diff options
91 files changed, 3906 insertions, 63 deletions
diff --git a/cmds/installd/commands.c b/cmds/installd/commands.c index d19db32..2e5f360 100644 --- a/cmds/installd/commands.c +++ b/cmds/installd/commands.c @@ -32,7 +32,7 @@ dir_rec_t android_app_lib_dir; dir_rec_t android_media_dir; dir_rec_array_t android_system_dirs; -int install(const char *pkgname, uid_t uid, gid_t gid) +int install(const char *pkgname, uid_t uid, gid_t gid, const char *seinfo) { char pkgdir[PKG_PATH_MAX]; char libsymlink[PKG_PATH_MAX]; @@ -96,7 +96,7 @@ int install(const char *pkgname, uid_t uid, gid_t gid) } #ifdef HAVE_SELINUX - if (selinux_android_setfilecon(pkgdir, pkgname, uid) < 0) { + if (selinux_android_setfilecon2(pkgdir, pkgname, seinfo, uid) < 0) { ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno)); unlink(libsymlink); unlink(pkgdir); @@ -190,7 +190,7 @@ int delete_user_data(const char *pkgname, uid_t persona) return delete_dir_contents(pkgdir, 0, "lib"); } -int make_user_data(const char *pkgname, uid_t uid, uid_t persona) +int make_user_data(const char *pkgname, uid_t uid, uid_t persona, const char* seinfo) { char pkgdir[PKG_PATH_MAX]; char applibdir[PKG_PATH_MAX]; @@ -251,21 +251,21 @@ int make_user_data(const char *pkgname, uid_t uid, uid_t persona) return -1; } - if (chown(pkgdir, uid, uid) < 0) { - ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno)); +#ifdef HAVE_SELINUX + if (selinux_android_setfilecon2(pkgdir, pkgname, seinfo, uid) < 0) { + ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno)); unlink(libsymlink); unlink(pkgdir); return -errno; } +#endif -#ifdef HAVE_SELINUX - if (selinux_android_setfilecon(pkgdir, pkgname, uid) < 0) { - ALOGE("cannot setfilecon dir '%s': %s\n", pkgdir, strerror(errno)); + if (chown(pkgdir, uid, uid) < 0) { + ALOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno)); unlink(libsymlink); unlink(pkgdir); return -errno; } -#endif return 0; } @@ -325,7 +325,7 @@ int clone_persona_data(uid_t src_persona, uid_t target_persona, int copy) uid = (uid_t) s.st_uid % PER_USER_RANGE; /* Create the directory for the target */ make_user_data(name, uid + target_persona * PER_USER_RANGE, - target_persona); + target_persona, NULL); } } closedir(d); diff --git a/cmds/installd/installd.c b/cmds/installd/installd.c index 17a1a1f..74643ac 100644 --- a/cmds/installd/installd.c +++ b/cmds/installd/installd.c @@ -31,7 +31,7 @@ static int do_ping(char **arg, char reply[REPLY_MAX]) static int do_install(char **arg, char reply[REPLY_MAX]) { - return install(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, gid */ + return install(arg[0], atoi(arg[1]), atoi(arg[2]), arg[3]); /* pkgname, uid, gid, seinfo */ } static int do_dexopt(char **arg, char reply[REPLY_MAX]) @@ -103,7 +103,8 @@ static int do_rm_user_data(char **arg, char reply[REPLY_MAX]) static int do_mk_user_data(char **arg, char reply[REPLY_MAX]) { - return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, userid */ + return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2]), arg[3]); + /* pkgname, uid, userid, seinfo */ } static int do_rm_user(char **arg, char reply[REPLY_MAX]) @@ -134,7 +135,7 @@ struct cmdinfo { struct cmdinfo cmds[] = { { "ping", 0, do_ping }, - { "install", 3, do_install }, + { "install", 4, do_install }, { "dexopt", 3, do_dexopt }, { "movedex", 2, do_move_dex }, { "rmdex", 1, do_rm_dex }, @@ -147,7 +148,7 @@ struct cmdinfo cmds[] = { { "rmuserdata", 2, do_rm_user_data }, { "movefiles", 0, do_movefiles }, { "linklib", 3, do_linklib }, - { "mkuserdata", 3, do_mk_user_data }, + { "mkuserdata", 4, do_mk_user_data }, { "rmuser", 1, do_rm_user }, { "cloneuserdata", 3, do_clone_user_data }, }; diff --git a/cmds/installd/installd.h b/cmds/installd/installd.h index a8461eb..8bce669 100644 --- a/cmds/installd/installd.h +++ b/cmds/installd/installd.h @@ -196,12 +196,12 @@ int ensure_media_user_dirs(userid_t userid); /* commands.c */ -int install(const char *pkgname, uid_t uid, gid_t gid); +int install(const char *pkgname, uid_t uid, gid_t gid, const char *seinfo); int uninstall(const char *pkgname, uid_t persona); int renamepkg(const char *oldpkgname, const char *newpkgname); int fix_uid(const char *pkgname, uid_t uid, gid_t gid); int delete_user_data(const char *pkgname, uid_t persona); -int make_user_data(const char *pkgname, uid_t uid, uid_t persona); +int make_user_data(const char *pkgname, uid_t uid, uid_t persona, const char* seinfo); int delete_persona(uid_t persona); int clone_persona_data(uid_t src_persona, uid_t target_persona, int copy); int delete_cache(const char *pkgname, uid_t persona); diff --git a/core/java/android/app/admin/DeviceAdminInfo.java b/core/java/android/app/admin/DeviceAdminInfo.java index 66fc816..3ea4c7f 100644 --- a/core/java/android/app/admin/DeviceAdminInfo.java +++ b/core/java/android/app/admin/DeviceAdminInfo.java @@ -146,6 +146,25 @@ public final class DeviceAdminInfo implements Parcelable { */ public static final int USES_POLICY_DISABLE_KEYGUARD_FEATURES = 9; + /** + * @hide + * A type of policy that this device admin can use: enforce SELinux policy. + * + * <p>To control this policy, the device admin must have a "enforce-selinux" + * tag in the "uses-policies" section of its meta-data. + */ + public static final int USES_POLICY_ENFORCE_SELINUX = 10; + + /** + * @hide + * A type of policy that this device admin can use: enforce SE Android MMAC policy. + * + * <p>To control this policy, the device admin must have a "enforce-mmac" tag in the + * "uses-policies" section of its meta-data. + */ + public static final int USES_POLICY_ENFORCE_MMAC = 11; + + /** @hide */ public static class PolicyInfo { public final int ident; @@ -197,6 +216,12 @@ public final class DeviceAdminInfo implements Parcelable { USES_POLICY_DISABLE_KEYGUARD_FEATURES, "disable-keyguard-features", com.android.internal.R.string.policylab_disableKeyguardFeatures, com.android.internal.R.string.policydesc_disableKeyguardFeatures)); + sPoliciesDisplayOrder.add(new PolicyInfo(USES_POLICY_ENFORCE_SELINUX, "enforce-selinux", + com.android.internal.R.string.policylab_enforceSelinux, + com.android.internal.R.string.policydesc_enforceSelinux)); + sPoliciesDisplayOrder.add(new PolicyInfo(USES_POLICY_ENFORCE_MMAC, "enforce-mmac", + com.android.internal.R.string.policylab_enforceMmac, + com.android.internal.R.string.policydesc_enforceMmac)); for (int i=0; i<sPoliciesDisplayOrder.size(); i++) { PolicyInfo pi = sPoliciesDisplayOrder.get(i); @@ -389,7 +414,8 @@ public final class DeviceAdminInfo implements Parcelable { * {@link #USES_POLICY_RESET_PASSWORD}, {@link #USES_POLICY_FORCE_LOCK}, * {@link #USES_POLICY_WIPE_DATA}, * {@link #USES_POLICY_EXPIRE_PASSWORD}, {@link #USES_ENCRYPTED_STORAGE}, - * {@link #USES_POLICY_DISABLE_CAMERA}. + * {@link #USES_POLICY_DISABLE_CAMERA}, {@link #USES_POLICY_ENFORCE_SELINUX}, + * {@link #USES_POLICY_ENFORCE_MMAC}. */ public boolean usesPolicy(int policyIdent) { return (mUsesPolicies & (1<<policyIdent)) != 0; diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index 719f050..fb186a6 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -1421,6 +1421,466 @@ public class DevicePolicyManager { } /** + * Called by an application that is administering the device to start or stop + * controlling SELinux policies, enforcement, booleans, etc. When an admin app + * gives up control of SELinux policies, the policy in place prior to the app + * taking control will be applied. + * + * <p>The calling device admin must have requested + * {@link DeviceAdminInfo#USES_POLICY_ENFORCE_SELINUX} to be able to call + * this method; if it has not, a security exception will be thrown. + * + * <p>When an application gains control of SELinux settings, it is called an + * SELinux administrator. Admistration applications will call this with true and + * ensure this method returned true before attempting to toggle SELinux settings. + * When apps intend to stop controlling SELinux settings, apps should call this + * with false. + * + * @param admin Which {@link DeviceAdminReceiver} this request is associated, + * must be self + * @param control true if the admin wishes to control SELinux, false if the admin + * wishes to give back control of SELinux + * @return true if the operation succeeded, false if the operation failed or + * SELinux was not enabled on the device. + * @hide + */ + public boolean setSELinuxAdmin(ComponentName admin, boolean control) { + return setSELinuxAdmin(admin, control, UserHandle.myUserId()); + } + + /** @hide per-user version */ + public boolean setSELinuxAdmin(ComponentName admin, boolean control, int userHandle) { + if (mService != null) { + try { + return mService.setSELinuxAdmin(admin, control, userHandle); + } catch (RemoteException e) { + Log.w(TAG, "Failed talking with device policy server", e); + } + } + return false; + } + + /** + * Checks whether an admin app has control over SELinux policy. + * + * <p>The calling device admin must have requested + * {@link DeviceAdminInfo#USES_POLICY_ENFORCE_SELINUX} to be able to call + * this method; if it has not, a security exception will be thrown. + * + * @param admin Which {@link DeviceAdminReceiver} this request is associated, + * must be self + * @return true if admin app can control SELinux policy, false otherwise + * @hide + */ + public boolean isSELinuxAdmin(ComponentName admin) { + return isSELinuxAdmin(admin, UserHandle.myUserId()); + } + + /** @hide per-user version */ + public boolean isSELinuxAdmin(ComponentName admin, int userHandle) { + if (mService != null) { + try { + return mService.isSELinuxAdmin(admin, userHandle); + } catch (RemoteException e) { + Log.w(TAG, "Failed talking with device policy server", e); + } + } + return false; + } + + /** + * Called by a SELinux admin to set SELinux into enforcing or permissive mode. + * + * <p>The calling device admin must have requested + * {@link DeviceAdminInfo#USES_POLICY_ENFORCE_SELINUX} to be able to call + * this method; if it has not, a security exception will be thrown. + * + * @param admin Which {@link DeviceAdminReceiver} this request is associated with. + * @param enforcing true for enforcing mode, false for permissive mode. + * @return false if Android was unable to set the desired mode + * @hide + */ + public boolean setSELinuxEnforcing(ComponentName admin, boolean enforcing) { + return