Allow library spec and app configs to be read from odm partition
Currently only feature specs are allowed to be read from /oem/etc/permissions.
ODM may want to add their own library specs and app configs (ie, "app-link",
"system-user-whitelisted-app" and "system-user-blacklisted-app") but they can
only add them to /system/etc/permissions and thus polluted the system.img.
With the fine-grained permission flag introduced in this change, we also tighten
the permission for OEMs so they can only customize the feature specs.
Bug: 25759900
Change-Id: I44ef1380b160c2b6a53f2af6de0c5f5eae27a859
diff --git a/core/java/android/os/Environment.java b/core/java/android/os/Environment.java
index a01d34a..2ca9ab8a 100644
--- a/core/java/android/os/Environment.java
+++ b/core/java/android/os/Environment.java
@@ -37,6 +37,7 @@
private static final String ENV_ANDROID_STORAGE = "ANDROID_STORAGE";
private static final String ENV_DOWNLOAD_CACHE = "DOWNLOAD_CACHE";
private static final String ENV_OEM_ROOT = "OEM_ROOT";
+ private static final String ENV_ODM_ROOT = "ODM_ROOT";
private static final String ENV_VENDOR_ROOT = "VENDOR_ROOT";
/** {@hide} */
@@ -56,6 +57,7 @@
private static final File DIR_ANDROID_STORAGE = getDirectory(ENV_ANDROID_STORAGE, "/storage");
private static final File DIR_DOWNLOAD_CACHE = getDirectory(ENV_DOWNLOAD_CACHE, "/cache");
private static final File DIR_OEM_ROOT = getDirectory(ENV_OEM_ROOT, "/oem");
+ private static final File DIR_ODM_ROOT = getDirectory(ENV_ODM_ROOT, "/odm");
private static final File DIR_VENDOR_ROOT = getDirectory(ENV_VENDOR_ROOT, "/vendor");
private static UserEnvironment sCurrentUser;
@@ -156,6 +158,16 @@
}
/**
+ * Return root directory of the "odm" partition holding ODM customizations,
+ * if any. If present, the partition is mounted read-only.
+ *
+ * @hide
+ */
+ public static File getOdmDirectory() {
+ return DIR_ODM_ROOT;
+ }
+
+ /**
* Return root directory of the "vendor" partition that holds vendor-provided
* software that should persist across simple reflashing of the "system" partition.
* @hide
diff --git a/services/core/java/com/android/server/SystemConfig.java b/services/core/java/com/android/server/SystemConfig.java
index 86183af..4dc46ac 100644
--- a/services/core/java/com/android/server/SystemConfig.java
+++ b/services/core/java/com/android/server/SystemConfig.java
@@ -48,6 +48,13 @@
static SystemConfig sInstance;
+ // permission flag, determines which types of configuration are allowed to be read
+ private static final int ALLOW_FEATURES = 0x01;
+ private static final int ALLOW_LIBS = 0x02;
+ private static final int ALLOW_PERMISSIONS = 0x04;
+ private static final int ALLOW_APP_CONFIGS = 0x08;
+ private static final int ALLOW_ALL = ~0;
+
// Group-ids that are given to all packages as read from etc/permissions/*.xml.
int[] mGlobalGids;
@@ -161,21 +168,27 @@
SystemConfig() {
// Read configuration from system
readPermissions(Environment.buildPath(
- Environment.getRootDirectory(), "etc", "sysconfig"), false);
+ Environment.getRootDirectory(), "etc", "sysconfig"), ALLOW_ALL);
// Read configuration from the old permissions dir
readPermissions(Environment.buildPath(
- Environment.getRootDirectory(), "etc", "permissions"), false);
- // Only read features from OEM config
+ Environment.getRootDirectory(), "etc", "permissions"), ALLOW_ALL);
+ // Allow ODM to customize system configs around libs, features and apps
+ int odmPermissionFlag = ALLOW_LIBS | ALLOW_FEATURES | ALLOW_APP_CONFIGS;
readPermissions(Environment.buildPath(
- Environment.getOemDirectory(), "etc", "sysconfig"), true);
+ Environment.getOdmDirectory(), "etc", "sysconfig"), odmPermissionFlag);
readPermissions(Environment.buildPath(
- Environment.getOemDirectory(), "etc", "permissions"), true);
+ Environment.getOdmDirectory(), "etc", "permissions"), odmPermissionFlag);
+ // Only allow OEM to customize features
+ readPermissions(Environment.buildPath(
+ Environment.getOemDirectory(), "etc", "sysconfig"), ALLOW_FEATURES);
+ readPermissions(Environment.buildPath(
+ Environment.getOemDirectory(), "etc", "permissions"), ALLOW_FEATURES);
}
- void readPermissions(File libraryDir, boolean onlyFeatures) {
+ void readPermissions(File libraryDir, int permissionFlag) {
// Read permissions from given directory.
