Expose health permission group and MANAGE_HEALTH_PERMISSIONS as SystemAPI constants.
This will allow other mainline modules such as permissions to reference it.
Bug: 246943151
Test: atest CtsHealthConnectDeviceTestCases:android.healthconnect.cts.HealthPermissionsPresenceTest
Test: atest HealthConnectWithManagePermissionsIntegrationTests
Test: atest HealthConnectWithoutManagePermissionsIntegrationTests
Change-Id: I1ce47b94c028b9cf74607c990b451188ef9d1c70
diff --git a/framework/api/system-current.txt b/framework/api/system-current.txt
index 576475c..48a7d9c 100644
--- a/framework/api/system-current.txt
+++ b/framework/api/system-current.txt
@@ -1,4 +1,13 @@
// Signature format: 2.0
+package android.healthconnect {
+
+ public final class HealthPermissions {
+ field public static final String HEALTH_PERMISSION_GROUP = "android.permission-group.HEALTH";
+ field public static final String MANAGE_HEALTH_PERMISSIONS = "android.permission.MANAGE_HEALTH_PERMISSIONS";
+ }
+
+}
+
package android.healthconnect.datatypes {
public abstract class Record {
diff --git a/framework/java/android/healthconnect/Constants.java b/framework/java/android/healthconnect/Constants.java
index d228498..1b82a07 100644
--- a/framework/java/android/healthconnect/Constants.java
+++ b/framework/java/android/healthconnect/Constants.java
@@ -22,11 +22,6 @@
* @hide
*/
public final class Constants {
- public static final String MANAGE_HEALTH_PERMISSIONS_NAME =
- "android.permission.MANAGE_HEALTH_PERMISSIONS";
-
- public static final String HEALTH_PERMISSION_GROUP_NAME = "android.permission-group.HEALTH";
-
public static final boolean DEBUG = false;
public static final int DEFAULT_INT = -1;
public static final long DEFAULT_LONG = -1;
diff --git a/framework/java/android/healthconnect/HealthConnectManager.java b/framework/java/android/healthconnect/HealthConnectManager.java
index 4188895..bc89e57 100644
--- a/framework/java/android/healthconnect/HealthConnectManager.java
+++ b/framework/java/android/healthconnect/HealthConnectManager.java
@@ -76,7 +76,7 @@
*
* @hide
*/
- @RequiresPermission(Constants.MANAGE_HEALTH_PERMISSIONS_NAME)
+ @RequiresPermission(HealthPermissions.MANAGE_HEALTH_PERMISSIONS)
@UserHandleAware
public void grantHealthPermission(@NonNull String packageName, @NonNull String permissionName) {
try {
@@ -95,7 +95,7 @@
*
* @hide
*/
- @RequiresPermission(Constants.MANAGE_HEALTH_PERMISSIONS_NAME)
+ @RequiresPermission(HealthPermissions.MANAGE_HEALTH_PERMISSIONS)
@UserHandleAware
public void revokeHealthPermission(
@NonNull String packageName, @NonNull String permissionName, @Nullable String reason) {
@@ -114,7 +114,7 @@
*
* @hide
*/
- @RequiresPermission(Constants.MANAGE_HEALTH_PERMISSIONS_NAME)
+ @RequiresPermission(HealthPermissions.MANAGE_HEALTH_PERMISSIONS)
@UserHandleAware
public void revokeAllHealthPermissions(@NonNull String packageName, @Nullable String reason) {
try {
@@ -130,7 +130,7 @@
*
* @hide
*/
- @RequiresPermission(Constants.MANAGE_HEALTH_PERMISSIONS_NAME)
+ @RequiresPermission(HealthPermissions.MANAGE_HEALTH_PERMISSIONS)
@UserHandleAware
public List<String> getGrantedHealthPermissions(@NonNull String packageName) {
try {
diff --git a/framework/java/android/healthconnect/HealthPermissions.java b/framework/java/android/healthconnect/HealthPermissions.java
index a0db72a..fb31997 100644
--- a/framework/java/android/healthconnect/HealthPermissions.java
+++ b/framework/java/android/healthconnect/HealthPermissions.java
@@ -16,11 +16,32 @@
package android.healthconnect;
+import android.annotation.SystemApi;
+
// TODO(b/255340973): consider generate this class.
/** Permissions for accessing the HealthConnect APIs. */
public final class HealthPermissions {
private HealthPermissions() {}
+ /**
+ * Allows an application to grant/revoke health-related permissions.
+ *
+ * <p>Protection level: signature.
+ *
+ * @hide
+ */
+ @SystemApi
+ public static final String MANAGE_HEALTH_PERMISSIONS =
+ "android.permission.MANAGE_HEALTH_PERMISSIONS";
+
+ /**
+ * Used for runtime permissions which grant access to Health Connect data.
+ *
+ * @hide
+ */
+ @SystemApi
+ public static final String HEALTH_PERMISSION_GROUP = "android.permission-group.HEALTH";
+
/*
* Allows an application to read the user's active calories burned data.
