Add Cross-user role support xml parsing

Add roles.xml parsing logic for cross-user role support. Adds new exclusivity logic for none, user, and profile. LOW_COVERAGE_REASON=FLAG_NOT_ENABLED Relnote: N/A Flag: com.android.permission.flags.cross_user_role_enabled Test: RoleParserTest Bug: 372746603 Change-Id: I23b22ff8c4a7b446190af96de1ca76d0121c584a
author: Richard MacGregor <rmacgregor@google.com> 2024-10-10 14:36:01 -0700
committer: Richard MacGregor <rmacgregor@google.com> 2024-10-31 22:22:27 +0000
commit: 2258d6daf8744e3e7598bd34d1b76c657b5bf58e (patch)
tree: 90597d0cd1f653ff490bf06691dd494bd07020bf /PermissionController/role-controller/java
parent: e489d3025d1019f5f7d373b617ddc03c38842dcf (diff)
2 files changed, 98 insertions, 28 deletions
diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/Role.java b/PermissionController/role-controller/java/com/android/role/controller/model/Role.java
index 2f2431ece..570ef034a 100644
--- a/PermissionController/role-controller/java/com/android/role/controller/model/Role.java
+++ b/PermissionController/role-controller/java/com/android/role/controller/model/Role.java
@@ -38,6 +38,7 @@ import android.util.ArrayMap;
 import android.util.ArraySet;
 import android.util.Log;
 
+import androidx.annotation.IntDef;
 import androidx.annotation.NonNull;
 import androidx.annotation.Nullable;
 import androidx.annotation.StringRes;
@@ -49,6 +50,8 @@ import com.android.role.controller.util.PackageUtils;
 import com.android.role.controller.util.RoleManagerCompat;
 import com.android.role.controller.util.UserUtils;
 
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -83,6 +86,27 @@ public class Role {
 
     private static final String CERTIFICATE_SEPARATOR = ":";
 
+    @Retention(RetentionPolicy.SOURCE)
+    @IntDef({
+            EXCLUSIVITY_NONE,
+            EXCLUSIVITY_USER,
+            EXCLUSIVITY_PROFILE_GROUP
+    })
+    public @interface Exclusivity {}
+
+    /**
+     * Does not enforce any exclusivity, which means multiple apps may hold this role in a user.
+     */
+    public static final int EXCLUSIVITY_NONE = 0;
+
+    /** Enforces exclusivity within one user. */
+    public static final int EXCLUSIVITY_USER = 1;
+
+    /**
+     * Enforces exclusivity across all users (including profile users) in the same profile group.
+     */
+    public static final int EXCLUSIVITY_PROFILE_GROUP = 2;
+
     /**
      * The name of this role. Must be unique.
      */
@@ -110,9 +134,10 @@ public class Role {
     private final int mDescriptionResource;
 
     /**
-     * Whether this role is exclusive, i.e. allows at most one holder.
+     * The exclusivity of this role, i.e. whether this role allows multiple holders, or allows at
+     * most one holder within a user or a profile group.
      */
-    private final boolean mExclusive;
+    private final int mExclusivity;
 
     /**
      * Whether this role should fall back to the default holder.
@@ -186,8 +211,8 @@ public class Role {
 
     /**
      * Whether the UI for this role will show the "None" item. Only valid if this role is
-     * {@link #mExclusive exclusive}, and {@link #getFallbackHolder(Context)} should also return
-     * empty to allow actually selecting "None".
+     * {@link #isExclusive()}, and {@link #getFallbackHolder(Context)} should
+     * also return empty to allow actually selecting "None".
      */
     private final boolean mShowNone;
 
