From fad9944e7eea8da58cfca52c1f2aa76c34612bd7 Mon Sep 17 00:00:00 2001
From: Jiyong Park <jiyong@google.com>
Date: Mon, 12 Mar 2018 10:39:07 +0900
Subject: [PATCH] Limit the systemconfig tags allowed to vendors

Vendors are allowed to customize these systemconfig tags only.

<library>
<feature>
<privapp-permissions>

This is because the systemconfig tags are essentially the part of system
<-> vendor interface and thus need to be stable (or evolve in a backward
compatible manner) across several Android releases and we would like to
keep the interface as small as as possible.

However, since vendors were allowed to use more tags (like <permission>,
<app-link>, <default-enabled-vr-app>) in Oreo and Oreo-MR1, this
limitation is applied only for newly launching devices whose first API
level is equal to or greater than P.

Bug: 70821981
Test: wahoo is bootable (launched with Oreo)
Test: crosshatch is bootable (launched with P)
Test: adb logcat -s SystemConfig does not show that a tag is not
supported

Change-Id: I371b93a80f3d9728ea6d35022081776a8658d9f3
---
 core/java/com/android/server/SystemConfig.java | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/core/java/com/android/server/SystemConfig.java b/core/java/com/android/server/SystemConfig.java
index 8b1de2fb886e1..a652a9a4dc93c 100644
--- a/core/java/com/android/server/SystemConfig.java
+++ b/core/java/com/android/server/SystemConfig.java
@@ -22,6 +22,7 @@ import android.app.ActivityManager;
 import android.content.ComponentName;
 import android.content.pm.FeatureInfo;
 import android.content.pm.PackageManager;
+import android.os.Build;
 import android.os.Environment;
 import android.os.Process;
 import android.os.storage.StorageManager;
@@ -276,9 +277,12 @@ public class SystemConfig {
         readPermissions(Environment.buildPath(
                 Environment.getRootDirectory(), "etc", "permissions"), ALLOW_ALL);
 
-        // Allow Vendor to customize system configs around libs, features, permissions and apps
-        int vendorPermissionFlag = ALLOW_LIBS | ALLOW_FEATURES | ALLOW_PERMISSIONS |
-                ALLOW_APP_CONFIGS | ALLOW_PRIVAPP_PERMISSIONS;
+        // Vendors are only allowed to customze libs, features and privapp permissions
+        int vendorPermissionFlag = ALLOW_LIBS | ALLOW_FEATURES | ALLOW_PRIVAPP_PERMISSIONS;
+        if (Build.VERSION.FIRST_SDK_INT <= Build.VERSION_CODES.O_MR1) {
+            // For backward compatibility
+            vendorPermissionFlag |= (ALLOW_PERMISSIONS | ALLOW_APP_CONFIGS);
+        }
         readPermissions(Environment.buildPath(
                 Environment.getVendorDirectory(), "etc", "sysconfig"), vendorPermissionFlag);
         readPermissions(Environment.buildPath(
@@ -656,6 +660,8 @@ public class SystemConfig {
                     }
                     XmlUtils.skipCurrentTag(parser);
                 } else {
+                    Slog.w(TAG, "Tag " + name + " is unknown or not allowed in "
+                            + permFile.getParent());
                     XmlUtils.skipCurrentTag(parser);
                     continue;
                 }