From 59fd8d40def9396e2bfd71763a071302b1ef52be Mon Sep 17 00:00:00 2001
From: Geremy Condra <gcondra@google.com>
Date: Thu, 28 Mar 2013 00:19:52 +0000
Subject: [PATCH] Revert "Revert "Rewrite mac_permissions.xml file.""
This reverts commit 31d1a40b2eec2bcdb028843e2d6f246e33afa823
Change-Id: I70aab6f01b9a74512dcbd9bff167890747e54355
---
mac_permissions.xml | 170 --------------------------------------------
1 file changed, 170 deletions(-)
diff --git a/mac_permissions.xml b/mac_permissions.xml
index 55e7bd8c6..054b21f3e 100644
--- a/mac_permissions.xml
+++ b/mac_permissions.xml
@@ -1,197 +1,27 @@
<?xml version="1.0" encoding="utf-8"?>
<policy>
-<!--
- Sample signer stanza for install policy
-
- Rules:
- * A signature is a hex encoded X.509 certificate and is required for each signer tag.
- * A <signer signature="" > element may have multiple child elements:
- allow-permission : produces a set of maximal allowed permissions (whitelist).
- deny-permission : produces a blacklist of permissions to deny.
- allow-all : a wildcard tag that will allow every permission requested.
- package : a complex tag which itself defines allow, deny, and wildcard sub elements for
- a specific package name protected by the signature
- * Zero or more global <package name=""> tags are allowed. These tags allow a policy
- to be set outside any signature for specific package names.
- * Unknown tags at any level are skipped.
- * Zero or more signer tags are allowed.
- * Zero or more package tags are allowed per signer tag.
- * A <package name=""> tag may not contain another <package name=""> tag. If found, it's skipped.
- * A <default> tag is allowed that can contain install policy for all apps not signed with a
- previously listed cert and not having a per package global policy.
- * When multiple sub elements appear for a tag the following logic is used to
- ultimately determine the type of enforcement:
- ** A blacklist is used if at least one deny-permission tag is found
- ** A whitelist is used if not a blacklist and at least one allow-permission tag is found
- ** A wildcard (accept all permission) policy is used if not a blacklist and not a whitelist
- and at least one allow-all tag is present.
- ** If a <package name=""> sub element is found then that sub element's policy is used
- according to the above logic and overrides any signature global policy type.
- ** In order for a policy stanza to be enforced at least one of the above situations must
- apply. Meaning, empty signer, default or package tags will not be accepted.
- * Each signer/default/global package tag is allowed to contain one <seinfo value=""/> tag.
- This tag represents additional info that each app can use in setting a SELinux security
- context on the eventual process. Any <seinfo value=""/> tag found as a child of a
- <package name=""> tag which is protected (sub element of signer or the default tag) is
- ignored. It's possible that multiple seinfo tags are relevant for one app. In the event
- that this happens, the seinfo tag that will be applied is the one for which the corresponding
- policy stanza is used in the policy decision.
- * Strict enforcing of any xml stanza is not enforced in most cases. This mainly applies to
- duplicate tags which are allowed. In the event that a tag already exists, the original
- tag is replaced.
- * There are also no checks on the validity of permission names. Although valid android
- permissions are expected, nothing prevents unknowns.
- * Enforcement decisions:
- - All signatures used to sign an app are checked for policy according to signer tags.
- Only one of the signature policies has to pass however.
- - In the event that none of the signature policies pass, or none even match, then
- a global package policy is sought. If found, this policy mediates the install.
- - The default tag is consulted last if needed.
- - A local package policy always overrides any parent policy.
- - If none of the cases apply then the app is denied.
-
-
- Example global package policy
- <package name="com.foo.com">
- <allow-permission name="android.permission.INTERNET" />
- <allow-permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
- <allow-permission name="android.permission.ACCESS_NETWORK_STATE" />
- </package>
-
- Sample stanzas are given below based on the AOSP developer keys.
