Persist implicit overlay configurator actor policy
This change does three things:
1) If an overlay targets a package that does not declare an overlayable
and the overlay fulfills the actor policy, the overlay can override
any resource in the target,
2) The actor policy is now implicitly granted to overlays signed with
the same signature as the configurator that target white-listed
target packages regardless of whether or not the target defines an
overlayable.
3) If an overlay was previously granted the actor policy through the
mechanism specified in (2), the overlay will continue to fulfill
the actor policy even if the configurator is removed, changes
signature, changes to a different package, or the list of
configurator targets changes. If the overlay target package or
target overlayable name changes, the persisted setting will be
reset.
Bug: 157244814
Bug: 157266239
Test: atest OverlayManagerServiceImplTests
Test: idmap2_tests
Change-Id: Iff3937849ad898b1b2d74c2c632a4cdf7690fe10
diff --git a/cmds/idmap2/tests/ResourceMappingTests.cpp b/cmds/idmap2/tests/ResourceMappingTests.cpp
index de039f4..5754eaf 100644
--- a/cmds/idmap2/tests/ResourceMappingTests.cpp
+++ b/cmds/idmap2/tests/ResourceMappingTests.cpp
@@ -287,66 +287,26 @@
R::overlay::string::str4, false /* rewrite */));
}
-// Overlays that are neither pre-installed nor signed with the same signature as the target cannot
+
+// Overlays that are pre-installed or are signed with the same signature as the target/actor can
// overlay packages that have not defined overlayable resources.
-TEST(ResourceMappingTests, ResourcesFromApkAssetsDefaultPoliciesPublicFail) {
- auto resources = TestGetResourceMapping("/target/target-no-overlayable.apk",
- "/overlay/overlay-no-name.apk", PolicyFlags::PUBLIC,
- /* enforce_overlayable */ true);
-
- ASSERT_TRUE(resources) << resources.GetErrorMessage();
- ASSERT_EQ(resources->GetTargetToOverlayMap().size(), 0U);
-}
-
-// Overlays that are pre-installed or are signed with the same signature as the target can overlay
-// packages that have not defined overlayable resources.
TEST(ResourceMappingTests, ResourcesFromApkAssetsDefaultPolicies) {
- auto CheckEntries = [&](const PolicyBitmask& fulfilled_policies) -> void {
+ constexpr PolicyBitmask kDefaultPolicies =
+ PolicyFlags::SIGNATURE | PolicyFlags::ACTOR_SIGNATURE | PolicyFlags::PRODUCT_PARTITION |
+ PolicyFlags::SYSTEM_PARTITION | PolicyFlags::VENDOR_PARTITION | PolicyFlags::ODM_PARTITION |
+ PolicyFlags::OEM_PARTITION;
+
+ for (PolicyBitmask policy = 1U << (sizeof(PolicyBitmask) * 8 - 1); policy > 0;
+ policy = policy >> 1U) {
auto resources = TestGetResourceMapping("/target/target-no-overlayable.apk",
"/system-overlay-invalid/system-overlay-invalid.apk",
- fulfilled_policies,
- /* enforce_overlayable */ true);
-
+ policy, /* enforce_overlayable */ true);
ASSERT_TRUE(resources) << resources.GetErrorMessage();
- auto& res = *resources;
- ASSERT_EQ(resources->GetTargetToOverlayMap().size(), 10U);
- ASSERT_RESULT(MappingExists(res, R::target::string::not_overlayable, Res_value::TYPE_REFERENCE,
- R::system_overlay_invalid::string::not_overlayable,
- false /* rewrite */));
- ASSERT_RESULT(MappingExists(res, R::target::string::other, Res_value::TYPE_REFERENCE,
- R::system_overlay_invalid::string::other, false /* rewrite */));
- ASSERT_RESULT(MappingExists(res, R::target::string::policy_actor, Res_value::TYPE_REFERENCE,
- R::system_overlay_invalid::string::policy_actor,
- false /* rewrite */));
- ASSERT_RESULT(MappingExists(res, R::target::string::policy_odm, Res_value::TYPE_REFERENCE,
- R::system_overlay_invalid::string::policy_odm,
- false /* rewrite */));
- ASSERT_RESULT(MappingExists(res, R::target::string::policy_oem, Res_value::TYPE_REFERENCE,
- R::system_overlay_invalid::string::policy_oem,
- false /* rewrite */));
- ASSERT_RESULT(MappingExists(res, R::target::string::policy_product, Res_value::TYPE_REFERENCE,
- R::system_overlay_invalid::string::policy_product,
- false /* rewrite */));
- ASSERT_RESULT(MappingExists(res, R::target::string::policy_public, Res_value::TYPE_REFERENCE,
- R::system_overlay_invalid::string::policy_public,
- false /* rewrite */));
- ASSERT_RESULT(MappingExists(res, R::target::string::policy_signature, Res_value::TYPE_REFERENCE,
- R::system_overlay_invalid::string::policy_signature,
- false /* rewrite */));
- ASSERT_RESULT(MappingExists(res, R::target::string::policy_system, Res_value::TYPE_REFERENCE,
- R::system_overlay_invalid::string::policy_system,
- false /* rewrite */));
- ASSERT_RESULT(MappingExists(
- res, R::target::string::policy_system_vendor, Res_value::TYPE_REFERENCE,
- R::system_overlay_invalid::string::policy_system_vendor, false /* rewrite */));
- };
- CheckEntries(PolicyFlags::SIGNATURE);
- CheckEntries(PolicyFlags::PRODUCT_PARTITION);
- CheckEntries(PolicyFlags::SYSTEM_PARTITION);
- CheckEntries(PolicyFlags::VENDOR_PARTITION);
- CheckEntries(PolicyFlags::ODM_PARTITION);
- CheckEntries(PolicyFlags::OEM_PARTITION);
+ const size_t expected_overlaid = (policy & kDefaultPolicies) != 0 ? 10U : 0U;
+ ASSERT_EQ(expected_overlaid, resources->GetTargetToOverlayMap().size())
+ << "Incorrect number of resources overlaid through policy " << policy;
+ }
}
} // namespace android::idmap2