002fdbdb95
Privileged apps can now be located in the vendor partition. This is mainly to move SoC-dependent apks to the vendor partition so that the system partition becomes more generic. Like existing privileged apps in the system partition, the list of privileged apps in the vendor partition and the permissions they are using must be white-listed. The whitelist can be specified via <privapp-permissions> tags in one of /vendor/etc/permissions/*.xml files. Note: vendors can only white-list the apps in vendor partition, but not the apps in system partition. This change also introduces a new flag 'vendor-privileged' to the permission protection level. It is used to expose platform-defined permissions to the privileged vendor apps. If a platform permission does not have this flag, it is not granted to vendor apps even when the app is privileged and white-listed. Bug: 35301609 Test: `mm` under frameworks/base/tests/privapp-permissions adb sync && adb reboot adb shell cmd package \ com.android.framework.permission.privapp.tests.vendor shows that the app is installed. android.permission.BIND_IMS_SERVICE is in the installed permissions list android.permission.MANAGE_USE is not in the installed permissions list, but is in the requested permissions list. Change-Id: I196375aaaa9ea3a2ba15686ef08cf3f70ade7046
8 lines
309 B
XML
8 lines
309 B
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<permissions>
|
|
<privapp-permissions package="com.android.framework.permission.privapp.tests.vendor">
|
|
<permission name="android.permission.BIND_IMS_SERVICE"/>
|
|
<permission name="android.permission.MANAGE_USB"/>
|
|
</privapp-permissions>
|
|
</permissions>
|