-
--->
-
- <!-- Platform dev key with AOSP -->
<signer signature="@PLATFORM" >
- <allow-all />
<seinfo value="platform" />
</signer>
<!-- Media dev key in AOSP -->
<signer signature="@MEDIA" >
- <allow-permission name="android.permission.ACCESS_ALL_DOWNLOADS" />
- <allow-permission name="android.permission.ACCESS_CACHE_FILESYSTEM" />
- <allow-permission name="android.permission.ACCESS_DOWNLOAD_MANAGER" />
- <allow-permission name="android.permission.ACCESS_MTP" />
- <allow-permission name="android.permission.ACCESS_NETWORK_STATE" />
- <allow-permission name="android.permission.CONNECTIVITY_INTERNAL" />
- <allow-permission name="android.permission.INTERNET" />
- <allow-permission name="android.permission.MODIFY_NETWORK_ACCOUNTING" />
- <allow-permission name="android.permission.READ_EXTERNAL_STORAGE" />
- <allow-permission name="android.permission.RECEIVE_BOOT_COMPLETED" />
- <allow-permission name="android.permission.RECEIVE_WAP_PUSH" />
- <allow-permission name="android.permission.SEND_DOWNLOAD_COMPLETED_INTENTS" />
- <allow-permission name="android.permission.UPDATE_DEVICE_STATS" />
- <allow-permission name="android.permission.WAKE_LOCK" />
- <allow-permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
- <allow-permission name="android.permission.WRITE_MEDIA_STORAGE" />
- <allow-permission name="android.permission.WRITE_SETTINGS" />
<seinfo value="media" />
</signer>
<!-- shared dev key in AOSP -->
<signer signature="@SHARED" >
- <allow-permission name="android.permission.ACCESS_COARSE_LOCATION" />
- <allow-permission name="android.permission.ACCESS_FINE_LOCATION" />
- <allow-permission name="android.permission.ACCESS_NETWORK_STATE" />
- <allow-permission name="android.permission.ALLOW_ANY_CODEC_FOR_PLAYBACK" />
- <allow-permission name="android.permission.BIND_APPWIDGET" />
- <allow-permission name="android.permission.BIND_WALLPAPER" />
- <allow-permission name="android.permission.CALL_PHONE" />
- <allow-permission name="android.permission.CALL_PRIVILEGED" />
- <allow-permission name="android.permission.CAMERA" />
- <allow-permission name="android.permission.GET_ACCOUNTS" />
- <allow-permission name="android.permission.GLOBAL_SEARCH" />
- <allow-permission name="android.permission.INTERNET" />
- <allow-permission name="android.permission.MANAGE_ACCOUNTS" />
- <allow-permission name="android.permission.MODIFY_AUDIO_SETTINGS" />
- <allow-permission name="android.permission.MODIFY_PHONE_STATE" />
- <allow-permission name="android.permission.NFC" />
- <allow-permission name="android.permission.PACKAGE_USAGE_STATS" />
- <allow-permission name="android.permission.READ_CALL_LOG" />
- <allow-permission name="android.permission.READ_CONTACTS"/>
- <allow-permission name="android.permission.READ_EXTERNAL_STORAGE" />
- <allow-permission name="android.permission.READ_PHONE_STATE" />
- <allow-permission name="android.permission.READ_PROFILE" />
- <allow-permission name="android.permission.READ_SOCIAL_STREAM" />
- <allow-permission name="android.permission.READ_SYNC_SETTINGS" />
- <allow-permission name="android.permission.READ_SYNC_STATS" />
- <allow-permission name="android.permission.READ_USER_DICTIONARY" />
- <allow-permission name="android.permission.REBOOT" />
- <allow-permission name="android.permission.RECEIVE_BOOT_COMPLETED" />
- <allow-permission name="android.permission.RECORD_AUDIO" />
- <allow-permission name="android.permission.SET_WALLPAPER" />
- <allow-permission name="android.permission.SET_WALLPAPER_COMPONENT" />
- <allow-permission name="android.permission.SET_WALLPAPER_HINTS" />
- <allow-permission name="android.permission.SUBSCRIBED_FEEDS_READ" />
- <allow-permission name="android.permission.SUBSCRIBED_FEEDS_WRITE" />
- <allow-permission name="android.permission.USE_CREDENTIALS" />
