diff options
7 files changed, 72 insertions, 40 deletions
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/ui/wear/WearAppPermissionGroupsHelper.kt b/PermissionController/src/com/android/permissioncontroller/permission/ui/wear/WearAppPermissionGroupsHelper.kt index 078eefe3b..2933d6fda 100644 --- a/PermissionController/src/com/android/permissioncontroller/permission/ui/wear/WearAppPermissionGroupsHelper.kt +++ b/PermissionController/src/com/android/permissioncontroller/permission/ui/wear/WearAppPermissionGroupsHelper.kt @@ -19,6 +19,7 @@ package com.android.permissioncontroller.permission.ui.wear import android.content.Context import android.content.pm.PackageManager import android.content.pm.PermissionInfo +import android.health.connect.HealthPermissions.HEALTH_PERMISSION_GROUP import android.os.Build import android.os.UserHandle import android.util.ArraySet @@ -319,6 +320,10 @@ class WearAppPermissionGroupsHelper( ) { // Redirect to location controller extra package settings. LocationUtils.startLocationControllerExtraPackageSettings(context, user) + } else if (permGroupName.equals(HEALTH_PERMISSION_GROUP) + && android.permission.flags.Flags.replaceBodySensorPermissionEnabled()) { + // Redirect to Health&Fitness UI + Utils.navigateToAppHealthConnectSettings(fragment.requireContext(), packageName, user) } else { val args = WearAppPermissionFragment.createArgs( diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt b/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt index 3198a4c09..a3446f802 100644 --- a/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt +++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt @@ -139,6 +139,12 @@ object PermissionMapping { PLATFORM_PERMISSIONS[Manifest.permission.NEARBY_WIFI_DEVICES] = Manifest.permission_group.NEARBY_DEVICES } + // Ranging permission will be supported from Android B+, update this when isAtLeastB() + // is available. + if (SdkLevel.isAtLeastV() && Flags.rangingPermissionEnabled()) { + PLATFORM_PERMISSIONS[Manifest.permission.RANGING] = + Manifest.permission_group.NEARBY_DEVICES + } // Any updates to the permissions for the CALL_LOG permission group must also be made in // Permissions {@link com.android.role.controller.model.Permissions} in the role diff --git a/service/java/com/android/permission/util/UserUtils.java b/service/java/com/android/permission/util/UserUtils.java index 33389a88f..639c7aacb 100644 --- a/service/java/com/android/permission/util/UserUtils.java +++ b/service/java/com/android/permission/util/UserUtils.java @@ -19,6 +19,7 @@ package com.android.permission.util; import android.annotation.NonNull; import android.annotation.UserIdInt; import android.content.Context; +import android.content.pm.PackageManager; import android.os.Binder; import android.os.Process; import android.os.UserHandle; @@ -30,6 +31,7 @@ import com.android.permission.compat.UserHandleCompat; import com.android.permission.flags.Flags; import java.util.List; +import java.util.Objects; /** Utility class to deal with Android users. */ public final class UserUtils { @@ -81,6 +83,32 @@ public final class UserUtils { } } + /** Returns all the enabled user profiles on the device. */ + @NonNull + public static List<UserHandle> getUserProfiles(@NonNull Context context) { + UserManager userManager = context.getSystemService(UserManager.class); + // This call requires the QUERY_USERS permission. + final long identity = Binder.clearCallingIdentity(); + try { + return userManager.getUserProfiles(); + } finally { + Binder.restoreCallingIdentity(identity); + } + } + + /** Returns the parent of a given user. */ + public static UserHandle getProfileParent(@UserIdInt int userId, @NonNull Context context) { + Context userContext = getUserContext(userId, context); + UserManager userManager = userContext.getSystemService(UserManager.class); + // This call requires the INTERACT_ACROSS_USERS permission. + final long identity = Binder.clearCallingIdentity(); + try { + return userManager.getProfileParent(UserHandle.of(userId)); + } finally { + Binder.restoreCallingIdentity(identity); + } + } + /** Returns whether a given {@code userId} corresponds to a managed profile. */ public static boolean isManagedProfile(@UserIdInt int userId, @NonNull Context context) { UserManager userManager = context.getSystemService(UserManager.class); @@ -107,8 +135,7 @@ public final class UserUtils { // MANAGE_USERS, QUERY_USERS, or INTERACT_ACROSS_USERS. final long identity = Binder.clearCallingIdentity(); try { - Context userContext = context - .createContextAsUser(UserHandle.of(userId), /* flags= */ 0); + Context userContext = getUserContext(userId, context); UserManager userManager = userContext.getSystemService(UserManager.class); return userManager != null && userManager.isPrivateProfile(); } finally { @@ -141,4 +168,13 @@ public final class UserUtils { Binder.restoreCallingIdentity(identity); } } + + @NonNull + public static Context getUserContext(@UserIdInt int userId, @NonNull Context context) { + if (SdkLevel.isAtLeastS() && context.getUser().getIdentifier() == userId) { + return context; + } else { + return context.createContextAsUser(UserHandle.of(userId), 0); + } + } } diff --git a/service/java/com/android/safetycenter/UserProfileGroup.java b/service/java/com/android/safetycenter/UserProfileGroup.java index 46a440bf7..3202c3776 100644 --- a/service/java/com/android/safetycenter/UserProfileGroup.java +++ b/service/java/com/android/safetycenter/UserProfileGroup.java @@ -134,9 +134,9 @@ public final class UserProfileGroup { * is disabled. */ public static