Loading core/java/android/content/pm/ApplicationInfo.java +5 −1 Original line number Diff line number Diff line Loading @@ -37,6 +37,7 @@ import android.util.SparseArray; import android.util.proto.ProtoOutputStream; import com.android.internal.util.ArrayUtils; import com.android.server.SystemConfig; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; Loading Loading @@ -1603,7 +1604,10 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { * @hide */ public boolean isAllowedToUseHiddenApi() { return isSystemApp() || isUpdatedSystemApp(); boolean whitelisted = SystemConfig.getInstance().getHiddenApiWhitelistedApps().contains(packageName); return isSystemApp() || // TODO get rid of this once the whitelist has been populated (whitelisted && (isSystemApp() || isUpdatedSystemApp())); } /** Loading core/java/com/android/server/SystemConfig.java +18 −0 Original line number Diff line number Diff line Loading @@ -63,6 +63,7 @@ public class SystemConfig { private static final int ALLOW_APP_CONFIGS = 0x08; private static final int ALLOW_PRIVAPP_PERMISSIONS = 0x10; private static final int ALLOW_OEM_PERMISSIONS = 0x20; private static final int ALLOW_HIDDENAPI_WHITELISTING = 0x40; private static final int ALLOW_ALL = ~0; // Group-ids that are given to all packages as read from etc/permissions/*.xml. Loading Loading @@ -137,6 +138,9 @@ public class SystemConfig { // These are the permitted backup transport service components final ArraySet<ComponentName> mBackupTransportWhitelist = new ArraySet<>(); // Package names that are exempted from private API blacklisting final ArraySet<String> mHiddenApiPackageWhitelist = new ArraySet<>(); // These are the packages of carrier-associated apps which should be disabled until used until // a SIM is inserted which grants carrier privileges to that carrier app. final ArrayMap<String, List<String>> mDisabledUntilUsedPreinstalledCarrierAssociatedApps = Loading Loading @@ -215,6 +219,10 @@ public class SystemConfig { return mSystemUserBlacklistedApps; } public ArraySet<String> getHiddenApiWhitelistedApps() { return mHiddenApiPackageWhitelist; } public ArraySet<ComponentName> getDefaultVrComponents() { return mDefaultVrComponents; } Loading Loading @@ -376,6 +384,7 @@ public class SystemConfig { boolean allowAppConfigs = (permissionFlag & ALLOW_APP_CONFIGS) != 0; boolean allowPrivappPermissions = (permissionFlag & ALLOW_PRIVAPP_PERMISSIONS) != 0; boolean allowOemPermissions = (permissionFlag & ALLOW_OEM_PERMISSIONS) != 0; boolean allowApiWhitelisting = (permissionFlag & ALLOW_HIDDENAPI_WHITELISTING) != 0; while (true) { XmlUtils.nextElement(parser); if (parser.getEventType() == XmlPullParser.END_DOCUMENT) { Loading Loading @@ -637,6 +646,15 @@ public class SystemConfig { } } else if ("oem-permissions".equals(name) && allowOemPermissions) { readOemPermissions(parser); } else if ("hidden-api-whitelisted-app".equals(name) && allowApiWhitelisting) { String pkgname = parser.getAttributeValue(null, "package"); if (pkgname == null) { Slog.w(TAG, "<hidden-api-whitelisted-app> without package in " + permFile + " at " + parser.getPositionDescription()); } else { mHiddenApiPackageWhitelist.add(pkgname); } XmlUtils.skipCurrentTag(parser); } else { XmlUtils.skipCurrentTag(parser); continue; Loading data/etc/Android.mk +8 −0 Original line number Diff line number Diff line Loading @@ -39,3 +39,11 @@ LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/permissions LOCAL_SRC_FILES := $(LOCAL_MODULE) include $(BUILD_PREBUILT) ######################## include $(CLEAR_VARS) LOCAL_MODULE := hiddenapi-package-whitelist.xml LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/sysconfig LOCAL_SRC_FILES := $(LOCAL_MODULE) include $(BUILD_PREBUILT) data/etc/hiddenapi-package-whitelist.xml 0 → 100644 +26 −0 Original line number Diff line number Diff line <?xml version="1.0" encoding="utf-8"?> <!-- ~ Copyright (C) 2018 The Android Open Source Project ~ ~ Licensed under the Apache License, Version 2.0 (the "License"); ~ you may not use this file except in compliance with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0 ~ ~ Unless required by applicable law or agreed to in writing, software ~ distributed under the License is distributed on an "AS IS" BASIS, ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the License for the specific language governing permissions and ~ limitations under the License --> <!-- This XML file declares which system apps should be exempted from the hidden API blacklisting, i.e. which apps should be allowed to access the entire private API. --> <config> <hidden-api-whitelisted-app package="com.android.providers.contacts" /> </config> Loading
