If for some reason there are a lot of fabricated overlays in the
resources cache, the binder limit of the list of fabricated overlay
infos could exceed the maximum binder transaction size. Rather than
return all of the frro infos in one transactions, register an iterator
with the native idmap2d service and use multiple binder transactions
to iterate through all of the frros.
Bug: 192948522
Test: Toggle device theme colors several times and observe frro cache
Reboot device and observe old frros are deleted
Change-Id: I5e9cf3ae9d1d45eda683c24141a0cd4e4301e02f
Teach the overlay manager to ask the idmap service to pretty print the
contents of each idmap file as part of OMS dump. This creates a single
entry point for dumping both OMS and idmap data, and circumvents the
problem of accessing the idmap service if it has been killed due to
inactivity.
Example idmap section:
---- 8< ----
IDMAP OF com.android.theme.color.sand
Paths:
target path : /system/framework/framework-res.apk
overlay path : /product/overlay/AccentColorSand/AccentColorSandOverlay.apk
Debug info:
W failed to find resource 'string/accent_color_overlay'
Mapping:
0x0106006e -> 0x7f010000 (color/accent_device_default_dark -> color/accent_device_default_dark)
0x01060070 -> 0x7f010001 (color/accent_device_default_light -> color/accent_device_default_light)
---- >8 ----
Bug: 189963636
Test: adb exec-out dumpsys
Test: adb exec-out cmd overlay dump
Test: adb exec-out cmd overlay dump <overlay-identifier>
Change-Id: I9de6ba646ad4714c9d0f0d8081fbf632577107e7
Adds registering and unregistering of FabricatedOverlay to the OMS.
The process that creates the fabricated overlays owns it and is the
only process allowed to unregister it.
When a fabricated overlay is registered, overlay settings for it are
initialized in all users. When a fabricated overlay is unregistered,
it is disabled and removed from all users. When a new user is created,
it will be able to use the fabricated overlay as well.
On boot, fabricated overlays that are not referenced in overlay
settings will be deleted.
When the package that created the fabricated overlay is uninstalled,
its fabricated overlays are also unregistered.
Bug: 172471315
Test: atest OverlayDeviceTests
Change-Id: I0539656f4c919246b13129579b0286c08a398dc2
Alongside SIGNATURE and ACTOR_SIGNATURE policies, add CONFIG_SIGNATURE
policy to overlayable that overlay fulfills if it is signed with the
same certificate as the reference package whose package name is
declared in 'config-signature' tag of SystemConfig and is vetted by
OMS that it's a system pre-installed package.
BUG: 158726924
TEST: regular aapt2, idmap2, OMS tests
Merged-In: I645ee72271496008742886274be0d63a2985201b
Change-Id: I645ee72271496008742886274be0d63a2985201b
Alongside SIGNATURE and ACTOR_SIGNATURE policies, add CONFIG_SIGNATURE
policy to overlayable that overlay fulfills if it is signed with the
same certificate as the reference package whose package name is
declared in 'config-signature' tag of SystemConfig and is vetted by
OMS that it's a system pre-installed package.
BUG: 158726924
TEST: regular aapt2, idmap2, OMS tests
Change-Id: I645ee72271496008742886274be0d63a2985201b
Updating new version package with changing resource id,
Overlay idmap still retain same resource id and target path of prebuilt package.
Consequentially overlay can not apply to new update resource id.
As is : VerifyIdmap only verify uptodate of idmap.
To be : Verify change of target path.
Bug: 147794117
Bug: 150877400
Test: idmap2_tests
Change-Id: I2ed6b5ba49aeb1b24625866daefea56c9766baef
There are cases where an app can ship overlays for itself,
but the "signature" policy as described would open up
a vulnerability by allowing the system actor to create
and sign any arbitrary overlay that will apply to the target.
To prevent this, redefine "signature" as target package only,
and introduce "actor" for checking against the actor signature.
Any app that wishes to use both can include both policies.
Bug: 130563563
Test: m aapt2_tests idmapt2_tests and run from host test output
Test: atest libandroidfw_tests
Change-Id: I1c583a5b37f4abbeb18fc6a35c502377d8977a41
To make it easier to add the actor policy in a follow up CL,
move most of the policy handling to a central location.
The strings and transformation between strings and flags is
now handled in libidmap2policies, with libandroidfw
containing the single source of policy flags.
This also extracts all the test resource IDs into an R.h
so they can be swapped without having to edit a dozen files
each time.
Bug: 130563563
Test: m aapt2_tests idmapt2_tests and run from host test output
Test: atest libandroidfw_tests
Change-Id: Ie533c9cebf938215df7586f00c38763ae467e606
This change adds parsing, encoding, and validating of odm and oem
overlayable policies to aapt2, libandroidfw, and idmap2.
Bug: 121033532
Test: aapt2_tests, idmap2_tests
Change-Id: Ifc0d4b6c9f9c37e06b2988abade69dbb277c50c2
Handles the new signature policy for overlayable resources.
Bug: 119402606
Test: idmap2_tests target
Change-Id: I7961e04a879c40c240ed9097bb510addb8b56680
Teaches idmap2 to recognize policy restrictions put on overlayable
resources. If overlayable enforcement is turned on for an overlay, then
any resources defined within the overlayable api of the target will have
policy restrictions imposed on them. All resources without overlayable
definitions will continue to be overlayable without policy restrictions.
Bug: 119390857
Test: atest idmap2 and booting
Co-authored-by: Ryan Mitchell <rtmitchell@google.com>
Change-Id: I7e435648eb6e4a87b0b90a7b2a0c3f33c1516ea6
For clarity, split IIdmap2::createIdmap into two separate functions:
- IIdmap2::verifyIdmap [check if an existing idmap file is OK to use]
- IIdmap2::createIdmap [unconditionally (re)create an idmap file]
Teach the IdmapManager to call verifyIdmap and to proceed with
createIdmap only if actually needed.
Test: atest OverlayDeviceTests OverlayHostTests
Change-Id: I9f6f1192011fcb094adffeca1eb3f709520bbd24
idmap2 is a reboot of the idmap project. The project aims to
- use modern C++
- greatly improve test and debug support
- interface towards AssetManager2 (instead of AssetManager)
- provide a solid foundation to add support for new features
To make it easier to verify correctness, this first version of idmap2 is
feature equivalent to idmap. Later versions will add support for new
features such as <overlayable>.
Bug: 78815803
Test: make idmap2_tests
Change-Id: I1d806dc875a493e730ab55d2fdb027618e586d16
