diff options
-rw-r--r-- | Android.bp | 43 | ||||
-rw-r--r-- | AndroidManifest.xml | 45 | ||||
-rw-r--r-- | OWNERS | 2 |
3 files changed, 90 insertions, 0 deletions
diff --git a/Android.bp b/Android.bp new file mode 100644 index 0000000..81af6ff --- /dev/null +++ b/Android.bp @@ -0,0 +1,43 @@ +// +// Copyright (C) 2019 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +java_defaults { + name: "NetworkPermissionConfigDefaults", + platform_apis: true, + target_sdk_version: "30", + min_sdk_version: "29", + privileged: true, + manifest: "AndroidManifest.xml", +} + +// Stub APK to define permissions for NetworkStack +android_app { + name: "NetworkPermissionConfig", + defaults: ["NetworkPermissionConfigDefaults"], + certificate: "networkstack", +} + +// Alternative stub APK signed with platform certificate. To use with InProcessNetworkStack. +android_app { + name: "PlatformNetworkPermissionConfig", + defaults: ["NetworkPermissionConfigDefaults"], + certificate: "platform", + overrides: ["NetworkPermissionConfig"], +} diff --git a/AndroidManifest.xml b/AndroidManifest.xml new file mode 100644 index 0000000..9fa7b92 --- /dev/null +++ b/AndroidManifest.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + coreApp="true" + package="com.android.networkstack.permissionconfig" + android:sharedUserId="android.uid.networkstack" + android:versionCode="300000000" + android:versionName="2019-09" + > + <!-- + This package only exists to define the below permissions, and enforce that they are only + granted to apps sharing the same signature. + Permissions defined here are intended to be used only by the NetworkStack: both + NetworkStack and this stub APK are to be signed with a dedicated certificate to ensure + that, with the below permissions being signature permissions. + + This APK *must* be installed, even if the NetworkStack app is not installed, because otherwise, + any application will be able to define this permission and the system will give that application + full access to the network stack. + --> + <permission android:name="android.permission.MAINLINE_NETWORK_STACK" + android:protectionLevel="signature"/> + + <!-- The application must declare usesClearTraffic because it uses the same UID as the + NetworkStack module, which does cleartext traffic (b/161860610). --> + <application android:name="com.android.server.NetworkPermissionConfig" + android:usesCleartextTraffic="true" + android:hasCode="false"/> +</manifest> @@ -0,0 +1,2 @@ +set noparent +file:platform/packages/modules/Connectivity:master:/OWNERS_core_networking |