PccSandboxManager
class PccSandboxManager
| kotlin.Any | |
| ↳ | android.app.privatecompute.PccSandboxManager |
Manager for interacting with the Private Compute Core (PCC) sandbox.
Summary
| Public methods | |
|---|---|
| Boolean |
isPccTrustedSystemComponent(uid: Int, packageName: String?)Returns whether the given package is considered a "Trusted System Component" by the framework. |
| Boolean |
Returns whether the given UID belongs to a Private Compute Services (PCS) package. |
| Unit |
startNonPccProcessForDataMigration(executor: Executor, callback: OutcomeReceiver<MigrationRequestResult!, MigrationException!>)Requests the framework to start the non-PCC migration service of the calling application. |
| Unit |
writeToAuditLog(data: PersistableBundle)Writes data to the audit log, if audit mode is enabled. |
Public methods
isPccTrustedSystemComponent
fun isPccTrustedSystemComponent(
uid: Int,
packageName: String?
): Boolean
Returns whether the given package is considered a "Trusted System Component" by the framework. This also includes Private Compute Services apps, which are an extension to the framework's trust boundary. Trusted System components are allowed two-way communication with the PCC components.
| Parameters | |
|---|---|
uid |
Int: The UID of the application. |
packageName |
String?: The package name of the application. This can be null when a single packagename isn't available, e.g. for SYSTEM_UID. If non-null, this API checks whether uid corresponds to packageName, and returns false if it doesn't. |
| Return | |
|---|---|
Boolean |
true if the app is a trusted system component, false otherwise. |
isPrivateComputeServicesUid
fun isPrivateComputeServicesUid(uid: Int): Boolean
Returns whether the given UID belongs to a Private Compute Services (PCS) package. These are packages that hold the android.Manifest.permission#PROVIDE_PRIVATE_COMPUTE_SERVICES.
| Parameters | |
|---|---|
uid |
Int: The UID to check. |
| Return | |
|---|---|
Boolean |
true if the UID belongs to a PCS package, false otherwise. |
startNonPccProcessForDataMigration
fun startNonPccProcessForDataMigration(
executor: Executor,
callback: OutcomeReceiver<MigrationRequestResult!, MigrationException!>
): Unit
Requests the framework to start the non-PCC migration service of the calling application.
This is intended for PCC components to trigger a process outside the PCC sandbox to perform tasks like data migration. The system will look for a service extending DataMigrationToPccService in the application's manifest that is not marked as a PCC component. If found, the non-PCC process is started and the service is invoked.
If the non-PCC process is already running, this ensures the migration service is triggered. System unbinds from the service either when the service indicates it has accepted/rejected the request, or failing that, after a timeout of DataMigrationToPccService.MIGRATION_TIMEOUT_MS.
| Parameters | |
|---|---|
executor |
Executor: The executor on which the callback will be invoked. This value cannot be null. Callback and listener events are dispatched through this Executor, providing an easy way to control which thread is used. To dispatch events through the main thread of your application, you can use Context.getMainExecutor(). Otherwise, provide an Executor that dispatches to an appropriate thread. |
callback |
OutcomeReceiver<MigrationRequestResult!, MigrationException!>: The callback to receive the result of the migration request. This value cannot be null. |
writeToAuditLog
fun writeToAuditLog(data: PersistableBundle): Unit
Writes data to the audit log, if audit mode is enabled. Otherwise, does nothing.
Nested Bundles are supported up to a depth of 100.
| Parameters | |
|---|---|
data |
PersistableBundle: The data to write to the audit log. This value cannot be null. |