Define a new permission to guard role-based application executing action The system would like to enable Assistant to perform actions on behalf of users inside of applications. We introduce a permission that will be automatically granted to the assistant role. The application exposes some services that allow only the assistant to use the service, so application can use this permission to check the caller that calls app’s service is the Assistant Bug: 264324827 Test: atest PermissionPolicyTest#platformPermissionPolicyIsUnaltered Change-Id: I0b9d4055258bb2e3c7eda7da1ae4dbd8f901feea

commit: 7edaa310860e26ad5fb229f036191c89bb3f9880 [log] [tgz]
author: Joanne <joannechung@google.com> Wed Jan 11 19:34:56 2023 +0800
committer: Joanne Chung <joannechung@google.com> Fri Jan 13 04:02:51 2023 +0000
tree: 791570b1795464b4cd4c3a10f2324eeed0ca5a1c
parent: c6438bfd1ffa12e2590bf7df3f5985398a2723e6 [diff]
diff --git a/PermissionController/res/xml/roles.xml b/PermissionController/res/xml/roles.xml
index f2cd53e..15689d5 100644
--- a/PermissionController/res/xml/roles.xml
+++ b/PermissionController/res/xml/roles.xml

@@ -138,6 +138,8 @@
                 minSdkVersion="33"/>
             <permission name="android.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE"
                 minSdkVersion="33" />
+            <permission name="android.permission.EXECUTE_APP_ACTION"
+                minSdkVersion="34" />
         </permissions>
         <app-op-permissions>
             <app-op-permission name="android.permission.SYSTEM_ALERT_WINDOW" />
commit	7edaa310860e26ad5fb229f036191c89bb3f9880	[log] [tgz]
author	Joanne <joannechung@google.com>	Wed Jan 11 19:34:56 2023 +0800
committer	Joanne Chung <joannechung@google.com>	Fri Jan 13 04:02:51 2023 +0000
tree	791570b1795464b4cd4c3a10f2324eeed0ca5a1c
parent	c6438bfd1ffa12e2590bf7df3f5985398a2723e6 [diff]