Add android:usesNonSdkApi manifest attribute

ActivityManagerService decides on the non-SDK API enforcement policy
of every newly spawned process. System apps can be exempted by adding
their package name to a config XML file, tests can pass a flag to
'am instrument'. This patch adds a new @hide attribute on the <application>
manifest tag, "android:usesNonSdkApi", which can be used by both
system apps and tests, and is automatically set by the build system.

The use of the attribute remains guarded as follows:
- if invoked via 'am instrument', must hold shell user permission,
- if app launched, must be a system app or an updated system app.
The attribute is ignored in all other cases.

Bug: 113315999
Test: N/A
Change-Id: I2f6cb56f63fa2c5dd6c7c25fcefe8205da1ec96a

5 files changed, 29 insertions, 4 deletions

diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java
index b7a53520f060..1108f938ed4f 100644
--- a/core/java/android/content/pm/ApplicationInfo.java
+++ b/core/java/android/content/pm/ApplicationInfo.java
@@ -1009,6 +1009,13 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable {
     public String appComponentFactory;
 
     /**
+     * Indicates whether this package requires access to non-SDK APIs. Only system apps
+     * and tests are allowed to use this property.
+     * @hide
+     */
+    public boolean usesNonSdkApi;
+
+    /**
      * The category of this app. Categories are used to cluster multiple apps
      * together into meaningful groups, such as when summarizing battery,
      * network, or disk usage. Apps should only define this value when they fit
@@ -1712,8 +1719,13 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable {
     }
 
     private boolean isAllowedToUseHiddenApis() {
-        return isSignedWithPlatformKey()
-            || (isPackageWhitelistedForHiddenApis() && (isSystemApp() || isUpdatedSystemApp()));
+        if (isSignedWithPlatformKey()) {
+            return true;
+        } else if (isSystemApp() || isUpdatedSystemApp()) {
+            return usesNonSdkApi || isPackageWhitelistedForHiddenApis();
+        } else {
+            return false;
+        }
     }
 
     /**
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index 83757c4b523d..8b058dccbb6e 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -3659,6 +3659,9 @@ public class PackageParser {
             ai.appComponentFactory = buildClassName(ai.packageName, factory, outError);
         }
 
+        ai.usesNonSdkApi = sa.getBoolean(
+                com.android.internal.R.styleable.AndroidManifestApplication_usesNonSdkApi, false);
+
         if (outError[0] == null) {
             CharSequence pname;
             if (owner.applicationInfo.targetSdkVersion >= Build.VERSION_CODES.FROYO) {
diff --git a/core/res/res/values/attrs_manifest.xml b/core/res/res/values/attrs_manifest.xml
index 74663c92410a..3c0e51ed4cdd 100644
--- a/core/res/res/values/attrs_manifest.xml
+++ b/core/res/res/values/attrs_manifest.xml
@@ -1388,6 +1388,8 @@
          instantiates items without it.-->
     <attr name="appComponentFactory" format="string" />
 
+    <attr name="usesNonSdkApi" format="boolean" />
+
     <!-- The <code>manifest</code> tag is the root of an
          <code>AndroidManifest.xml</code> file,
          describing the contents of an Android package (.apk) file.  One
@@ -1561,6 +1563,9 @@
 
         <attr name="appComponentFactory" />
 
+        <!-- Declares that this application should be invoked without non-SDK API enforcement -->
+        <attr name="usesNonSdkApi" />
+
     </declare-styleable>
     <!-- The <code>permission</code> tag declares a security permission that can be
          used to control access from other packages to specific components or
diff --git a/core/res/res/values/public.xml b/core/res/res/values/public.xml
index e25bb79cee7b..9d678bd89798 100644
--- a/core/res/res/values/public.xml
+++ b/core/res/res/values/public.xml
@@ -2911,6 +2911,11 @@
         <public name="supportsAmbientMode" />
     </public-group>
 
+    <public-group type="attr" first-id="0x0101058d">
+        <!-- @hide For use by platform and tools only. Developers should not specify this value. -->
+        <public name="usesNonSdkApi" />
+    </public-group>
+
     <public-group type="style" first-id="0x010302e2">
     </public-group>
 
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 82805eda1562..4ff25d18afb1 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -17056,8 +17056,8 @@ public class ActivityManagerService extends IActivityManager.Stub
             activeInstr.mUiAutomationConnection = uiAutomationConnection;
             activeInstr.mResultClass = className;
 
-            boolean disableHiddenApiChecks =
-                    (flags & INSTRUMENTATION_FLAG_DISABLE_HIDDEN_API_CHECKS) != 0;
+            boolean disableHiddenApiChecks = ai.usesNonSdkApi
+                    || (flags & INSTRUMENTATION_FLAG_DISABLE_HIDDEN_API_CHECKS) != 0;
             if (disableHiddenApiChecks) {
                 enforceCallingPermission(android.Manifest.permission.DISABLE_HIDDEN_API_CHECKS,
                         "disable hidden API checks");