From d9d17367670eb930d74d2e2ffeeb3c0e9bea0a23 Mon Sep 17 00:00:00 2001
From: Winson <chiuwinson@google.com>
Date: Wed, 2 Oct 2019 12:41:29 -0700
Subject: Overlayable actor enforcement

Validates that the caller of an OverlayManager API that mutates state
is actually allowed to act on the target as defined in the target's
overlayable tag.

<overlayable name="MyResources" actor="namespace/name">

An actor is valid if any of the following is true:
 - is root/system
 - is the target overlay package
 - has the CHANGE_OVERLAY_PACKAGES permission and an actor is not defined
 - is the same package name as the sole resolved Activity for the actor specified
     in the overlayable definition, with only pre-installed, namespaced actors
     currently supported

Bug: 119442583
Bug: 135052950

Test: atest SystemConfigNamedActorTest
Test: atest com.android.server.om

Change-Id: If56b9e8366852eaef84f6bb25c3e6871eaa3f219
---
 libs/androidfw/include/androidfw/LoadedArsc.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'libs/androidfw/include')

diff --git a/libs/androidfw/include/androidfw/LoadedArsc.h b/libs/androidfw/include/androidfw/LoadedArsc.h
index 6cbda07b6950..b5d3a1fc6c1f 100644
--- a/libs/androidfw/include/androidfw/LoadedArsc.h
+++ b/libs/androidfw/include/androidfw/LoadedArsc.h
@@ -273,6 +273,8 @@ class LoadedPackage {
   ByteBucketArray<uint32_t> resource_ids_;
   std::vector<DynamicPackageEntry> dynamic_package_map_;
   std::vector<const std::pair<OverlayableInfo, std::unordered_set<uint32_t>>> overlayable_infos_;
+
+  // A map of overlayable name to actor
   std::unordered_map<std::string, std::string> overlayable_map_;
 };
 
-- 
cgit v1.2.3-59-g8ed1b