core/java/android/content/pm/ApplicationInfo.java +5 −1 Original line number Diff line number Diff line Loading @@ -37,6 +37,7 @@ import android.util.SparseArray; import android.util.proto.ProtoOutputStream; import com.android.internal.util.ArrayUtils; import com.android.server.SystemConfig; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; Loading Loading @@ -1603,7 +1604,10 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { * @hide */ public boolean isAllowedToUseHiddenApi() { return isSystemApp() || isUpdatedSystemApp(); boolean whitelisted = SystemConfig.getInstance().getHiddenApiWhitelistedApps().contains(packageName); return isSystemApp() || // TODO get rid of this once the whitelist has been populated (whitelisted && (isSystemApp() || isUpdatedSystemApp())); } /** Loading
core/java/com/android/server/SystemConfig.java +18 −0 Original line number Diff line number Diff line Loading @@ -63,6 +63,7 @@ public class SystemConfig { private static final int ALLOW_APP_CONFIGS = 0x08; private static final int ALLOW_PRIVAPP_PERMISSIONS = 0x10; private static final int ALLOW_OEM_PERMISSIONS = 0x20; private static final int ALLOW_HIDDENAPI_WHITELISTING = 0x40; private static final int ALLOW_ALL = ~0; // Group-ids that are given to all packages as read from etc/permissions/*.xml. Loading Loading @@ -137,6 +138,9 @@ public class SystemConfig { // These are the permitted backup transport service components final ArraySet<ComponentName> mBackupTransportWhitelist = new ArraySet<>(); // Package names that are exempted from private API blacklisting final ArraySet<String> mHiddenApiPackageWhitelist = new ArraySet<>(); // These are the packages of carrier-associated apps which should be disabled until used until // a SIM is inserted which grants carrier privileges to that carrier app. final ArrayMap<String, List<String>> mDisabledUntilUsedPreinstalledCarrierAssociatedApps = Loading Loading @@ -215,6 +219,10 @@ public class SystemConfig { return mSystemUserBlacklistedApps; } public ArraySet<String> getHiddenApiWhitelistedApps() { return mHiddenApiPackageWhitelist; } public ArraySet<ComponentName> getDefaultVrComponents() { return mDefaultVrComponents; } Loading Loading @@ -376,6 +384,7 @@ public class SystemConfig { boolean allowAppConfigs = (permissionFlag & ALLOW_APP_CONFIGS) != 0; boolean allowPrivappPermissions = (permissionFlag & ALLOW_PRIVAPP_PERMISSIONS) != 0; boolean allowOemPermissions = (permissionFlag & ALLOW_OEM_PERMISSIONS) != 0; boolean allowApiWhitelisting = (permissionFlag & ALLOW_HIDDENAPI_WHITELISTING) != 0; while (true) { XmlUtils.nextElement(parser); if (parser.getEventType() == XmlPullParser.END_DOCUMENT) { Loading Loading @@ -637,6 +646,15 @@ public class SystemConfig { } } else if ("oem-permissions".equals(name) && allowOemPermissions) { readOemPermissions(parser); } else if ("hidden-api-whitelisted-app".equals(name) && allowApiWhitelisting) { String pkgname = parser.getAttributeValue(null, "package"); if (pkgname == null) { Slog.w(TAG, "<hidden-api-whitelisted-app> without package in " + permFile + " at " + parser.getPositionDescription()); } else { mHiddenApiPackageWhitelist.add(pkgname); } XmlUtils.skipCurrentTag(parser); } else { XmlUtils.skipCurrentTag(parser); continue; Loading
data/etc/Android.mk +8 −0 Original line number Diff line number Diff line Loading @@ -39,3 +39,11 @@ LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/permissions LOCAL_SRC_FILES := $(LOCAL_MODULE) include $(BUILD_PREBUILT) ######################## include $(CLEAR_VARS) LOCAL_MODULE := hiddenapi-package-whitelist.xml LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/sysconfig LOCAL_SRC_FILES := $(LOCAL_MODULE) include $(BUILD_PREBUILT)
data/etc/hiddenapi-package-whitelist.xml 0 → 100644 +26 −0 Original line number Diff line number Diff line <?xml version="1.0" encoding="utf-8"?> <!-- ~ Copyright (C) 2018 The Android Open Source Project ~ ~ Licensed under the Apache License, Version 2.0 (the "License"); ~ you may not use this file except in compliance with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0 ~ ~ Unless required by applicable law or agreed to in writing, software ~ distributed under the License is distributed on an "AS IS" BASIS, ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the License for the specific language governing permissions and ~ limitations under the License --> <!-- This XML file declares which system apps should be exempted from the hidden API blacklisting, i.e. which apps should be allowed to access the entire private API. --> <config> <hidden-api-whitelisted-app package="com.android.providers.contacts" /> </config>
