diff options
| -rw-r--r-- | core/java/com/android/server/SystemConfig.java | 15 | ||||
| -rw-r--r-- | core/xsd/permission.xsd | 4 | ||||
| -rw-r--r-- | core/xsd/schema/current.txt | 7 | ||||
| -rw-r--r-- | services/core/java/com/android/server/am/ProcessList.java | 16 |
4 files changed, 42 insertions, 0 deletions
diff --git a/core/java/com/android/server/SystemConfig.java b/core/java/com/android/server/SystemConfig.java index 8a59c998dacb..74b481c938c3 100644 --- a/core/java/com/android/server/SystemConfig.java +++ b/core/java/com/android/server/SystemConfig.java @@ -218,6 +218,7 @@ public class SystemConfig { final ArrayMap<String, ArraySet<String>> mAllowedAssociations = new ArrayMap<>(); private final ArraySet<String> mBugreportWhitelistedPackages = new ArraySet<>(); + private final ArraySet<String> mAppDataIsolationWhitelistedApps = new ArraySet<>(); // Map of packagesNames to userTypes. Stored temporarily until cleared by UserManagerService(). private ArrayMap<String, Set<String>> mPackageToUserTypeWhitelist = new ArrayMap<>(); @@ -389,6 +390,10 @@ public class SystemConfig { return mRollbackWhitelistedPackages; } + public ArraySet<String> getAppDataIsolationWhitelistedApps() { + return mAppDataIsolationWhitelistedApps; + } + /** * Gets map of packagesNames to userTypes, dictating on which user types each package should be * initially installed, and then removes this map from SystemConfig. @@ -1045,6 +1050,16 @@ public class SystemConfig { } XmlUtils.skipCurrentTag(parser); } break; + case "app-data-isolation-whitelisted-app": { + String pkgname = parser.getAttributeValue(null, "package"); + if (pkgname == null) { + Slog.w(TAG, "<" + name + "> without package in " + permFile + + " at " + parser.getPositionDescription()); + } else { + mAppDataIsolationWhitelistedApps.add(pkgname); + } + XmlUtils.skipCurrentTag(parser); + } break; case "bugreport-whitelisted": { String pkgname = parser.getAttributeValue(null, "package"); if (pkgname == null) { diff --git a/core/xsd/permission.xsd b/core/xsd/permission.xsd index cc01a31224bc..543504764ee3 100644 --- a/core/xsd/permission.xsd +++ b/core/xsd/permission.xsd @@ -46,6 +46,7 @@ <xs:element name="hidden-api-whitelisted-app" type="hidden-api-whitelisted-app"/> <xs:element name="allow-association" type="allow-association"/> <xs:element name="bugreport-whitelisted" type="bugreport-whitelisted"/> + <xs:element name="app-data-isolation-whitelisted-app" type="app-data-isolation-whitelisted-app"/> </xs:choice> </xs:complexType> </xs:element> @@ -161,6 +162,9 @@ <xs:attribute name="target" type="xs:string"/> <xs:attribute name="allowed" type="xs:string"/> </xs:complexType> + <xs:complexType name="app-data-isolation-whitelisted-app"> + <xs:attribute name="package" type="xs:string"/> + </xs:complexType> <xs:complexType name="bugreport-whitelisted"> <xs:attribute name="package" type="xs:string"/> </xs:complexType> diff --git a/core/xsd/schema/current.txt b/core/xsd/schema/current.txt index 771c1dffb909..c36c422a852d 100644 --- a/core/xsd/schema/current.txt +++ b/core/xsd/schema/current.txt @@ -45,6 +45,12 @@ package com.android.xml.permission.configfile { method public void set_package(String); } + public class AppDataIsolationWhitelistedApp { + ctor public AppDataIsolationWhitelistedApp(); + method public String get_package(); + method public void set_package(String); + } + public class AppLink { ctor public AppLink(); method public String get_package(); @@ -160,6 +166,7 @@ package com.android.xml.permission.configfile { method public java.util.List<com.android.xml.permission.configfile.AllowInPowerSaveExceptIdle> getAllowInPowerSaveExceptIdle_optional(); method public java.util.List<com.android.xml.permission.configfile.AllowInPowerSave> getAllowInPowerSave_optional(); method public java.util.List<com.android.xml.permission.configfile.AllowUnthrottledLocation> getAllowUnthrottledLocation_optional(); + method public java.util.List<com.android.xml.permission.configfile.AppDataIsolationWhitelistedApp> getAppDataIsolationWhitelistedApp_optional(); method public java.util.List<com.android.xml.permission.configfile.AppLink> getAppLink_optional(); method public java.util.List<com.android.xml.permission.configfile.AssignPermission> getAssignPermission_optional(); method public java.util.List<com.android.xml.permission.configfile.BackupTransportWhitelistedService> getBackupTransportWhitelistedService_optional(); diff --git a/services/core/java/com/android/server/am/ProcessList.java b/services/core/java/com/android/server/am/ProcessList.java index 76f54cdf91be..b9f2e76c6ecb 100644 --- a/services/core/java/com/android/server/am/ProcessList.java +++ b/services/core/java/com/android/server/am/ProcessList.java @@ -103,6 +103,7 @@ import com.android.internal.util.ArrayUtils; import com.android.internal.util.MemInfoReader; import com.android.server.LocalServices; import com.android.server.ServiceThread; +import com.android.server.SystemConfig; import com.android.server.Watchdog; import com.android.server.compat.PlatformCompat; import com.android.server.pm.dex.DexManager; @@ -357,6 +358,8 @@ public final class ProcessList { private boolean mAppDataIsolationEnabled = false; + private ArrayList<String> mAppDataIsolationWhitelistedApps; + /** * Temporary to avoid allocations. Protected by main lock. */ @@ -645,6 +648,9 @@ public final class ProcessList { // want some apps enabled while some apps disabled mAppDataIsolationEnabled = SystemProperties.getBoolean(ANDROID_APP_DATA_ISOLATION_ENABLED_PROPERTY, false); + mAppDataIsolationWhitelistedApps = new ArrayList<>( + SystemConfig.getInstance().getAppDataIsolationWhitelistedApps()); + if (sKillHandler == null) { sKillThread = new ServiceThread(TAG + ":kill", @@ -1912,6 +1918,16 @@ public final class ProcessList { result.put(packageName, Pair.create(volumeUuid, inode)); } } + if (mAppDataIsolationWhitelistedApps != null) { + for (String packageName : mAppDataIsolationWhitelistedApps) { + String volumeUuid = pmInt.getPackage(packageName).getVolumeUuid(); + long inode = pmInt.getCeDataInode(packageName, userId); + if (inode != 0) { + result.put(packageName, Pair.create(volumeUuid, inode)); + } + } + } + return result; } |