Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ef89da1e authored by Keun young Park's avatar Keun young Park Committed by Keun-young Park
Browse files

Use auto specific system property to fix car service package 

- With mainline, car service package goes into mainline and package name
  can change depending on who signs it.
- Allow auto product to specify car service package name through
  ro.android.car.carservice.package (=defined in car API surface) so that
  permission allow list can be rely on permissions from the package.
- This should not affect other form factors and auto will add separate
  enforcement for the presence of the package so that this does not bring
  a security risk.

Bug: 221113599
Test: atest android.permission2.cts.PermissionPolicyTest
Change-Id: I5b11fe744b4048dce67b286afd50a18c25d7642a
parent ce285fe3

services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java

+7 −6
Original line number Diff line number Diff line
@@ -89,6 +89,7 @@ import android.os.Process; 
import android.os.RemoteCallbackList;

import android.os.RemoteException;

import android.os.ServiceManager;

import android.os.SystemProperties;

import android.os.Trace;

import android.os.UserHandle;

import android.os.UserManager;
@@ -125,7 +126,6 @@ import com.android.server.ServiceThread; 
import com.android.server.SystemConfig;

import com.android.server.Watchdog;

import com.android.server.pm.ApexManager;

import com.android.server.pm.PackageSetting;

import com.android.server.pm.UserManagerInternal;

import com.android.server.pm.UserManagerService;

import com.android.server.pm.parsing.PackageInfoUtils;
@@ -175,10 +175,6 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt 


    private static final long BACKUP_TIMEOUT_MILLIS = SECONDS.toMillis(60);



    // For automotive products, CarService enforces allow-listing of the privileged permissions

    // com.android.car is the package name which declares auto specific permissions

    private static final String CAR_PACKAGE_NAME = "com.android.car";



    /** Cap the size of permission trees that 3rd party apps can define; in characters of text */

    private static final int MAX_PERMISSION_TREE_FOOTPRINT = 32768;

    /** Empty array to avoid allocations */
@@ -388,7 +384,12 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt 
        // PackageManager.hasSystemFeature() is not used here because PackageManagerService

        // isn't ready yet.

        if (availableFeatures.containsKey(PackageManager.FEATURE_AUTOMOTIVE)) {

            mPrivilegedPermissionAllowlistSourcePackageNames.add(CAR_PACKAGE_NAME);

            // The property defined in car api surface, so use the string directly.

            String carServicePackage = SystemProperties.get("ro.android.car.carservice.package",

                    null);

            if (carServicePackage != null) {

                mPrivilegedPermissionAllowlistSourcePackageNames.add(carServicePackage);

            }

        }



        mHandlerThread = new ServiceThread(TAG,