Add facility to limit associations that are allowed between apps. (769b2e75) · Commits · Android-smartphones / realme / realme 5pro / kaderbava / evolution_frameworks_base

Commit 769b2e75 authored Dec 05, 2018 by Dianne Hackborn

Add facility to limit associations that are allowed between apps.

This allows the system to be configured so that certain applications
are only allowed to do top-level interactions with a hard-coded set
of other applications.  This provides static enforcement of certain
security policies like "app A can only interact with the system and
app B, and even if updated can not directly have incoming or outgoing
interactions with other apps."

For example to limit a the package com.google.android.as to only
interact with telephony and contacts (in addition to the core
system):

    <allow-association target="com.google.android.as"
        allowed="com.android.providers.telephony" />
    <allow-association target="com.google.android.as"
        allowed="com.android.providers.contacts" />

Also improve procstats output to be able to print all associations
related to a process.  (I wanted to be able to do this by package,
but we don't have enough data in associations. :p)

Bug: 111276913
Test: Manual so far
Change-Id: I61b7f2d2b5c2c3d82b278e6678b600b579b19fb7

parent a5abb4a7

Expand all Hide whitespace changes

Inline Side-by-side

Please register or to comment