diff options
| author | Thomas Vannet <tvannet@google.com> | 2022-01-05 17:55:30 -0800 |
|---|---|---|
| committer | Thomas Vannet <tvannet@google.com> | 2022-01-11 16:32:40 -0800 |
| commit | af615e7baf003cb5104ca11143df84e28d071774 (patch) | |
| tree | a7f2b6ca337d8caf5c2b7a2f2ffd85cecb6ba0aa /core/java/android/permission/PermissionControllerManager.java | |
| parent | e503303146bb0f724558512977c0b29e32f9e0f3 (diff) | |
Add self revocation public API
Test: Manual test using a non-privileged app, atest
android.permission.cts.SelfRevokeRuntimePermissionTest
When calling the API, the permission (along with any other permissions
from the same group) for the current package is downgraded to a one-time
permission, and a one-time permission session is started.
Bug: 210387494
Change-Id: I9f061cbc8c3db720127c96200fe94a644246b6d7
Diffstat (limited to 'core/java/android/permission/PermissionControllerManager.java')
| -rw-r--r-- | core/java/android/permission/PermissionControllerManager.java | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/core/java/android/permission/PermissionControllerManager.java b/core/java/android/permission/PermissionControllerManager.java index a0788e70b247..47cd10765da0 100644 --- a/core/java/android/permission/PermissionControllerManager.java +++ b/core/java/android/permission/PermissionControllerManager.java @@ -817,4 +817,40 @@ public final class PermissionControllerManager { } }); } + + /** + * Triggers the revocation of one or more permissions for a package, under the following + * conditions: + * <ul> + * <li>The package {@code packageName} must be under the same UID as the calling process + * (typically, the target package is the calling package). + * <li>Each permission in {@code permissions} must be granted to the package + * {@code packageName}. + * <li>Each permission in {@code permissions} must be a runtime permission. + * </ul> + * <p> + * For every permission in {@code permissions}, the entire permission group it belongs to will + * be revoked. This revocation happens asynchronously and kills all processes running in the + * same UID as {@code packageName}. It will be triggered once it is safe to do so. + * + * @param packageName The name of the package for which the permissions will be revoked. + * @param permissions List of permissions to be revoked. + * + * @see Context#selfRevokePermissions(Collection) + * + * @hide + */ + public void selfRevokePermissions(@NonNull String packageName, + @NonNull List<String> permissions) { + mRemoteService.postAsync(service -> { + AndroidFuture<Void> future = new AndroidFuture<>(); + service.selfRevokePermissions(packageName, permissions, future); + return future; + }).whenComplete((result, err) -> { + if (err != null) { + Log.e(TAG, "Failed to self revoke " + String.join(",", permissions) + + " for package " + packageName, err); + } + }); + } } |