controller/Android.bp
+++ b/PermissionController/role-controller/Android.bp
@@ -33,6 +33,7 @@ java_library {
         "modules-utils-build_system",
         "android.app.appfunctions.exported-flags-aconfig-java",
         "android.companion.virtualdevice.flags-aconfig-java-export",
+        "android.content.pm.flags-aconfig-java-export",
         "android.permission.flags-aconfig-java-export",
         "android.os.flags-aconfig-java-export",
     ],
diff --git a/service/jarjar-rules.txt b/service/jarjar-rules.txt
index 4d4d6e050..ef6971b11 100644
--- a/service/jarjar-rules.txt
+++ b/service/jarjar-rules.txt
@@ -10,6 +10,10 @@ rule android.companion.virtualdevice.flags.*FeatureFlags* com.android.permission
 rule android.companion.virtualdevice.flags.FeatureFlags* com.android.permission.jarjar.@0
 rule android.companion.virtualdevice.flags.FeatureFlags com.android.permission.jarjar.@0
 rule android.companion.virtualdevice.flags.Flags com.android.permission.jarjar.@0
+rule android.content.pm.*FeatureFlags* com.android.permission.jarjar.@0
+rule android.content.pm.FeatureFlags* com.android.permission.jarjar.@0
+rule android.content.pm.FeatureFlags com.android.permission.jarjar.@0
+rule android.content.pm.Flags com.android.permission.jarjar.@0
 rule android.os.*FeatureFlags* com.android.permission.jarjar.@0
 rule android.os.FeatureFlags* com.android.permission.jarjar.@0
 rule android.os.FeatureFlags com.android.permission.jarjar.@0
diff --git a/tests/cts/permissionpolicy/res/raw/android_manifest.xml b/tests/cts/permissionpolicy/res/raw/android_manifest.xml
index 335357f29..8cfdaa90e 100644
--- a/tests/cts/permissionpolicy/res/raw/android_manifest.xml
+++ b/tests/cts/permissionpolicy/res/raw/android_manifest.xml
@@ -7725,7 +7725,31 @@
     <!-- @SystemApi Allows an application to access shared libraries.
          @hide -->
     <permission android:name="android.permission.ACCESS_SHARED_LIBRARIES"
-                android:protectionLevel="signature|installer" />
+        android:protectionLevel="signature|installer"
+        android:featureFlag="!android.content.pm.sdk_dependency_installer" />
+
+    <!-- @SystemApi Allows an application to access shared libraries.
+         @hide -->
+    <permission android:name="android.permission.ACCESS_SHARED_LIBRARIES"
+        android:protectionLevel="signature|installer|role"
+        android:featureFlag="android.content.pm.sdk_dependency_installer" />
+
+    <!-- @SystemApi Permission held by the system to allow binding to the dependency installer role
+         holder.
+         @FlaggedApi(android.content.pm.Flags.FLAG_SDK_DEPENDENCY_INSTALLER)
+         @hide -->
+    <permission android:name="android.permission.BIND_DEPENDENCY_INSTALLER"
+        android:protectionLevel="signature"
+        android:featureFlag="android.content.pm.sdk_dependency_installer" />
+
+    <!-- @SystemApi Allows an application to install shared libraries of types
+         {@link android.content.pm.SharedLibraryInfo#TYPE_STATIC} or
+         {@link android.content.pm.SharedLibraryInfo#TYPE_SDK_PACKAGE}.
+         @FlaggedApi(android.content.pm.Flags.FLAG_SDK_DEPENDENCY_INSTALLER)
+         @hide -->
+    <permission android:name="android.permission.INSTALL_DEPENDENCY_SHARED_LIBRARIES"
+        android:protectionLevel="signature|role"
+        android:featureFlag="android.content.pm.sdk_dependency_installer" />
 
     <!-- Allows an app to log compat change usage.
          @hide  <p>Not for use by third-party applications.</p> -->
author	Sorin Dinu <sorindinu@google.com>	2024-11-04 13:30:09 +0000
committer	Sorin Dinu <sorindinu@google.com>	2024-11-14 20:11:19 +0000
commit	dd962fc881107655bc8ff98afff1b3fbacd1eeac (patch)
tree	e6d9aaf67f3321a917d3d476e3fa7a679fe08dd5
parent	12e30aec1519e2306a8c74781aa1d87f27f49376 (diff)