Add android:usesNonSdkApi manifest attribute

ActivityManagerService decides on the non-SDK API enforcement policy of every newly spawned process. System apps can be exempted by adding their package name to a config XML file, tests can pass a flag to 'am instrument'. This patch adds a new @hide attribute on the <application> manifest tag, "android:usesNonSdkApi", which can be used by both system apps and tests, and is automatically set by the build system. The use of the attribute remains guarded as follows: - if invoked via 'am instrument', must hold shell user permission, - if app launched, must be a system app or an updated system app. The attribute is ignored in all other cases. Bug: 113315999 Test: N/A Merged-In: I2f6cb56f63fa2c5dd6c7c25fcefe8205da1ec96a Change-Id: I2f6cb56f63fa2c5dd6c7c25fcefe8205da1ec96a (cherry picked from commit 787b6f22a6)
2018-08-28 12:55:56 +01:00
parent 6717a6f930
commit ca6f81d395
5 changed files with 29 additions and 4 deletions
--- a/core/java/android/content/pm/ApplicationInfo.java
+++ b/core/java/android/content/pm/ApplicationInfo.java
@@ -1000,6 +1000,13 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable {
     */
    public String appComponentFactory;

+    /**
+     * Indicates whether this package requires access to non-SDK APIs. Only system apps
+     * and tests are allowed to use this property.
+     * @hide
+     */
+    public boolean usesNonSdkApi;
+
    /**
     * The category of this app. Categories are used to cluster multiple apps
     * together into meaningful groups, such as when summarizing battery,
@@ -1698,8 +1705,13 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable {
    }

    private boolean isAllowedToUseHiddenApis() {
-        return isSignedWithPlatformKey()
-            || (isPackageWhitelistedForHiddenApis() && (isSystemApp() || isUpdatedSystemApp()));
+        if (isSignedWithPlatformKey()) {
+            return true;
+        } else if (isSystemApp() || isUpdatedSystemApp()) {
+            return usesNonSdkApi || isPackageWhitelistedForHiddenApis();
+        } else {
+            return false;
+        }
    }

    /**
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -3580,6 +3580,9 @@ public class PackageParser {
            ai.appComponentFactory = buildClassName(ai.packageName, factory, outError);
        }

+        ai.usesNonSdkApi = sa.getBoolean(
+                com.android.internal.R.styleable.AndroidManifestApplication_usesNonSdkApi, false);
+
        if (outError[0] == null) {
            CharSequence pname;
            if (owner.applicationInfo.targetSdkVersion >= Build.VERSION_CODES.FROYO) {
--- a/core/res/res/values/attrs_manifest.xml
+++ b/core/res/res/values/attrs_manifest.xml
@@ -1385,6 +1385,8 @@
         instantiates items without it.-->
    <attr name="appComponentFactory" format="string" />

+    <attr name="usesNonSdkApi" format="boolean" />
+
    <!-- The <code>manifest</code> tag is the root of an
         <code>AndroidManifest.xml</code> file,
         describing the contents of an Android package (.apk) file.  One
@@ -1558,6 +1560,9 @@

        <attr name="appComponentFactory" />

+        <!-- Declares that this application should be invoked without non-SDK API enforcement -->
+        <attr name="usesNonSdkApi" />
+
    </declare-styleable>
    <!-- The <code>permission</code> tag declares a security permission that can be
         used to control access from other packages to specific components or
--- a/core/res/res/values/public.xml
+++ b/core/res/res/values/public.xml
@@ -2905,6 +2905,11 @@
    <public-group type="attr" first-id="0x01010587">
    </public-group>

+    <public-group type="attr" first-id="0x0101058d">
+        <!-- @hide For use by platform and tools only. Developers should not specify this value. -->
+        <public name="usesNonSdkApi" />
+    </public-group>
+
    <public-group type="style" first-id="0x010302e2">
    </public-group>

--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -21996,8 +21996,8 @@ public class ActivityManagerService extends IActivityManager.Stub
            activeInstr.mUiAutomationConnection = uiAutomationConnection;
            activeInstr.mResultClass = className;

-            boolean disableHiddenApiChecks =
-                    (flags & INSTRUMENTATION_FLAG_DISABLE_HIDDEN_API_CHECKS) != 0;
+            boolean disableHiddenApiChecks = ai.usesNonSdkApi
+                    || (flags & INSTRUMENTATION_FLAG_DISABLE_HIDDEN_API_CHECKS) != 0;
            if (disableHiddenApiChecks) {
                enforceCallingPermission(android.Manifest.permission.DISABLE_HIDDEN_API_CHECKS,
                        "disable hidden API checks");