setSELinuxEnforcing(admin, enforcing, UserHandle.myUserId()); + } + + /** @hide per-user version */ + public boolean setSELinuxEnforcing(ComponentName admin, boolean enforcing, int userHandle) { + if (mService != null) { + try { + return mService.setSELinuxEnforcing(admin, enforcing, userHandle); + } catch (RemoteException e) { + Log.w(TAG, "Failed talking with device policy server", e); + } + } + return false; // I guess this doesn't fit the spec, but it never happens... + } + + /** + * Determine whether or not SELinux policies are currently being enforced + * by the current admin. + * + * <p>The calling device admin must have requested + * {@link DeviceAdminInfo#USES_POLICY_ENFORCE_SELINUX} to be able to call + * this method; if it has not, a security exception will be thrown. + * + * <p>The returned value is only meaningful if the current admin is a + * SELinux admin. + * + * @param admin Which {@link DeviceAdminReceiver} this request is associated with. + * @hide + */ + public boolean getSELinuxEnforcing(ComponentName admin) { + return getSELinuxEnforcing(admin, UserHandle.myUserId()); + } + + /** @hide per-user version */ + public boolean getSELinuxEnforcing(ComponentName admin, int userHandle) { + if (mService != null) { + try { + return mService.getSELinuxEnforcing(admin, userHandle); + } catch (RemoteException e) { + Log.w(TAG, "Failed talking with device policy server", e); + } + } + return false; + } + + /** + * Get a list of the SELinux booleans available on the system. + * + * <p>The calling device admin must have requested + * {@link DeviceAdminInfo#USES_POLICY_ENFORCE_SELINUX} to be able to call + * this method; if it has not, a security exception will be thrown. + * + * <p>The returned value is only meaningful if the current admin is a + * SELinux admin. + * + * @param admin Which {@link DeviceAdminReceiver} this request is associated with. + * @hide + */ + public List<String> getSELinuxBooleanNames(ComponentName admin) { + return getSELinuxBooleanNames(admin, UserHandle.myUserId()); + } + + /** @hide per-user version */ + public List<String> getSELinuxBooleanNames(ComponentName admin, int userHandle) { + if (mService != null) { + try { + return mService.getSELinuxBooleanNames(admin, userHandle); + } catch (RemoteException e) { + Log.w(TAG, "Failed talking with device policy server", e); + } + } + return null; + } + + /** + * Get the value of a SELinux boolean. + * + * <p>The calling device admin must have requested + * {@link DeviceAdminInfo#USES_POLICY_ENFORCE_SELINUX} to be able to call + * this method; if it has not, a security exception will be thrown. + * + * <p>The returned value is only meaningful if the current admin is a + * SELinux admin. + * + * @param admin Which {@link DeviceAdminReceiver} this request is associated with. + * @param name the name of the SELinux boolean + * @return the value of the SELinux boolean + * @hide + */ + public boolean getSELinuxBooleanValue(ComponentName admin, String name) { + return getSELinuxBooleanValue(admin, name, UserHandle.myUserId()); + } + + /** @hide per-user version */ + public boolean getSELinuxBooleanValue(ComponentName admin, String name, int userHandle) { + if (mService != null) { + try { + return mService.getSELinuxBooleanValue(admin, name, userHandle); + } catch (RemoteException e) { + Log.w(TAG, "Failed talking with device policy server", e); + } + } + return false; + } + + /** + * Set the value of a SELinux boolean. + * + * <p>The calling device admin must have requested + * {@link DeviceAdminInfo#USES_POLICY_ENFORCE_SELINUX} to be able to call + * this method; if it has not, a security exception will be thrown. + * + * <p>The returned value is only meaningful if the current admin is a + * SELinux admin. + * + * @param admin Which {@link DeviceAdminReceiver} this request is associated with. + * @param name the name of the SELinux boolean + * @param value the desired value for the boolean + * @return false if Android was unable to set the desired mode + * @hide + */ + public boolean setSELinuxBooleanValue(ComponentName admin, String name, + boolean value) { + return setSELinuxBooleanValue(admin, name, value, UserHandle.myUserId()); + } + + /** @hide per-user version */ + public boolean setSELinuxBooleanValue(ComponentName admin, String name, + boolean value, int userHandle) { + if (mService != null) { + try { + return mService.setSELinuxBooleanValue(admin, name, value, userHandle); + } catch (RemoteException e) { + Log.w(TAG, "Failed talking with device policy server", e); + } + } + return false; + } + + /** + * Checks whether an admin app has control over SE Android MMAC policy. + * + * <p>The calling device admin must have requested + * {@link DeviceAdminInfo#USES_POLICY_ENFORCE_MMAC} to be able to call + * this method; if it has not, a security exception will be thrown. + * + * @param admin Which {@link DeviceAdminReceiver} this request is associated, + * must be self + * @return true if admin app can control MMAC policy, false otherwise + * @hide + */ + public boolean isMMACadmin(ComponentName admin) { + return isMMACadmin(admin, UserHandle.myUserId()); + } + + /** @hide per-user version */ + public