Allowlist for platform signed package/sharedUid-s.

    bug: "307327678"

}

flag {

    name: "restrict_nonpreloads_system_shareduids"

    namespace: "package_manager_service"

    description: "Feature flag to restrict apps from joining system shared uids"

    bug: "308573169"

    is_fixed_read_only: true

}

flag {

    name: "min_target_sdk_24"

    namespace: "responsible_apis"

    src: "enhanced-confirmation.xml",

}

prebuilt_etc {

    name: "package-shareduid-allowlist.xml",

    sub_dir: "sysconfig",

    src: "package-shareduid-allowlist.xml",

}

// Privapp permission whitelist files

prebuilt_etc {

#$(call add-clean-step, rm -rf $(OUT_DIR)/target/common/obj/JAVA_LIBRARIES/core_intermediates)

#$(call add-clean-step, find $(OUT_DIR) -type f -name "IGTalkSession*" -print0 | xargs -0 rm -f)

#$(call add-clean-step, rm -rf $(PRODUCT_OUT)/data/*)

$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/product/etc/sysconfig/package-shareduid-allowlist.xml)

$(call add-clean-step, rm -rf $(PRODUCT_OUT)/product/etc/sysconfig/package-shareduid-allowlist.xml)

$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/product/etc/permissions/com.android.carrierconfig.xml)

$(call add-clean-step, rm -rf $(PRODUCT_OUT)/product/etc/permissions/com.android.carrierconfig.xml)

$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/product/etc/permissions/com.android.emergency.xml)

<?xml version="1.0" encoding="utf-8"?>

<!--

  ~ Copyright (C) 2024 The Android Open Source Project

  ~

  ~ Licensed under the Apache License, Version 2.0 (the "License");

  ~ you may not use this file except in compliance with the License.

  ~ You may obtain a copy of the License at

  ~

  ~      http://www.apache.org/licenses/LICENSE-2.0

  ~

  ~ Unless required by applicable law or agreed to in writing, software

  ~ distributed under the License is distributed on an "AS IS" BASIS,

  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  ~ See the License for the specific language governing permissions and

  ~ limitations under the License.

 -->

<!--

This XML defines an allowlist for packages that want to join a particular shared-uid.

If a non-system package that is signed with platform signature, is trying to join a particular

shared-uid, and not in this list, the installation will fail.

- The "package" XML attribute refers to the app's package name.

- The "shareduid" XML attribute refers to the shared uid name.

Example usage

    1. <allow-package-shareduid package="com.example.app" shareduid="android.uid.system"/>

        Indicates that a package - com.example.app, will be able to join android.uid.system.

    2. <allow-package-shareduid package="oem.example.app" shareduid="oem.uid.custom"/>

        Indicates that a package - oem.example.app, will be able to join oem.uid.custom.

-->

<config>

    <allow-package-shareduid package="android.test.settings" shareduid="android.uid.system" />

</config>

    // marked as stopped by the system

    @NonNull private final Set<String> mInitialNonStoppedSystemPackages = new ArraySet<>();

    // Which packages (key) are allowed to join particular SharedUid (value).

    @NonNull private final Map<String, String> mPackageToSharedUidAllowList = new ArrayMap<>();

    // A map of preloaded package names and the path to its app metadata file path.

    private final ArrayMap<String, String> mAppMetadataFilePaths = new ArrayMap<>();

        return mInitialNonStoppedSystemPackages;

    }

    @NonNull

    public Map<String, String> getPackageToSharedUidAllowList() {

        return mPackageToSharedUidAllowList;

    }

    public ArrayMap<String, String> getAppMetadataFilePaths() {

        return mAppMetadataFilePaths;

    }

                            mInitialNonStoppedSystemPackages.add(pkgName);

                        }

                    } break;

                    case "allow-package-shareduid": {

                        String pkgName = parser.getAttributeValue(null, "package");

                        String sharedUid = parser.getAttributeValue(null, "shareduid");

                        if (TextUtils.isEmpty(pkgName)) {

                            Slog.w(TAG, "<" + name + "> without package in " + permFile

                                    + " at " + parser.getPositionDescription());

                        } else if (TextUtils.isEmpty(sharedUid)) {

                            Slog.w(TAG, "<" + name + "> without shareduid in " + permFile

                                    + " at " + parser.getPositionDescription());

                        } else {

                            mPackageToSharedUidAllowList.put(pkgName, sharedUid);

                        }

                    }

                    case "asl-file": {

                        String packageName = parser.getAttributeValue(null, "package");

                        String path = parser.getAttributeValue(null, "path");