There are cases where an app can ship overlays for itself,
but the "signature" policy as described would open up
a vulnerability by allowing the system actor to create
and sign any arbitrary overlay that will apply to the target.
To prevent this, redefine "signature" as target package only,
and introduce "actor" for checking against the actor signature.
Any app that wishes to use both can include both policies.
Bug: 130563563
Test: m aapt2_tests idmapt2_tests and run from host test output
Test: atest libandroidfw_tests
Change-Id: I1c583a5b37f4abbeb18fc6a35c502377d8977a41
To make it easier to add the actor policy in a follow up CL,
move most of the policy handling to a central location.
The strings and transformation between strings and flags is
now handled in libidmap2policies, with libandroidfw
containing the single source of policy flags.
This also extracts all the test resource IDs into an R.h
so they can be swapped without having to edit a dozen files
each time.
Bug: 130563563
Test: m aapt2_tests idmapt2_tests and run from host test output
Test: atest libandroidfw_tests
Change-Id: Ie533c9cebf938215df7586f00c38763ae467e606
AssetManager2.cpp expects style attribute IDs to be in sorted order when
applying a style (see AssetManager2::GetBag). Shared libraries have a
package ID of 0x00, which will mean any attribute defined in a shared
library will be put before all other attributes. Once the attribute ID
is looked up in the dynamic ref table, the package ID is no longer 0x00,
which means this ID is no longer in sorted order. This messes up the
logic in AssetManager2::GetBag, and results in some style attributes
getting dropped from shared libraries.
This change modifies how aapt2 sorts the style entries, sorting entries
with dynamic IDs after entries with the android framework ID. This means
the entries will still be in sorted order when the IDs are looked up.
Bug: 147674078
Test: TableFlattenerTest.FlattenSharedLibraryWithStyle
Change-Id: Ic4f4004b6d9cecde9325dcdb37f71138857f8236
Removed the --whitelist-path flag, which is poorly named and we can
already specify these resources with --resources-config-path.
Renamed TableFlattenerOptions.whitelisted_resources to keep_resources.
It holds ResourceName instead of std::string. This lets us include type
when specifying what gets exempted, for correctness.
Bug: 111115201
Test: make aapt2_tests
Change-Id: Ifa5df924b5e2265c32cdcf8ca7dfa4a3992a0468
This change adds parsing, encoding, and validating of odm and oem
overlayable policies to aapt2, libandroidfw, and idmap2.
Bug: 121033532
Test: aapt2_tests, idmap2_tests
Change-Id: Ifc0d4b6c9f9c37e06b2988abade69dbb277c50c2
Add encoding/decoding of new policy for overlays. Signature enforces
that an overlay package is signed with the same key as the actor of
the target resource, so that an overlay can be installed by the user
as a normal app but restricted to those built by the author of the
actor (which can be the same as the target).
This also enforces that a valid policy is specified.
This doesn't implement the actors nor the signature check.
Bug: 119402606
Test: ResourceParserTest ParseOverlayablePolicy
Test: ProtoSerializerTest SerializeAndDeserializeOverlayable
Test: aapt2_tests
Change-Id: I8495ad790c2ebd51759bc6eba81149680c209475
Since Q will no longer have a product_services partition, remove instances of
the product_services policy across aapt2, androidfw, and idmap2.
Bug:122745343
Test: aapt2_tests and libandroidfw_tests
Change-Id: I97c223a0bf5a2eab95811e5f738b44af6335e0ea
Encode the actor and name attributes of <overlayable> elements in the
overlayable chunks. Two chunks cannot have the same name.
Bug: 110869880
Bug: 119390855
Test: aapt2_tests and libandroidfw_tests
Change-Id: I0ed95efef640b3927046b6155d1840f0d96030dd
Add parsing of two overlayable attributes:
name : The unnique identifying name of the overlayable set of resources
actor: The component responsible for enabling and disabling overlays
targeting the specified set of resources
Bug: 110869880
Bug: 119390855
Test: m -j aapt2_tests
Change-Id: Id42463e2b92b69034fb39cd29bc8606affb61ba7
This change removes the ability for an overlayable resource to be
defined in multiple policy blocks within the same overlayable. This
change also changes aapt2 to use a bit mask to keep track of the parsed
policies.
Bug: 110869880
Bug: 120298168
Test: aapt2_tests
Change-Id: Ie26cd913f94a16c0b312f222bccfa48f62feceaa
This change defines two new chunks for encoding overlayable information.
RES_TABLE_OVERLAYABLE_POLICY_TYPE contains flags that represent
restrictions enforced on overlays that try to overlay a specific set of
resource ids. The chunk header is followed by ResTable_ref for each id
that belongs to the policy type. A policy chunk will be created for
every unique combination of policies that are defined in overlayable
declarations.
RES_TABLE_OVERLAYABLE_TYPE holds policy blocks. Since <overlayable>
does not currently have any attributes, only one overlayable block is
encoded in an APK.
This change also removes the SPEC_OVERLAYABLE flag because the runtime
does not use the flag, and the overlayable chunk encoding renders it
obsolete.
Bug: 110869880
Bug: 117545186
Test: libandroidfw_tests and aapt2_tests
Change-Id: I45ae9bf4176699f14c85e2b7a2e8560185d8a0b8
<overlayable> tags can now have policy elements that indicate which
partition the overlay apk must reside on in order to be allowed to
overlay a resource. This change only adds parsing of <policy> and
encoding of policy in the proto ResourceTable. A later change will add
the encoding of policy and overlayable in the binary APK.
<overlayable>
<policy type="system|vendor|product|product_services|public" >
<item type="string" name="oof" />
</policy>
</overlayable>
Bug: 110869880
Test: make aapt2_tests
Change-Id: I8d4ed7b0e01f981149c6e3190af1681073b79b03
Many google3 apps using lemon resource filtering had difficulty
converting to aapt2. AAPT2 never set the name of the ResTable_map name
value mapping.
Bug: 78472540
Test: blaze build java/com/google/android/apps/gmail:Gmail_go_release
and checking that all array resources are present
Change-Id: I3d253a4c52c6100085e4c1083f4c36a943f11c76
If a resource XML file defines two compatible Attributes, they should
be merged without throwing an error. Ex:
<declare-styleable>
<attr name="conflict" format="string" />
</declare-styleable>
<declare-styleable>
<attr name="conflict" format="string|reference" />
</declare-styleable>
In this case, string|reference and string are the same, so these should
merge correctly.
Bug: 65699599
Test: make aapt2_tests
Test: make AaptBasicTest
Change-Id: I7b0f956d2332f7f0b458acd59ca0a606b2cfdf95
Resources can be marked as overlayable, which means they can
be overlaid by runtime resource overlays.
This change propagates this state to the final resource table that
is installed on device.
Future work:
- Have the idmap tool respect the overlayable state and ignore
entries that overlay anything else.
Bug: 64980941
Test: make aapt2_tests
Change-Id: Id45b1e141a281be2ee32a4ac3096fcf1114d523b
Test: Built aapt2, ran optimize on gmail apk with sample whitelist
config file, and flags enabled. Added two unit tests to TableFlattener
covering obfuscation logic.
Change-Id: Iad6329d75ff440121bf1a2cdf09c5f4bf4199d9d
This command allows a developer to convert their proto APK
(generated from the link phase using --proto-format) into
a binary APK suitable for use on device.
aapt2 convert -o output.apk input.apk
Test: manual + make aapt2_tests
Change-Id: I10a7c33bb4b57006d01fe00a8bf92f78e04e7e50
