Loading cmds/idmap2/idmap2d/aidl/android/os/OverlayablePolicy.aidl +1 −0 Original line number Diff line number Diff line Loading @@ -29,4 +29,5 @@ interface OverlayablePolicy { const int ODM_PARTITION = 0x00000020; const int OEM_PARTITION = 0x00000040; const int ACTOR_SIGNATURE = 0x00000080; const int CONFIG_SIGNATURE = 0x0000100; } cmds/idmap2/libidmap2/ResourceMapping.cpp +5 −2 Original line number Diff line number Diff line Loading @@ -61,10 +61,13 @@ Result<Unit> CheckOverlayable(const LoadedPackage& target_package, const ResourceId& target_resource) { static constexpr const PolicyBitmask sDefaultPolicies = PolicyFlags::ODM_PARTITION | PolicyFlags::OEM_PARTITION | PolicyFlags::SYSTEM_PARTITION | PolicyFlags::VENDOR_PARTITION | PolicyFlags::PRODUCT_PARTITION | PolicyFlags::SIGNATURE; PolicyFlags::VENDOR_PARTITION | PolicyFlags::PRODUCT_PARTITION | PolicyFlags::SIGNATURE | PolicyFlags::CONFIG_SIGNATURE; // If the resource does not have an overlayable definition, allow the resource to be overlaid if // the overlay is preinstalled or signed with the same signature as the target. // the overlay is preinstalled, signed with the same signature as the target or signed with the // same signature as reference package defined in SystemConfig under 'overlay-config-signature' // tag. if (!target_package.DefinesOverlayable()) { return (sDefaultPolicies & fulfilled_policies) != 0 ? Result<Unit>({}) Loading cmds/idmap2/libidmap2_policies/include/idmap2/Policies.h +3 −1 Original line number Diff line number Diff line Loading @@ -38,16 +38,18 @@ constexpr const char* kPolicyOdm = "odm"; constexpr const char* kPolicyOem = "oem"; constexpr const char* kPolicyProduct = "product"; constexpr const char* kPolicyPublic = "public"; constexpr const char* kPolicyConfigSignature = "config_signature"; constexpr const char* kPolicySignature = "signature"; constexpr const char* kPolicySystem = "system"; constexpr const char* kPolicyVendor = "vendor"; inline static const std::array<std::pair<StringPiece, PolicyFlags>, 8> kPolicyStringToFlag = { inline static const std::array<std::pair<StringPiece, PolicyFlags>, 9> kPolicyStringToFlag = { std::pair{kPolicyActor, PolicyFlags::ACTOR_SIGNATURE}, {kPolicyOdm, PolicyFlags::ODM_PARTITION}, {kPolicyOem, PolicyFlags::OEM_PARTITION}, {kPolicyProduct, PolicyFlags::PRODUCT_PARTITION}, {kPolicyPublic, PolicyFlags::PUBLIC}, {kPolicyConfigSignature, PolicyFlags::CONFIG_SIGNATURE}, {kPolicySignature, PolicyFlags::SIGNATURE}, {kPolicySystem, PolicyFlags::SYSTEM_PARTITION}, {kPolicyVendor, PolicyFlags::VENDOR_PARTITION}, Loading cmds/idmap2/tests/R.h +19 −17 Original line number Diff line number Diff line Loading @@ -43,16 +43,17 @@ namespace R::target { constexpr ResourceId not_overlayable = 0x7f020003; constexpr ResourceId other = 0x7f020004; constexpr ResourceId policy_actor = 0x7f020005; constexpr ResourceId policy_odm = 0x7f020006; constexpr ResourceId policy_oem = 0x7f020007; constexpr ResourceId policy_product = 0x7f020008; constexpr ResourceId policy_public = 0x7f020009; constexpr ResourceId policy_signature = 0x7f02000a; constexpr ResourceId policy_system = 0x7f02000b; constexpr ResourceId policy_system_vendor = 0x7f02000c; constexpr ResourceId str1 = 0x7f02000d; constexpr ResourceId str3 = 0x7f02000f; constexpr ResourceId str4 = 0x7f020010; constexpr ResourceId policy_config_signature = 