Merge "Create XML parser only once."

    }

    private void readAllPermissions() {

        final XmlPullParser parser = Xml.newPullParser();

        // Read configuration from system

        readPermissions(Environment.buildPath(

        readPermissions(parser, Environment.buildPath(

                Environment.getRootDirectory(), "etc", "sysconfig"), ALLOW_ALL);

        // Read configuration from the old permissions dir

        readPermissions(Environment.buildPath(

        readPermissions(parser, Environment.buildPath(

                Environment.getRootDirectory(), "etc", "permissions"), ALLOW_ALL);

        // Vendors are only allowed to customize these

            // For backward compatibility

            vendorPermissionFlag |= (ALLOW_PERMISSIONS | ALLOW_APP_CONFIGS);

        }

        readPermissions(Environment.buildPath(

        readPermissions(parser, Environment.buildPath(

                Environment.getVendorDirectory(), "etc", "sysconfig"), vendorPermissionFlag);

        readPermissions(Environment.buildPath(

        readPermissions(parser, Environment.buildPath(

                Environment.getVendorDirectory(), "etc", "permissions"), vendorPermissionFlag);

        String vendorSkuProperty = SystemProperties.get(VENDOR_SKU_PROPERTY, "");

        if (!vendorSkuProperty.isEmpty()) {

            String vendorSkuDir = "sku_" + vendorSkuProperty;

            readPermissions(Environment.buildPath(

            readPermissions(parser, Environment.buildPath(

                    Environment.getVendorDirectory(), "etc", "sysconfig", vendorSkuDir),

                    vendorPermissionFlag);

            readPermissions(Environment.buildPath(

            readPermissions(parser, Environment.buildPath(

                    Environment.getVendorDirectory(), "etc", "permissions", vendorSkuDir),

                    vendorPermissionFlag);

        }

        // Allow ODM to customize system configs as much as Vendor, because /odm is another

        // vendor partition other than /vendor.

        int odmPermissionFlag = vendorPermissionFlag;

        readPermissions(Environment.buildPath(

        readPermissions(parser, Environment.buildPath(

                Environment.getOdmDirectory(), "etc", "sysconfig"), odmPermissionFlag);

        readPermissions(Environment.buildPath(

        readPermissions(parser, Environment.buildPath(

                Environment.getOdmDirectory(), "etc", "permissions"), odmPermissionFlag);

        String skuProperty = SystemProperties.get(SKU_PROPERTY, "");

        if (!skuProperty.isEmpty()) {

            String skuDir = "sku_" + skuProperty;

            readPermissions(Environment.buildPath(

            readPermissions(parser, Environment.buildPath(

                    Environment.getOdmDirectory(), "etc", "sysconfig", skuDir), odmPermissionFlag);

            readPermissions(Environment.buildPath(

            readPermissions(parser, Environment.buildPath(

                    Environment.getOdmDirectory(), "etc", "permissions", skuDir),

                    odmPermissionFlag);

        }

        // Allow OEM to customize these

        int oemPermissionFlag = ALLOW_FEATURES | ALLOW_OEM_PERMISSIONS | ALLOW_ASSOCIATIONS

                | ALLOW_VENDOR_APEX;

        readPermissions(Environment.buildPath(

        readPermissions(parser, Environment.buildPath(

                Environment.getOemDirectory(), "etc", "sysconfig"), oemPermissionFlag);

        readPermissions(Environment.buildPath(

        readPermissions(parser, Environment.buildPath(

                Environment.getOemDirectory(), "etc", "permissions"), oemPermissionFlag);

        // Allow Product to customize these configs

            // DEVICE_INITIAL_SDK_INT for the devices without product interface enforcement.

            productPermissionFlag = ALLOW_ALL;

        }

        readPermissions(Environment.buildPath(

        readPermissions(parser, Environment.buildPath(

                Environment.getProductDirectory(), "etc", "sysconfig"), productPermissionFlag);

        readPermissions(Environment.buildPath(

        readPermissions(parser, Environment.buildPath(

                Environment.getProductDirectory(), "etc", "permissions"), productPermissionFlag);

        // Allow /system_ext to customize all system configs

        readPermissions(Environment.buildPath(

        readPermissions(parser, Environment.buildPath(

                Environment.getSystemExtDirectory(), "etc", "sysconfig"), ALLOW_ALL);

        readPermissions(Environment.buildPath(

        readPermissions(parser, Environment.buildPath(

                Environment.getSystemExtDirectory(), "etc", "permissions"), ALLOW_ALL);

        // Skip loading configuration from apex if it is not a system process.

            if (f.isFile() || f.getPath().contains("@")) {

                continue;

            }

            readPermissions(Environment.buildPath(f, "etc", "permissions"), apexPermissionFlag);

            readPermissions(parser, Environment.buildPath(f, "etc", "permissions"),

                    apexPermissionFlag);

        }

    }

    @VisibleForTesting

    public void readPermissions(File libraryDir, int permissionFlag) {

    public void readPermissions(final XmlPullParser parser, File libraryDir, int permissionFlag) {

        // Read permissions from given directory.

        if (!libraryDir.exists() || !libraryDir.isDirectory()) {

            if (permissionFlag == ALLOW_ALL) {

                continue;

            }

            readPermissionsFromXml(f, permissionFlag);

            readPermissionsFromXml(parser, f, permissionFlag);

        }

        // Read platform permissions last so it will take precedence

        if (platformFile != null) {

            readPermissionsFromXml(platformFile, permissionFlag);

            readPermissionsFromXml(parser, platformFile, permissionFlag);

        }

    }

                + permFile + " at " + parser.getPositionDescription());

