2 files changed, 96 insertions, 0 deletions

diff --git a/framework-s/java/android/app/role/IRoleManager.aidl b/framework-s/java/android/app/role/IRoleManager.aidl
index 522967630..cd0079e08 100644
--- a/framework-s/java/android/app/role/IRoleManager.aidl
+++ b/framework-s/java/android/app/role/IRoleManager.aidl
@@ -45,6 +45,10 @@ interface IRoleManager {
     void setDefaultApplicationAsUser(in String roleName, in String packageName, int flags,
 	    int userId, in RemoteCallback callback);
 
+    int getActiveUserForRoleAsUser(in String roleName, int userId);
+
+    void setActiveUserForRoleAsUser(in String roleName, int activeUserId, int flags, int userId);
+
     void addOnRoleHoldersChangedListenerAsUser(IOnRoleHoldersChangedListener listener, int userId);
 
     void removeOnRoleHoldersChangedListenerAsUser(IOnRoleHoldersChangedListener listener,
diff --git a/framework-s/java/android/app/role/RoleManager.java b/framework-s/java/android/app/role/RoleManager.java
index 4b8c9b388..6f62fdd76 100644
--- a/framework-s/java/android/app/role/RoleManager.java
+++ b/framework-s/java/android/app/role/RoleManager.java
@@ -40,6 +40,7 @@ import android.os.RemoteCallback;
 import android.os.RemoteException;
 import android.os.UserHandle;
 import android.permission.flags.Flags;
+import android.permission.internal.compat.UserHandleCompat;
 import android.util.ArrayMap;
 import android.util.SparseArray;
 
@@ -211,6 +212,16 @@ public final class RoleManager {
             "android.app.role.SYSTEM_CALL_STREAMING";
 
     /**
+     * The name of the role used for testing cross-user roles.
+     *
+     * @hide
+     */
+    @FlaggedApi(com.android.permission.flags.Flags.FLAG_CROSS_USER_ROLE_ENABLED)
+    @SystemApi
+    public static final String ROLE_RESERVED_FOR_TESTING_PROFILE_GROUP_EXCLUSIVITY =
+            "android.app.role.RESERVED_FOR_TESTING_PROFILE_GROUP_EXCLUSIVITY";
+
+    /**
      * @hide
      */
     @IntDef(flag = true, value = { MANAGE_HOLDERS_FLAG_DONT_KILL_APP })
@@ -574,6 +585,87 @@ public final class RoleManager {
         }
     }
 
+    /**
+     * Get the {@link UserHandle} of the user who that is the active user for the specified role.
+     * <p>
+     * Only profile-group exclusive roles can be used with this method, and they will
+     * have one active user within a profile group.
+     * <p>
+     * <strong>Note:</strong> Using this API requires holding
+     * {@code android.permission.INTERACT_ACROSS_USERS_FULL} and one of
+     * {@code android.permission.MANAGE_ROLE_HOLDERS} or
+     * {@code android.permission.MANAGE_DEFAULT_APPLICATIONS}.
+     *
+     * @param roleName the name of the role to get the active user for
+     *
+     * @return a {@link UserHandle} of the active user for the specified role
+     *
+     * @see #setActiveUserForRole(String, UserHandle, int)
+     *
+     * @hide
+     */
+    @RequiresPermission(allOf = {Manifest.permission.INTERACT_ACROSS_USERS_FULL,
+            Manifest.permission.MANAGE_ROLE_HOLDERS,
+            Manifest.permission.MANAGE_DEFAULT_APPLICATIONS},
+            conditional = true)
+    @RequiresApi(Build.VERSION_CODES.BAKLAVA)
+    @SystemApi
+    @UserHandleAware
+    @FlaggedApi(com.android.permission.flags.Flags.FLAG_CROSS_USER_ROLE_ENABLED)
+    @Nullable
+    public UserHandle getActiveUserForRole(@NonNull String roleName) {
+        Preconditions.checkStringNotEmpty(roleName, "roleName cannot be null or empty");
+        try {
+            int userId = mService.getActiveUserForRoleAsUser(roleName,
+                    mContext.getUser().getIdentifier());
+            return userId == UserHandleCompat.USER_NULL ? null : UserHandle.of(userId);
+        } catch (RemoteException e) {
+            throw e.rethrowFromSystemServer();
+        }
+    }
+
+    /**
+     * Set a specific user as active user for a role.
+     * <p>
+     * Only profile-group exclusive roles can be used with this method, and they will have
+     * one active user within a profile group.
+     * <p>
+     * <strong>Note:</strong> Using this API requires holding
+     * {@code android.permission.INTERACT_ACROSS_USERS_FULL} and one of
+     * {@code android.permission.MANAGE_ROLE_HOLDERS} or
+     * {@code android.permission.MANAGE_DEFAULT_APPLICATIONS}.
+     *
+     * @param roleName the name of the role to set the active user for
+     * @param user the user to set as active user for specified role
+     * @param flags optional behavior flags
+     *
+     * @see #getActiveUserForRole(String)
+     *
+     * @hide
+     */
+    @RequiresPermission(allOf = {Manifest.permission.INTERACT_ACROSS_USERS_FULL,
+            Manifest.permission.MANAGE_ROLE_HOLDERS,
+            Manifest.permission.MANAGE_DEFAULT_APPLICATIONS},
+            conditional = true)
+    @RequiresApi(Build.VERSION_CODES.BAKLAVA)
+    @SystemApi
+    @UserHandleAware
+    @FlaggedApi(com.android.permission.flags.Flags.FLAG_CROSS_USER_ROLE_ENABLED)
+    // The user handle parameter is a value to be set by this method, while the context user of the
+    // operation is indeed read from the context
+    @SuppressLint("UserHandle")
+    public void setActiveUserForRole(
+            @NonNull String roleName, @NonNull UserHandle user, @ManageHoldersFlags int flags) {
+        Preconditions.checkStringNotEmpty(roleName, "roleName cannot be null or empty");
+        Objects.requireNonNull(user, "user cannot be null");
+        try {
+            mService.setActiveUserForRoleAsUser(roleName, user.getIdentifier(), flags,
+                    mContext.getUser().getIdentifier());
+        } catch (RemoteException e) {
+            throw e.rethrowFromSystemServer();
+        }
+    }
+
     @NonNull
     private static RemoteCallback createRemoteCallback(@NonNull Executor executor,
             @NonNull Consumer<Boolean> callback) {