* <p>Protection level: dangerous
diff --git a/service/java/com/android/server/healthconnect/HealthConnectPermissionHelper.java b/service/java/com/android/server/healthconnect/HealthConnectPermissionHelper.java
index 7689c7e..769a525 100644
--- a/service/java/com/android/server/healthconnect/HealthConnectPermissionHelper.java
+++ b/service/java/com/android/server/healthconnect/HealthConnectPermissionHelper.java
@@ -22,16 +22,16 @@
import android.annotation.Nullable;
import android.app.ActivityManager;
import android.content.Context;
-import android.content.pm.PackageManager;
import android.content.pm.PackageInfo;
-import android.healthconnect.Constants;
+import android.content.pm.PackageManager;
+import android.healthconnect.HealthPermissions;
import android.os.Binder;
import android.os.UserHandle;
+import java.util.ArrayList;
+import java.util.List;
import java.util.Objects;
import java.util.Set;
-import java.util.List;
-import java.util.ArrayList;
/** A handler for HealthConnect permission-related logic. */
final class HealthConnectPermissionHelper {
@@ -174,7 +174,8 @@
}
private void enforceManageHealthPermissions(String message) {
- mContext.enforceCallingOrSelfPermission(Constants.MANAGE_HEALTH_PERMISSIONS_NAME, message);
+ mContext.enforceCallingOrSelfPermission(
+ HealthPermissions.MANAGE_HEALTH_PERMISSIONS, message);
}
/**
diff --git a/service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java b/service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java
index 3d34335..9ed0a60 100644
--- a/service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java
+++ b/service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java
@@ -25,8 +25,8 @@
import android.content.pm.PackageManager;
import android.content.pm.PermissionInfo;
import android.database.sqlite.SQLiteException;
-import android.healthconnect.Constants;
import android.healthconnect.HealthConnectException;
+import android.healthconnect.HealthPermissions;
import android.healthconnect.aidl.HealthConnectExceptionParcel;
import android.healthconnect.aidl.IHealthConnectService;
import android.healthconnect.aidl.IInsertRecordsResponseCallback;
@@ -148,7 +148,7 @@
/**
* Returns a set of health permissions defined within the module and belonging to {@link
- * Constants#HEALTH_PERMISSION_GROUP_NAME}.
+ * HealthPermissions.HEALTH_PERMISSION_GROUP}.
*
* <p><b>Note:</b> If we, for some reason, fail to retrieve these, we return an empty set rather
* than crashing the device. This means the health permissions infra will be inactive.
@@ -164,7 +164,7 @@
Set<String> definedHealthPerms = new HashSet<>(permissionInfos.length);
for (PermissionInfo permInfo : permissionInfos) {
- if (Constants.HEALTH_PERMISSION_GROUP_NAME.equals(permInfo.group)) {
+ if (HealthPermissions.HEALTH_PERMISSION_GROUP.equals(permInfo.group)) {
definedHealthPerms.add(permInfo.name);
}
}
@@ -185,7 +185,7 @@
try {
healthConnectControllerPackageName =
packageManager.getPermissionInfo(
- Constants.MANAGE_HEALTH_PERMISSIONS_NAME, /* flags= */ 0)
+ HealthPermissions.MANAGE_HEALTH_PERMISSIONS, /* flags= */ 0)
.packageName;
packageInfo =
packageManager.getPackageInfo(
@@ -198,7 +198,7 @@
Slog.e(
TAG,
"HealthConnect permission"
- + Constants.MANAGE_HEALTH_PERMISSIONS_NAME
+ + HealthPermissions.MANAGE_HEALTH_PERMISSIONS
+ ") not found");
} else {
// we couldn't find the package
diff --git a/tests/PermissionIntegrationTests/DoesNotHavePermissionTests/src/android/healthconnect/tests/withoutmanagepermissions/HealthConnectWithoutManagePermissionsTest.java b/tests/PermissionIntegrationTests/DoesNotHavePermissionTests/src/android/healthconnect/tests/withoutmanagepermissions/HealthConnectWithoutManagePermissionsTest.java
index b968932..159270f 100644
--- a/tests/PermissionIntegrationTests/DoesNotHavePermissionTests/src/android/healthconnect/tests/withoutmanagepermissions/HealthConnectWithoutManagePermissionsTest.java
+++ b/tests/PermissionIntegrationTests/DoesNotHavePermissionTests/src/android/healthconnect/tests/withoutmanagepermissions/HealthConnectWithoutManagePermissionsTest.java
@@ -33,8 +33,8 @@
* Integration tests for {@link android.healthconnect.HealthConnectManager} Permission-related APIs.
*
* <p><b>Note:</b> These tests operate while <b>not</b> holding {@link
- * android.healthconnect.Constants.MANAGE_HEALTH_PERMISSIONS_NAME}. For tests asserting that the API
- * behaves as expected for holders of the permission, please see {@link
+ * android.healthconnect.HealthPermissions.MANAGE_HEALTH_PERMISSIONS}. For tests asserting that the
+ * API behaves as expected for holders of the permission, please see {@link
* android.healthconnect.tests.withmanagepermissions.HealthConnectWithManagePermissionsTest}.