@@ -241,14 +266,14 @@ public class Role {
 
     public Role(@NonNull String name, boolean allowBypassingQualification,
             @Nullable RoleBehavior behavior, @Nullable String defaultHoldersResourceName,
-            @StringRes int descriptionResource, boolean exclusive, boolean fallBackToDefaultHolder,
-            @Nullable Supplier<Boolean> featureFlag, @StringRes int labelResource,
-            int maxSdkVersion, int minSdkVersion, boolean onlyGrantWhenAdded,
-            boolean overrideUserWhenGranting, @StringRes int requestDescriptionResource,
-            @StringRes int requestTitleResource, boolean requestable,
-            @StringRes int searchKeywordsResource, @StringRes int shortLabelResource,
-            boolean showNone, boolean statik, boolean systemOnly, boolean visible,
-            @NonNull List<RequiredComponent> requiredComponents,
+            @StringRes int descriptionResource, @Exclusivity int exclusivity,
+            boolean fallBackToDefaultHolder, @Nullable Supplier<Boolean> featureFlag,
+            @StringRes int labelResource, int maxSdkVersion, int minSdkVersion,
+            boolean onlyGrantWhenAdded, boolean overrideUserWhenGranting,
+            @StringRes int requestDescriptionResource, @StringRes int requestTitleResource,
+            boolean requestable, @StringRes int searchKeywordsResource,
+            @StringRes int shortLabelResource, boolean showNone, boolean statik, boolean systemOnly,
+            boolean visible, @NonNull List<RequiredComponent> requiredComponents,
             @NonNull List<Permission> permissions, @NonNull List<Permission> appOpPermissions,
             @NonNull List<AppOp> appOps, @NonNull List<PreferredActivity> preferredActivities,
             @Nullable String uiBehaviorName) {
@@ -257,7 +282,7 @@ public class Role {
         mBehavior = behavior;
         mDefaultHoldersResourceName = defaultHoldersResourceName;
         mDescriptionResource = descriptionResource;
-        mExclusive = exclusive;
+        mExclusivity = exclusivity;
         mFallBackToDefaultHolder = fallBackToDefaultHolder;
         mFeatureFlag = featureFlag;
         mLabelResource = labelResource;
@@ -298,7 +323,13 @@ public class Role {
     }
 
     public boolean isExclusive() {
-        return mExclusive;
+        // TODO(b/373390494): Allow RoleBehavior to override this getExclusivity
+        return  mExclusivity != EXCLUSIVITY_NONE;
+    }
+
+    public int getExclusivity() {
+        // TODO(b/373390494): Allow RoleBehavior to override this
+        return mExclusivity;
     }
 
     @Nullable
@@ -353,6 +384,8 @@ public class Role {
      * @see #mShowNone
      */
     public boolean shouldShowNone() {
+        // TODO(b/373390494): Ensure RoleBehavior override doesn't conflict with this.
+        //  mShowNone can only be true if isExclusive=true
         return mShowNone;
     }
 
@@ -1041,7 +1074,7 @@ public class Role {
      */
     @Nullable
     public Intent getRestrictionIntentAsUser(@NonNull UserHandle user, @NonNull Context context) {
-        if (SdkLevel.isAtLeastU() && mExclusive) {
+        if (SdkLevel.isAtLeastU() && isExclusive()) {
             UserManager userManager = context.getSystemService(UserManager.class);
             if (userManager.hasUserRestrictionForUser(UserManager.DISALLOW_CONFIG_DEFAULT_APPS,
                     user)) {
@@ -1104,7 +1137,7 @@ public class Role {
                 + ", mBehavior=" + mBehavior
                 + ", mDefaultHoldersResourceName=" + mDefaultHoldersResourceName
                 + ", mDescriptionResource=" + mDescriptionResource
-                + ", mExclusive=" + mExclusive
+                + ", mExclusivity=" + mExclusivity
                 + ", mFallBackToDefaultHolder=" + mFallBackToDefaultHolder
                 + ", mFeatureFlag=" + mFeatureFlag
                 + ", mLabelResource=" + mLabelResource
diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/RoleParser.java b/PermissionController/role-controller/java/com/android/role/controller/model/RoleParser.java
index a0705cd5e..3a8c90888 100644
--- a/PermissionController/role-controller/java/com/android/role/controller/model/RoleParser.java
+++ b/PermissionController/role-controller/java/com/android/role/controller/model/RoleParser.java
@@ -89,6 +89,7 @@ public class RoleParser {
     private static final String ATTRIBUTE_DEFAULT_HOLDERS = "defaultHolders";
     private static final String ATTRIBUTE_DESCRIPTION = "description";
     private static final String ATTRIBUTE_EXCLUSIVE = "exclusive";
+    private static final String ATTRIBUTE_EXCLUSIVITY = "exclusivity";
     private static final String ATTRIBUTE_FALL_BACK_TO_DEFAULT_HOLDER = "fallBackToDefaultHolder";
     private static final String ATTRIBUTE_FEATURE_FLAG = "featureFlag";
     private static final String ATTRIBUTE_LABEL = "label";
@@ -135,6 +136,10 @@ public class RoleParser {
         sModeNameToMode.put(MODE_NAME_FOREGROUND, AppOpsManager.MODE_FOREGROUND);
     }
 
+    private static final String EXCLUSIVITY_NONE = "none";
+    private static final String EXCLUSIVITY_USER = "user";
+    private static final String EXCLUSIVITY_PROFILE_GROUP = "profileGroup";
+
     private static final Supplier<Boolean> sFeatureFlagFallback = () -> false;
 
     private static final ArrayMap<Class<?>, Class<?>> sPrimitiveToWrapperClass = new ArrayMap<>();
@@ -413,13 +418,45 @@ public class RoleParser {
             shortLabelResource = 0;
         }
 
