diff options
5 files changed, 60 insertions, 4 deletions
diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java index 86f48214db00..f4842c6ca6c5 100644 --- a/core/java/android/provider/Settings.java +++ b/core/java/android/provider/Settings.java @@ -10387,6 +10387,14 @@ public final class Settings { "storage_settings_clobber_threshold"; /** + * Exemptions to the hidden API blacklist. + * + * @hide + */ + public static final String HIDDEN_API_BLACKLIST_EXEMPTIONS = + "hidden_api_blacklist_exemptions"; + + /** * Settings to backup. This is here so that it's in the same place as the settings * keys and easy to update. * diff --git a/core/proto/android/providers/settings.proto b/core/proto/android/providers/settings.proto index ef6eb0913da4..f78ebcaa1f79 100644 --- a/core/proto/android/providers/settings.proto +++ b/core/proto/android/providers/settings.proto @@ -335,6 +335,7 @@ message GlobalSettingsProto { SettingProto uninstalled_instant_app_min_cache_period = 290; SettingProto uninstalled_instant_app_max_cache_period = 291; SettingProto unused_static_shared_lib_min_cache_period = 292; + SettingProto hidden_api_blacklist_exemptions = 293; } message SecureSettingsProto { diff --git a/core/tests/coretests/src/android/provider/SettingsBackupTest.java b/core/tests/coretests/src/android/provider/SettingsBackupTest.java index ee276ef11957..757a70ca834e 100644 --- a/core/tests/coretests/src/android/provider/SettingsBackupTest.java +++ b/core/tests/coretests/src/android/provider/SettingsBackupTest.java @@ -413,7 +413,8 @@ public class SettingsBackupTest { Settings.Global.WTF_IS_FATAL, Settings.Global.ZEN_MODE, Settings.Global.ZEN_MODE_CONFIG_ETAG, - Settings.Global.ZEN_MODE_RINGER_LEVEL); + Settings.Global.ZEN_MODE_RINGER_LEVEL, + Settings.Global.HIDDEN_API_BLACKLIST_EXEMPTIONS); private static final Set<String> BACKUP_BLACKLISTED_SECURE_SETTINGS = newHashSet( diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProtoDumpUtil.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProtoDumpUtil.java index d256b12fe285..d32db8491b3a 100644 --- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProtoDumpUtil.java +++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProtoDumpUtil.java @@ -924,6 +924,9 @@ class SettingsProtoDumpUtil { Settings.Global.CONTACTS_DATABASE_WAL_ENABLED, GlobalSettingsProto.CONTACTS_DATABASE_WAL_ENABLED); dumpSetting(s, p, + Settings.Global.HIDDEN_API_BLACKLIST_EXEMPTIONS, + GlobalSettingsProto.HIDDEN_API_BLACKLIST_EXEMPTIONS); + dumpSetting(s, p, Settings.Global.MULTI_SIM_VOICE_CALL_SUBSCRIPTION, GlobalSettingsProto.MULTI_SIM_VOICE_CALL_SUBSCRIPTION); dumpSetting(s, p, diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 0cce2d9ae56d..470005788016 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -1738,6 +1738,9 @@ public class ActivityManagerService extends IActivityManager.Stub final ActivityManagerConstants mConstants; + // Encapsulates the global setting "hidden_api_blacklist_exemptions" + final HiddenApiBlacklist mHiddenApiBlacklist; + PackageManagerInternal mPackageManagerInt; // VoiceInteraction session ID that changes for each new request except when @@ -2687,6 +2690,42 @@ public class ActivityManagerService extends IActivityManager.Stub } } + /** + * Encapsulates the globla setting "hidden_api_blacklist_exemptions", including tracking the + * latest value via a content observer. + */ + static class HiddenApiBlacklist extends ContentObserver { + + private final Context mContext; + private boolean mBlacklistDisabled; + + public HiddenApiBlacklist(Handler handler, Context context) { + super(handler); + mContext = context; + } + + public void registerObserver() { + mContext.getContentResolver().registerContentObserver( + Settings.Global.getUriFor(Settings.Global.HIDDEN_API_BLACKLIST_EXEMPTIONS), + false, + this); + update(); + } + + private void update() { + mBlacklistDisabled = "*".equals(Settings.Global.getString(mContext.getContentResolver(), + Settings.Global.HIDDEN_API_BLACKLIST_EXEMPTIONS)); + } + + boolean isDisabled() { + return mBlacklistDisabled; + } + + public void onChange(boolean selfChange) { + update(); + } + } + @VisibleForTesting public ActivityManagerService(Injector injector) { mInjector = injector; @@ -2716,6 +2755,7 @@ public class ActivityManagerService extends IActivityManager.Stub mUiHandler = injector.getUiHandler(null); mUserController = null; mVrController = null; + mHiddenApiBlacklist = null; } // Note: This method is invoked on the main thread but may need to attach various @@ -2848,6 +2888,8 @@ public class ActivityManagerService extends IActivityManager.Stub } }; + mHiddenApiBlacklist = new HiddenApiBlacklist(mHandler, mContext); + Watchdog.getInstance().addMonitor(this); Watchdog.getInstance().addThread(mHandler); } @@ -3891,9 +3933,9 @@ public class ActivityManagerService extends IActivityManager.Stub runtimeFlags |= Zygote.ONLY_USE_SYSTEM_OAT_FILES; } - if (!app.info.isAllowedToUseHiddenApi()) { - // This app is not allowed to use undocumented and private APIs. - // Set up its runtime with the appropriate flag. + if (!app.info.isAllowedToUseHiddenApi() && !mHiddenApiBlacklist.isDisabled()) { + // This app is not allowed to use undocumented and private APIs, or blacklisting is + // enabled. Set up its runtime with the appropriate flag. runtimeFlags |= Zygote.ENABLE_HIDDEN_API_CHECKS; } @@ -14165,6 +14207,7 @@ public class ActivityManagerService extends IActivityManager.Stub NETWORK_ACCESS_TIMEOUT_MS, NETWORK_ACCESS_TIMEOUT_DEFAULT_MS); final boolean supportsLeanbackOnly = mContext.getPackageManager().hasSystemFeature(FEATURE_LEANBACK_ONLY); + mHiddenApiBlacklist.registerObserver(); // Transfer any global setting for forcing RTL layout, into a System Property SystemProperties.set(DEVELOPMENT_FORCE_RTL, forceRtl ? "1":"0"); |