diff options
| author | 2024-02-29 18:54:43 +0000 | |
|---|---|---|
| committer | 2024-03-28 07:21:54 +0000 | |
| commit | c2a541d85faac9cdc8316434dcd1ddea4e9a2478 (patch) | |
| tree | 49f1a7a832ba6cbaf4e55e57aefaba50270d8925 /data | |
| parent | b75186ff30a64d92446ee346c299c82b7708e791 (diff) | |
Allowlist for platform signed package/sharedUid-s.
Fixes: 308573259
Test: atest android.content.pm.cts.PackageManagerTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:4f882ccfbf955b5fc9e04ef45ff3293885a7d20a)
Merged-In: Ieb9e256b5fbb3b2ccd5d6a695f63011a31e95d9b
Change-Id: Ieb9e256b5fbb3b2ccd5d6a695f63011a31e95d9b
24D1-dev is based on 24Q2-release. Therefore, we merged this CL to 24D1-dev.
Diffstat (limited to 'data')
| -rw-r--r-- | data/etc/Android.bp | 6 | ||||
| -rw-r--r-- | data/etc/CleanSpec.mk | 2 | ||||
| -rw-r--r-- | data/etc/package-shareduid-allowlist.xml | 35 |
3 files changed, 43 insertions, 0 deletions
diff --git a/data/etc/Android.bp b/data/etc/Android.bp index 238a3e10f058..1410950966e9 100644 --- a/data/etc/Android.bp +++ b/data/etc/Android.bp @@ -72,6 +72,12 @@ prebuilt_etc { src: "enhanced-confirmation.xml", } +prebuilt_etc { + name: "package-shareduid-allowlist.xml", + sub_dir: "sysconfig", + src: "package-shareduid-allowlist.xml", +} + // Privapp permission whitelist files prebuilt_etc { diff --git a/data/etc/CleanSpec.mk b/data/etc/CleanSpec.mk index 783a7edadeb7..fd38d2782cb2 100644 --- a/data/etc/CleanSpec.mk +++ b/data/etc/CleanSpec.mk @@ -43,6 +43,8 @@ #$(call add-clean-step, rm -rf $(OUT_DIR)/target/common/obj/JAVA_LIBRARIES/core_intermediates) #$(call add-clean-step, find $(OUT_DIR) -type f -name "IGTalkSession*" -print0 | xargs -0 rm -f) #$(call add-clean-step, rm -rf $(PRODUCT_OUT)/data/*) +$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/product/etc/sysconfig/package-shareduid-allowlist.xml) +$(call add-clean-step, rm -rf $(PRODUCT_OUT)/product/etc/sysconfig/package-shareduid-allowlist.xml) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/product/etc/permissions/com.android.carrierconfig.xml) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/product/etc/permissions/com.android.carrierconfig.xml) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/product/etc/permissions/com.android.emergency.xml) diff --git a/data/etc/package-shareduid-allowlist.xml b/data/etc/package-shareduid-allowlist.xml new file mode 100644 index 000000000000..2401d4a26e68 --- /dev/null +++ b/data/etc/package-shareduid-allowlist.xml @@ -0,0 +1,35 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + ~ Copyright (C) 2024 The Android Open Source Project + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> + +<!-- +This XML defines an allowlist for packages that want to join a particular shared-uid. +If a non-system package that is signed with platform signature, is trying to join a particular +shared-uid, and not in this list, the installation will fail. + +- The "package" XML attribute refers to the app's package name. +- The "shareduid" XML attribute refers to the shared uid name. + +Example usage + 1. <allow-package-shareduid package="com.example.app" shareduid="android.uid.system"/> + Indicates that a package - com.example.app, will be able to join android.uid.system. + 2. <allow-package-shareduid package="oem.example.app" shareduid="oem.uid.custom"/> + Indicates that a package - oem.example.app, will be able to join oem.uid.custom. +--> + +<config> + <allow-package-shareduid package="android.test.settings" shareduid="android.uid.system" /> +</config> |