boolean isMMACadmin(ComponentName admin, int userHandle) { + if (mService != null) { + try { + return mService.isMMACadmin(admin, userHandle); + } catch (RemoteException e) { + Log.w(TAG, "Failed talking with device policy server", e); + } + } + return false; + } + + /** + * Called by an application that is administering the device to start or stop + * controlling SE Android MMAC policies, enforcement, etc. When an admin + * app gives up control of MMAC policies, the policy in place prior to the app + * taking control will be applied. + * + * <p>The calling device admin must have requested + * {@link DeviceAdminInfo#USES_POLICY_ENFORCE_MMAC} to be able to call + * this method; if it has not, a security exception will be thrown. + * + * <p>When an application gains control of MMAC settings, it is called an + * MMAC administrator. Admistration applications will call this with true and + * ensure this method returned true before attempting to toggle MMAC settings. + * When apps intend to stop controlling MMAC settings, apps should call this + * with false. + * + * @param admin Which {@link DeviceAdminReceiver} this request is associated, + * must be self + * @param control true if the admin wishes to control MMAC, false if the admin + * wishes to give back control of MMAC + * @return true if the operation succeeded, false if the operation failed or + * MMAC was not enabled on the device. + * @hide + */ + public boolean setMMACadmin(ComponentName admin, boolean control) { + return setMMACadmin(admin, control, UserHandle.myUserId()); + } + + /** @hide per-user version */ + public boolean setMMACadmin(ComponentName admin, boolean control, int userHandle) { + if (mService != null) { + try { + return mService.setMMACadmin(admin, control, userHandle); + } catch (RemoteException e) { + Log.w(TAG, "Failed talking with device policy server", e); + } + } + return false; + } + + /** + * Called by an application that is a SEAndroid MMAC admin to set MMAC + * protections into enforcing or permissive mode. The system requires a + * reboot for the protections to take effect. + * + * <p>The calling device admin must have requested + * {@link DeviceAdminInfo#USES_POLICY_ENFORCE_MMAC} to be able to call + * this method; if it has not, a security exception will be thrown. + * + * @param admin Which {@link DeviceAdminReceiver} this request is associated with. + * @param enforcing true for enforcing mode, false for permissive mode. + * @return false if Android was unable to set the desired mode + * @hide + */ + public boolean setMMACenforcing(ComponentName admin, boolean enforcing) { + return setMMACenforcing(admin, enforcing, UserHandle.myUserId()); + } + + /** @hide per-user version */ + public boolean setMMACenforcing(ComponentName admin, boolean enforcing, int userHandle) { + if (mService != null) { + try { + return mService.setMMACenforcing(admin, enforcing, userHandle); + } catch (RemoteException e) { + Log.w(TAG, "Failed talking with device policy server", e); + } + } + return false; + } + + /** + * Determine whether SE Android MMAC policies are being enforced by the + * current admin. + * + * <p>The calling device admin must have requested + * {@link DeviceAdminInfo#USES_POLICY_ENFORCE_MMAC} to be able to call + * this method; if it has not, a security exception will be thrown. + * + * <p>The returned value is only meaningful if the current admin is a + * MMAC admin. + * + * @param admin Which {@link DeviceAdminReceiver} this request is associated with. + * @hide + */ + public boolean getMMACenforcing(ComponentName admin) { + return getMMACenforcing(admin, UserHandle.myUserId()); + } + + /** @hide per-user version */ + public boolean getMMACenforcing(ComponentName admin, int userHandle) { + if (mService != null) { + try { + return mService.getMMACenforcing(admin, userHandle); + } catch (RemoteException e) { + Log.w(TAG, "Failed talking with device policy server", e); + } + } + return false; + } + + // Before changing these values, be sure to update + // DevicePolicyManagerService.java's POLICY_DESCRIPTIONS array. + /** @hide */ + public static final int SEPOLICY_FILE_SEPOLICY = 0; + /** @hide */ + public static final int SEPOLICY_FILE_PROPCTXS = 1; + /** @hide */ + public static final int SEPOLICY_FILE_FILECTXS = 2; + /** @hide */ + public static final int SEPOLICY_FILE_SEAPPCTXS = 3; + /** @hide */ + public static final int MMAC_POLICY_FILE = 4; + /** @hide */ + public static final int SEPOLICY_FILE_COUNT = MMAC_POLICY_FILE+1; + + /** + * Sets a new policy file and reloads it at the proper time. + * + * <p>For {@link #SEPOLICY_FILE_SEPOLICY}, {@link #SEPOLICY_FILE_PROPCTXS}, + * {@link #SEPOLICY_FILE_FILECTXS}, and {@link #SEPOLICY_FILE_SEAPPCTXS}, the admin + * must have requested {@link DeviceAdminInfo#USES_POLICY_ENFORCE_SELINUX} + * before calling this method. If it has not, a security exception will be + * thrown. + * + * <p>For {@link #SEPOLICY_FILE_SEPOLICY}, {@link #SEPOLICY_FILE_PROPCTXS}, + * {@link #SEPOLICY_FILE_FILECTXS}, and {@link #SEPOLICY_FILE_SEAPPCTXS}, these + * files are reloaded before returning from the DevicePolicyManager. + * + * <p>For {@link #SEPOLICY_FILE_SEPOLICY}, {@link #SEPOLICY_FILE_PROPCTXS}, + * {@link #SEPOLICY_FILE_FILECTXS}, and {@link #SEPOLICY_FILE_SEAPPCTXS}, the + * returned value is only meaingful if the current admin is a SELinux + * admin. + * + * <p>For {@link #MMAC_POLICY_FILE}, the admin must have requested + * {@link DeviceAdminInfo#USES_POLICY_ENFORCE_MMAC} before calling this + * method. If it has not, a security exception will be thrown. + * + * <p>For {@link #MMAC_POLICY_FILE}, the MMAC policy file is reloaded on + * reboot. + * + * <p>For {@link #MMAC_POLICY_FILE}, the returned value is only meaingful + * if the current admin is a MMAC admin. + * + * @param admin which {@link DeviceAdminReceiver} this request is associated with + * @param policyType one of {@link #SEPOLICY_FILE_SEPOLICY}, {@link #SEPOLICY_FILE_PROPCTXS}, + * {@link #SEPOLICY_FILE_FILECTXS}, {@link #SEPOLICY_FILE_SEAPPCTXS}, + * or {@link #MMAC_POLICY_FILE}. + * @param policy the new policy file in bytes, or null if you wish to revert to + * the default policy + * @return false if Android was unable to set the new policy + * @hide + */ + public boolean setCustomPolicyFile(ComponentName admin, int policyType, byte[] policy) { + return setCustomPolicyFile(admin, policyType, policy, UserHandle.myUserId()); + } + + /** @hide per-user version */ + public boolean setCustomPolicyFile(ComponentName admin, int policyType, byte[] policy, int userHandle) { + if (mService != null) { + try { + return mService.setCustomPolicyFile(admin, policyType, policy, userHandle); + } catch (RemoteException e) { + Log.w(TAG, "Failed talking with device policy server", e); + } + } + return false; + } + + /** + * Determine whether this admin set a custom policy file. + * + * <p>For {@link #SEPOLICY_FILE_SEPOLICY}, {@link #SEPOLICY_FILE_PROPCTXS}, + * {@link #SEPOLICY_FILE_FILECTXS}, and {@link #SEPOLICY_FILE_SEAPPCTXS}, the admin + * must have requested {@link DeviceAdminInfo#USES_POLICY_ENFORCE_SELINUX} + * before calling this method. If it has not, a security exception will be + * thrown. + * + * <p>For {@link #SEPOLICY_FILE_SEPOLICY}, {@link #SEPOLICY_FILE_PROPCTXS}, + * {@link #SEPOLICY_FILE_FILECTXS}, and {@link #SEPOLICY_FILE_SEAPPCTXS}, the + * returned value is only meaingful if the current admin is a SELinux + * admin. + * + * <p>For {@link #MMAC_POLICY_FILE}, the admin must have requested + * {@link DeviceAdminInfo#USES_POLICY_ENFORCE_MMAC} before calling this + * method. If it has not, a security exception will be thrown. + * + * <p>For {@link #MMAC_POLICY_FILE}, the returned value is only meaingful + * if the current admin is a MMAC admin. + * + * @param admin which {@link DeviceAdminReceiver} this request is associated with + * @param policyType one of {@link #SEPOLICY_FILE_SEPOLICY}, {@link #SEPOLICY_FILE_PROPCTXS}, + * {@link #SEPOLICY_FILE_FILECTXS}, {@link #SEPOLICY_FILE_SEAPPCTXS}, or + * {@link #MMAC_POLICY_FILE} + * @return true if the admin set a custom policy file + * @hide + */ + public boolean isCustomPolicyFile(ComponentName admin, int policyType) { + return isCustomPolicyFile(admin, policyType, UserHandle.myUserId()); + } + + /** @hide per-user version */ + public boolean isCustomPolicyFile(ComponentName admin, int policyType, int userHandle) { + if (mService != null) { + try { + return mService.isCustomPolicyFile(admin, policyType, userHandle); + } catch (RemoteException e) { + Log.w(TAG, "Failed talking with device policy server", e); + } + } + return false; + } + + /** * @hide */ public void setActiveAdmin(ComponentName policyReceiver, boolean refreshing) { diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl index e061ab3..5a04604 100644 --- a/core/java/android/app/admin/IDevicePolicyManager.aidl +++ b/core/java/android/app/admin/IDevicePolicyManager.aidl @@ -93,6 +93,25 @@ interface IDevicePolicyManager { void removeActiveAdmin(in ComponentName policyReceiver, int userHandle); boolean hasGrantedPolicy(in ComponentName policyReceiver, int usesPolicy, int userHandle); + boolean setSELinuxAdmin(in ComponentName who, boolean control, int userHandle); + boolean isSELinuxAdmin(in ComponentName who, int userHandle); + + boolean setSELinuxEnforcing(in ComponentName who, boolean enforcing, int userHandle); + boolean getSELinuxEnforcing(in ComponentName who, int userHandle); + + List<String> getSELinuxBooleanNames(in ComponentName who, int userHandle); + boolean getSELinuxBooleanValue(in ComponentName who, String name, int userHandle); + boolean setSELinuxBooleanValue(in ComponentName who, String name, boolean value, int userHandle); + + boolean isMMACadmin(in ComponentName who, int userHandle); + boolean setMMACadmin(in ComponentName who, boolean control, int userHandle); + + boolean setMMACenforcing(in ComponentName who, boolean enforcing, int userHandle); + boolean getMMACenforcing(in ComponentName who, int userHandle); + + boolean setCustomPolicyFile(in ComponentName who, int policyType, in byte[] policy, int userHandle); + boolean isCustomPolicyFile(in ComponentName who, int policyType, int userHandle); + void setActivePasswordState(int quality, int length, int letters, int uppercase, int lowercase, int numbers, int symbols, int nonletter, int