commit 087dce20e3a7137e94607c060fd825d1f8952572
author Svet Ganov <svetoslavganov@google.com> Thu Sep 07 15:42:16 2017 -0700
committer Todd Kennedy <toddke@google.com> Thu Sep 14 11:48:45 2017 -0700
tree 006d281172e6f8d86e27657236db2336c14f5240
parent a32525fcbad6e12eec690c6b3c7583dfc718891d

Add new OEM permission flavor

The new OEM permission flavor of signature protected perissions
can be granted only to apps on the OEM partition if they are:

 1. Signed as the one declaring the permission

 2. The requesting app is on OEM partition of the system image and
    declares the permission used and the OEM explicitly granted this
    permission by adding an entry in /oem/permission/*.xml
    with the following format:

    <permissions>
        <oem-permissions package="foo.bar.baz">
            <permission name="android.permission.ACCESS_FOO" granted="true"/>
        </oem-permissions>
    </permissions>

All OEM permissions requested by any app on the OEM partition
must be declared granted or not to force the OEM making a well
though out explicit choice. If that condidtion is not met the
system server restarts - this prevents shipping a device with
OEM permissions for which no opition was explicitly expressed.

Normal apps requesting an OEM permission has no effect, i.e the
permission is only granted on a signature match.

Change-Id: I345bb0b56368ee03e4bd768faab540ee4e0571ae
Bug: 65497745
Test: Manual

core/java/android/content/pm/ApplicationInfo.java

diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java
index 664bcbca..d73f852 100644
--- a/core/java/android/content/pm/ApplicationInfo.java
+++ b/core/java/android/content/pm/ApplicationInfo.java
@@ -586,24 +586,32 @@
      */
     public static final int PRIVATE_FLAG_VIRTUAL_PRELOAD = 1 << 16;
 
+    /**
+     * Value for {@linl #privateFlags}: whether this app is pre-installed on the
+     * OEM partition of the system image.
+     * @hide
+     */
+    public static final int PRIVATE_FLAG_OEM = 1 << 17;
+
     /** @hide */
     @IntDef(flag = true, prefix = { "PRIVATE_FLAG_" }, value = {
-            PRIVATE_FLAG_HIDDEN,
+            PRIVATE_FLAG_ACTIVITIES_RESIZE_MODE_RESIZEABLE,
+            PRIVATE_FLAG_ACTIVITIES_RESIZE_MODE_RESIZEABLE_VIA_SDK_VERSION,
+            PRIVATE_FLAG_ACTIVITIES_RESIZE_MODE_UNRESIZEABLE,
+            PRIVATE_FLAG_BACKUP_IN_FOREGROUND,
             PRIVATE_FLAG_CANT_SAVE_STATE,
-            PRIVATE_FLAG_FORWARD_LOCK,
-            PRIVATE_FLAG_PRIVILEGED,
-            PRIVATE_FLAG_HAS_DOMAIN_URLS,
             PRIVATE_FLAG_DEFAULT_TO_DEVICE_PROTECTED_STORAGE,
             PRIVATE_FLAG_DIRECT_BOOT_AWARE,
+            PRIVATE_FLAG_FORWARD_LOCK,
+            PRIVATE_FLAG_HAS_DOMAIN_URLS,
+            PRIVATE_FLAG_HIDDEN,
             PRIVATE_FLAG_INSTANT,
-            PRIVATE_FLAG_PARTIALLY_DIRECT_BOOT_AWARE,
-            PRIVATE_FLAG_REQUIRED_FOR_SYSTEM_USER,
-            PRIVATE_FLAG_ACTIVITIES_RESIZE_MODE_RESIZEABLE,
-            PRIVATE_FLAG_ACTIVITIES_RESIZE_MODE_UNRESIZEABLE,
-            PRIVATE_FLAG_ACTIVITIES_RESIZE_MODE_RESIZEABLE_VIA_SDK_VERSION,
-            PRIVATE_FLAG_BACKUP_IN_FOREGROUND,
-            PRIVATE_FLAG_STATIC_SHARED_LIBRARY,
             PRIVATE_FLAG_ISOLATED_SPLIT_LOADING,
+            PRIVATE_FLAG_OEM,
+            PRIVATE_FLAG_PARTIALLY_DIRECT_BOOT_AWARE,
+            PRIVATE_FLAG_PRIVILEGED,
+            PRIVATE_FLAG_REQUIRED_FOR_SYSTEM_USER,
+            PRIVATE_FLAG_STATIC_SHARED_LIBRARY,
             PRIVATE_FLAG_VIRTUAL_PRELOAD,
     })
     @Retention(RetentionPolicy.SOURCE)
@@ -1557,6 +1565,13 @@
     /**
      * @hide
      */
+    public boolean isOem() {
+        return (privateFlags & ApplicationInfo.PRIVATE_FLAG_OEM) != 0;
+    }
+
+    /**
+     * @hide
+     */
     @Override protected ApplicationInfo getApplicationInfo() {
         return this;
     }