A lint checker to detect potential package visibility issues
APIs working in the system_server and taking the package name as a
parameter may have chance to reveal package existence status on the
device, and break the package visibility we introduced in Android 11.
Take an example of the API: `boolean setFoo(String packageName)`, a
malicious app may have chance to detect package existence state on the
device from the result of the API, if there is no package visibility
filtering rule or uid identify checks applying to the parameter of the
package name.
To resolve the lint warning, you could apply package visibility
filtering rules to the package name via
PackageManagerInternal.filterAppAccess API, before starting to use the
package name. If the parameter is a calling package name, using the
PackageManager API such as PackageManager.getPackagesForUid to verify
the calling identify.
Bug: 228274845
Test: atest AndroidFrameworkLintCheckerTest --host
Change-Id: I30ef6a184545d4704de8d26c7b1b62abb543c9d1
diff --git a/Android.bp b/Android.bp
index 6892205..7db16f6 100644
--- a/Android.bp
+++ b/Android.bp
@@ -405,6 +405,7 @@
],
lint: {
extra_check_modules: ["AndroidFrameworkLintChecker"],
+ disabled_checks: ["ApiMightLeakAppVisibility"],
},
errorprone: {
javacflags: [