Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit 916ccd97 authored by Roman Birg's avatar Roman Birg Committed by Michael Bestas
Browse files

Allow permissions to be granted via whitelisted signatures 

When an application defines a permission, it can now add a new
attribute "allowViaWhitelist", a boolean value. If set to true,
the permission may be granted to a package signed with a predefined key,
if it is defined via <allow-permission> in
/system/etc/permissions/someapp.xml.

Since this is a hidden attribute, it must use the prv namespace XML
declaration. E.g.: add the following to the <manifest> tag:

       xmlns:androidprv="http://schemas.android.com/apk/prv/res/android

"

In the permission declaration:

        <permission
            android:name=""
            android:protectionLevel="signature"
            androidprv:allowViaWhitelist"true" />

And a corresponding entry in /system/etc/permissions/someapp.xml:

        <allow-permission
            name="some.android.PERMISSION"
            signature="<known public signature>" />

Note: if the permission never declares "allowViaWhitelist", then the
whitelisted permissions will be ignored.

Change-Id: Ie4597a07eb0a193375fa2724bd9cf468184a7926
Signed-off-by: default avatarRoman Birg <roman@cyngn.com>

PackageManager: copy allowViaWhitelist flag for perm trees

Ref: CYNGNOS-622
Change-Id: Ic52f179d79ac69a055f994df05a502f893435a26
Signed-off-by: default avatarRoman Birg <roman@cyngn.com>

Explicitly declare which permissions can be granted via signature

This moves the older <allow-permissions> implementation inline with the
newer one, which requires any permission that can be granted via a
signature to explicitly add the attribute allowViaWhitelist="true".

Change-Id: Ie9f9bf6e2138075b750c58090dcd7030eff174f1
Signed-off-by: default avatarRoman Birg <roman@cyngn.com>

Allow CAPTURE_AUDIO_HOTWORD to be whitelisted by signature.

Change-Id: Ia4589c0fd5480a6f462812f5081160262632f09f

Allow additional permissions to be whitelisted by signature.

- android.permission.SET_PREFERRED_APPLICATIONS.
- android.permission.INTERACT_ACROSS_USERS_FULL.

Change-Id: I3fdb3fd412d3eb641a5745eb298afa1121540ccf

allow GET_ACCOUNTS_PRIVELEGED to be whitelisted

Change-Id: Idc5e5535476015800e47f0a3a472729a926dd7b1
Signed-off-by: default avatarRoman Birg <roman@cyngn.com>

allow priveleged phone state permission to be whitelisted

Ref: CYNGNOS-1660

Change-Id: I377ad833e44d5c54bbcf2f7447fe5383edc457fb
Signed-off-by: default avatarRoman Birg <roman@cyngn.com>

allow whitelisting of ACCESS_KEYGUARD_SECURE_STORAGE

Ref: CYNGNOS-1727

Change-Id: I7151ce3fa7c57ee89fecf691d6e92c4ab39ecf37
Signed-off-by: default avatarRoman Birg <roman@cyngn.com>

Allow granting permissions based on signature in <allow-permission/>

This patch allows us to either specify a sharedUserId or a package
signature to use when granting the specific permission.

Change-Id: I8aed78d40316e0e94ac1bfefc7c4a3016a2a9a6b

Explicitly declare which permissions can be granted via signature

This moves the older <allow-permissions> implementation inline with the
newer one, which requires any permission that can be granted via a
signature to explicitly add the attribute allowViaWhitelist="true".

Change-Id: Ie9f9bf6e2138075b750c58090dcd7030eff174f1
Signed-off-by: default avatarRoman Birg <roman@cyngn.com>
parent 4b01d621
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment