Define targetSandboxVersion
The new attribute allows both ephemeral and non-ephemeral apps to
opt into a new, tighter security model.
Test: Manual; built app w/ targetSandboxVersion and verified the security domain
Change-Id: I8fcaf84e25f0519b438ba51302f79790e680e025
diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java
index 3d9ba96..ef59444 100644
--- a/core/java/android/content/pm/ApplicationInfo.java
+++ b/core/java/android/content/pm/ApplicationInfo.java
@@ -827,6 +827,12 @@
public int networkSecurityConfigRes;
/**
+ * Version of the sandbox the application wants to run in.
+ * @hide
+ */
+ public int targetSandboxVersion;
+
+ /**
* The category of this app. Categories are used to cluster multiple apps
* together into meaningful groups, such as when summarizing battery,
* network, or disk usage. Apps should only define this value when they fit
@@ -1007,7 +1013,8 @@
pw.println(prefix + "enabled=" + enabled
+ " minSdkVersion=" + minSdkVersion
+ " targetSdkVersion=" + targetSdkVersion
- + " versionCode=" + versionCode);
+ + " versionCode=" + versionCode
+ + " targetSandboxVersion=" + targetSandboxVersion);
if ((flags&DUMP_FLAG_DETAILS) != 0) {
if (manageSpaceActivityName != null) {
pw.println(prefix + "manageSpaceActivityName=" + manageSpaceActivityName);
@@ -1122,6 +1129,7 @@
fullBackupContent = orig.fullBackupContent;
networkSecurityConfigRes = orig.networkSecurityConfigRes;
category = orig.category;
+ targetSandboxVersion = orig.targetSandboxVersion;
}
public String toString() {
@@ -1182,6 +1190,7 @@
dest.writeInt(fullBackupContent);
dest.writeInt(networkSecurityConfigRes);
dest.writeInt(category);
+ dest.writeInt(targetSandboxVersion);
}
public static final Parcelable.Creator<ApplicationInfo> CREATOR
@@ -1242,6 +1251,7 @@
fullBackupContent = source.readInt();
networkSecurityConfigRes = source.readInt();
category = source.readInt();
+ targetSandboxVersion = source.readInt();
}
/**
@@ -1310,6 +1320,7 @@
} else {
dataDir = credentialProtectedDataDir;
}
+ // TODO: modify per-user ephemerality
}
/**