Explicitly declare which permissions can be granted via signature

*/

-->

<manifest xmlns:android="http://schemas.android.com/apk/res/android"

    xmlns:androidprv="http://schemas.android.com/apk/prv/res/android"

    package="android" coreApp="true" android:sharedUserId="android.uid.system"

    android:sharedUserLabel="@string/android_system_label">

    <!-- @SystemApi Allows an application to write to internal media storage

         @hide  -->

    <permission android:name="android.permission.WRITE_MEDIA_STORAGE"

        android:protectionLevel="signature|privileged" />

        android:protectionLevel="signature|privileged"

        androidprv:allowViaWhitelist="true" />

    <!-- Allows an application to manage access to documents, usually as part

         of a document picker.

         interacting with the recovery (system update) system.

         @hide -->

    <permission android:name="android.permission.RECOVERY"

        android:protectionLevel="signature|privileged" />

        android:protectionLevel="signature|privileged"

        androidprv:allowViaWhitelist="true" />

    <!-- Allows the system to bind to an application's task services

         @hide -->

    <!-- @SystemApi Allows an application to read or write the secure system settings.

    <p>Not for use by third-party applications. -->

    <permission android:name="android.permission.WRITE_SECURE_SETTINGS"

        android:protectionLevel="signature|privileged|development" />

        android:protectionLevel="signature|privileged|development"

        androidprv:allowViaWhitelist="true" />

    <!-- @SystemApi Allows an application to retrieve state dump information from system services.

    <p>Not for use by third-party applications. -->

         @hide

    -->

    <permission android:name="android.permission.SET_ACTIVITY_WATCHER"

        android:protectionLevel="signature" />

        android:protectionLevel="signature"

        androidprv:allowViaWhitelist="true" />

    <!-- @SystemApi Allows an application to call the activity manager shutdown() API

         to put the higher-level system there into a shutdown state.

         get access to the frame buffer data.

         <p>Not for use by third-party applications. -->

    <permission android:name="android.permission.READ_FRAME_BUFFER"

        android:protectionLevel="signature|privileged" />

        android:protectionLevel="signature|privileged"

        androidprv:allowViaWhitelist="true" />

    <!-- Allows an application to use InputFlinger's low level features.

         @hide -->

    <!-- @SystemApi Allows an application to capture video output.

         <p>Not for use by third-party applications.</p> -->

    <permission android:name="android.permission.CAPTURE_VIDEO_OUTPUT"

        android:protectionLevel="signature|privileged" />

        android:protectionLevel="signature|privileged"

        androidprv:allowViaWhitelist="true" />

    <!-- @SystemApi Allows an application to capture secure video output.

         <p>Not for use by third-party applications.</p> -->

    <permission android:name="android.permission.CAPTURE_SECURE_VIDEO_OUTPUT"

        android:protectionLevel="signature|privileged" />

        android:protectionLevel="signature|privileged"

        androidprv:allowViaWhitelist="true" />

    <!-- @SystemApi Allows an application to know what content is playing and control its playback.

         <p>Not for use by third-party applications due to privacy of media consumption</p>  -->

    <!-- @SystemApi Required to be able to reboot the device.

    <p>Not for use by third-party applications. -->

    <permission android:name="android.permission.REBOOT"

        android:protectionLevel="signature|privileged" />

        android:protectionLevel="signature|privileged"

        androidprv:allowViaWhitelist="true" />

   <!-- @SystemApi Allows low-level access to power management.

        <p>Not for use by third-party applications.

    <p>Not for use by third-party applications.

         @hide pending API council -->

    <permission android:name="android.permission.BACKUP"

        android:protectionLevel="signature|privileged" />

        android:protectionLevel="signature|privileged"

        androidprv:allowViaWhitelist="true" />

    <!-- Allows a package to launch the secure full-backup confirmation UI.

         ONLY the system process may hold this permission.

    <!-- @SystemApi Allow an application to read and write the cache partition.

         @hide -->

    <permission android:name="android.permission.ACCESS_CACHE_FILESYSTEM"

        android:protectionLevel="signature|privileged" />

        android:protectionLevel="signature|privileged"

        androidprv:allowViaWhitelist="true" />

    <!-- Must be required by default container service so that only

         the system can bind to it and use it to copy

    <!-- Allows an application to control keyguard.  Only allowed for system processes.

        @hide -->

    <permission android:name="android.permission.CONTROL_KEYGUARD"

        android:protectionLevel="signature" />

        android:protectionLevel="signature"

        androidprv:allowViaWhitelist="true" />

    <!-- Allows an application to listen to trust changes.  Only allowed for system processes.

        @hide -->

                        == PackageManager.SIGNATURE_MATCH);

        if (!allowed && (bp.protectionLevel

                & PermissionInfo.PROTECTION_FLAG_PRIVILEGED) != 0) {

            boolean allowedSig = isAllowedSignature(pkg, perm);

            if (isSystemApp(pkg) || allowedSig) {

            if (isSystemApp(pkg)) {

                // For updated system applications, a system permission

                if (pkg.isUpdatedSystemApp()) {

                    final PackageSetting sysPs = mSettings

                        }

                    }

                } else {

                    allowed = isPrivilegedApp(pkg) || allowedSig;

                    allowed = isPrivilegedApp(pkg);

                }

            }

        }