diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-06-15 21:49:11 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-06-15 21:49:11 +0000 |
commit | e290870d2fbb3b6ee84e216ecaf52b711200187f (patch) | |
tree | 001ca3325570e7430db5cfb8b37a85311491155f | |
parent | 30809b3d5c0eab8da0a554c66c06a6e5bfd04e95 (diff) | |
parent | 732418b020ecbf4c9e29ed837622717c4ce57842 (diff) | |
download | NetworkPermissionConfig-e290870d2fbb3b6ee84e216ecaf52b711200187f.tar.gz |
Snap for 8730993 from 732418b020ecbf4c9e29ed837622717c4ce57842 to mainline-tzdata3-releaseaml_tz3_314012070aml_tz3_314012050aml_tz3_314012010aml_tz3_313110000aml_tz3_312511020aml_tz3_312511010aml_tz3_312410020aml_tz3_312410010android12-mainline-tzdata3-releaseaml_tz3_314012010
Change-Id: I81fef7dba53135a936224820ed7c0acd3f76ce0c
-rw-r--r-- | Android.bp | 43 | ||||
-rw-r--r-- | AndroidManifest.xml | 45 | ||||
-rw-r--r-- | OWNERS | 2 |
3 files changed, 90 insertions, 0 deletions
diff --git a/Android.bp b/Android.bp new file mode 100644 index 0000000..81af6ff --- /dev/null +++ b/Android.bp @@ -0,0 +1,43 @@ +// +// Copyright (C) 2019 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +java_defaults { + name: "NetworkPermissionConfigDefaults", + platform_apis: true, + target_sdk_version: "30", + min_sdk_version: "29", + privileged: true, + manifest: "AndroidManifest.xml", +} + +// Stub APK to define permissions for NetworkStack +android_app { + name: "NetworkPermissionConfig", + defaults: ["NetworkPermissionConfigDefaults"], + certificate: "networkstack", +} + +// Alternative stub APK signed with platform certificate. To use with InProcessNetworkStack. +android_app { + name: "PlatformNetworkPermissionConfig", + defaults: ["NetworkPermissionConfigDefaults"], + certificate: "platform", + overrides: ["NetworkPermissionConfig"], +} diff --git a/AndroidManifest.xml b/AndroidManifest.xml new file mode 100644 index 0000000..9fa7b92 --- /dev/null +++ b/AndroidManifest.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + coreApp="true" + package="com.android.networkstack.permissionconfig" + android:sharedUserId="android.uid.networkstack" + android:versionCode="300000000" + android:versionName="2019-09" + > + <!-- + This package only exists to define the below permissions, and enforce that they are only + granted to apps sharing the same signature. + Permissions defined here are intended to be used only by the NetworkStack: both + NetworkStack and this stub APK are to be signed with a dedicated certificate to ensure + that, with the below permissions being signature permissions. + + This APK *must* be installed, even if the NetworkStack app is not installed, because otherwise, + any application will be able to define this permission and the system will give that application + full access to the network stack. + --> + <permission android:name="android.permission.MAINLINE_NETWORK_STACK" + android:protectionLevel="signature"/> + + <!-- The application must declare usesClearTraffic because it uses the same UID as the + NetworkStack module, which does cleartext traffic (b/161860610). --> + <application android:name="com.android.server.NetworkPermissionConfig" + android:usesCleartextTraffic="true" + android:hasCode="false"/> +</manifest> @@ -0,0 +1,2 @@ +set noparent +file:platform/packages/modules/Connectivity:master:/OWNERS_core_networking |