Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3d2a3e25 authored by Mathew Inwood's avatar Mathew Inwood Committed by android-build-merger
Browse files

Merge "Package whitelist for hiddenapi checks." 

am: 9a50d757

Change-Id: Iad8ccab4d46677320c9d39f73e6bbc67262c18b2
parents 22f61111 9a50d757

core/java/android/content/pm/ApplicationInfo.java

+5 −1
Original line number Original line Diff line number Diff line
@@ -35,6 +35,7 @@ import android.util.Printer; 
import android.util.SparseArray;

import android.util.SparseArray;





import com.android.internal.util.ArrayUtils;

import com.android.internal.util.ArrayUtils;

import com.android.server.SystemConfig;





import java.lang.annotation.Retention;

import java.lang.annotation.Retention;

import java.lang.annotation.RetentionPolicy;

import java.lang.annotation.RetentionPolicy;
@@ -1459,7 +1460,10 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { 
     * @hide

     * @hide

     */

     */

    public boolean isAllowedToUseHiddenApi() {

    public boolean isAllowedToUseHiddenApi() {

        return isSystemApp();

        boolean whitelisted =

                SystemConfig.getInstance().getHiddenApiWhitelistedApps().contains(packageName);

        return isSystemApp() || // TODO get rid of this once the whitelist has been populated

                (whitelisted && (isSystemApp() || isUpdatedSystemApp()));

    }

    }





    /**

    /**

core/java/com/android/server/SystemConfig.java

+18 −0
Original line number Original line Diff line number Diff line
@@ -60,6 +60,7 @@ public class SystemConfig { 
    private static final int ALLOW_PERMISSIONS = 0x04;

    private static final int ALLOW_PERMISSIONS = 0x04;

    private static final int ALLOW_APP_CONFIGS = 0x08;

    private static final int ALLOW_APP_CONFIGS = 0x08;

    private static final int ALLOW_PRIVAPP_PERMISSIONS = 0x10;

    private static final int ALLOW_PRIVAPP_PERMISSIONS = 0x10;

    private static final int ALLOW_HIDDENAPI_WHITELISTING = 0x20;

    private static final int ALLOW_ALL = ~0;

    private static final int ALLOW_ALL = ~0;





    // Group-ids that are given to all packages as read from etc/permissions/*.xml.

    // Group-ids that are given to all packages as read from etc/permissions/*.xml.
@@ -134,6 +135,9 @@ public class SystemConfig { 
    // These are the permitted backup transport service components

    // These are the permitted backup transport service components

    final ArraySet<ComponentName> mBackupTransportWhitelist = new ArraySet<>();

    final ArraySet<ComponentName> mBackupTransportWhitelist = new ArraySet<>();





    // Package names that are exempted from private API blacklisting

    final ArraySet<String> mHiddenApiPackageWhitelist = new ArraySet<>();



    // These are the packages of carrier-associated apps which should be disabled until used until

    // These are the packages of carrier-associated apps which should be disabled until used until

    // a SIM is inserted which grants carrier privileges to that carrier app.

    // a SIM is inserted which grants carrier privileges to that carrier app.

    final ArrayMap<String, List<String>> mDisabledUntilUsedPreinstalledCarrierAssociatedApps =

    final ArrayMap<String, List<String>> mDisabledUntilUsedPreinstalledCarrierAssociatedApps =
@@ -204,6 +208,10 @@ public class SystemConfig { 
        return mSystemUserBlacklistedApps;

        return mSystemUserBlacklistedApps;

    }

    }





    public ArraySet<String> getHiddenApiWhitelistedApps() {

        return mHiddenApiPackageWhitelist;

    }



    public ArraySet<ComponentName> getDefaultVrComponents() {

    public ArraySet<ComponentName> getDefaultVrComponents() {

        return mDefaultVrComponents;

        return mDefaultVrComponents;

