diff options
author | Hai Zhang <zhanghai@google.com> | 2024-01-17 07:32:14 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2024-01-17 07:32:14 +0000 |
commit | 5264fe4830833066805e08533476f36aa6d7ab0b (patch) | |
tree | 6f42627b37575e929e1f0d3626450cdab13f4be2 /PermissionController/role-controller | |
parent | 23ebde4a4b41845e23041befd0258b0be26811f1 (diff) | |
parent | 1d27374d581301397f4288e5fee45d02cd448445 (diff) | |
download | Permission-5264fe4830833066805e08533476f36aa6d7ab0b.tar.gz |
Merge "Add onlyGrantWhenAdded for role." into main
Diffstat (limited to 'PermissionController/role-controller')
3 files changed, 34 insertions, 13 deletions
diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/Role.java b/PermissionController/role-controller/java/com/android/role/controller/model/Role.java index 31216f72d..fe062ef53 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/Role.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/Role.java @@ -128,6 +128,11 @@ public class Role { private final int mMinSdkVersion; /** + * Whether this role should only grant privileges when a role holder is actively added. + */ + private final boolean mOnlyGrantWhenAdded; + + /** * Whether this role should override user's choice about privileges when granting. */ private final boolean mOverrideUserWhenGranting; @@ -224,11 +229,11 @@ public class Role { @Nullable RoleBehavior behavior, @Nullable String defaultHoldersResourceName, @StringRes int descriptionResource, boolean exclusive, boolean fallBackToDefaultHolder, @StringRes int labelResource, int maxSdkVersion, int minSdkVersion, - boolean overrideUserWhenGranting, @StringRes int requestDescriptionResource, - @StringRes int requestTitleResource, boolean requestable, - @StringRes int searchKeywordsResource, @StringRes int shortLabelResource, - boolean showNone, boolean statik, boolean systemOnly, boolean visible, - @NonNull List<RequiredComponent> requiredComponents, + boolean onlyGrantWhenAdded, boolean overrideUserWhenGranting, + @StringRes int requestDescriptionResource, @StringRes int requestTitleResource, + boolean requestable, @StringRes int searchKeywordsResource, + @StringRes int shortLabelResource, boolean showNone, boolean statik, boolean systemOnly, + boolean visible, @NonNull List<RequiredComponent> requiredComponents, @NonNull List<Permission> permissions, @NonNull List<Permission> appOpPermissions, @NonNull List<AppOp> appOps, @NonNull List<PreferredActivity> preferredActivities, @Nullable String uiBehaviorName) { @@ -242,6 +247,7 @@ public class Role { mLabelResource = labelResource; mMaxSdkVersion = maxSdkVersion; mMinSdkVersion = minSdkVersion; + mOnlyGrantWhenAdded = onlyGrantWhenAdded; mOverrideUserWhenGranting = overrideUserWhenGranting; mRequestDescriptionResource = requestDescriptionResource; mRequestTitleResource = requestTitleResource; @@ -309,6 +315,13 @@ public class Role { } /** + * @see #mOnlyGrantWhenAdded + */ + public boolean shouldOnlyGrantWhenAdded() { + return mOnlyGrantWhenAdded; + } + + /** * @see #mOverrideUserWhenGranting */ public boolean shouldOverrideUserWhenGranting() { @@ -1000,6 +1013,7 @@ public class Role { + ", mLabelResource=" + mLabelResource + ", mMaxSdkVersion=" + mMaxSdkVersion + ", mMinSdkVersion=" + mMinSdkVersion + + ", mOnlyGrantWhenAdded=" + mOnlyGrantWhenAdded + ", mOverrideUserWhenGranting=" + mOverrideUserWhenGranting + ", mRequestDescriptionResource=" + mRequestDescriptionResource + ", mRequestTitleResource=" + mRequestTitleResource diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/RoleParser.java b/PermissionController/role-controller/java/com/android/role/controller/model/RoleParser.java index cc2d102c8..bd530d09d 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/model/RoleParser.java +++ b/PermissionController/role-controller/java/com/android/role/controller/model/RoleParser.java @@ -92,6 +92,7 @@ public class RoleParser { private static final String ATTRIBUTE_LABEL = "label"; private static final String ATTRIBUTE_MAX_SDK_VERSION = "maxSdkVersion"; private static final String ATTRIBUTE_MIN_SDK_VERSION = "minSdkVersion"; + private static final String ATTRIBUTE_ONLY_GRANT_WHEN_ADDED = "onlyGrantWhenAdded"; private static final String ATTRIBUTE_OVERRIDE_USER_WHEN_GRANTING = "overrideUserWhenGranting"; private static final String ATTRIBUTE_QUERY_FLAGS = "queryFlags"; private static final String ATTRIBUTE_REQUEST_TITLE = "requestTitle"; @@ -396,6 +397,9 @@ public class RoleParser { return null; } + boolean onlyGrantWhenAdded = getAttributeBooleanValue(parser, + ATTRIBUTE_ONLY_GRANT_WHEN_ADDED, false); + boolean overrideUserWhenGranting = getAttributeBooleanValue(parser, ATTRIBUTE_OVERRIDE_USER_WHEN_GRANTING, false); @@ -523,10 +527,11 @@ public class RoleParser { } return new Role(name, allowBypassingQualification, behavior, defaultHoldersResourceName, descriptionResource, exclusive, fallBackToDefaultHolder, labelResource, - maxSdkVersion, minSdkVersion, overrideUserWhenGranting, requestDescriptionResource, - requestTitleResource, requestable, searchKeywordsResource, shortLabelResource, - showNone, statik, systemOnly, visible, requiredComponents, permissions, - appOpPermissions, appOps, preferredActivities, uiBehaviorName); + maxSdkVersion, minSdkVersion, onlyGrantWhenAdded, overrideUserWhenGranting, + requestDescriptionResource, requestTitleResource, requestable, + searchKeywordsResource, shortLabelResource, showNone, statik, systemOnly, visible, + requiredComponents, permissions, appOpPermissions, appOps, preferredActivities, + uiBehaviorName); } @NonNull diff --git a/PermissionController/role-controller/java/com/android/role/controller/service/RoleControllerServiceImpl.java b/PermissionController/role-controller/java/com/android/role/controller/service/RoleControllerServiceImpl.java index 2a6010c4d..bc7562c11 100644 --- a/PermissionController/role-controller/java/com/android/role/controller/service/RoleControllerServiceImpl.java +++ b/PermissionController/role-controller/java/com/android/role/controller/service/RoleControllerServiceImpl.java @@ -131,10 +131,12 @@ public class RoleControllerServiceImpl extends RoleControllerService { String packageName = currentPackageNames.get(currentPackageNamesIndex); if (role.isPackageQualifiedAsUser(packageName, mUser, mContext)) { - // We should not override user set or fixed permissions because we are only - // redoing the grant here. Otherwise, user won't be able to revoke permissions - // granted by role. - addRoleHolderInternal(role, packageName, false, false, true); + if (!role.shouldOnlyGrantWhenAdded()) { + // We should not override user set or fixed permissions because we are only + // redoing the grant here. Otherwise, user won't be able to revoke + // permissions granted by role. + addRoleHolderInternal(role, packageName, false, false, true); + } } else { Log.i(LOG_TAG, "Removing package that no longer qualifies for the role," + " package: " + packageName + ", role: " + roleName); |