Add support for module specified DeviceConfig namespace allowlists
Android 16 restricts the DeviceConfig namespaces / flags that can
be written by the shell user to those that have been allowlisted.
However, mainline modules can introduce new namespaces that are
intended to be modified by end users through adb shell; since
the platform may not be aware of these new namespaces, and the
allowlisted namespaces in the ConfigInfrastructure may not update
at the same time as the declaring APEX, the user will not be able
to modify the flags under the new namespaces. This commit adds
support to query for the etc/writable_namespaces file under the
APEX directory; any entries in this file will be added to the
DeviceConfig namespace allowlist.
Bug: 364083026
Flag: android.security.protect_device_config_flags
Test: atest DeviceConfigApiTests
Test: Manually installed APEX with writable_namespaces file and
verified namespaces in this file could be modified by adb
Change-Id: I62a0c2a080c7860ee3dcf0885d20ffca05f5959e
3 files changed