Enforce adb shell DeviceConfig flags restrictions - platform/frameworks/base

diff options

author	Michael Groover <mpgroover@google.com>	2024-12-23 11:59:32 -0600
committer	Michael Groover <mpgroover@google.com>	2024-12-27 17:34:46 -0600
commit	02dc1fb067add8549264a99c1fe175f2efc2e7fc (patch)
tree	996649b617d858f984d8bab0ea603369884c2e3a /libs/androidfw/StringPool.cpp
parent	767ff220e3944892bfc3084d378be858959eca85 (diff)

Enforce adb shell DeviceConfig flags restrictions

Android 16 limits the DeviceConfig flags that can be written by the shell user to those that have been allowlisted. Since a large portion of tests adopt the shell user's permission identity to modify DeviceConfig flags, this change would impact these tests, and the flags modified during tests would need to be allowlisted. The feature initially rolled out in logging mode to capture all flags that need to be allowlisted; now that the allowlist has been updated, this commit switches the feature to enforcing mode to prevent the adb shell user from writing flags that have not been allowlisted. Bug: 364083026 Flag: android.security.protect_device_config_flags Test: atest DeviceConfigApiTest Change-Id: I376fa6a57685bf27d76b9ac48ab60bf440b384c1

Diffstat (limited to 'libs/androidfw/StringPool.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: