diff options
| author | Mathew Inwood <mathewi@google.com> | 2018-02-22 12:57:48 +0000 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2018-02-22 12:57:48 +0000 |
| commit | 9a50d7579516ee3b877aab84f412bdd2d0fe03b4 (patch) | |
| tree | d28ac0e45acb2519512e26e57abe3eb7d8f6d594 | |
| parent | 033de4676b6dbffeec1cfa3832fe651cc0550cf2 (diff) | |
| parent | 787c193ee5fb5009cfabfdb72f87038f0dd242de (diff) | |
Merge "Package whitelist for hiddenapi checks."
| -rw-r--r-- | core/java/android/content/pm/ApplicationInfo.java | 6 | ||||
| -rw-r--r-- | core/java/com/android/server/SystemConfig.java | 18 | ||||
| -rw-r--r-- | data/etc/Android.mk | 8 | ||||
| -rw-r--r-- | data/etc/hiddenapi-package-whitelist.xml | 26 |
4 files changed, 57 insertions, 1 deletions
diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java index 80fc8e3c2f16..8ea81a4aa99b 100644 --- a/core/java/android/content/pm/ApplicationInfo.java +++ b/core/java/android/content/pm/ApplicationInfo.java @@ -35,6 +35,7 @@ import android.util.Printer; import android.util.SparseArray; import com.android.internal.util.ArrayUtils; +import com.android.server.SystemConfig; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; @@ -1459,7 +1460,10 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { * @hide */ public boolean isAllowedToUseHiddenApi() { - return isSystemApp(); + boolean whitelisted = + SystemConfig.getInstance().getHiddenApiWhitelistedApps().contains(packageName); + return isSystemApp() || // TODO get rid of this once the whitelist has been populated + (whitelisted && (isSystemApp() || isUpdatedSystemApp())); } /** diff --git a/core/java/com/android/server/SystemConfig.java b/core/java/com/android/server/SystemConfig.java index 77788921635f..bdb5f99f1f35 100644 --- a/core/java/com/android/server/SystemConfig.java +++ b/core/java/com/android/server/SystemConfig.java @@ -60,6 +60,7 @@ public class SystemConfig { private static final int ALLOW_PERMISSIONS = 0x04; private static final int ALLOW_APP_CONFIGS = 0x08; private static final int ALLOW_PRIVAPP_PERMISSIONS = 0x10; + private static final int ALLOW_HIDDENAPI_WHITELISTING = 0x20; private static final int ALLOW_ALL = ~0; // Group-ids that are given to all packages as read from etc/permissions/*.xml. @@ -134,6 +135,9 @@ public class SystemConfig { // These are the permitted backup transport service components final ArraySet<ComponentName> mBackupTransportWhitelist = new ArraySet<>(); + // Package names that are exempted from private API blacklisting + final ArraySet<String> mHiddenApiPackageWhitelist = new ArraySet<>(); + // These are the packages of carrier-associated apps which should be disabled until used until // a SIM is inserted which grants carrier privileges to that carrier app. final ArrayMap<String, List<String>> mDisabledUntilUsedPreinstalledCarrierAssociatedApps = @@ -204,6 +208,10 @@ public class SystemConfig { return mSystemUserBlacklistedApps; } + public ArraySet<String> getHiddenApiWhitelistedApps() { + return mHiddenApiPackageWhitelist; + } + public ArraySet<ComponentName> getDefaultVrComponents() { return mDefaultVrComponents; } @@ -327,6 +335,7 @@ public class SystemConfig { boolean allowPermissions = (permissionFlag & ALLOW_PERMISSIONS) != 0; boolean allowAppConfigs = (permissionFlag & ALLOW_APP_CONFIGS) != 0; boolean allowPrivappPermissions = (permissionFlag & ALLOW_PRIVAPP_PERMISSIONS) != 0; + boolean allowApiWhitelisting = (permissionFlag & ALLOW_HIDDENAPI_WHITELISTING) != 0; while (true) { XmlUtils.nextElement(parser); if (parser.getEventType() == XmlPullParser.END_DOCUMENT) { @@ -569,6 +578,15 @@ public class SystemConfig { XmlUtils.skipCurrentTag(parser); } else if ("privapp-permissions".equals(name) && allowPrivappPermissions) { readPrivAppPermissions(parser); + } else if ("hidden-api-whitelisted-app".equals(name) && allowApiWhitelisting) { + String pkgname = parser.getAttributeValue(null, "package"); + if (pkgname == null) { + Slog.w(TAG, "<hidden-api-whitelisted-app> without package in " + permFile + + " at " + parser.getPositionDescription()); + } else { + mHiddenApiPackageWhitelist.add(pkgname); + } + XmlUtils.skipCurrentTag(parser); } else { XmlUtils.skipCurrentTag(parser); continue; diff --git a/data/etc/Android.mk b/data/etc/Android.mk index b2c68401d7e7..936ad22d4fc5 100644 --- a/data/etc/Android.mk +++ b/data/etc/Android.mk @@ -39,3 +39,11 @@ LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/permissions LOCAL_SRC_FILES := $(LOCAL_MODULE) include $(BUILD_PREBUILT) + +######################## +include $(CLEAR_VARS) +LOCAL_MODULE := hiddenapi-package-whitelist.xml +LOCAL_MODULE_CLASS := ETC +LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/sysconfig +LOCAL_SRC_FILES := $(LOCAL_MODULE) +include $(BUILD_PREBUILT) diff --git a/data/etc/hiddenapi-package-whitelist.xml b/data/etc/hiddenapi-package-whitelist.xml new file mode 100644 index 000000000000..54d8a2331663 --- /dev/null +++ b/data/etc/hiddenapi-package-whitelist.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + ~ Copyright (C) 2018 The Android Open Source Project + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License + --> + +<!-- +This XML file declares which system apps should be exempted from the hidden API blacklisting, i.e. +which apps should be allowed to access the entire private API. +--> + +<config> + <hidden-api-whitelisted-app package="com.android.providers.contacts" /> +</config> + |