From ca6f81d39525174e926c2fcc824fe9531ffb3563 Mon Sep 17 00:00:00 2001
From: David Brazdil <dbrazdil@google.com>
Date: Tue, 28 Aug 2018 12:55:56 +0100
Subject: Add android:usesNonSdkApi manifest attribute

ActivityManagerService decides on the non-SDK API enforcement policy
of every newly spawned process. System apps can be exempted by adding
their package name to a config XML file, tests can pass a flag to
'am instrument'. This patch adds a new @hide attribute on the <application>
manifest tag, "android:usesNonSdkApi", which can be used by both
system apps and tests, and is automatically set by the build system.

The use of the attribute remains guarded as follows:
- if invoked via 'am instrument', must hold shell user permission,
- if app launched, must be a system app or an updated system app.
The attribute is ignored in all other cases.

Bug: 113315999
Test: N/A
Merged-In: I2f6cb56f63fa2c5dd6c7c25fcefe8205da1ec96a
Change-Id: I2f6cb56f63fa2c5dd6c7c25fcefe8205da1ec96a
(cherry picked from commit 787b6f22a63e5c90e6bde69da64af2fbea68a50d)
---
 core/java/android/content/pm/ApplicationInfo.java        | 16 ++++++++++++++--
 core/java/android/content/pm/PackageParser.java          |  3 +++
 core/res/res/values/attrs_manifest.xml                   |  5 +++++
 core/res/res/values/public.xml                           |  5 +++++
 .../com/android/server/am/ActivityManagerService.java    |  4 ++--
 5 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java
index d2611563d0aa..243d7d8121c0 100644
--- a/core/java/android/content/pm/ApplicationInfo.java
+++ b/core/java/android/content/pm/ApplicationInfo.java
@@ -1000,6 +1000,13 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable {
      */
     public String appComponentFactory;
 
+    /**
+     * Indicates whether this package requires access to non-SDK APIs. Only system apps
+     * and tests are allowed to use this property.
+     * @hide
+     */
+    public boolean usesNonSdkApi;
+
     /**
      * The category of this app. Categories are used to cluster multiple apps
      * together into meaningful groups, such as when summarizing battery,
@@ -1698,8 +1705,13 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable {
     }
 
     private boolean isAllowedToUseHiddenApis() {
-        return isSignedWithPlatformKey()
-            || (isPackageWhitelistedForHiddenApis() && (isSystemApp() || isUpdatedSystemApp()));
+        if (isSignedWithPlatformKey()) {
+            return true;
+        } else if (isSystemApp() || isUpdatedSystemApp()) {
+            return usesNonSdkApi || isPackageWhitelistedForHiddenApis();
+        } else {
+            return false;
+        }
     }
 
     /**
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index 89a72c96ec64..b7be5a7ced2d 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -3580,6 +3580,9 @@ public class PackageParser {
             ai.appComponentFactory = buildClassName(ai.packageName, factory, outError);
         }
 
+        ai.usesNonSdkApi = sa.getBoolean(
+                com.android.internal.R.styleable.AndroidManifestApplication_usesNonSdkApi, false);
+
         if (outError[0] == null) {
             CharSequence pname;
             if (owner.applicationInfo.targetSdkVersion >= Build.VERSION_CODES.FROYO) {
diff --git a/core/res/res/values/attrs_manifest.xml b/core/res/res/values/attrs_manifest.xml
index c4fa190b228d..9e0cff3c4728 100644
--- a/core/res/res/values/attrs_manifest.xml
+++ b/core/res/res/values/attrs_manifest.xml
@@ -1385,6 +1385,8 @@
          instantiates items without it.-->
     <attr name="appComponentFactory" format="string" />
 
+    <attr name="usesNonSdkApi" format="boolean" />
+
     <!-- The <code>manifest</code> tag is the root of an
          <code>AndroidManifest.xml</code> file,
          describing the contents of an Android package (.apk) file.  One
@@ -1558,6 +1560,9 @@
 
         <attr name="appComponentFactory" />
 
+        <!-- Declares that this application should be invoked without non-SDK API enforcement -->
+        <attr name="usesNonSdkApi" />
+
     </declare-styleable>
     <!-- The <code>permission</code> tag declares a security permission that can be
          used to control access from other packages to specific components or
diff --git a/core/res/res/values/public.xml b/core/res/res/values/public.xml
index 997575fc4743..48ba0676c753 100644
--- a/core/res/res/values/public.xml
+++ b/core/res/res/values/public.xml
@@ -2905,6 +2905,11 @@
     <public-group type="attr" first-id="0x01010587">
     </public-group>
 
+    <public-group type="attr" first-id="0x0101058d">
+        <!-- @hide For use by platform and tools only. Developers should not specify this value. -->
+        <public name="usesNonSdkApi" />
+    </public-group>
+
     <public-group type="style" first-id="0x010302e2">
     </public-group>
 
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index f7cb8345e43f..2447a03bc25f 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -21996,8 +21996,8 @@ public class ActivityManagerService extends IActivityManager.Stub
             activeInstr.mUiAutomationConnection = uiAutomationConnection;
             activeInstr.mResultClass = className;
 
-            boolean disableHiddenApiChecks =
-                    (flags & INSTRUMENTATION_FLAG_DISABLE_HIDDEN_API_CHECKS) != 0;
+            boolean disableHiddenApiChecks = ai.usesNonSdkApi
+                    || (flags & INSTRUMENTATION_FLAG_DISABLE_HIDDEN_API_CHECKS) != 0;
             if (disableHiddenApiChecks) {
                 enforceCallingPermission(android.Manifest.permission.DISABLE_HIDDEN_API_CHECKS,
                         "disable hidden API checks");
-- 
cgit v1.2.3-59-g8ed1b