commit | 79211e094a7363f28a06cea2737aa815339911ad | [log] [tgz] |
---|---|---|
author | Nate Myren <ntmyren@google.com> | Thu Jan 09 10:09:56 2025 -0800 |
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | Wed Feb 05 21:20:27 2025 -0800 |
tree | bd555ffc981268107cff9407a8e26b9ccd300fe6 | |
parent | 4ec1792148a5d31a890dbe86bde40946404199e8 [diff] |
Do not allow non-system apps to provide unverified attributions Some apps (the shell, system server, etc) are exempt from the requirement that attribution tags be registered. However, in the proxy case, the tag provied by the proxy app is trusted if the proxied app is one of these exemptions. We should only trust these tags if the proxy app is a system app. This CL also adds a second restriction check when a restriction is removed, to verify that an op is free of all restrictions, before resuming a started op Bug: 375623125 Test: upcoming Flag: EXEMPT: See bug (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5ee32ac478e514d8275567e7c50ea8a33438dc75) Merged-In: I6a7b0a24359097c0ea2f52cc69637d929a931b4f Change-Id: I6a7b0a24359097c0ea2f52cc69637d929a931b4f