diff options
| -rw-r--r-- | services/core/java/com/android/server/pm/SELinuxMMAC.java | 6 | ||||
| -rw-r--r-- | services/tests/servicestests/src/com/android/server/pm/SELinuxMMACTest.java | 10 |
2 files changed, 13 insertions, 3 deletions
diff --git a/services/core/java/com/android/server/pm/SELinuxMMAC.java b/services/core/java/com/android/server/pm/SELinuxMMAC.java index c5fbfba9b049..b72da23d6717 100644 --- a/services/core/java/com/android/server/pm/SELinuxMMAC.java +++ b/services/core/java/com/android/server/pm/SELinuxMMAC.java @@ -79,7 +79,7 @@ public final class SELinuxMMAC { /** * Allows opt-in to the latest targetSdkVersion enforced changes without changing target SDK. - * Turning this change off for an app targeting the latest SDK is a no-op. + * Turning this change off for an app targeting >= the latest SDK is a no-op. * * <p>Has no effect for apps using shared user id. * @@ -92,7 +92,7 @@ public final class SELinuxMMAC { /** * This change gates apps access to untrusted_app_R-targetSDK SELinux domain. Allows opt-in * to R targetSdkVersion enforced changes without changing target SDK. Turning this change - * off for an app targeting S is a no-op. + * off for an app targeting >= S is a no-op. * * <p>Has no effect for apps using shared user id. * @@ -364,7 +364,7 @@ public final class SELinuxMMAC { } final ApplicationInfo appInfo = pkg.toAppInfoWithoutState(); if (compatibility.isChangeEnabledInternal(SELINUX_LATEST_CHANGES, appInfo)) { - return android.os.Build.VERSION_CODES.S; + return Math.max(android.os.Build.VERSION_CODES.S, pkg.getTargetSdkVersion()); } else if (compatibility.isChangeEnabledInternal(SELINUX_R_CHANGES, appInfo)) { return Math.max(android.os.Build.VERSION_CODES.R, pkg.getTargetSdkVersion()); } diff --git a/services/tests/servicestests/src/com/android/server/pm/SELinuxMMACTest.java b/services/tests/servicestests/src/com/android/server/pm/SELinuxMMACTest.java index f1930d7268d7..cee4cda99e46 100644 --- a/services/tests/servicestests/src/com/android/server/pm/SELinuxMMACTest.java +++ b/services/tests/servicestests/src/com/android/server/pm/SELinuxMMACTest.java @@ -91,6 +91,16 @@ public class SELinuxMMACTest { } @Test + public void getSeInfoTargetingCurDevelopment() { + AndroidPackage pkg = makePackage(Build.VERSION_CODES.CUR_DEVELOPMENT); + when(mMockCompatibility.isChangeEnabledInternal(eq(SELinuxMMAC.SELINUX_LATEST_CHANGES), + argThat(argument -> argument.packageName.equals(pkg.getPackageName())))) + .thenReturn(true); + assertThat(SELinuxMMAC.getSeInfo(pkg, null, mMockCompatibility), + is("default:targetSdkVersion=" + Build.VERSION_CODES.CUR_DEVELOPMENT)); + } + + @Test public void getSeInfoNoOptInButAlreadyR() { AndroidPackage pkg = makePackage(R_OPT_IN_VERSION); when(mMockCompatibility.isChangeEnabledInternal(eq(SELinuxMMAC.SELINUX_R_CHANGES), |