commit 11e45075221680dcc25e3da1d3c32710e5a98603
author Todd Kennedy <toddke@google.com> Wed Jan 25 13:24:21 2017 -0800
committer Todd Kennedy <toddke@google.com> Mon Jan 30 14:47:30 2017 -0800
tree 2d4a651dd127a2e0dcc67c503ebe08c5cb8ca47f
parent c5d458930ca4f69cf2d976ffd65a8679328de62c

Define targetSandboxVersion

The new attribute allows both ephemeral and non-ephemeral apps to
opt into a new, tighter security model.

Test: Manual; built app w/ targetSandboxVersion and verified the security domain
Change-Id: I8fcaf84e25f0519b438ba51302f79790e680e025

core/java/android/content/pm/ApplicationInfo.java

diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java
index 3d9ba96..ef59444 100644
--- a/core/java/android/content/pm/ApplicationInfo.java
+++ b/core/java/android/content/pm/ApplicationInfo.java
@@ -827,6 +827,12 @@
     public int networkSecurityConfigRes;
 
     /**
+     * Version of the sandbox the application wants to run in.
+     * @hide
+     */
+    public int targetSandboxVersion;
+
+    /**
      * The category of this app. Categories are used to cluster multiple apps
      * together into meaningful groups, such as when summarizing battery,
      * network, or disk usage. Apps should only define this value when they fit
@@ -1007,7 +1013,8 @@
         pw.println(prefix + "enabled=" + enabled
                 + " minSdkVersion=" + minSdkVersion
                 + " targetSdkVersion=" + targetSdkVersion
-                + " versionCode=" + versionCode);
+                + " versionCode=" + versionCode
+                + " targetSandboxVersion=" + targetSandboxVersion);
         if ((flags&DUMP_FLAG_DETAILS) != 0) {
             if (manageSpaceActivityName != null) {
                 pw.println(prefix + "manageSpaceActivityName=" + manageSpaceActivityName);
@@ -1122,6 +1129,7 @@
         fullBackupContent = orig.fullBackupContent;
         networkSecurityConfigRes = orig.networkSecurityConfigRes;
         category = orig.category;
+        targetSandboxVersion = orig.targetSandboxVersion;
     }
 
     public String toString() {
@@ -1182,6 +1190,7 @@
         dest.writeInt(fullBackupContent);
         dest.writeInt(networkSecurityConfigRes);
         dest.writeInt(category);
+        dest.writeInt(targetSandboxVersion);
     }
 
     public static final Parcelable.Creator<ApplicationInfo> CREATOR
@@ -1242,6 +1251,7 @@
         fullBackupContent = source.readInt();
         networkSecurityConfigRes = source.readInt();
         category = source.readInt();
+        targetSandboxVersion = source.readInt();
     }
 
     /**
@@ -1310,6 +1320,7 @@
         } else {
             dataDir = credentialProtectedDataDir;
         }
+        // TODO: modify per-user ephemerality
     }
 
     /**