Loading core/java/android/content/pm/flags.aconfig +8 −0 Original line number Diff line number Diff line Loading @@ -207,6 +207,14 @@ flag { bug: "307327678" } flag { name: "restrict_nonpreloads_system_shareduids" namespace: "package_manager_service" description: "Feature flag to restrict apps from joining system shared uids" bug: "308573169" is_fixed_read_only: true } flag { name: "min_target_sdk_24" namespace: "responsible_apis" Loading data/etc/Android.bp +6 −0 Original line number Diff line number Diff line Loading @@ -72,6 +72,12 @@ prebuilt_etc { src: "enhanced-confirmation.xml", } prebuilt_etc { name: "package-shareduid-allowlist.xml", sub_dir: "sysconfig", src: "package-shareduid-allowlist.xml", } // Privapp permission whitelist files prebuilt_etc { Loading data/etc/CleanSpec.mk +2 −0 Original line number Diff line number Diff line Loading @@ -43,6 +43,8 @@ #$(call add-clean-step, rm -rf $(OUT_DIR)/target/common/obj/JAVA_LIBRARIES/core_intermediates) #$(call add-clean-step, find $(OUT_DIR) -type f -name "IGTalkSession*" -print0 | xargs -0 rm -f) #$(call add-clean-step, rm -rf $(PRODUCT_OUT)/data/*) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/product/etc/sysconfig/package-shareduid-allowlist.xml) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/product/etc/sysconfig/package-shareduid-allowlist.xml) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/product/etc/permissions/com.android.carrierconfig.xml) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/product/etc/permissions/com.android.carrierconfig.xml) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/product/etc/permissions/com.android.emergency.xml) Loading data/etc/package-shareduid-allowlist.xml 0 → 100644 +35 −0 Original line number Diff line number Diff line <?xml version="1.0" encoding="utf-8"?> <!-- ~ Copyright (C) 2024 The Android Open Source Project ~ ~ Licensed under the Apache License, Version 2.0 (the "License"); ~ you may not use this file except in compliance with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0 ~ ~ Unless required by applicable law or agreed to in writing, software ~ distributed under the License is distributed on an "AS IS" BASIS, ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the License for the specific language governing permissions and ~ limitations under the License. --> <!-- This XML defines an allowlist for packages that want to join a particular shared-uid. If a non-system package that is signed with platform signature, is trying to join a particular shared-uid, and not in this list, the installation will fail. - The "package" XML attribute refers to the app's package name. - The "shareduid" XML attribute refers to the shared uid name. Example usage 1. <allow-package-shareduid package="com.example.app" shareduid="android.uid.system"/> Indicates that a package - com.example.app, will be able to join android.uid.system. 2. <allow-package-shareduid package="oem.example.app" shareduid="oem.uid.custom"/> Indicates that a package - oem.example.app, will be able to join oem.uid.custom. --> <config> <allow-package-shareduid package="android.test.settings" shareduid="android.uid.system" /> </config> services/core/java/com/android/server/SystemConfig.java +21 −0 Original line number Diff line number Diff line Loading @@ -348,6 +348,9 @@ public class SystemConfig { // marked as stopped by the system @NonNull private final Set<String> mInitialNonStoppedSystemPackages = new ArraySet<>(); // Which packages (key) are allowed to join particular SharedUid (value). @NonNull private final Map<String, String> mPackageToSharedUidAllowList = new ArrayMap<>(); // A map of preloaded package names and the path to its app metadata file path. private final ArrayMap<String, String> mAppMetadataFilePaths = new ArrayMap<>(); Loading Loading @@ -567,6 +570,11 @@ public class SystemConfig { return mInitialNonStoppedSystemPackages; } @NonNull public Map<String, String> getPackageToSharedUidAllowList() { return mPackageToSharedUidAllowList; } public ArrayMap<String, String> getAppMetadataFilePaths() { return mAppMetadataFilePaths; } Loading Loading @@ -1563,6 +1571,19 @@ public class SystemConfig { mInitialNonStoppedSystemPackages.add(pkgName); } } break; case "allow-package-shareduid": { String pkgName = parser.getAttributeValue(null, "package"); String sharedUid = parser.getAttributeValue(null, "shareduid"); if (TextUtils.isEmpty(pkgName)) { Slog.w(TAG, "<" + name + "> without package in " + permFile + " at " + parser.getPositionDescription()); } else if (TextUtils.isEmpty(sharedUid)) { Slog.w(TAG, "<" + name + "> without shareduid in " + permFile + " at " + parser.getPositionDescription()); } else { mPackageToSharedUidAllowList.put(pkgName, sharedUid); } } case "asl-file": { String packageName = parser.getAttributeValue(null, "package"); String path = parser.getAttributeValue(null, "path"); Loading Loading
