Address Android 11's package visibility rules. (#11551)

jdcormie · web-flow · commit 99be6e985281 · 2024-09-23T20:37:09.000-07:00
diff --git a/documentation/android-binderchannel-status-codes.md b/documentation/android-binderchannel-status-codes.md
@@ -23,15 +23,23 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
    </td>
   </tr>
   <tr>
-   <td>1
+   <td>0
    </td>
-   <td>Server app not installed
+   <td><a href="https://developer.android.com/training/package-visibility">Server app not visible</a>.
+   </td>
+   <td rowspan="6" >bindService() returns false
+   </td>
+   <td rowspan="9" ><p>UNIMPLEMENTED<p>“The operation is not implemented or is not supported / enabled in this service.”
+   </td>
+   <td>Give up - This is an error in the client manifest.
    </td>
-   <td rowspan="5" >bindService() returns false
+  </tr>
+  <tr>
+   <td>1
    </td>
-   <td rowspan="8" ><p>UNIMPLEMENTED<p>“The operation is not implemented or is not supported / enabled in this service.”
+   <td>Server app not installed
    </td>
-   <td rowspan="9" >Direct the user to install/reinstall the server app.
+   <td rowspan="8" >Direct the user to install/reinstall the server app.
    </td>
   </tr>
   <tr>
@@ -90,6 +98,8 @@ Consider the table that follows as an BinderChannel-specific addendum to the “
    <td rowspan="5" ><p>PERMISSION_DENIED<p>
 “The caller does not have permission to execute the specified operation …”
    </td>
+   <td>Direct the user to update the server app in the hopes that a newer version fixes this error in its manifest.
+   </td>
   </tr>
   <tr>
    <td>10
@@ -315,13 +325,15 @@ According to a review of the AOSP source code, there are in fact several cases:
 1. The target package is not installed
 2. The target package is installed but does not declare the target Service in its manifest.
 3. The target package requests dangerous permissions but targets sdk &lt;= M and therefore requires a permissions review, but the caller is not running in the foreground and so it would be inappropriate to launch the review UI.
+4. The target package is not visible to the client due to [Android 11 package visibility rules](https://developer.android.com/training/package-visibility).
 
 Status code mapping: **UNIMPLEMENTED**
 
 (1) and (2) are interesting new possibilities unique to on-device RPC. (1) is straightforward and the most likely cause of (2) is that the user has an old version of the server app installed that predates its gRPC integration. Many clients will want to handle these cases, likely by directing the user to the app store in order to install/upgrade the server.
 
 Unfortunately `UNIMPLEMENTED` doesn’t capture (3) but none of the other canonical status codes do either and we expect this case to be extremely rare.
 
+(4) is intentially indistinguishable from (1) by Android design so we can't handle it differently. However, as a client manifest error, it's not something reasonable apps would handle at runtime anyway.
 
 ### bindService() throws SecurityException
 
@@ -382,4 +394,4 @@ Android’s Parcel class exposes a mechanism for marshalling certain types of `R
 
 The calling Activity or Service Context might be destroyed with a gRPC request in flight. Apps should cease operations when the Context hosting it goes away and this includes cancelling any outstanding RPCs.  
 
-Status code mapping: **CANCELLED**
+Status code mapping: **CANCELLED**
