Add ApexContext API including methods to get paths for data directories.

This adds a new ApexContext class as a system API. Methods are included to obtain paths to the APEX data directories. In future the aim is for this ApexContext to be provided to code running within an APEX automatically, so that data directory paths are available only to the APEX that should access them. For R it is not feasible to implement this, so for now a factory method is included to create an ApexContext from the apex (module) name. See go/apex-context-r for more information. Bug: 141148175 Bug: 142484007 Test: ApexContextTest added Change-Id: Iaf90e12383aa219a73a7818dab6cde6a850597ba
author: Oli Lan <olilan@google.com> 2020-01-14 16:27:06 +0000
committer: Oli Lan <olilan@google.com> 2020-01-21 12:20:01 +0000
commit: 407e7ba6df5d3cab3d29ac6e98d0dd256a1851b6 (patch)
tree: 78cd6df52e15494ac191f2dde1d2cdd72c200818 /core/java/android
parent: b492f4e34713bcc825906250610ca55149ad6130 (diff)
1 files changed, 98 insertions, 0 deletions
diff --git a/core/java/android/content/ApexContext.java b/core/java/android/content/ApexContext.java
new file mode 100644
index 000000000000..fe5cedca4654
--- /dev/null
+++ b/core/java/android/content/ApexContext.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.content;
+
+import android.annotation.NonNull;
+import android.annotation.SystemApi;
+import android.os.Environment;
+import android.os.UserHandle;
+
+import java.io.File;
+import java.util.Objects;
+
+/**
+ * Provides information about the environment for a particular APEX.
+ *
+ * @hide
+ */
+@SystemApi
+public class ApexContext {
+
+    private static final String APEX_DATA = "apexdata";
+
+    /**
+     * Returns an ApexContext instance for the APEX with the provided {@code apexModuleName}.
+     *
+     * <p>To preserve the safety and integrity of APEX modules, you must only obtain the ApexContext
+     * for your specific APEX, and you <em>must never</em> attempt to obtain an ApexContext for
+     * another APEX.  Any coordination between APEXs must be performed through well-defined
+     * interfaces; attempting to directly read or write raw files belonging to another APEX will
+     * violate the hermetic storage requirements placed upon each module.
+     */
+    @NonNull
+    public static ApexContext getApexContext(@NonNull String apexModuleName) {
+        Objects.requireNonNull(apexModuleName, "apexModuleName cannot be null");
+        //TODO(b/141148175): Check that apexModuleName is an actual APEX name
+        return new ApexContext(apexModuleName);
+    }
+
+    private final String mApexModuleName;
+
+    private ApexContext(String apexModuleName) {
+        mApexModuleName = apexModuleName;
+    }
+
+    /**
+     * Returns the data directory for the APEX in device-encrypted, non-user-specific storage.
+     *
+     * <p>This directory is automatically created by the system for installed APEXes, and its
+     * contents will be rolled back if the APEX is rolled back.
+     */
+    @NonNull
+    public File getDeviceProtectedDataDir() {
+        return Environment.buildPath(
+                Environment.getDataMiscDirectory(), APEX_DATA, mApexModuleName);
+    }
+
+    /**
+     * Returns the data directory for the APEX in device-encrypted, user-specific storage for the
+     * specified {@code user}.
+     *
+     * <p>This directory is automatically created by the system for each user and for each installed
+     * APEX, and its contents will be rolled back if the APEX is rolled back.
+     */
+    @NonNull
+    public File getDeviceProtectedDataDirForUser(@NonNull UserHandle user) {
+        return Environment.buildPath(
+                Environment.getDataMiscDeDirectory(user.getIdentifier()), APEX_DATA,
+                mApexModuleName);
+    }
+
+    /**
+     * Returns the data directory for the APEX in credential-encrypted, user-specific storage for
+     * the specified {@code user}.
+     *
+     * <p>This directory is automatically created by the system for each user and for each installed
+     * APEX, and its contents will be rolled back if the APEX is rolled back.
+     */
+    @NonNull
+    public File getCredentialProtectedDataDirForUser(@NonNull UserHandle user) {
+        return Environment.buildPath(
+                Environment.getDataMiscCeDirectory(user.getIdentifier()), APEX_DATA,
+                mApexModuleName);
+    }
+}
author	Oli Lan <olilan@google.com>	2020-01-14 16:27:06 +0000
committer	Oli Lan <olilan@google.com>	2020-01-21 12:20:01 +0000
commit	407e7ba6df5d3cab3d29ac6e98d0dd256a1851b6 (patch)
tree	78cd6df52e15494ac191f2dde1d2cdd72c200818 /core/java/android
parent	b492f4e34713bcc825906250610ca55149ad6130 (diff)