    }

    }
@@ -327,6 +335,7 @@ public class SystemConfig { 
            boolean allowPermissions = (permissionFlag & ALLOW_PERMISSIONS) != 0;

            boolean allowPermissions = (permissionFlag & ALLOW_PERMISSIONS) != 0;

            boolean allowAppConfigs = (permissionFlag & ALLOW_APP_CONFIGS) != 0;

            boolean allowAppConfigs = (permissionFlag & ALLOW_APP_CONFIGS) != 0;

            boolean allowPrivappPermissions = (permissionFlag & ALLOW_PRIVAPP_PERMISSIONS) != 0;

            boolean allowPrivappPermissions = (permissionFlag & ALLOW_PRIVAPP_PERMISSIONS) != 0;

            boolean allowApiWhitelisting = (permissionFlag & ALLOW_HIDDENAPI_WHITELISTING) != 0;

            while (true) {

            while (true) {

                XmlUtils.nextElement(parser);

                XmlUtils.nextElement(parser);

                if (parser.getEventType() == XmlPullParser.END_DOCUMENT) {

                if (parser.getEventType() == XmlPullParser.END_DOCUMENT) {
@@ -569,6 +578,15 @@ public class SystemConfig { 
                    XmlUtils.skipCurrentTag(parser);

                    XmlUtils.skipCurrentTag(parser);

                } else if ("privapp-permissions".equals(name) && allowPrivappPermissions) {

                } else if ("privapp-permissions".equals(name) && allowPrivappPermissions) {

                    readPrivAppPermissions(parser);

                    readPrivAppPermissions(parser);

                } else if ("hidden-api-whitelisted-app".equals(name) && allowApiWhitelisting) {

                    String pkgname = parser.getAttributeValue(null, "package");

                    if (pkgname == null) {

                        Slog.w(TAG, "<hidden-api-whitelisted-app> without package in " + permFile

                                + " at " + parser.getPositionDescription());

                    } else {

                        mHiddenApiPackageWhitelist.add(pkgname);

                    }

                    XmlUtils.skipCurrentTag(parser);

                } else {

                } else {

                    XmlUtils.skipCurrentTag(parser);

                    XmlUtils.skipCurrentTag(parser);

                    continue;

                    continue;

data/etc/Android.mk

+8 −0
Original line number Original line Diff line number Diff line
@@ -39,3 +39,11 @@ LOCAL_MODULE_CLASS := ETC 
LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/permissions

LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/permissions

LOCAL_SRC_FILES := $(LOCAL_MODULE)

LOCAL_SRC_FILES := $(LOCAL_MODULE)

include $(BUILD_PREBUILT)

include $(BUILD_PREBUILT)



########################

include $(CLEAR_VARS)

LOCAL_MODULE := hiddenapi-package-whitelist.xml

LOCAL_MODULE_CLASS := ETC

LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/sysconfig

LOCAL_SRC_FILES := $(LOCAL_MODULE)

include $(BUILD_PREBUILT)

data/etc/hiddenapi-package-whitelist.xml

0 → 100644
+26 −0
Original line number Original line Diff line number Diff line 
<?xml version="1.0" encoding="utf-8"?>

<!--

  ~ Copyright (C) 2018 The Android Open Source Project

  ~

  ~ Licensed under the Apache License, Version 2.0 (the "License");

  ~ you may not use this file except in compliance with the License.

  ~ You may obtain a copy of the License at

  ~

  ~      http://www.apache.org/licenses/LICENSE-2.0

  ~

  ~ Unless required by applicable law or agreed to in writing, software

  ~ distributed under the License is distributed on an "AS IS" BASIS,

  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  ~ See the License for the specific language governing permissions and

  ~ limitations under the License

  -->



<!--

This XML file declares which system apps should be exempted from the hidden API blacklisting, i.e.

which apps should be allowed to access the entire private API.

-->



<config>

  <hidden-api-whitelisted-app package="com.android.providers.contacts" />

</config>