Merge "Add app data isolation whitelist" (c9296a6d) · Commits · e / os / android_frameworks_base

core/java/com/android/server/SystemConfig.java

+15 −0

Original line number	Diff line number	Diff line
		@@ -218,6 +218,7 @@ public class SystemConfig {
		final ArrayMap<String, ArraySet<String>> mAllowedAssociations = new ArrayMap<>();

		private final ArraySet<String> mBugreportWhitelistedPackages = new ArraySet<>();
		private final ArraySet<String> mAppDataIsolationWhitelistedApps = new ArraySet<>();

		// Map of packagesNames to userTypes. Stored temporarily until cleared by UserManagerService().
		private ArrayMap<String, Set<String>> mPackageToUserTypeWhitelist = new ArrayMap<>();
		@@ -389,6 +390,10 @@ public class SystemConfig {
		return mRollbackWhitelistedPackages;
		}

		public ArraySet<String> getAppDataIsolationWhitelistedApps() {
		return mAppDataIsolationWhitelistedApps;
		}

		/**
		* Gets map of packagesNames to userTypes, dictating on which user types each package should be
		* initially installed, and then removes this map from SystemConfig.
		@@ -1045,6 +1050,16 @@ public class SystemConfig {
		}
		XmlUtils.skipCurrentTag(parser);
		} break;
		case "app-data-isolation-whitelisted-app": {
		String pkgname = parser.getAttributeValue(null, "package");
		if (pkgname == null) {
		Slog.w(TAG, "<" + name + "> without package in " + permFile
		+ " at " + parser.getPositionDescription());
		} else {
		mAppDataIsolationWhitelistedApps.add(pkgname);
		}
		XmlUtils.skipCurrentTag(parser);
		} break;
		case "bugreport-whitelisted": {
		String pkgname = parser.getAttributeValue(null, "package");
		if (pkgname == null) {

+4 −0

Original line number	Diff line number	Diff line
		@@ -46,6 +46,7 @@
		<xs:element name="hidden-api-whitelisted-app" type="hidden-api-whitelisted-app"/>
		<xs:element name="allow-association" type="allow-association"/>
		<xs:element name="bugreport-whitelisted" type="bugreport-whitelisted"/>
		<xs:element name="app-data-isolation-whitelisted-app" type="app-data-isolation-whitelisted-app"/>
		</xs:choice>
		</xs:complexType>
		</xs:element>
		@@ -161,6 +162,9 @@
		<xs:attribute name="target" type="xs:string"/>
		<xs:attribute name="allowed" type="xs:string"/>
		</xs:complexType>
		<xs:complexType name="app-data-isolation-whitelisted-app">
		<xs:attribute name="package" type="xs:string"/>
		</xs:complexType>
		<xs:complexType name="bugreport-whitelisted">
		<xs:attribute name="package" type="xs:string"/>
		</xs:complexType>

+7 −0

Original line number	Diff line number	Diff line
		@@ -45,6 +45,12 @@ package com.android.xml.permission.configfile {
		method public void set_package(String);
		}

		public class AppDataIsolationWhitelistedApp {
		ctor public AppDataIsolationWhitelistedApp();
		method public String get_package();
		method public void set_package(String);
		}

		public class AppLink {
		ctor public AppLink();
		method public String get_package();
		@@ -160,6 +166,7 @@ package com.android.xml.permission.configfile {
		method public java.util.List<com.android.xml.permission.configfile.AllowInPowerSaveExceptIdle> getAllowInPowerSaveExceptIdle_optional();
		method public java.util.List<com.android.xml.permission.configfile.AllowInPowerSave> getAllowInPowerSave_optional();
		method public java.util.List<com.android.xml.permission.configfile.AllowUnthrottledLocation> getAllowUnthrottledLocation_optional();
		method public java.util.List<com.android.xml.permission.configfile.AppDataIsolationWhitelistedApp> getAppDataIsolationWhitelistedApp_optional();
		method public java.util.List<com.android.xml.permission.configfile.AppLink> getAppLink_optional();
		method public java.util.List<com.android.xml.permission.configfile.AssignPermission> getAssignPermission_optional();
		method public java.util.List<com.android.xml.permission.configfile.BackupTransportWhitelistedService> getBackupTransportWhitelistedService_optional();

+16 −0

Original line number	Diff line number	Diff line
		@@ -103,6 +103,7 @@ import com.android.internal.util.ArrayUtils;
		import com.android.internal.util.MemInfoReader;
		import com.android.server.LocalServices;
		import com.android.server.ServiceThread;
		import com.android.server.SystemConfig;
		import com.android.server.Watchdog;
		import com.android.server.compat.PlatformCompat;
		import com.android.server.pm.dex.DexManager;
		@@ -357,6 +358,8 @@ public final class ProcessList {

		private boolean mAppDataIsolationEnabled = false;

		private ArrayList<String> mAppDataIsolationWhitelistedApps;

		/**
		* Temporary to avoid allocations. Protected by main lock.
		*/
		@@ -645,6 +648,9 @@ public final class ProcessList {
		// want some apps enabled while some apps disabled
		mAppDataIsolationEnabled =
		SystemProperties.getBoolean(ANDROID_APP_DATA_ISOLATION_ENABLED_PROPERTY, false);
		mAppDataIsolationWhitelistedApps = new ArrayList<>(
		SystemConfig.getInstance().getAppDataIsolationWhitelistedApps());


		if (sKillHandler == null) {
		sKillThread = new ServiceThread(TAG + ":kill",
		@@ -1912,6 +1918,16 @@ public final class ProcessList {
		result.put(packageName, Pair.create(volumeUuid, inode));
		}
		}
		if (mAppDataIsolationWhitelistedApps != null) {
		for (String packageName : mAppDataIsolationWhitelistedApps) {
		String volumeUuid = pmInt.getPackage(packageName).getVolumeUuid();
		long inode = pmInt.getCeDataInode(packageName, userId);
		if (inode != 0) {
		result.put(packageName, Pair.create(volumeUuid, inode));
		}
		}
		}

		return result;
		}