diff options
-rw-r--r-- | src/main/java/com/android/apksig/SigningCertificateLineage.java | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/src/main/java/com/android/apksig/SigningCertificateLineage.java b/src/main/java/com/android/apksig/SigningCertificateLineage.java index 440f13d..8c2c7e5 100644 --- a/src/main/java/com/android/apksig/SigningCertificateLineage.java +++ b/src/main/java/com/android/apksig/SigningCertificateLineage.java @@ -89,6 +89,11 @@ public class SigningCertificateLineage { */ private static final int PAST_CERT_ROLLBACK = 8; + /** + * Preserve authenticator module-based access in AccountManager gated by signing certificate. + */ + private static final int PAST_CERT_AUTH = 16; + private final int mMinSdkVersion; /** @@ -414,7 +419,8 @@ public class SigningCertificateLineage { // TODO add API to modify flags corresponding to a given signing certificate private static int calculateDefaultFlags() { - return PAST_CERT_INSTALLED_DATA | PAST_CERT_PERMISSION | PAST_CERT_SHARED_USER_ID; + return PAST_CERT_INSTALLED_DATA | PAST_CERT_PERMISSION + | PAST_CERT_SHARED_USER_ID | PAST_CERT_AUTH; } /** @@ -598,6 +604,20 @@ public class SigningCertificateLineage { } /** + * Set the {@code PAST_CERT_AUTH} flag in this capabilities object. This flag + * is used by the platform to determine whether or not privileged access based on + * authenticator module signing certificates should be granted. + */ + public Builder setAuth(boolean enabled) { + if (enabled) { + mFlags |= PAST_CERT_AUTH; + } else { + mFlags &= ~PAST_CERT_AUTH; + } + return this; + } + + /** * Returns a new {@code SignerConfig} instance configured based on the configuration of * this builder. */ |