Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d1421131 authored by Michael Groover's avatar Michael Groover
Browse files

Remove WRITE_DEVICE_CONFIG permission from shell user 

Android 16 adds restrictions to the DeviceConfig flags that can
be modified by adb shell; to do this, the WRITE_DEVICE_CONFIG
permission will be removed from the shell user, and it will
instead rely on the WRITE_ALLOWLISTED_DEVICE_CONFIG permission
along with the allowlisted namespaces and flags. This commit
removes the WRITE_DEVICE_CONFIG permission from the shel user's
manifest to ensure it is not able to modify all DeviceConfig flags.

Bug: 364083026
Flag: android.security.protect_device_config_flags
Test: atest DeviceConfigApiTests
Change-Id: I7878d9988ca1223be2c897c0d491c1cdb2320395
parent 3c943276

packages/Shell/AndroidManifest.xml

+2 −1
Original line number Diff line number Diff line
@@ -151,7 +151,8 @@ 
    <uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS" />

    <uses-permission android:name="android.permission.LOCATION_BYPASS" />

    <uses-permission android:name="android.permission.READ_DEVICE_CONFIG" />

    <uses-permission android:name="android.permission.WRITE_DEVICE_CONFIG" />

    <uses-permission android:name="android.permission.WRITE_DEVICE_CONFIG"

        android:featureFlag="!android.security.protect_device_config_flags"/>

    <uses-permission android:name="android.permission.WRITE_ALLOWLISTED_DEVICE_CONFIG" />

    <uses-permission android:name="android.permission.READ_WRITE_SYNC_DISABLED_MODE_CONFIG" />

    <uses-permission android:name="android.permission.MONITOR_DEVICE_CONFIG_ACCESS" />