diff options
| author | Dianne Hackborn <hackbod@google.com> | 2018-12-05 08:51:20 -0800 |
|---|---|---|
| committer | Dianne Hackborn <hackbod@google.com> | 2018-12-12 13:04:36 -0800 |
| commit | 769b2e75e1a6e8ee48eba1daad19e99564803637 (patch) | |
| tree | abb675db9225579d022b124d9675cb04861b1ec0 /rs/java/android/renderscript/ProgramFragmentFixedFunction.java | |
| parent | a5abb4a71155b30c1e960a4da71b94266df26c91 (diff) | |
Add facility to limit associations that are allowed between apps.
This allows the system to be configured so that certain applications
are only allowed to do top-level interactions with a hard-coded set
of other applications. This provides static enforcement of certain
security policies like "app A can only interact with the system and
app B, and even if updated can not directly have incoming or outgoing
interactions with other apps."
For example to limit a the package com.google.android.as to only
interact with telephony and contacts (in addition to the core
system):
<allow-association target="com.google.android.as"
allowed="com.android.providers.telephony" />
<allow-association target="com.google.android.as"
allowed="com.android.providers.contacts" />
Also improve procstats output to be able to print all associations
related to a process. (I wanted to be able to do this by package,
but we don't have enough data in associations. :p)
Bug: 111276913
Test: Manual so far
Change-Id: I61b7f2d2b5c2c3d82b278e6678b600b579b19fb7
Diffstat (limited to 'rs/java/android/renderscript/ProgramFragmentFixedFunction.java')
0 files changed, 0 insertions, 0 deletions