add privapp_allowlist property to android_app
This change allows override_android_app to use the same
privapp_allowlist as the non-override module so that they will always
remain in sync.
Test: go test ./java -v -run TestPrivappAllowlist
Test: go test ./apex -v -run TestApexWithApps
Test: m com.android.permission com.google.android.permission and verify
manually that apex_payload.img contains correct privapp_allowlist
Test: m com.android.permission before and after change &&
`diffoscope apex_payload_reference.img apex_payload_with_change.img`
&& verify that there are no semantic changes
Bug: 242509786
Change-Id: Ifdcb28af40763aed7a4aac9a7f681153554bc256
diff --git a/apex/apex.go b/apex/apex.go
index 69547c3..3ca0bed 100644
--- a/apex/apex.go
+++ b/apex/apex.go
@@ -1828,6 +1828,7 @@
Certificate() java.Certificate
BaseModuleName() string
LintDepSets() java.LintDepSets
+ PrivAppAllowlist() android.OptionalPath
}
var _ androidApp = (*java.AndroidApp)(nil)
@@ -1848,7 +1849,7 @@
return buildId
}
-func apexFileForAndroidApp(ctx android.BaseModuleContext, aapp androidApp) apexFile {
+func apexFilesForAndroidApp(ctx android.BaseModuleContext, aapp androidApp) []apexFile {
appDir := "app"
if aapp.Privileged() {
appDir = "priv-app"
@@ -1870,7 +1871,15 @@
}); ok {
af.overriddenPackageName = app.OverriddenManifestPackageName()
}
- return af
+ apexFiles := []apexFile{af}
+
+ if allowlist := aapp.PrivAppAllowlist(); allowlist.Valid() {
+ dirInApex := filepath.Join("etc", "permissions")
+ privAppAllowlist := newApexFile(ctx, allowlist.Path(), aapp.BaseModuleName()+"privapp", dirInApex, etc, aapp)
+ apexFiles = append(apexFiles, privAppAllowlist)
+ }
+
+ return apexFiles
}
func apexFileForRuntimeResourceOverlay(ctx android.BaseModuleContext, rro java.RuntimeResourceOverlayModule) apexFile {
@@ -2318,12 +2327,12 @@
case androidAppTag:
switch ap := child.(type) {
case *java.AndroidApp:
- vctx.filesInfo = append(vctx.filesInfo, apexFileForAndroidApp(ctx, ap))
+ vctx.filesInfo = append(vctx.filesInfo, apexFilesForAndroidApp(ctx, ap)...)
return true // track transitive dependencies
case *java.AndroidAppImport:
- vctx.filesInfo = append(vctx.filesInfo, apexFileForAndroidApp(ctx, ap))
+ vctx.filesInfo = append(vctx.filesInfo, apexFilesForAndroidApp(ctx, ap)...)
case *java.AndroidTestHelperApp:
- vctx.filesInfo = append(vctx.filesInfo, apexFileForAndroidApp(ctx, ap))
+ vctx.filesInfo = append(vctx.filesInfo, apexFilesForAndroidApp(ctx, ap)...)
case *java.AndroidAppSet:
appDir := "app"
if ap.Privileged() {
diff --git a/apex/apex_test.go b/apex/apex_test.go
index 3ba4d8d..4a4ee44 100644
--- a/apex/apex_test.go
+++ b/apex/apex_test.go
@@ -6045,6 +6045,8 @@
sdk_version: "current",
system_modules: "none",
privileged: true,
+ privapp_allowlist: "perms.xml",
+ package_name: "com.android.AppFooPriv",
stl: "none",
apex_available: [ "myapex" ],
}
@@ -6074,6 +6076,7 @@
ensureContains(t, copyCmds, "image.apex/app/AppFoo@TEST.BUILD_ID/AppFoo.apk")
ensureContains(t, copyCmds, "image.apex/priv-app/AppFooPriv@TEST.BUILD_ID/AppFooPriv.apk")
+ ensureContains(t, copyCmds, "image.apex/etc/permissions/privapp_allowlist_com.android.AppFooPriv.xml")
appZipRule := ctx.ModuleForTests("AppFoo", "android_common_apex10000").Description("zip jni libs")
// JNI libraries are uncompressed