-        Boolean exclusive = requireAttributeBooleanValue(parser, ATTRIBUTE_EXCLUSIVE, true,
-                TAG_ROLE);
-        if (exclusive == null) {
-            skipCurrentTag(parser);
-            return null;
+        int exclusivity;
+        if (com.android.permission.flags.Flags.crossUserRoleEnabled()) {
+            String exclusivityName = requireAttributeValue(parser, ATTRIBUTE_EXCLUSIVITY, TAG_ROLE);
+            if (exclusivityName == null) {
+                skipCurrentTag(parser);
+                return null;
+            }
+            switch (exclusivityName) {
+                case EXCLUSIVITY_NONE:
+                    exclusivity = Role.EXCLUSIVITY_NONE;
+                    break;
+                case EXCLUSIVITY_USER:
+                    exclusivity = Role.EXCLUSIVITY_USER;
+                    break;
+                case EXCLUSIVITY_PROFILE_GROUP:
+                    // TODO(b/372743073): change to isAtLeastB once available
+                    // EXCLUSIVITY_PROFILE behavior only available for B+
+                    // fallback to default of EXCLUSIVITY_USER
+                    exclusivity = SdkLevel.isAtLeastV()
+                            ? Role.EXCLUSIVITY_PROFILE_GROUP
+                            : Role.EXCLUSIVITY_USER;
+                    break;
+                default:
+                    throwOrLogMessage("Invalid value for \"exclusivity\" on <role>: " + name
+                            + ", exclusivity: " + exclusivityName);
+                    skipCurrentTag(parser);
+                    return null;
+            }
+        } else {
+            Boolean exclusive =
+                    requireAttributeBooleanValue(parser, ATTRIBUTE_EXCLUSIVE, true, TAG_ROLE);
+            if (exclusive == null) {
+                skipCurrentTag(parser);
+                return null;
+            }
+            exclusivity = exclusive ? Role.EXCLUSIVITY_USER : Role.EXCLUSIVITY_NONE;
         }
 
+
         boolean fallBackToDefaultHolder = getAttributeBooleanValue(parser,
                 ATTRIBUTE_FALL_BACK_TO_DEFAULT_HOLDER, false);
 
@@ -470,7 +507,7 @@ public class RoleParser {
                 0);
 
         boolean showNone = getAttributeBooleanValue(parser, ATTRIBUTE_SHOW_NONE, false);
-        if (showNone && !exclusive) {
+        if (showNone && exclusivity == Role.EXCLUSIVITY_NONE) {
             throwOrLogMessage("showNone=\"true\" is invalid for a non-exclusive role: " + name);
             skipCurrentTag(parser);
             return null;
@@ -567,12 +604,12 @@ public class RoleParser {
             preferredActivities = Collections.emptyList();
         }
         return new Role(name, allowBypassingQualification, behavior, defaultHoldersResourceName,
-                descriptionResource, exclusive, fallBackToDefaultHolder, featureFlag, labelResource,
-                maxSdkVersion, minSdkVersion, onlyGrantWhenAdded, overrideUserWhenGranting,
-                requestDescriptionResource, requestTitleResource, requestable,
-                searchKeywordsResource, shortLabelResource, showNone, statik, systemOnly, visible,
-                requiredComponents, permissions, appOpPermissions, appOps, preferredActivities,
-                uiBehaviorName);
+                descriptionResource, exclusivity, fallBackToDefaultHolder, featureFlag,
+                labelResource, maxSdkVersion, minSdkVersion, onlyGrantWhenAdded,
+                overrideUserWhenGranting, requestDescriptionResource, requestTitleResource,
+                requestable, searchKeywordsResource, shortLabelResource, showNone, statik,
+                systemOnly, visible, requiredComponents, permissions, appOpPermissions, appOps,
+                preferredActivities, uiBehaviorName);
     }
 
     @NonNull
author	Richard MacGregor <rmacgregor@google.com>	2024-10-10 14:36:01 -0700
committer	Richard MacGregor <rmacgregor@google.com>	2024-10-31 22:22:27 +0000
commit	2258d6daf8744e3e7598bd34d1b76c657b5bf58e (patch)
tree	90597d0cd1f653ff490bf06691dd494bd07020bf /PermissionController/role-controller/java
parent	e489d3025d1019f5f7d373b617ddc03c38842dcf (diff)