userHandle); void reportFailedPasswordAttempt(int userHandle); diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java index fa85145..ab32e48 100644 --- a/core/java/android/content/pm/ApplicationInfo.java +++ b/core/java/android/content/pm/ApplicationInfo.java @@ -399,6 +399,15 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { public String[] resourceDirs; /** + * String retrieved from the seinfo tag found in selinux policy. This value + * is useful in setting an SELinux security context on the process as well + * as its data directory. + * + * {@hide} + */ + public String seinfo; + + /** * Paths to all shared libraries this application is linked against. This * field is only set if the {@link PackageManager#GET_SHARED_LIBRARY_FILES * PackageManager.GET_SHARED_LIBRARY_FILES} flag was used when retrieving @@ -502,6 +511,9 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { if (resourceDirs != null) { pw.println(prefix + "resourceDirs=" + resourceDirs); } + if (seinfo != null) { + pw.println(prefix + "seinfo=" + seinfo); + } pw.println(prefix + "dataDir=" + dataDir); if (sharedLibraryFiles != null) { pw.println(prefix + "sharedLibraryFiles=" + sharedLibraryFiles); @@ -569,6 +581,7 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { publicSourceDir = orig.publicSourceDir; nativeLibraryDir = orig.nativeLibraryDir; resourceDirs = orig.resourceDirs; + seinfo = orig.seinfo; sharedLibraryFiles = orig.sharedLibraryFiles; dataDir = orig.dataDir; uid = orig.uid; @@ -609,6 +622,7 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { dest.writeString(publicSourceDir); dest.writeString(nativeLibraryDir); dest.writeStringArray(resourceDirs); + dest.writeString(seinfo); dest.writeStringArray(sharedLibraryFiles); dest.writeString(dataDir); dest.writeInt(uid); @@ -648,6 +662,7 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { publicSourceDir = source.readString(); nativeLibraryDir = source.readString(); resourceDirs = source.readStringArray(); + seinfo = source.readString(); sharedLibraryFiles = source.readStringArray(); dataDir = source.readString(); uid = source.readInt(); diff --git a/core/java/android/content/pm/PackageManager.java b/core/java/android/content/pm/PackageManager.java index 28d60c8..49650cd 100644 --- a/core/java/android/content/pm/PackageManager.java +++ b/core/java/android/content/pm/PackageManager.java @@ -646,6 +646,14 @@ public abstract class PackageManager { public static final int INSTALL_FAILED_INTERNAL_ERROR = -110; /** + * Installation failed return code: this is passed to the {@link IPackageInstallObserver} by + * {@link #installPackage(android.net.Uri, IPackageInstallObserver, int)} + * if the system failed to install the package because of a policy denial. + * @hide + */ + public static final int INSTALL_FAILED_POLICY_REJECTED_PERMISSION = -111; + + /** * Flag parameter for {@link #deletePackage} to indicate that you don't want to delete the * package's data directory. * diff --git a/core/java/android/os/Process.java b/core/java/android/os/Process.java index 05099fb..3cb361f9 100644 --- a/core/java/android/os/Process.java +++ b/core/java/android/os/Process.java @@ -379,7 +379,7 @@ public class Process { * @param gids Additional group-ids associated with the process. * @param debugFlags Additional flags. * @param targetSdkVersion The target SDK version for the app. - * @param seInfo null-ok SE Android information for the new process. + * @param seInfo null-ok SELinux information for the new process. * @param zygoteArgs Additional arguments to supply to the zygote process. * * @return An object that describes the result of the attempt to start the process. @@ -559,7 +559,7 @@ public class Process { * new process should setgroup() to. * @param debugFlags Additional flags. * @param targetSdkVersion The target SDK version for the app. - * @param seInfo null-ok SE Android information for the new process. + * @param seInfo null-ok SELinux information for the new process. * @param extraArgs Additional arguments to supply to the zygote process. * @return An object that describes the result of the attempt to start the process. * @throws ZygoteStartFailedEx if process start failed for any reason diff --git a/core/java/android/os/SELinux.java b/core/java/android/os/SELinux.java index c05a974..c9dd5d7 100644 --- a/core/java/android/os/SELinux.java +++ b/core/java/android/os/SELinux.java @@ -45,7 +45,7 @@ public class SELinux { /** * Set whether SELinux is permissive or enforcing. - * @param boolean representing whether to set SELinux to enforcing + * @param value representing whether to set SELinux to enforcing * @return a boolean representing whether the desired mode was set */ public static final native boolean setSELinuxEnforce(boolean value); @@ -60,7 +60,7 @@ public class SELinux { /** * Change the security context of an existing file object. * @param path representing the path of file object to relabel. - * @param con new security context given as a String. + * @param context new security context given as a String. * @return a boolean indicating whether the operation succeeded. */ public static final native boolean setFileContext(String