UserProfileGroup fromUser(Context context, @UserIdInt int userId) { - UserManager userManager = getUserManagerForUser(userId, context); - List<UserHandle> userProfiles = getEnabledUserProfiles(userManager); - UserHandle profileParent = getProfileParent(userManager, userId); + Context userContext = UserUtils.getUserContext(userId, context); + List<UserHandle> userProfiles = UserUtils.getUserProfiles(userContext); + UserHandle profileParent = UserUtils.getProfileParent(userId, userContext); int profileParentUserId = userId; if (profileParent != null) { profileParentUserId = profileParent.getIdentifier(); @@ -192,23 +192,10 @@ public final class UserProfileGroup { } private static UserManager getUserManagerForUser(@UserIdInt int userId, Context context) { - Context userContext = getUserContext(context, UserHandle.of(userId)); + Context userContext = UserUtils.getUserContext(userId, context); return requireNonNull(userContext.getSystemService(UserManager.class)); } - private static Context getUserContext(Context context, UserHandle userHandle) { - if (Process.myUserHandle().equals(userHandle)) { - return context; - } else { - try { - return context.createPackageContextAsUser( - context.getPackageName(), /* flags= */ 0, userHandle); - } catch (PackageManager.NameNotFoundException doesNotHappen) { - throw new IllegalStateException(doesNotHappen); - } - } - } - private static boolean isProfile(@UserIdInt int userId, Context context) { // This call requires the INTERACT_ACROSS_USERS permission. final long callingId = Binder.clearCallingIdentity(); @@ -220,27 +207,6 @@ public final class UserProfileGroup { } } - private static List<UserHandle> getEnabledUserProfiles(UserManager userManager) { - // This call requires the QUERY_USERS permission. - final long callingId = Binder.clearCallingIdentity(); - try { - return userManager.getUserProfiles(); - } finally { - Binder.restoreCallingIdentity(callingId); - } - } - - @Nullable - private static UserHandle getProfileParent(UserManager userManager, @UserIdInt int userId) { - // This call requires the INTERACT_ACROSS_USERS permission. - final long callingId = Binder.clearCallingIdentity(); - try { - return userManager.getProfileParent(UserHandle.of(userId)); - } finally { - Binder.restoreCallingIdentity(callingId); - } - } - /** Returns the profile parent user id of the {@link UserProfileGroup}. */ public int getProfileParentUserId() { return mProfileParentUserId; diff --git a/tests/cts/permissionpolicy/Android.bp b/tests/cts/permissionpolicy/Android.bp index e6041eea2..4249f3c9d 100644 --- a/tests/cts/permissionpolicy/Android.bp +++ b/tests/cts/permissionpolicy/Android.bp @@ -37,6 +37,7 @@ android_test { "permission-test-util-lib", "androidx.test.rules", "flag-junit", + "android.permission.flags-aconfig-java-export", ], srcs: [ "src/**/*.java", diff --git a/tests/cts/permissionpolicy/res/raw/android_manifest.xml b/tests/cts/permissionpolicy/res/raw/android_manifest.xml index 94493ecf7..28d1d6c1e 100644 --- a/tests/cts/permissionpolicy/res/raw/android_manifest.xml +++ b/tests/cts/permissionpolicy/res/raw/android_manifest.xml @@ -2396,6 +2396,16 @@ android:label="@string/permlab_nearby_wifi_devices" android:protectionLevel="dangerous" /> + <!-- Required to be able to range to devices using any ranging technology. + @FlaggedApi("android.permission.flags.ranging_permission_enabled") + <p>Protection level: dangerous --> + <permission android:name="android.permission.RANGING" + android:permissionGroup="android.permission-group.UNDEFINED" + android:description="@string/permdesc_ranging" + android:label="@string/permlab_ranging" + android:protectionLevel="dangerous" + android:featureFlag="android.permission.flags.ranging_permission_enabled" /> + <!-- @SystemApi @TestApi Allows an application to suspend other apps, which will prevent the user from using them until they are unsuspended. @hide diff --git a/tests/cts/permissionpolicy/src/android/permissionpolicy/cts/RuntimePermissionProperties.kt b/tests/cts/permissionpolicy/src/android/permissionpolicy/cts/RuntimePermissionProperties.kt index 6b3ae5f2e..70832b6ba 100644 --- a/tests/cts/permissionpolicy/src/android/permissionpolicy/cts/RuntimePermissionProperties.kt +++ b/tests/cts/permissionpolicy/src/android/permissionpolicy/cts/RuntimePermissionProperties.kt @@ -33,6 +33,7 @@ import android.Manifest.permission.NEARBY_WIFI_DEVICES import android.Manifest.permission.PACKAGE_USAGE_STATS import android.Manifest.permission.POST_NOTIFICATIONS import android.Manifest.permission.PROCESS_OUTGOING_CALLS +import android.Manifest.permission.RANGING import android.Manifest.permission.READ_CALENDAR import android.Manifest.permission.READ_CALL_LOG import android.Manifest.permission.READ_CELL_BROADCASTS @@ -59,6 +60,7 @@ import android.content.pm.PackageManager.GET_PERMISSIONS import android.content.pm.PermissionInfo.PROTECTION_DANGEROUS import android.content.pm.PermissionInfo.PROTECTION_FLAG_APPOP import android.os.Build +import android.permission.flags.Flags import android.permission.PermissionManager import androidx.test.platform.app.InstrumentationRegistry import androidx.test.runner.AndroidJUnit4 @@ -187,6 +189,12 @@ class RuntimePermissionProperties { // runtime permission expectedPerms.add(READ_MEDIA_VISUAL_USER_SELECTED) + // Add runtime permissions added in B which were _not_ split from a previously existing + // runtime permission + if (Flags.rangingPermissionEnabled()) { + expectedPerms.add(RANGING) + } + assertThat(expectedPerms).containsExactlyElementsIn(platformRuntimePerms.map { it.name }) } } |