commit 580636bdd23171f31bfedd773c065e0861dd5c4a
author Andrei Onea <andreionea@google.com> Wed Aug 17 16:53:46 2022 +0000
committer Sam Delmerico <delmerico@google.com> Wed May 03 15:03:34 2023 +0000
tree 58520e17c68eafa3b85e401b1cd557e5ea0b4cea
parent 580f7b0094bd98d3769b6cdeaaab6a9748621253

add privapp_allowlist property to android_app

This change allows override_android_app to use the same
privapp_allowlist as the non-override module so that they will always
remain in sync.

Test: go test ./java -v -run TestPrivappAllowlist
Test: go test ./apex -v -run TestApexWithApps
Test: m com.android.permission com.google.android.permission and verify
  manually that apex_payload.img contains correct privapp_allowlist
Test: m com.android.permission before and after change &&
  `diffoscope apex_payload_reference.img apex_payload_with_change.img`
  && verify that there are no semantic changes
Bug: 242509786
Change-Id: Ifdcb28af40763aed7a4aac9a7f681153554bc256

apex/apex.go

diff --git a/apex/apex.go b/apex/apex.go
index 69547c3..3ca0bed 100644
--- a/apex/apex.go
+++ b/apex/apex.go
@@ -1828,6 +1828,7 @@
 	Certificate() java.Certificate
 	BaseModuleName() string
 	LintDepSets() java.LintDepSets
+	PrivAppAllowlist() android.OptionalPath
 }
 
 var _ androidApp = (*java.AndroidApp)(nil)
@@ -1848,7 +1849,7 @@
 	return buildId
 }
 
-func apexFileForAndroidApp(ctx android.BaseModuleContext, aapp androidApp) apexFile {
+func apexFilesForAndroidApp(ctx android.BaseModuleContext, aapp androidApp) []apexFile {
 	appDir := "app"
 	if aapp.Privileged() {
 		appDir = "priv-app"
@@ -1870,7 +1871,15 @@
 	}); ok {
 		af.overriddenPackageName = app.OverriddenManifestPackageName()
 	}
-	return af
+	apexFiles := []apexFile{af}
+
+	if allowlist := aapp.PrivAppAllowlist(); allowlist.Valid() {
+		dirInApex := filepath.Join("etc", "permissions")
+		privAppAllowlist := newApexFile(ctx, allowlist.Path(), aapp.BaseModuleName()+"privapp", dirInApex, etc, aapp)
+		apexFiles = append(apexFiles, privAppAllowlist)
+	}
+
+	return apexFiles
 }
 
 func apexFileForRuntimeResourceOverlay(ctx android.BaseModuleContext, rro java.RuntimeResourceOverlayModule) apexFile {
@@ -2318,12 +2327,12 @@
 		case androidAppTag:
 			switch ap := child.(type) {
 			case *java.AndroidApp:
-				vctx.filesInfo = append(vctx.filesInfo, apexFileForAndroidApp(ctx, ap))
+				vctx.filesInfo = append(vctx.filesInfo, apexFilesForAndroidApp(ctx, ap)...)
 				return true // track transitive dependencies
 			case *java.AndroidAppImport:
-				vctx.filesInfo = append(vctx.filesInfo, apexFileForAndroidApp(ctx, ap))
+				vctx.filesInfo = append(vctx.filesInfo, apexFilesForAndroidApp(ctx, ap)...)
 			case *java.AndroidTestHelperApp:
-				vctx.filesInfo = append(vctx.filesInfo, apexFileForAndroidApp(ctx, ap))
+				vctx.filesInfo = append(vctx.filesInfo, apexFilesForAndroidApp(ctx, ap)...)
 			case *java.AndroidAppSet:
 				appDir := "app"
 				if ap.Privileged() {