From 633dc9bcef0935931781d7e4554566271fe9f2c5 Mon Sep 17 00:00:00 2001
From: Ben Gruver <bgruv@google.com>
Date: Thu, 4 Apr 2013 12:05:49 -0700
Subject: Add a config updater component for the intent firewall

Change-Id: I43f6defa16691099592bf87e75f2d1a732135cf3
---
 core/java/android/provider/Settings.java           | 14 +++++++++++
 core/res/AndroidManifest.xml                       |  6 +++++
 .../android/server/firewall/IntentFirewall.java    | 12 ++++++----
 .../updates/IntentFirewallInstallReceiver.java     | 27 ++++++++++++++++++++++
 4 files changed, 55 insertions(+), 4 deletions(-)
 create mode 100644 services/java/com/android/server/updates/IntentFirewallInstallReceiver.java

diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java
index 03ee9eb5928a..a0473a4805f0 100644
--- a/core/java/android/provider/Settings.java
+++ b/core/java/android/provider/Settings.java
@@ -5397,6 +5397,20 @@ public final class Settings {
          */
         public static final String CERT_PIN_UPDATE_METADATA_URL = "cert_pin_metadata_url";
 
+        /**
+         * URL for intent firewall updates
+         * @hide
+         */
+        public static final String INTENT_FIREWALL_UPDATE_CONTENT_URL =
+                "intent_firewall_content_url";
+
+        /**
+         * URL for intent firewall update metadata
+         * @hide
+         */
+        public static final String INTENT_FIREWALL_UPDATE_METADATA_URL =
+                "intent_firewall_metadata_url";
+
         /**
          * SELinux enforcement status. If 0, permissive; if 1, enforcing.
          * @hide
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 666d1c66e1d3..ffceb6832600 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2301,6 +2301,12 @@
             </intent-filter>
         </receiver>
 
+        <receiver android:name="com.android.server.updates.IntentFirewallInstallReceiver" >
+            <intent-filter>
+                <action android:name="android.intent.action.UPDATE_INTENT_FIREWALL" />
+            </intent-filter>
+        </receiver>
+
         <receiver android:name="com.android.server.updates.SmsShortCodesInstallReceiver" >
             <intent-filter>
                 <action android:name="android.intent.action.UPDATE_SMS_SHORT_CODES" />
diff --git a/services/java/com/android/server/firewall/IntentFirewall.java b/services/java/com/android/server/firewall/IntentFirewall.java
index ebbbd8632827..062183b1b090 100644
--- a/services/java/com/android/server/firewall/IntentFirewall.java
+++ b/services/java/com/android/server/firewall/IntentFirewall.java
@@ -42,7 +42,9 @@ import java.util.List;
 public class IntentFirewall {
     private static final String TAG = "IntentFirewall";
 
-    private static final String RULES_FILENAME = "ifw.xml";
+    // e.g. /data/system/ifw/ifw.xml or /data/secure/system/ifw/ifw.xml
+    private static final File RULES_FILE =
+            new File(Environment.getSystemSecureDirectory(), "ifw/ifw.xml");
 
     private static final String TAG_RULES = "rules";
     private static final String TAG_ACTIVITY = "activity";
@@ -93,9 +95,7 @@ public class IntentFirewall {
 
     public IntentFirewall(AMSInterface ams) {
         mAms = ams;
-        File dataSystemDir = new File(Environment.getDataDirectory(), "system");
-        File rulesFile = new File(dataSystemDir, RULES_FILENAME);
-        readRules(rulesFile);
+        readRules(getRulesFile());
     }
 
     public boolean checkStartActivity(Intent intent, ApplicationInfo callerApp,
@@ -127,6 +127,10 @@ public class IntentFirewall {
         return !block;
     }
 
+    public static File getRulesFile() {
+        return RULES_FILE;
+    }
+
     private void readRules(File rulesFile) {
         FileInputStream fis;
         try {
diff --git a/services/java/com/android/server/updates/IntentFirewallInstallReceiver.java b/services/java/com/android/server/updates/IntentFirewallInstallReceiver.java
new file mode 100644
index 000000000000..91859033272a
--- /dev/null
+++ b/services/java/com/android/server/updates/IntentFirewallInstallReceiver.java
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2013 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server.updates;
+
+import com.android.server.firewall.IntentFirewall;
+
+public class IntentFirewallInstallReceiver extends ConfigUpdateInstallReceiver {
+
+    public IntentFirewallInstallReceiver() {
+        super(IntentFirewall.getRulesFile().getParent(), IntentFirewall.getRulesFile().getName(),
+                "metadata/", "version");
+    }
+}
-- 
cgit v1.2.3-59-g8ed1b