    }

    private void readPermissionsFromXml(File permFile, int permissionFlag) {

        FileReader permReader = null;

    private void readPermissionsFromXml(final XmlPullParser parser, File permFile,

            int permissionFlag) {

        final FileReader permReader;

        try {

            permReader = new FileReader(permFile);

        } catch (FileNotFoundException e) {

        final boolean lowRam = ActivityManager.isLowRamDeviceStatic();

        try {

            XmlPullParser parser = Xml.newPullParser();

            parser.setInput(permReader);

            int type;

package com.android.server.systemconfig

import android.content.Context

import android.util.Xml

import androidx.test.InstrumentationRegistry

import com.android.server.SystemConfig

import com.google.common.truth.Truth.assertThat

            .writeText(this.trimIndent())

    private fun assertPermissions() = SystemConfig(false).apply {

        readPermissions(tempFolder.root, 0)

        val parser = Xml.newPullParser()

        readPermissions(parser, tempFolder.root, 0)

    }. let { assertThat(it.namedActors) }

}

import android.util.ArrayMap;

import android.util.ArraySet;

import android.util.Log;

import android.util.Xml;

import androidx.test.filters.SmallTest;

import androidx.test.runner.AndroidJUnit4;

import org.junit.Test;

import org.junit.rules.TemporaryFolder;

import org.junit.runner.RunWith;

import org.xmlpull.v1.XmlPullParser;

import java.io.BufferedWriter;

import java.io.File;

        }

    }

    private void readPermissions(File libraryDir, int permissionFlag) {

        final XmlPullParser parser = Xml.newPullParser();

        mSysConfig.readPermissions(parser, libraryDir, permissionFlag);

    }

    /**

     * Tests that readPermissions works correctly for the tag: install-in-user-type

     */

        // Also, make a third file, but with the name folder1/permFile2.xml, to prove no conflicts.

        createTempFile(folder1, "permFile2.xml", contents3);

        mSysConfig.readPermissions(folder1, /* No permission needed anyway */ 0);

        mSysConfig.readPermissions(folder2, /* No permission needed anyway */ 0);

        readPermissions(folder1, /* No permission needed anyway */ 0);

        readPermissions(folder2, /* No permission needed anyway */ 0);

        Map<String, Set<String>> actualWhite = mSysConfig.getAndClearPackageToUserTypeWhitelist();

        Map<String, Set<String>> actualBlack = mSysConfig.getAndClearPackageToUserTypeBlacklist();

        final File folder = createTempSubfolder("folder");

        createTempFile(folder, "component-override.xml", contents);

        mSysConfig.readPermissions(folder, /* No permission needed anyway */ 0);

        readPermissions(folder, /* No permission needed anyway */ 0);

        final ArrayMap<String, Boolean> packageOneExpected = new ArrayMap<>();

        packageOneExpected.put("com.android.package1.Full", true);

        final File folder = createTempSubfolder("folder");

        createTempFile(folder, "staged-installer-whitelist.xml", contents);

        mSysConfig.readPermissions(folder, /* Grant all permission flags */ ~0);

        readPermissions(folder, /* Grant all permission flags */ ~0);

        assertThat(mSysConfig.getWhitelistedStagedInstallers())

                .containsExactly("com.android.package1");

        final File folder = createTempSubfolder("folder");

        createTempFile(folder, "staged-installer-whitelist.xml", contents);

        mSysConfig.readPermissions(folder, /* Grant all permission flags */ ~0);

        readPermissions(folder, /* Grant all permission flags */ ~0);

        assertThat(mSysConfig.getWhitelistedStagedInstallers())

                .containsExactly("com.android.package1");

        IllegalStateException e = expectThrows(

                IllegalStateException.class,

                () -> mSysConfig.readPermissions(folder, /* Grant all permission flags */ ~0));

                () -> readPermissions(folder, /* Grant all permission flags */ ~0));

        assertThat(e).hasMessageThat().contains("Multiple modules installers");

    }

        final File folder = createTempSubfolder("folder");

        createTempFile(folder, "staged-installer-whitelist.xml", contents);

        mSysConfig.readPermissions(folder, /* Grant all but ALLOW_APP_CONFIGS flag */ ~0x08);

        readPermissions(folder, /* Grant all but ALLOW_APP_CONFIGS flag */ ~0x08);

        assertThat(mSysConfig.getWhitelistedStagedInstallers()).isEmpty();

    }

        final File folder = createTempSubfolder("folder");

        createTempFile(folder, "vendor-apex-allowlist.xml", contents);

        mSysConfig.readPermissions(folder, /* Grant all permission flags */ ~0);

        readPermissions(folder, /* Grant all permission flags */ ~0);

        assertThat(mSysConfig.getAllowedVendorApexes())

                .containsExactly("com.android.apex1", "com.installer");

        final File folder = createTempSubfolder("folder");

        createTempFile(folder, "vendor-apex-allowlist.xml", contents);

        mSysConfig.readPermissions(folder, /* Grant all permission flags */ ~0);

        readPermissions(folder, /* Grant all permission flags */ ~0);

        assertThat(mSysConfig.getAllowedVendorApexes()).isEmpty();

    }

        final File folder = createTempSubfolder("folder");

        createTempFile(folder, "vendor-apex-allowlist.xml", contents);

        mSysConfig.readPermissions(folder, /* Grant all but ALLOW_VENDOR_APEX flag */ ~0x400);

        readPermissions(folder, /* Grant all but ALLOW_VENDOR_APEX flag */ ~0x400);

        assertThat(mSysConfig.getAllowedVendorApexes()).isEmpty();

    }