Add facility to limit associations that are allowed between apps.
This allows the system to be configured so that certain applications
are only allowed to do top-level interactions with a hard-coded set
of other applications. This provides static enforcement of certain
security policies like "app A can only interact with the system and
app B, and even if updated can not directly have incoming or outgoing
interactions with other apps."
For example to limit a the package com.google.android.as to only
interact with telephony and contacts (in addition to the core
system):
<allow-association target="com.google.android.as"
allowed="com.android.providers.telephony" />
<allow-association target="com.google.android.as"
allowed="com.android.providers.contacts" />
Also improve procstats output to be able to print all associations
related to a process. (I wanted to be able to do this by package,
but we don't have enough data in associations. :p)
Bug: 111276913
Test: Manual so far
Change-Id: I61b7f2d2b5c2c3d82b278e6678b600b579b19fb7
7 files changed