diff options
author | Xin Li <delphij@google.com> | 2022-06-17 00:25:47 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2022-06-17 00:25:47 +0000 |
commit | a30af7d171c3a220fe021e2ae034d52f4faac967 (patch) | |
tree | 001ca3325570e7430db5cfb8b37a85311491155f | |
parent | c91032a71a1bf0920ed0955633a4658814aee99d (diff) | |
parent | 3dd71cd1d7aef27c4abeb3532e3e9c51c6b592ac (diff) | |
download | NetworkPermissionConfig-a30af7d171c3a220fe021e2ae034d52f4faac967.tar.gz |
Merge Android 12 QPR 3 am: 3dd71cd1d7
Original change: https://android-review.googlesource.com/c/platform/packages/modules/NetworkPermissionConfig/+/2126234
Change-Id: Id2193b6466b2f3d620febef6692f3f8fefd6df89
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | Android.bp | 43 | ||||
-rw-r--r-- | AndroidManifest.xml | 45 | ||||
-rw-r--r-- | OWNERS | 2 |
3 files changed, 90 insertions, 0 deletions
diff --git a/Android.bp b/Android.bp new file mode 100644 index 0000000..81af6ff --- /dev/null +++ b/Android.bp @@ -0,0 +1,43 @@ +// +// Copyright (C) 2019 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +java_defaults { + name: "NetworkPermissionConfigDefaults", + platform_apis: true, + target_sdk_version: "30", + min_sdk_version: "29", + privileged: true, + manifest: "AndroidManifest.xml", +} + +// Stub APK to define permissions for NetworkStack +android_app { + name: "NetworkPermissionConfig", + defaults: ["NetworkPermissionConfigDefaults"], + certificate: "networkstack", +} + +// Alternative stub APK signed with platform certificate. To use with InProcessNetworkStack. +android_app { + name: "PlatformNetworkPermissionConfig", + defaults: ["NetworkPermissionConfigDefaults"], + certificate: "platform", + overrides: ["NetworkPermissionConfig"], +} diff --git a/AndroidManifest.xml b/AndroidManifest.xml new file mode 100644 index 0000000..9fa7b92 --- /dev/null +++ b/AndroidManifest.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + coreApp="true" + package="com.android.networkstack.permissionconfig" + android:sharedUserId="android.uid.networkstack" + android:versionCode="300000000" + android:versionName="2019-09" + > + <!-- + This package only exists to define the below permissions, and enforce that they are only + granted to apps sharing the same signature. + Permissions defined here are intended to be used only by the NetworkStack: both + NetworkStack and this stub APK are to be signed with a dedicated certificate to ensure + that, with the below permissions being signature permissions. + + This APK *must* be installed, even if the NetworkStack app is not installed, because otherwise, + any application will be able to define this permission and the system will give that application + full access to the network stack. + --> + <permission android:name="android.permission.MAINLINE_NETWORK_STACK" + android:protectionLevel="signature"/> + + <!-- The application must declare usesClearTraffic because it uses the same UID as the + NetworkStack module, which does cleartext traffic (b/161860610). --> + <application android:name="com.android.server.NetworkPermissionConfig" + android:usesCleartextTraffic="true" + android:hasCode="false"/> +</manifest> @@ -0,0 +1,2 @@ +set noparent +file:platform/packages/modules/Connectivity:master:/OWNERS_core_networking |