if (!libraryDir.exists() || !libraryDir.isDirectory()) {
- if (!onlyFeatures) {
+ if (permissionFlag == ALLOW_ALL) {
Slog.w(TAG, "No directory " + libraryDir + ", skipping");
}
return;
@@ -203,16 +216,16 @@
continue;
}
- readPermissionsFromXml(f, onlyFeatures);
+ readPermissionsFromXml(f, permissionFlag);
}
// Read platform permissions last so it will take precedence
if (platformFile != null) {
- readPermissionsFromXml(platformFile, onlyFeatures);
+ readPermissionsFromXml(platformFile, permissionFlag);
}
}
- private void readPermissionsFromXml(File permFile, boolean onlyFeatures) {
+ private void readPermissionsFromXml(File permFile, int permissionFlag) {
FileReader permReader = null;
try {
permReader = new FileReader(permFile);
@@ -242,6 +255,11 @@
+ ": found " + parser.getName() + ", expected 'permissions' or 'config'");
}
+ boolean allowAll = permissionFlag == ALLOW_ALL;
+ boolean allowLibs = (permissionFlag & ALLOW_LIBS) != 0;
+ boolean allowFeatures = (permissionFlag & ALLOW_FEATURES) != 0;
+ boolean allowPermissions = (permissionFlag & ALLOW_PERMISSIONS) != 0;
+ boolean allowAppConfigs = (permissionFlag & ALLOW_APP_CONFIGS) != 0;
while (true) {
XmlUtils.nextElement(parser);
if (parser.getEventType() == XmlPullParser.END_DOCUMENT) {
@@ -249,7 +267,7 @@
}
String name = parser.getName();
- if ("group".equals(name) && !onlyFeatures) {
+ if ("group".equals(name) && allowAll) {
String gidStr = parser.getAttributeValue(null, "gid");
if (gidStr != null) {
int gid = android.os.Process.getGidForName(gidStr);
@@ -261,7 +279,7 @@
XmlUtils.skipCurrentTag(parser);
continue;
- } else if ("permission".equals(name) && !onlyFeatures) {
+ } else if ("permission".equals(name) && allowPermissions) {
String perm = parser.getAttributeValue(null, "name");
if (perm == null) {
Slog.w(TAG, "<permission> without name in " + permFile + " at "
@@ -272,7 +290,7 @@
perm = perm.intern();
readPermission(parser, perm);
- } else if ("assign-permission".equals(name) && !onlyFeatures) {
+ } else if ("assign-permission".equals(name) && allowPermissions) {
String perm = parser.getAttributeValue(null, "name");
if (perm == null) {
Slog.w(TAG, "<assign-permission> without name in " + permFile + " at "
@@ -304,7 +322,7 @@
perms.add(perm);
XmlUtils.skipCurrentTag(parser);
- } else if ("library".equals(name) && !onlyFeatures) {
+ } else if ("library".equals(name) && allowLibs) {
String lname = parser.getAttributeValue(null, "name");
String lfile = parser.getAttributeValue(null, "file");
if (lname == null) {
@@ -320,7 +338,7 @@
XmlUtils.skipCurrentTag(parser);
continue;
- } else if ("feature".equals(name)) {
+ } else if ("feature".equals(name) && allowFeatures) {
String fname = parser.getAttributeValue(null, "name");
boolean allowed;
if (!lowRam) {
@@ -341,7 +359,7 @@
XmlUtils.skipCurrentTag(parser);
continue;
- } else if ("unavailable-feature".equals(name)) {
+ } else if ("unavailable-feature".equals(name) && allowFeatures) {
String fname = parser.getAttributeValue(null, "name");
if (fname == null) {
Slog.w(TAG, "<unavailable-feature> without name in " + permFile + " at "
@@ -352,7 +370,7 @@
XmlUtils.skipCurrentTag(parser);
continue;
- } else if ("allow-in-power-save-except-idle".equals(name) && !onlyFeatures) {
+ } else if ("allow-in-power-save-except-idle".equals(name) && allowAll) {
String pkgname = parser.getAttributeValue(null, "package");
if (pkgname == null) {
Slog.w(TAG, "<allow-in-power-save-except-idle> without package in "
@@ -363,7 +381,7 @@
XmlUtils.skipCurrentTag(parser);
continue;
- } else if ("allow-in-power-save".equals(name) && !onlyFeatures) {
+ } else if ("allow-in-power-save".equals(name) && allowAll) {
String pkgname = parser.getAttributeValue(null, "package");
if (pkgname == null) {
Slog.w(TAG, "<allow-in-power-save> without package in " + permFile + " at "
@@ -374,7 +392,7 @@
XmlUtils.skipCurrentTag(parser);
continue;
- } else if ("fixed-ime-app".equals(name) && !onlyFeatures) {
+ } else if ("fixed-ime-app".equals(name) && allowAll) {
String pkgname = parser.getAttributeValue(null, "package");
if (pkgname == null) {
Slog.w(TAG, "<fixed-ime-app> without package in " + permFile + " at "
@@ -385,7 +403,7 @@
XmlUtils.skipCurrentTag(parser);
continue;
- } else if ("app-link".equals(name)) {
+ } else if ("app-link".equals(name) && allowAppConfigs) {
String pkgname = parser.getAttributeValue(null, "package");
if (pkgname == null) {
Slog.w(TAG, "<app-link> without package in " + permFile + " at "
@@ -394,7 +412,7 @@
mLinkedApps.add(pkgname);
}
XmlUtils.skipCurrentTag(parser);
- } else if ("system-user-whitelisted-app".equals(name)) {
+ } else if ("system-user-whitelisted-app".equals(name) && allowAppConfigs) {
String pkgname = parser.getAttributeValue(null, "package");
if (pkgname == null) {
Slog.w(TAG, "<system-user-whitelisted-app> without package in " + permFile
@@ -403,7 +421,7 @@
mSystemUserWhitelistedApps.add(pkgname);
}
XmlUtils.skipCurrentTag(parser);
- } else if ("system-user-blacklisted-app".equals(name)) {
+ } else if ("system-user-blacklisted-app".equals(name) && allowAppConfigs) {
String pkgname = parser.getAttributeValue(null, "package");
if (pkgname == null) {
Slog.w(TAG, "<system-user-blacklisted-app without package in " + permFile