Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Limit the systemconfig tags allowed to vendors" into pi-dev

Browse Source
This commit is contained in:
TreeHugger Robot
2018-03-13 04:08:33 +00:00
committed by Android (Google) Code Review
parent 3690effd2d fad9944e7e
commit 75029d0dbc
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
core/java/com/android/server/SystemConfig.java
View File

@@ -22,6 +22,7 @@ import android.app.ActivityManager;
import android.content.ComponentName;
import android.content.pm.FeatureInfo;
import android.content.pm.PackageManager;
import android.os.Build;
import android.os.Environment;
import android.os.Process;
import android.os.storage.StorageManager;
@@ -276,9 +277,12 @@ public class SystemConfig {
readPermissions(Environment.buildPath(
Environment.getRootDirectory(), "etc", "permissions"), ALLOW_ALL);
// Allow Vendor to customize system configs around libs, features, permissions and apps
int vendorPermissionFlag = ALLOW_LIBS | ALLOW_FEATURES | ALLOW_PERMISSIONS |
ALLOW_APP_CONFIGS | ALLOW_PRIVAPP_PERMISSIONS;
// Vendors are only allowed to customze libs, features and privapp permissions
int vendorPermissionFlag = ALLOW_LIBS | ALLOW_FEATURES | ALLOW_PRIVAPP_PERMISSIONS;
if (Build.VERSION.FIRST_SDK_INT <= Build.VERSION_CODES.O_MR1) {
// For backward compatibility
vendorPermissionFlag |= (ALLOW_PERMISSIONS | ALLOW_APP_CONFIGS);
}
readPermissions(Environment.buildPath(
Environment.getVendorDirectory(), "etc", "sysconfig"), vendorPermissionFlag);
readPermissions(Environment.buildPath(
@@ -659,6 +663,8 @@ public class SystemConfig {
}
XmlUtils.skipCurrentTag(parser);
} else {
Slog.w(TAG, "Tag " + name + " is unknown or not allowed in "
+ permFile.getParent());
XmlUtils.skipCurrentTag(parser);
continue;
}