0x7f020006; constexpr ResourceId policy_odm = 0x7f020007; constexpr ResourceId policy_oem = 0x7f020008; constexpr ResourceId policy_product = 0x7f020009; constexpr ResourceId policy_public = 0x7f02000a; constexpr ResourceId policy_signature = 0x7f02000b; constexpr ResourceId policy_system = 0x7f02000c; constexpr ResourceId policy_system_vendor = 0x7f02000d; constexpr ResourceId str1 = 0x7f02000e; constexpr ResourceId str3 = 0x7f020010; constexpr ResourceId str4 = 0x7f020011; namespace literal { // NOLINT(runtime/indentation_namespace) inline const std::string str1 = hexify(R::target::string::str1); Loading Loading @@ -94,13 +95,14 @@ namespace R::system_overlay_invalid::string { constexpr ResourceId not_overlayable = 0x7f010000; constexpr ResourceId other = 0x7f010001; constexpr ResourceId policy_actor = 0x7f010002; constexpr ResourceId policy_odm = 0x7f010003; constexpr ResourceId policy_oem = 0x7f010004; constexpr ResourceId policy_product = 0x7f010005; constexpr ResourceId policy_public = 0x7f010006; constexpr ResourceId policy_signature = 0x7f010007; constexpr ResourceId policy_system = 0x7f010008; constexpr ResourceId policy_system_vendor = 0x7f010009; constexpr ResourceId policy_config_signature = 0x7f010003; constexpr ResourceId policy_odm = 0x7f010004; constexpr ResourceId policy_oem = 0x7f010005; constexpr ResourceId policy_product = 0x7f010006; constexpr ResourceId policy_public = 0x7f010007; constexpr ResourceId policy_signature = 0x7f010008; constexpr ResourceId policy_system = 0x7f010009; constexpr ResourceId policy_system_vendor = 0x7f01000a; } // namespace R::system_overlay_invalid::string // clang-format on Loading cmds/idmap2/tests/ResourceMappingTests.cpp +14 −4 Original line number Diff line number Diff line Loading @@ -237,7 +237,7 @@ TEST(ResourceMappingTests, ResourcesFromApkAssetsPolicySystemPublicInvalidIgnore ASSERT_TRUE(resources) << resources.GetErrorMessage(); auto& res = *resources; ASSERT_EQ(res.GetTargetToOverlayMap().size(), 10U); ASSERT_EQ(res.GetTargetToOverlayMap().size(), 11U); ASSERT_RESULT(MappingExists(res, R::target::string::not_overlayable, Res_value::TYPE_REFERENCE, R::system_overlay_invalid::string::not_overlayable, false /* rewrite */)); Loading @@ -256,6 +256,10 @@ TEST(ResourceMappingTests, ResourcesFromApkAssetsPolicySystemPublicInvalidIgnore ASSERT_RESULT(MappingExists(res, R::target::string::policy_public, Res_value::TYPE_REFERENCE, R::system_overlay_invalid::string::policy_public, false /* rewrite */)); ASSERT_RESULT(MappingExists(res, R::target::string::policy_config_signature, Res_value::TYPE_REFERENCE, R::system_overlay_invalid::string::policy_config_signature, false /* rewrite */)); ASSERT_RESULT(MappingExists(res, R::target::string::policy_signature, Res_value::TYPE_REFERENCE, R::system_overlay_invalid::string::policy_signature, false /* rewrite */)); Loading Loading @@ -298,8 +302,9 @@ TEST(ResourceMappingTests, ResourcesFromApkAssetsDefaultPoliciesPublicFail) { ASSERT_EQ(resources->GetTargetToOverlayMap().size(), 0U); } // Overlays that are pre-installed or are signed with the same signature as the target can overlay // packages that have not defined overlayable resources. // Overlays that are pre-installed or are signed with the same signature as the target or are signed // with the same signature as the reference package can overlay packages