path, String context); @@ -87,8 +87,6 @@ public class SELinux { /** * Gets the security context of a given process id. - * Use of this function is discouraged for Binder transactions. - * Use Binder.getCallingSecctx() instead. * @param pid an int representing the process id to check. * @return a String representing the security context of the given pid. */ @@ -102,15 +100,15 @@ public class SELinux { /** * Gets the value for the given SELinux boolean name. - * @param String The name of the SELinux boolean. + * @param name The name of the SELinux boolean. * @return a boolean indicating whether the SELinux boolean is set. */ public static final native boolean getBooleanValue(String name); /** * Sets the value for the given SELinux boolean name. - * @param String The name of the SELinux boolean. - * @param Boolean The new value of the SELinux boolean. + * @param name The name of the SELinux boolean. + * @param value The new value of the SELinux boolean. * @return a boolean indicating whether or not the operation succeeded. */ public static final native boolean setBooleanValue(String name, boolean value); diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java index 43512aa..7925d31 100644 --- a/core/java/android/provider/Settings.java +++ b/core/java/android/provider/Settings.java @@ -4288,6 +4288,25 @@ public final class Settings { public static final String SETTINGS_CLASSNAME = "settings_classname"; /** + * SELinux enforcing status. + * 1 - SELinux is in enforcing mode. + * 0 - SELinux is in permissive mode. + * + * @hide + */ + public static final String SELINUX_ENFORCING = "selinux_enforcing"; + + /** + * Stores the values of the SELinux booleans. Stored as a comma + * seperated list of values, each value being of the form + * {@code boolean_name:value} where value is 1 if the boolean is set + * and 0 otherwise. Example: {@code bool1:1,bool2:0}. + * + * @hide + */ + public static final String SELINUX_BOOLEANS = "selinux_booleans"; + + /** * @deprecated Use {@link android.provider.Settings.Global#USB_MASS_STORAGE_ENABLED} instead */ @Deprecated @@ -5091,6 +5110,8 @@ public final class Settings { TOUCH_EXPLORATION_ENABLED, ACCESSIBILITY_ENABLED, ACCESSIBILITY_SPEAK_PASSWORD, + SELINUX_ENFORCING, + SELINUX_BOOLEANS, TTS_USE_DEFAULTS, TTS_DEFAULT_RATE, TTS_DEFAULT_PITCH, diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java index d24513a..e7447af 100644 --- a/core/java/com/android/internal/os/ZygoteConnection.java +++ b/core/java/com/android/internal/os/ZygoteConnection.java @@ -825,7 +825,7 @@ class ZygoteConnection { } /** - * Applies zygote security policy for SEAndroid information. + * Applies zygote security policy for SELinux information. * * @param args non-null; zygote spawner arguments * @param peer non-null; peer credentials @@ -844,7 +844,7 @@ class ZygoteConnection { if (!(peerUid == 0 || peerUid == Process.SYSTEM_UID)) { // All peers with UID other than root or SYSTEM_UID throw new ZygoteSecurityException( - "This UID may not specify SEAndroid info."); + "This UID may not specify SELinux info."); } boolean allowed = SELinux.checkSELinuxAccess(peerSecurityContext, @@ -853,7 +853,7 @@ class ZygoteConnection { "specifyseinfo"); if (!allowed) { throw new ZygoteSecurityException( - "Peer may not specify SEAndroid info"); + "Peer may not specify SELinux info"); } return; diff --git a/core/jni/android_os_FileUtils.cpp b/core/jni/android_os_FileUtils.cpp index b624a0d..e088a68 100644 --- a/core/jni/android_os_FileUtils.cpp +++ b/core/jni/android_os_FileUtils.cpp @@ -69,28 +69,58 @@ jint android_os_FileUtils_getVolumeUUID(JNIEnv* env, jobject clazz, jstring path const char *pathStr = env->GetStringUTFChars(path, NULL); ALOGD("Trying to get UUID for %s \n", pathStr); - uuid = blkid_get_tag_value(NULL, "UUID", pathStr); + char device[256]; + char mount_path[256]; + char rest[256]; + FILE *fp; + char line[1024]; + bool findDevice = false; + if (!(fp = fopen("/proc/mounts", "r"))) { + SLOGE("Error opening /proc/mounts (%s)", strerror(errno)); + return false; + } + + while(fgets(line, sizeof(line), fp)) { + line[strlen(line)-1] = '\0'; + sscanf(line, "%255s %255s %255s\n", device, mount_path, rest); + if (!strcmp(mount_path, pathStr)) { + findDevice = true; + break; + } + } + + fclose(fp); + + if (findDevice) { + uuid = blkid_get_tag_value(NULL, "UUID", device); + } else { + uuid = blkid_get_tag_value(NULL, "UUID", pathStr); + } if (uuid) { ALOGD("UUID for %s is %s\n", pathStr, uuid); - String8 s8uuid = (String8)uuid; - size_t len = s8uuid.length(); - String8 result; + int len = strlen(uuid); + char result[len]; if (len > 0) { - for (int i = 0; i > len; i++) + char * pCur = uuid; + int length = 0; + while (*pCur!='\0' && length < len) { - if (strncmp((const char *)s8uuid[i], (const char *)"-", 1) != 0) { - result.append((const char *)s8uuid[i]); + if ((*pCur) != '-') { + result[length] = (*pCur); } + pCur++; + length++; } - len = 0; + result[length] = '\0'; } - len = result.length(); + len = strlen(result); if (len > 0) { - return atoi(s8uuid); + char *pEnd = NULL; + return (int)strtol(result, &pEnd, 16); } else { ALOGE("Couldn't get UUID for %s\n", pathStr); } diff --git a/core/res/res/values-cs/cm_strings.xml b/core/res/res/values-cs/cm_strings.xml index b6b6d1e..9080511 100644 --- a/core/res/res/values-cs/cm_strings.xml +++ b/core/res/res/values-cs/cm_strings.xml @@ -62,4 +62,9 @@ <string name="permlab_interceptSmsSent">zachytit odchozí SMS</string> <string name="permdesc_interceptSmsSent">Umožní odchytit odchozí SMS. Škodlivé aplikace mohou pomocí odchycení SMS zabránit její odeslání příjemci.