core/java/android/content/pm/flags.aconfig +8 −0 Original line number Diff line number Diff line Loading @@ -207,6 +207,14 @@ flag { bug: "307327678" } flag { name: "restrict_nonpreloads_system_shareduids" namespace: "package_manager_service" description: "Feature flag to restrict apps from joining system shared uids" bug: "308573169" is_fixed_read_only: true } flag { name: "min_target_sdk_24" namespace: "responsible_apis" Loading
data/etc/Android.bp +6 −0 Original line number Diff line number Diff line Loading @@ -72,6 +72,12 @@ prebuilt_etc { src: "enhanced-confirmation.xml", } prebuilt_etc { name: "package-shareduid-allowlist.xml", sub_dir: "sysconfig", src: "package-shareduid-allowlist.xml", } // Privapp permission whitelist files prebuilt_etc { Loading
data/etc/CleanSpec.mk +2 −0 Original line number Diff line number Diff line Loading @@ -43,6 +43,8 @@ #$(call add-clean-step, rm -rf $(OUT_DIR)/target/common/obj/JAVA_LIBRARIES/core_intermediates) #$(call add-clean-step, find $(OUT_DIR) -type f -name "IGTalkSession*" -print0 | xargs -0 rm -f) #$(call add-clean-step, rm -rf $(PRODUCT_OUT)/data/*) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/product/etc/sysconfig/package-shareduid-allowlist.xml) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/product/etc/sysconfig/package-shareduid-allowlist.xml) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/product/etc/permissions/com.android.carrierconfig.xml) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/product/etc/permissions/com.android.carrierconfig.xml) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/product/etc/permissions/com.android.emergency.xml) Loading
data/etc/package-shareduid-allowlist.xml 0 → 100644 +35 −0 Original line number Diff line number Diff line <?xml version="1.0" encoding="utf-8"?> <!-- ~ Copyright (C) 2024 The Android Open Source Project ~ ~ Licensed under the Apache License, Version 2.0 (the "License"); ~ you may not use this file except in compliance with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0 ~ ~ Unless required by applicable law or agreed to in writing, software ~ distributed under the License is distributed on an "AS IS" BASIS, ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the License for the specific language governing permissions and ~ limitations under the License. --> <!-- This XML defines an allowlist for packages that want to join a particular shared-uid. If a non-system package that is signed with platform signature, is trying to join a particular shared-uid, and not in this list, the installation will fail. - The "package" XML attribute refers to the app's package name. - The "shareduid" XML attribute refers to the shared uid name. Example usage 1. <allow-package-shareduid package="com.example.app" shareduid="android.uid.system"/> Indicates that a package - com.example.app, will be able to join android.uid.system. 2. <allow-package-shareduid package="oem.example.app" shareduid="oem.uid.custom"/> Indicates that a package - oem.example.app, will be able to join oem.uid.custom. --> <config> <allow-package-shareduid package="android.test.settings" shareduid="android.uid.system" /> </config>
services/core/java/com/android/server/SystemConfig.java +21 −0 Original line number Diff line number Diff line Loading @@ -348,6 +348,9 @@ public class SystemConfig { // marked as stopped by the system @NonNull private final Set<String> mInitialNonStoppedSystemPackages = new ArraySet<>(); // Which packages (key) are allowed to join particular SharedUid (value). @NonNull private final Map<String, String> mPackageToSharedUidAllowList = new ArrayMap<>(); // A map of preloaded package names and the path to its app metadata file path. private final ArrayMap<String, String> mAppMetadataFilePaths = new ArrayMap<>(); Loading Loading @@ -567,6 +570,11 @@ public class SystemConfig { return mInitialNonStoppedSystemPackages; } @NonNull public Map<String, String> getPackageToSharedUidAllowList() { return mPackageToSharedUidAllowList; } public ArrayMap<String, String> getAppMetadataFilePaths() { return mAppMetadataFilePaths; } Loading Loading @@ -1563,6 +1571,19 @@ public class SystemConfig { mInitialNonStoppedSystemPackages.add(pkgName); } } break; case "allow-package-shareduid": { String pkgName = parser.getAttributeValue(null, "package"); String sharedUid = parser.getAttributeValue(null, "shareduid"); if (TextUtils.isEmpty(pkgName)) { Slog.w(TAG, "<" + name + "> without package in " + permFile + " at " + parser.getPositionDescription()); } else if (TextUtils.isEmpty(sharedUid)) { Slog.w(TAG, "<" + name + "> without shareduid in " + permFile + " at " + parser.getPositionDescription()); } else { mPackageToSharedUidAllowList.put(pkgName, sharedUid); } } case "asl-file": { String packageName = parser.getAttributeValue(null, "package"); String path = parser.getAttributeValue(null, "path"); Loading