that have not defined // overlayable resources. TEST(ResourceMappingTests, ResourcesFromApkAssetsDefaultPolicies) { auto CheckEntries = [&](const PolicyBitmask& fulfilled_policies) -> void { auto resources = TestGetResourceMapping("/target/target-no-overlayable.apk", Loading @@ -309,7 +314,7 @@ TEST(ResourceMappingTests, ResourcesFromApkAssetsDefaultPolicies) { ASSERT_TRUE(resources) << resources.GetErrorMessage(); auto& res = *resources; ASSERT_EQ(resources->GetTargetToOverlayMap().size(), 10U); ASSERT_EQ(resources->GetTargetToOverlayMap().size(), 11U); ASSERT_RESULT(MappingExists(res, R::target::string::not_overlayable, Res_value::TYPE_REFERENCE, R::system_overlay_invalid::string::not_overlayable, false /* rewrite */)); Loading @@ -330,6 +335,10 @@ TEST(ResourceMappingTests, ResourcesFromApkAssetsDefaultPolicies) { ASSERT_RESULT(MappingExists(res, R::target::string::policy_public, Res_value::TYPE_REFERENCE, R::system_overlay_invalid::string::policy_public, false /* rewrite */)); ASSERT_RESULT(MappingExists(res, R::target::string::policy_config_signature, Res_value::TYPE_REFERENCE, R::system_overlay_invalid::string::policy_config_signature, false /* rewrite */)); ASSERT_RESULT(MappingExists(res, R::target::string::policy_signature, Res_value::TYPE_REFERENCE, R::system_overlay_invalid::string::policy_signature, false /* rewrite */)); Loading @@ -342,6 +351,7 @@ TEST(ResourceMappingTests, ResourcesFromApkAssetsDefaultPolicies) { }; CheckEntries(PolicyFlags::SIGNATURE); CheckEntries(PolicyFlags::CONFIG_SIGNATURE); CheckEntries(PolicyFlags::PRODUCT_PARTITION); CheckEntries(PolicyFlags::SYSTEM_PARTITION); CheckEntries(PolicyFlags::VENDOR_PARTITION); Loading Loading
cmds/idmap2/idmap2d/aidl/android/os/OverlayablePolicy.aidl +1 −0 Original line number Diff line number Diff line Loading @@ -29,4 +29,5 @@ interface OverlayablePolicy { const int ODM_PARTITION = 0x00000020; const int OEM_PARTITION = 0x00000040; const int ACTOR_SIGNATURE = 0x00000080; const int CONFIG_SIGNATURE = 0x0000100; }
cmds/idmap2/libidmap2/ResourceMapping.cpp +5 −2 Original line number Diff line number Diff line Loading @@ -61,10 +61,13 @@ Result<Unit> CheckOverlayable(const LoadedPackage& target_package, const ResourceId& target_resource) { static constexpr const PolicyBitmask sDefaultPolicies = PolicyFlags::ODM_PARTITION | PolicyFlags::OEM_PARTITION | PolicyFlags::SYSTEM_PARTITION | PolicyFlags::VENDOR_PARTITION | PolicyFlags::PRODUCT_PARTITION | PolicyFlags::SIGNATURE; PolicyFlags::VENDOR_PARTITION | PolicyFlags::PRODUCT_PARTITION | PolicyFlags::SIGNATURE | PolicyFlags::CONFIG_SIGNATURE; // If the resource does not have an overlayable definition, allow the resource to be overlaid if // the overlay is preinstalled or signed with the same signature as the target. // the overlay is preinstalled, signed with the same signature as the target or signed with the // same signature as reference package defined in SystemConfig under 'overlay-config-signature' // tag. if (!target_package.DefinesOverlayable()) { return (sDefaultPolicies & fulfilled_policies) != 0 ? Result<Unit>({}) Loading
