diff options
| author | Thomas Vannet <tvannet@google.com> | 2022-01-05 17:55:30 -0800 |
|---|---|---|
| committer | Thomas Vannet <tvannet@google.com> | 2022-01-11 16:32:40 -0800 |
| commit | af615e7baf003cb5104ca11143df84e28d071774 (patch) | |
| tree | a7f2b6ca337d8caf5c2b7a2f2ffd85cecb6ba0aa /core/java/android/permission/PermissionControllerService.java | |
| parent | e503303146bb0f724558512977c0b29e32f9e0f3 (diff) | |
Add self revocation public API
Test: Manual test using a non-privileged app, atest
android.permission.cts.SelfRevokeRuntimePermissionTest
When calling the API, the permission (along with any other permissions
from the same group) for the current package is downgraded to a one-time
permission, and a one-time permission session is started.
Bug: 210387494
Change-Id: I9f061cbc8c3db720127c96200fe94a644246b6d7
Diffstat (limited to 'core/java/android/permission/PermissionControllerService.java')
| -rw-r--r-- | core/java/android/permission/PermissionControllerService.java | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/core/java/android/permission/PermissionControllerService.java b/core/java/android/permission/PermissionControllerService.java index c9793032c7eb..dcbab62530b1 100644 --- a/core/java/android/permission/PermissionControllerService.java +++ b/core/java/android/permission/PermissionControllerService.java @@ -324,6 +324,27 @@ public abstract class PermissionControllerService extends Service { @NonNull Consumer<String> callback) { throw new AbstractMethodError("Must be overridden in implementing class"); } + + /** + * Triggers the revocation of one or more permissions for a package. This should only be called + * at the request of {@code packageName}. + * <p> + * For every permission in {@code permissions}, the entire permission group it belongs to will + * be revoked. This revocation happens asynchronously and kills all processes running in the + * same UID as {@code packageName}. It will be triggered once it is safe to do so. + * + * @param packageName The name of the package for which the permissions will be revoked. + * @param permissions List of permissions to be revoked. + * @param callback Callback waiting for operation to be complete. + * + * @see PermissionManager#selfRevokePermissions(java.util.Collection) + */ + @BinderThread + public void onSelfRevokePermissions(@NonNull String packageName, + @NonNull List<String> permissions, @NonNull Runnable callback) { + throw new AbstractMethodError("Must be overridden in implementing class"); + } + /** * Get a user-readable sentence, describing the set of privileges that are to be granted to a * companion app managing a device of the given profile. @@ -646,6 +667,20 @@ public abstract class PermissionControllerService extends Service { callback.completeExceptionally(t); } } + + @Override + public void selfRevokePermissions(@NonNull String packageName, + @NonNull List<String> permissions, @NonNull AndroidFuture callback) { + try { + enforceSomePermissionsGrantedToCaller( + Manifest.permission.REVOKE_RUNTIME_PERMISSIONS); + Objects.requireNonNull(callback); + onSelfRevokePermissions(packageName, permissions, + () -> callback.complete(null)); + } catch (Throwable t) { + callback.completeExceptionally(t); + } + } }; } } |