Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1b419331 authored by xshu's avatar xshu
Browse files

Add knownSigner to permissions needed by trusted OEM apps 

This protection level attribute will allow OEMs to grant these
permission to their trusted apps signed by certificates in the
knownCerts.

Bug: 218789373
Test: compile
Change-Id: I30f036374238793abdac5fcf57c066aad8042cd5
parent d8dd4b41

core/res/AndroidManifest.xml

+6 −3
Original line number Diff line number Diff line
@@ -1903,14 +1903,16 @@ 
         to improve wifi performance.

         <p>Not for use by third-party applications. -->

    <permission android:name="android.permission.MANAGE_WIFI_AUTO_JOIN"

                android:protectionLevel="signature|privileged" />

                android:protectionLevel="signature|privileged|knownSigner"

                android:knownCerts="@array/wifi_known_signers" />



    <!-- Allows applications to get notified when a Wi-Fi interface request cannot

         be satisfied without tearing down one or more other interfaces, and provide a decision

         whether to approve the request or reject it.

         <p>Not for use by third-party applications. -->

    <permission android:name="android.permission.MANAGE_WIFI_INTERFACES"

                android:protectionLevel="signature|privileged" />

                android:protectionLevel="signature|privileged|knownSigner"

                android:knownCerts="@array/wifi_known_signers" />



    <!-- @SystemApi @hide Allows apps to create and manage IPsec tunnels.

         <p>Only granted to applications that are currently bound by the
@@ -1948,7 +1950,8 @@ 
     modifications.

     <p>Not for use by third-party applications. -->

    <permission android:name="android.permission.OVERRIDE_WIFI_CONFIG"

        android:protectionLevel="signature|privileged" />

                android:protectionLevel="signature|privileged|knownSigner"

                android:knownCerts="@array/wifi_known_signers" />



    <!-- @deprecated Allows applications to act as network scorers. @hide @SystemApi-->

    <permission android:name="android.permission.SCORE_NETWORKS"

core/res/res/values/arrays.xml

+6 −0
Original line number Diff line number Diff line
@@ -185,6 +185,12 @@ 
        <item>@string/app_info</item>

    </string-array>



    <!-- Certificate digests for trusted apps that will be allowed to obtain the knownSigner Wi-Fi

         permissions. The digest should be computed over the DER encoding of the trusted certificate

         using the SHA-256 digest algorithm. -->

    <string-array name="wifi_known_signers">

    </string-array>



    <!-- Device-specific array of SIM slot indexes which are are embedded eUICCs.

         e.g. If a device has two physical slots with indexes 0, 1, and slot 1 is an

         eUICC, then the value of this array should be: