Snap for 8746144 from a30af7d171c3a220fe021e2ae034d52f4faac967 to mainline-conscrypt-release

Change-Id: I2134aa8f07a262b7f837cc3f10953303f2871d4e

3 files changed, 90 insertions, 0 deletions

diff --git a/Android.bp b/Android.bp
new file mode 100644
index 0000000..81af6ff
--- /dev/null
+++ b/Android.bp
@@ -0,0 +1,43 @@
+//
+// Copyright (C) 2019 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package {
+    default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+java_defaults {
+    name: "NetworkPermissionConfigDefaults",
+    platform_apis: true,
+    target_sdk_version: "30",
+    min_sdk_version: "29",
+    privileged: true,
+    manifest: "AndroidManifest.xml",
+}
+
+// Stub APK to define permissions for NetworkStack
+android_app {
+    name: "NetworkPermissionConfig",
+    defaults: ["NetworkPermissionConfigDefaults"],
+    certificate: "networkstack",
+}
+
+// Alternative stub APK signed with platform certificate. To use with InProcessNetworkStack.
+android_app {
+    name: "PlatformNetworkPermissionConfig",
+    defaults: ["NetworkPermissionConfigDefaults"],
+    certificate: "platform",
+    overrides: ["NetworkPermissionConfig"],
+}
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
new file mode 100644
index 0000000..9fa7b92
--- /dev/null
+++ b/AndroidManifest.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    coreApp="true"
+    package="com.android.networkstack.permissionconfig"
+    android:sharedUserId="android.uid.networkstack"
+    android:versionCode="300000000"
+    android:versionName="2019-09"
+  >
+    <!--
+    This package only exists to define the below permissions, and enforce that they are only
+    granted to apps sharing the same signature.
+    Permissions defined here are intended to be used only by the NetworkStack: both
+    NetworkStack and this stub APK are to be signed with a dedicated certificate to ensure
+    that, with the below permissions being signature permissions.
+
+    This APK *must* be installed, even if the NetworkStack app is not installed, because otherwise,
+    any application will be able to define this permission and the system will give that application
+    full access to the network stack.
+     -->
+    <permission android:name="android.permission.MAINLINE_NETWORK_STACK"
+                android:protectionLevel="signature"/>
+
+    <!-- The application must declare usesClearTraffic because it uses the same UID as the
+         NetworkStack module, which does cleartext traffic (b/161860610). -->
+    <application android:name="com.android.server.NetworkPermissionConfig"
+                 android:usesCleartextTraffic="true"
+                 android:hasCode="false"/>
+</manifest>
diff --git a/OWNERS b/OWNERS
new file mode 100644
index 0000000..62c5737
--- /dev/null
+++ b/OWNERS
@@ -0,0 +1,2 @@
+set noparent
+file:platform/packages/modules/Connectivity:master:/OWNERS_core_networking