- <allow-permission name="android.permission.VIBRATE" />
- <allow-permission name="android.permission.WAKE_LOCK" />
- <allow-permission name="android.permission.WRITE_CALL_LOG" />
- <allow-permission name="android.permission.WRITE_CONTACTS" />
- <allow-permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
- <allow-permission name="android.permission.WRITE_PROFILE" />
- <allow-permission name="android.permission.WRITE_SETTINGS" />
- <allow-permission name="android.permission.WRITE_USER_DICTIONARY" />
- <allow-permission name="com.android.browser.permission.READ_HISTORY_BOOKMARKS"/>
- <allow-permission name="com.android.launcher.permission.INSTALL_SHORTCUT" />
- <allow-permission name="com.android.launcher.permission.READ_SETTINGS" />
- <allow-permission name="com.android.launcher.permission.WRITE_SETTINGS" />
- <allow-permission name="com.android.voicemail.permission.ADD_VOICEMAIL" />
- <allow-permission name="com.android.voicemail.permission.READ_WRITE_ALL_VOICEMAIL" />
- <allow-permission name="com.google.android.googleapps.permission.GOOGLE_AUTH" />
- <allow-permission name="com.google.android.googleapps.permission.GOOGLE_AUTH.cp" />
- <allow-permission name="com.google.android.googleapps.permission.GOOGLE_AUTH.mail" />
<seinfo value="shared" />
</signer>
<!-- release dev key in AOSP -->
<signer signature="@RELEASE" >
- <seinfo value="release" />
- <deny-permission name="android.permission.BRICK" />
- <deny-permission name="android.permission.READ_LOGS" />
- <deny-permission name="com.android.browser.permission.READ_HISTORY_BOOKMARKS" />
- <deny-permission name="com.android.browser.permission.WRITE_HISTORY_BOOKMARKS" />
- <package name="com.android.browser" >
- <allow-permission name="android.permission.ACCESS_COARSE_LOCATION"/>
- <allow-permission name="android.permission.ACCESS_DOWNLOAD_MANAGER"/>
- <allow-permission name="android.permission.ACCESS_FINE_LOCATION"/>
- <allow-permission name="android.permission.ACCESS_NETWORK_STATE"/>
- <allow-permission name="android.permission.ACCESS_WIFI_STATE"/>
- <allow-permission name="android.permission.GET_ACCOUNTS"/>
- <allow-permission name="android.permission.INTERNET" />
- <allow-permission name="android.permission.MANAGE_ACCOUNTS" />
- <allow-permission name="android.permission.NFC" />
- <allow-permission name="android.permission.READ_CONTACTS" />
- <allow-permission name="android.permission.READ_EXTERNAL_STORAGE" />
- <allow-permission name="android.permission.READ_PROFILE" />
- <allow-permission name="android.permission.READ_SYNC_SETTINGS" />
- <allow-permission name="android.permission.SEND_DOWNLOAD_COMPLETED_INTENTS" />
- <allow-permission name="android.permission.SET_WALLPAPER" />
- <allow-permission name="android.permission.USE_CREDENTIALS"/>
- <allow-permission name="android.permission.WAKE_LOCK"/>
- <allow-permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
- <allow-permission name="android.permission.WRITE_SETTINGS" />
- <allow-permission name="android.permission.WRITE_SYNC_SETTINGS" />
- <allow-permission name="com.android.browser.permission.READ_HISTORY_BOOKMARKS"/>
- <allow-permission name="com.android.browser.permission.WRITE_HISTORY_BOOKMARKS"/>
- <allow-permission name="com.android.launcher.permission.INSTALL_SHORTCUT"/>
- </package>
</signer>
<!-- All other keys -->
<default>
<seinfo value="default" />
- <deny-permission name="android.permission.ACCESS_COARSE_LOCATION" />
- <deny-permission name="android.permission.ACCESS_FINE_LOCATION" />
- <deny-permission name="android.permission.AUTHENTICATE_ACCOUNTS" />
- <deny-permission name="android.permission.CALL_PHONE" />
- <deny-permission name="android.permission.CAMERA" />
- <deny-permission name="android.permission.READ_LOGS" />
- <deny-permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
</default>
</policy>
--
GitLab