Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ceaeeb0a authored by Roman Birg's avatar Roman Birg Committed by Wilhelm Fitzpatrick
Browse files

Explicitly declare which permissions can be granted via signature 



This moves the older <allow-permissions> implementation inline with the
newer one, which requires any permission that can be granted via a
signature to explicitly add the attribute allowViaWhitelist="true".

Change-Id: Ie9f9bf6e2138075b750c58090dcd7030eff174f1
Signed-off-by: default avatarRoman Birg <roman@cyngn.com>
parent 7039e3b0

core/res/AndroidManifest.xml

+25 −12
Original line number Diff line number Diff line
@@ -18,6 +18,7 @@ 
*/

-->

<manifest xmlns:android="http://schemas.android.com/apk/res/android"

    xmlns:androidprv="http://schemas.android.com/apk/prv/res/android"

    package="android" coreApp="true" android:sharedUserId="android.uid.system"

    android:sharedUserLabel="@string/android_system_label">
@@ -1411,7 +1412,8 @@ 
        android:permissionGroup="android.permission-group.STORAGE"

        android:label="@string/permlab_mediaStorageWrite"

        android:description="@string/permdesc_mediaStorageWrite"

        android:protectionLevel="signature|system" />

        android:protectionLevel="signature|system"

        androidprv:allowViaWhitelist="true" />



    <!-- Allows an application to manage access to documents, usually as part

         of a document picker. -->
@@ -1971,7 +1973,8 @@ 
        android:permissionGroup="android.permission-group.SYSTEM_TOOLS"

        android:protectionLevel="signature|system"

        android:label="@string/permlab_recovery"

        android:description="@string/permdesc_recovery" />

        android:description="@string/permdesc_recovery"

        androidprv:allowViaWhitelist="true" />



    <!-- Allows the system to bind to an application's task services

         @hide -->
@@ -1987,7 +1990,8 @@ 
    <permission android:name="android.permission.INTERCEPT_PACKAGE_LAUNCH"

        android:label="@string/permlab_interceptPackageLaunch"

        android:description="@string/permdesc_interceptPackageLaunch"

        android:protectionLevel="system|signature" />

        android:protectionLevel="system|signature"

        androidprv:allowViaWhitelist="true" />



    <!-- ========================================= -->

    <!-- Permissions for special development tools -->
@@ -2009,7 +2013,8 @@ 
        android:permissionGroup="android.permission-group.DEVELOPMENT_TOOLS"

        android:protectionLevel="signature|system|development"

        android:label="@string/permlab_writeSecureSettings"

        android:description="@string/permdesc_writeSecureSettings" />

        android:description="@string/permdesc_writeSecureSettings"

        androidprv:allowViaWhitelist="true" />



    <!-- @SystemApi Allows an application to retrieve state dump information from system services.

    <p>Not for use by third-party applications. -->
@@ -2183,7 +2188,8 @@ 
    <permission android:name="android.permission.SET_ACTIVITY_WATCHER"

        android:label="@string/permlab_runSetActivityWatcher"

        android:description="@string/permdesc_runSetActivityWatcher"

        android:protectionLevel="signature|system" />

        android:protectionLevel="signature|system"

        androidprv:allowViaWhitelist="true" />



    <!-- @SystemApi Allows an application to call the activity manager shutdown() API

         to put the higher-level system there into a shutdown state.
@@ -2423,7 +2429,8 @@ 
    <permission android:name="android.permission.READ_FRAME_BUFFER"

        android:label="@string/permlab_readFrameBuffer"

        android:description="@string/permdesc_readFrameBuffer"

        android:protectionLevel="signature|system" />

        android:protectionLevel="signature|system"

        androidprv:allowViaWhitelist="true" />



    <!-- Allows an application to use InputFlinger's low level features.

         @hide -->
@@ -2485,14 +2492,16 @@ 
    <permission android:name="android.permission.CAPTURE_VIDEO_OUTPUT"

        android:label="@string/permlab_captureVideoOutput"

        android:description="@string/permdesc_captureVideoOutput"

        android:protectionLevel="signature|system" />

        android:protectionLevel="signature|system"

        androidprv:allowViaWhitelist="true" />



    <!-- @SystemApi Allows an application to capture secure video output.

         <p>Not for use by third-party applications.</p> -->

    <permission android:name="android.permission.CAPTURE_SECURE_VIDEO_OUTPUT"

        android:label="@string/permlab_captureSecureVideoOutput"

        android:description="@string/permdesc_captureSecureVideoOutput"

        android:protectionLevel="signature|system" />

        android:protectionLevel="signature|system"

        androidprv:allowViaWhitelist="true" />



    <!-- @SystemApi Allows an application to know what content is playing and control its playback.

         <p>Not for use by third-party applications due to privacy of media consumption</p>  -->
@@ -2513,7 +2522,8 @@ 
    <permission android:name="android.permission.REBOOT"

        android:label="@string/permlab_reboot"

        android:description="@string/permdesc_reboot"

        android:protectionLevel="signature|system" />

        android:protectionLevel="signature|system"

        androidprv:allowViaWhitelist="true" />



   <!-- Allows low-level access to power management.

   <p>Not for use by third-party applications. -->
@@ -2659,7 +2669,8 @@ 
    <permission android:name="android.permission.BACKUP"

        android:label="@string/permlab_backup"

        android:description="@string/permdesc_backup"

        android:protectionLevel="signature|system" />

        android:protectionLevel="signature|system"

        androidprv:allowViaWhitelist="true" />



    <!-- Allows a package to launch the secure full-backup confirmation UI.

         ONLY the system process may hold this permission.
@@ -2764,7 +2775,8 @@ 
    <permission android:name="android.permission.ACCESS_CACHE_FILESYSTEM"

        android:label="@string/permlab_cache_filesystem"

        android:description="@string/permdesc_cache_filesystem"

        android:protectionLevel="signature|system" />

        android:protectionLevel="signature|system"

        androidprv:allowViaWhitelist="true" />



    <!-- Must be required by default container service so that only

         the system can bind to it and use it to copy
@@ -2874,7 +2886,8 @@ 
    <permission android:name="android.permission.CONTROL_KEYGUARD"

        android:protectionLevel="signature|system"

        android:label="@string/permlab_control_keyguard"

        android:description="@string/permdesc_control_keyguard" />

        android:description="@string/permdesc_control_keyguard"

        androidprv:allowViaWhitelist="true" />



    <!-- Allows an application to listen to trust changes.  Only allowed for system processes.

        @hide -->

services/core/java/com/android/server/pm/PackageManagerService.java

+2 −3
Original line number Diff line number Diff line
@@ -8013,8 +8013,7 @@ public class PackageManagerService extends IPackageManager.Stub { 
                        == PackageManager.SIGNATURE_MATCH);

        if (!allowed && (bp.protectionLevel

                & PermissionInfo.PROTECTION_FLAG_SYSTEM) != 0) {

            boolean allowedSig = isAllowedSignature(pkg, perm);

            if (isSystemApp(pkg) || allowedSig) {

            if (isSystemApp(pkg)) {

                // For updated system applications, a system permission

                // is granted only if it had been defined by the original application.

                if (isUpdatedSystemApp(pkg)) {
@@ -8052,7 +8051,7 @@ public class PackageManagerService extends IPackageManager.Stub { 
                        }

                    }

                } else {

                    allowed = isPrivilegedApp(pkg) || allowedSig;

                    allowed = isPrivilegedApp(pkg);

                }

            }

        }