cmds/idmap2/libidmap2_policies/include/idmap2/Policies.h +3 −1 Original line number Diff line number Diff line Loading @@ -38,16 +38,18 @@ constexpr const char* kPolicyOdm = "odm"; constexpr const char* kPolicyOem = "oem"; constexpr const char* kPolicyProduct = "product"; constexpr const char* kPolicyPublic = "public"; constexpr const char* kPolicyConfigSignature = "config_signature"; constexpr const char* kPolicySignature = "signature"; constexpr const char* kPolicySystem = "system"; constexpr const char* kPolicyVendor = "vendor"; inline static const std::array<std::pair<StringPiece, PolicyFlags>, 8> kPolicyStringToFlag = { inline static const std::array<std::pair<StringPiece, PolicyFlags>, 9> kPolicyStringToFlag = { std::pair{kPolicyActor, PolicyFlags::ACTOR_SIGNATURE}, {kPolicyOdm, PolicyFlags::ODM_PARTITION}, {kPolicyOem, PolicyFlags::OEM_PARTITION}, {kPolicyProduct, PolicyFlags::PRODUCT_PARTITION}, {kPolicyPublic, PolicyFlags::PUBLIC}, {kPolicyConfigSignature, PolicyFlags::CONFIG_SIGNATURE}, {kPolicySignature, PolicyFlags::SIGNATURE}, {kPolicySystem, PolicyFlags::SYSTEM_PARTITION}, {kPolicyVendor, PolicyFlags::VENDOR_PARTITION}, Loading
cmds/idmap2/tests/R.h +19 −17 Original line number Diff line number Diff line Loading @@ -43,16 +43,17 @@ namespace R::target { constexpr ResourceId not_overlayable = 0x7f020003; constexpr ResourceId other = 0x7f020004; constexpr ResourceId policy_actor = 0x7f020005; constexpr ResourceId policy_odm = 0x7f020006; constexpr ResourceId policy_oem = 0x7f020007; constexpr ResourceId policy_product = 0x7f020008; constexpr ResourceId policy_public = 0x7f020009; constexpr ResourceId policy_signature = 0x7f02000a; constexpr ResourceId policy_system = 0x7f02000b; constexpr ResourceId policy_system_vendor = 0x7f02000c; constexpr ResourceId str1 = 0x7f02000d; constexpr ResourceId str3 = 0x7f02000f; constexpr ResourceId str4 = 0x7f020010; constexpr ResourceId policy_config_signature = 0x7f020006; constexpr ResourceId policy_odm = 0x7f020007; constexpr ResourceId policy_oem = 0x7f020008; constexpr ResourceId policy_product = 0x7f020009; constexpr ResourceId policy_public = 0x7f02000a; constexpr ResourceId policy_signature = 0x7f02000b; constexpr ResourceId policy_system = 0x7f02000c; constexpr ResourceId policy_system_vendor = 0x7f02000d; constexpr ResourceId str1 = 0x7f02000e; constexpr ResourceId str3 = 0x7f020010; constexpr ResourceId str4 = 0x7f020011; namespace literal { // NOLINT(runtime/indentation_namespace) inline const std::string str1 = hexify(R::target::string::str1); Loading Loading @@ -94,13 +95,14 @@ namespace R::system_overlay_invalid::string { constexpr ResourceId not_overlayable = 0x7f010000; constexpr ResourceId other = 0x7f010001; constexpr ResourceId policy_actor = 0x7f010002; constexpr ResourceId policy_odm = 0x7f010003; constexpr ResourceId policy_oem = 0x7f010004; constexpr ResourceId policy_product = 0x7f010005; constexpr ResourceId policy_public = 0x7f010006; constexpr ResourceId policy_signature = 0x7f010007; constexpr ResourceId policy_system = 0x7f010008; constexpr ResourceId policy_system_vendor = 0x7f010009; constexpr ResourceId policy_config_signature = 0x7f010003; constexpr ResourceId policy_odm = 0x7f010004; constexpr ResourceId policy_oem = 0x7f010005; constexpr ResourceId policy_product = 0x7f010006; constexpr ResourceId policy_public = 0x7f010007; constexpr ResourceId policy_signature = 0x7f010008; constexpr ResourceId policy_system = 0x7f010009; constexpr ResourceId policy_system_vendor = 0x7f01000a; } // namespace R::system_overlay_invalid::string // clang-format on Loading
cmds/idmap2/tests/ResourceMappingTests.cpp +14 −4 Original line number Diff line number Diff line Loading @@ -237,7 +237,7 @@ TEST(ResourceMappingTests, ResourcesFromApkAssetsPolicySystemPublicInvalidIgnore ASSERT_TRUE(resources) << resources.GetErrorMessage(); auto& res = *resources; ASSERT_EQ(res.GetTargetToOverlayMap().size(), 10U); ASSERT_EQ(res.GetTargetToOverlayMap().size(), 11U); ASSERT_RESULT(MappingExists(res, R::target::string::not_overlayable, Res_value::TYPE_REFERENCE, R::system_overlay_invalid::string::not_overlayable, false /* rewrite */)); Loading @@ -256,6 +256,10 @@ TEST(ResourceMappingTests, ResourcesFromApkAssetsPolicySystemPublicInvalidIgnore ASSERT_RESULT(MappingExists(res, R::target::string::policy_public, Res_value::TYPE_REFERENCE, R::system_overlay_invalid::string::policy_public, false /* rewrite */)); ASSERT_RESULT(MappingExists(res, R::target::string::policy_config_signature, Res_value::TYPE_REFERENCE, R::system_overlay_invalid::string::policy_config_signature, false /* rewrite */)); ASSERT_RESULT(MappingExists(res, R::target::string::policy_signature, Res_value::TYPE_REFERENCE, R::system_overlay_invalid::string::policy_signature, false /* rewrite */)); Loading Loading @@ -298,8 +302,9 @@ TEST(ResourceMappingTests, ResourcesFromApkAssetsDefaultPoliciesPublicFail) { ASSERT_EQ(resources->GetTargetToOverlayMap().size(), 0U); } // Overlays that are pre-installed or are signed with the same signature as the target can overlay // packages that have not defined overlayable resources. // Overlays that are pre-installed or are signed with the same signature as the target or are signed // with the same signature as the reference package can overlay packages that have not defined // overlayable resources. TEST(ResourceMappingTests, ResourcesFromApkAssetsDefaultPolicies) { auto CheckEntries = [&](const PolicyBitmask& fulfilled_policies) -> void { auto resources = TestGetResourceMapping("/target/target-no-overlayable.apk", Loading @@ -309,7 +314,7 @@ TEST(ResourceMappingTests, ResourcesFromApkAssetsDefaultPolicies) { ASSERT_TRUE(resources) << resources.GetErrorMessage(); auto& res = *resources; ASSERT_EQ(resources->GetTargetToOverlayMap().size(), 10U); ASSERT_EQ(resources->GetTargetToOverlayMap().size(), 11U); ASSERT_RESULT(MappingExists(res, R::target::string::not_overlayable, Res_value::TYPE_REFERENCE, R::system_overlay_invalid::string::not_overlayable, false /* rewrite */)); Loading @@ -330,6 +335,10 @@ TEST(ResourceMappingTests, ResourcesFromApkAssetsDefaultPolicies) { ASSERT_RESULT(MappingExists(res, R::target::string::policy_public, Res_value::TYPE_REFERENCE, R::system_overlay_invalid::string::policy_public, false /* rewrite */)); ASSERT_RESULT(MappingExists(res, R::target::string::policy_config_signature, Res_value::TYPE_REFERENCE, R::system_overlay_invalid::string::policy_config_signature, false /* rewrite */)); ASSERT_RESULT(MappingExists(res, R::target::string::policy_signature, Res_value::TYPE_REFERENCE, R::system_overlay_invalid::string::policy_signature, false /* rewrite */)); Loading @@ -342,6 +351,7 @@ TEST(ResourceMappingTests, ResourcesFromApkAssetsDefaultPolicies) { }; CheckEntries(PolicyFlags::SIGNATURE); CheckEntries(PolicyFlags::CONFIG_SIGNATURE); CheckEntries(PolicyFlags::PRODUCT_PARTITION); CheckEntries(PolicyFlags::SYSTEM_PARTITION); CheckEntries(PolicyFlags::VENDOR_PARTITION); Loading
