1 files changed, 39 insertions, 5 deletions

diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/RoleParser.java b/PermissionController/role-controller/java/com/android/role/controller/model/RoleParser.java
index 23299419e..cc2d102c8 100644
--- a/PermissionController/role-controller/java/com/android/role/controller/model/RoleParser.java
+++ b/PermissionController/role-controller/java/com/android/role/controller/model/RoleParser.java
@@ -21,8 +21,10 @@ import android.content.Context;
 import android.content.Intent;
 import android.content.pm.PackageManager;
 import android.content.pm.PermissionInfo;
+import android.content.res.Resources;
 import android.content.res.XmlResourceParser;
 import android.os.Build;
+import android.permission.flags.Flags;
 import android.util.ArrayMap;
 import android.util.Log;
 import android.util.Pair;
@@ -31,7 +33,9 @@ import androidx.annotation.NonNull;
 import androidx.annotation.Nullable;
 import androidx.annotation.VisibleForTesting;
 
+import com.android.modules.utils.build.SdkLevel;
 import com.android.role.controller.behavior.BrowserRoleBehavior;
+import com.android.role.controller.util.ResourceUtils;
 
 import org.xmlpull.v1.XmlPullParserException;
 
@@ -149,7 +153,7 @@ public class RoleParser {
      */
     @NonNull
     public ArrayMap<String, Role> parse() {
-        try (XmlResourceParser parser = sGetRolesXml.apply(mContext)) {
+        try (XmlResourceParser parser = getRolesXml()) {
             Pair<ArrayMap<String, PermissionSet>, ArrayMap<String, Role>> xml = parseXml(parser);
             if (xml == null) {
                 return new ArrayMap<>();
@@ -164,6 +168,20 @@ public class RoleParser {
         }
     }
 
+    /**
+     * Retrieves the roles.xml resource from a context
+     */
+    private XmlResourceParser getRolesXml() {
+        if (SdkLevel.isAtLeastV() && Flags.systemServerRoleControllerEnabled()) {
+            Resources resources = ResourceUtils.getPermissionControllerResources(mContext);
+            int resourceId = resources.getIdentifier("roles", "xml",
+                    ResourceUtils.RESOURCE_PACKAGE_NAME_PERMISSION_CONTROLLER);
+            return resources.getXml(resourceId);
+        } else {
+            return sGetRolesXml.apply(mContext);
+        }
+    }
+
     @Nullable
     private Pair<ArrayMap<String, PermissionSet>, ArrayMap<String, Role>> parseXml(
             @NonNull XmlResourceParser parser) throws IOException, XmlPullParserException {
@@ -252,6 +270,9 @@ public class RoleParser {
             return null;
         }
 
+        int minSdkVersion = getAttributeIntValue(parser, ATTRIBUTE_MIN_SDK_VERSION,
+                Build.VERSION_CODES.BASE);
+
         List<Permission> permissions = new ArrayList<>();
 
         int type;
@@ -269,6 +290,8 @@ public class RoleParser {
                 if (permission == null) {
                     continue;
                 }
+                int mergedMinSdkVersion = Math.max(permission.getMinSdkVersion(), minSdkVersion);
+                permission = permission.withMinSdkVersion(mergedMinSdkVersion);
                 validateNoDuplicateElement(permission, permissions, "permission");
                 permissions.add(permission);
             } else {
@@ -738,13 +761,24 @@ public class RoleParser {
                     if (permissionSetName == null) {
                         continue;
                     }
-                    if (!permissionSets.containsKey(permissionSetName)) {
+                    PermissionSet permissionSet = permissionSets.get(permissionSetName);
+                    if (permissionSet == null) {
                         throwOrLogMessage("Unknown permission set:" + permissionSetName);
                         continue;
                     }
-                    PermissionSet permissionSet = permissionSets.get(permissionSetName);
-                    // We do allow intersection between permission sets.
-                    permissions.addAll(permissionSet.getPermissions());
+                    int minSdkVersion = getAttributeIntValue(parser, ATTRIBUTE_MIN_SDK_VERSION,
+                            Build.VERSION_CODES.BASE);
+                    List<Permission> permissionsInSet = permissionSet.getPermissions();
+                    int permissionsInSetSize = permissionsInSet.size();
+                    for (int permissionsInSetIndex = 0;
+                            permissionsInSetIndex < permissionsInSetSize; permissionsInSetIndex++) {
+                        Permission permission = permissionsInSet.get(permissionsInSetIndex);
+                        int mergedMinSdkVersion =
+                                Math.max(permission.getMinSdkVersion(), minSdkVersion);
+                        permission = permission.withMinSdkVersion(mergedMinSdkVersion);
+                        // We do allow intersection between permission sets.
+                        permissions.add(permission);
+                    }
                     break;
                 }
                 case TAG_PERMISSION: {