Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e7765a84 authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Limit stage install to system and whitelisted packges only (1/2)" into...

Merge "Limit stage install to system and whitelisted packges only (1/2)" into rvc-dev am: 04e28781

Change-Id: Ieb38ccefdd3513624ac95f45a28d7be84c0de03f
parents 08b9a301 04e28781
Loading
Loading
Loading
Loading
+19 −0
Original line number Original line Diff line number Diff line
@@ -229,6 +229,7 @@ public class SystemConfig {
    private ArrayMap<String, Set<String>> mPackageToUserTypeBlacklist = new ArrayMap<>();
    private ArrayMap<String, Set<String>> mPackageToUserTypeBlacklist = new ArrayMap<>();


    private final ArraySet<String> mRollbackWhitelistedPackages = new ArraySet<>();
    private final ArraySet<String> mRollbackWhitelistedPackages = new ArraySet<>();
    private final ArraySet<String> mWhitelistedStagedInstallers = new ArraySet<>();


    /**
    /**
     * Map of system pre-defined, uniquely named actors; keys are namespace,
     * Map of system pre-defined, uniquely named actors; keys are namespace,
@@ -394,6 +395,10 @@ public class SystemConfig {
        return mRollbackWhitelistedPackages;
        return mRollbackWhitelistedPackages;
    }
    }


    public Set<String> getWhitelistedStagedInstallers() {
        return mWhitelistedStagedInstallers;
    }

    public ArraySet<String> getAppDataIsolationWhitelistedApps() {
    public ArraySet<String> getAppDataIsolationWhitelistedApps() {
        return mAppDataIsolationWhitelistedApps;
        return mAppDataIsolationWhitelistedApps;
    }
    }
@@ -1137,6 +1142,20 @@ public class SystemConfig {
                        }
                        }
                        XmlUtils.skipCurrentTag(parser);
                        XmlUtils.skipCurrentTag(parser);
                    } break;
                    } break;
                    case "whitelisted-staged-installer": {
                        if (allowAppConfigs) {
                            String pkgname = parser.getAttributeValue(null, "package");
                            if (pkgname == null) {
                                Slog.w(TAG, "<" + name + "> without package in " + permFile
                                        + " at " + parser.getPositionDescription());
                            } else {
                                mWhitelistedStagedInstallers.add(pkgname);
                            }
                        } else {
                            logNotAllowedInPartition(name, permFile, parser);
                        }
                        XmlUtils.skipCurrentTag(parser);
                    } break;
                    default: {
                    default: {
                        Slog.w(TAG, "Tag " + name + " is unknown in "
                        Slog.w(TAG, "Tag " + name + " is unknown in "
                                + permFile + " at " + parser.getPositionDescription());
                                + permFile + " at " + parser.getPositionDescription());
+45 −2
Original line number Original line Diff line number Diff line
@@ -16,6 +16,8 @@


package com.android.server.systemconfig;
package com.android.server.systemconfig;


import static com.google.common.truth.Truth.assertThat;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertEquals;


import android.platform.test.annotations.Presubmit;
import android.platform.test.annotations.Presubmit;
@@ -180,8 +182,48 @@ public class SystemConfigTest {
        assertEquals(packageTwoExpected, packageTwo);
        assertEquals(packageTwoExpected, packageTwo);
    }
    }


    /**
     * Tests that readPermissions works correctly with {@link SystemConfig#ALLOW_APP_CONFIGS}
     * permission flag for the tag: whitelisted-staged-installer.
     */
    @Test
    public void readPermissions_allowAppConfigs_parsesStagedInstallerWhitelist()
            throws IOException {
        final String contents =
                "<config>\n"
                + "    <whitelisted-staged-installer package=\"com.android.package1\" />\n"
                + "</config>";
        final File folder = createTempSubfolder("folder");
        createTempFile(folder, "staged-installer-whitelist.xml", contents);

        mSysConfig.readPermissions(folder, /* Grant all permission flags */ ~0);

        assertThat(mSysConfig.getWhitelistedStagedInstallers())
                .containsExactly("com.android.package1");
    }

    /**
     * Tests that readPermissions works correctly without {@link SystemConfig#ALLOW_APP_CONFIGS}
     * permission flag for the tag: whitelisted-staged-installer.
     */
    @Test
    public void readPermissions_notAllowAppConfigs_wontParseStagedInstallerWhitelist()
            throws IOException {
        final String contents =
                "<config>\n"
                + "    <whitelisted-staged-installer package=\"com.android.package1\" />\n"
                + "</config>";
        final File folder = createTempSubfolder("folder");
        createTempFile(folder, "staged-installer-whitelist.xml", contents);

        mSysConfig.readPermissions(folder, /* Grant all but ALLOW_APP_CONFIGS flag */ ~0x08);

        assertThat(mSysConfig.getWhitelistedStagedInstallers()).isEmpty();
    }

    /**
    /**
     * Creates folderName/fileName in the mTemporaryFolder and fills it with the contents.
     * Creates folderName/fileName in the mTemporaryFolder and fills it with the contents.
     *
     * @param folderName subdirectory of mTemporaryFolder to put the file, creating if needed
     * @param folderName subdirectory of mTemporaryFolder to put the file, creating if needed
     * @return the folder
     * @return the folder
     */
     */
@@ -194,6 +236,7 @@ public class SystemConfigTest {


    /**
    /**
     * Creates folderName/fileName in the mTemporaryFolder and fills it with the contents.
     * Creates folderName/fileName in the mTemporaryFolder and fills it with the contents.
     *
     * @param folder   pre-existing subdirectory of mTemporaryFolder to put the file
     * @param folder   pre-existing subdirectory of mTemporaryFolder to put the file
     * @param fileName name of the file (e.g. filename.xml) to create
     * @param fileName name of the file (e.g. filename.xml) to create
     * @param contents contents to write to the file
     * @param contents contents to write to the file