*
* <p><b>Build/Install/Run:</b> {@code atest HealthConnectWithoutManagePermissionsIntegrationTests}.
diff --git a/tests/PermissionIntegrationTests/HasPermissionTests/src/android/healthconnect/tests/withmanagepermissions/HealthConnectWithManagePermissionsTest.java b/tests/PermissionIntegrationTests/HasPermissionTests/src/android/healthconnect/tests/withmanagepermissions/HealthConnectWithManagePermissionsTest.java
index be83f00..beda877 100644
--- a/tests/PermissionIntegrationTests/HasPermissionTests/src/android/healthconnect/tests/withmanagepermissions/HealthConnectWithManagePermissionsTest.java
+++ b/tests/PermissionIntegrationTests/HasPermissionTests/src/android/healthconnect/tests/withmanagepermissions/HealthConnectWithManagePermissionsTest.java
@@ -26,7 +26,6 @@
import android.Manifest;
import android.content.Context;
import android.content.pm.PackageManager;
-import android.healthconnect.Constants;
import android.healthconnect.HealthConnectManager;
import android.healthconnect.HealthPermissions;
@@ -44,16 +43,16 @@
* Integration tests for {@link android.healthconnect.HealthConnectManager} Permission-related APIs.
*
* <p><b>Note:</b> These tests operate while holding {@link
- * Constants.MANAGE_HEALTH_PERMISSIONS_NAME}. For tests asserting that non-holders of the permission
- * cannot call the APIs, please see {@link
+ * HealthPermissions.MANAGE_HEALTH_PERMISSIONS}. For tests asserting that non-holders of the
+ * permission cannot call the APIs, please see {@link
* android.healthconnect.tests.withoutmanagepermissions.HealthConnectWithoutManagePermissionsTest}.
*
* <p><b>Note:</b> Since we need to hold the aforementioned permission, this test needs to be signed
* with the same certificate as the HealthConnect module. Therefore, <b>we skip this test when it
- * cannot hold {@link Constants.MANAGE_HEALTH_PERMISSIONS_NAME}. The primary use of these tests is
- * therefore during development, when we are building from source rather than using prebuilts</b>.
- * Additionally, this test can run as a presubmit on the main (master) branch where modules are
- * always built from source.
+ * cannot hold {@link HealthPermissions.MANAGE_HEALTH_PERMISSIONS}. The primary use of these tests
+ * is therefore during development, when we are building from source rather than using
+ * prebuilts</b>. Additionally, this test can run as a presubmit on the main (master) branch where
+ * modules are always built from source.
*
* <p><b>Build/Install/Run:</b> {@code atest HealthConnectWithManagePermissionsIntegrationTests}.
*/
@@ -75,7 +74,7 @@
mContext = InstrumentationRegistry.getTargetContext();
assumeTrue(
"Skipping test - test cannot hold "
- + Constants.MANAGE_HEALTH_PERMISSIONS_NAME
+ + HealthPermissions.MANAGE_HEALTH_PERMISSIONS
+ " for the build-under-test. This is likely because the build uses "
+ "mainline prebuilts and therefore does not have a compatible signature "
+ "with this test app. See the test class Javadoc for more info.",
@@ -316,7 +315,8 @@
}
/**
- * Returns {@code true} if the test can hold {@link Constants.MANAGE_HEALTH_PERMISSIONS_NAME}.
+ * Returns {@code true} if the test can hold {@link
+ * HealthPermissions.MANAGE_HEALTH_PERMISSIONS}.
*
* <p>The permission is protected at signature level, and should be granted automatically if
* it's possible to hold. So effectively this method can simply check if this test's package
@@ -324,7 +324,7 @@
*/
private static boolean canHoldManageHealthPermsPermission() {
return InstrumentationRegistry.getContext()
- .checkSelfPermission(Constants.MANAGE_HEALTH_PERMISSIONS_NAME)
+ .checkSelfPermission(HealthPermissions.MANAGE_HEALTH_PERMISSIONS)
== PackageManager.PERMISSION_GRANTED;
}
}
diff --git a/tests/cts/src/android/healthconnect/cts/HealthPermissionsPresenceTest.java b/tests/cts/src/android/healthconnect/cts/HealthPermissionsPresenceTest.java
index 49af835..accbaa5 100644
--- a/tests/cts/src/android/healthconnect/cts/HealthPermissionsPresenceTest.java
+++ b/tests/cts/src/android/healthconnect/cts/HealthPermissionsPresenceTest.java
@@ -124,7 +124,7 @@
public void testHealthPermissionGroup_isDefined() throws Exception {
PermissionGroupInfo info =
mPackageManager.getPermissionGroupInfo(
- "android.permission-group.HEALTH", /* flags= */ 0);
+ HealthPermissions.HEALTH_PERMISSION_GROUP, /* flags= */ 0);
assertThat(info).isNotNull();
}