</string> + + <string name="policylab_enforceSelinux">Vynucení SELinux</string> + <string name="policydesc_enforceSelinux">Přepnutí politiky SELinux na vynucující (enforcing ) nebo tolerantní (permissive).</string> + <string name="policylab_enforceMmac">Vynucení MMAC</string> + <string name="policydesc_enforceMmac">Přepnutí politiky MMAC na vynucující (enforcing ) nebo tolerantní (permissive).</string> </resources> diff --git a/core/res/res/values-el/cm_strings.xml b/core/res/res/values-el/cm_strings.xml index d14c7ea..fbb3708 100644 --- a/core/res/res/values-el/cm_strings.xml +++ b/core/res/res/values-el/cm_strings.xml @@ -107,4 +107,18 @@ <string name="symbol_picker_equal">\u2260\u2248\u221e</string> <string name="symbol_picker_lt">\u2264\u00ab\u2039</string> <string name="symbol_picker_gt">\u2265\u00bb\u203a</string> + <string name="permlab_changePrivacyGuardState">ενεργοποίηση ή απενεργοποίηση του privacy guard</string> + <string name="permdesc_changePrivacyGuardState">Επιτρέπει σε μια εφαρμογή τον χειρισμό άλλων εφαρμογών με το Privacy Guard. Όταν μια εφαρμογή τρέχει με το Privacy Guard, δεν θα έχει πρόσβαση στα προσωπικά σας δεδομένα όπως επαφές, μηνύματα ή το αρχείο κλήσεων.</string> + <string name="privacy_guard_notification">Privacy Guard ενεργό</string> + <string name="privacy_guard_notification_detail"><xliff:g id="app">%1$s</xliff:g> δεν θα μπορεί να έχει πρόσβαση στα προσωπικά σας δεδομένα</string> + <string name="profile_picker_title">Προφίλ</string> + <string name="profile_none">Κανένα</string> + <string name="permlab_cancelNotifications">ακύρωση ειδοποιήσεων εφαρμογών</string> + <string name="permdesc_cancelNotifications">Επιτρέπει σε μια εφαρμογή την ακύρωση ειδοποιήσεων που προέρχονται από άλλες εφαρμογές.</string> + <string name="permlab_interceptSmsSent">παρεμπόδιση εξερχόμενων SMS</string> + <string name="permdesc_interceptSmsSent">Επιτρέπει σε μια εφαρμογή να παρεμποδίσει τα εξερχόμενα SMS. Κακόβουλες εφαρμογές μπορεί να το χρησιμοποιήσουν για να εμποδίσουν τη αποστολή SMS.</string> + <string name="policylab_enforceSelinux">Εξαναγκασμός SELinux</string> + <string name="policydesc_enforceSelinux">Εναλλαγή πολιτικής SELinux σε εξαναγκασμένη ή επιτρεπόμενη.</string> + <string name="policylab_enforceMmac">Εξαναγκασμός MMAC</string> + <string name="policydesc_enforceMmac">Εναλλαγή πολιτικής MMAC σε εξαναγκασμένη ή επιτρεπόμενη.</string> </resources> diff --git a/core/res/res/values-es/cm_strings.xml b/core/res/res/values-es/cm_strings.xml index ae74d8c..351925a 100644 --- a/core/res/res/values-es/cm_strings.xml +++ b/core/res/res/values-es/cm_strings.xml @@ -64,4 +64,8 @@ <string name="permdesc_cancelNotifications">Permite que la aplicación cancele las notificaciones creadas por otras.</string> <string name="permlab_interceptSmsSent">interceptar mensajes SMS salientes</string> <string name="permdesc_interceptSmsSent">Permite que la aplicación intercepte mensajes SMS salientes. Las aplicaciones maliciosas pueden impedir los mensajes SMS salientes.</string> + <string name="policylab_enforceSelinux">Forzar SELinux</string> + <string name="policydesc_enforceSelinux">Alternar entre el modo permisivo o restrictivo de SELinux.</string> + <string name="policylab_enforceMmac">Forzar MMAC</string> + <string name="policydesc_enforceMmac">Alternar entre el modo permisivo o restrictivo de MMAC.</string> </resources> diff --git a/core/res/res/values-et-rEE/donottranslate-maps.xml b/core/res/res/values-et-rEE/donottranslate-maps.xml new file mode 100644 index 0000000..f1fea17 --- /dev/null +++ b/core/res/res/values-et-rEE/donottranslate-maps.xml @@ -0,0 +1,28 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- Copyright (C) 2013 The CyanogenMod Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<resources> + + <!-- Do not translate. --> + <integer-array name="maps_starting_lat_lng"> + <item>5884131</item> + <item>2570560</item> + </integer-array> + <!-- Do not translate. --> + <integer-array name="maps_starting_zoom"> + <item>4</item> + </integer-array> + +</resources> diff --git a/core/res/res/values-fr/cm_strings.xml b/core/res/res/values-fr/cm_strings.xml index 1f93895..0cdf31c 100644 --- a/core/res/res/values-fr/cm_strings.xml +++ b/core/res/res/values-fr/cm_strings.xml @@ -64,4 +64,8 @@ <string name="permdesc_cancelNotifications">Permet à l\'application de révoquer les notifications créées par d\'autres applications.</string> <string name="permlab_interceptSmsSent">intercepte les SMS sortants</string> <string name="permdesc_interceptSmsSent">Permet à l\'application d\'intercepter un SMS sortant. Des applications malveillantes peuvent utiliser cette option pour empêcher les SMS d\'être envoyés.</string> + <string name="policylab_enforceSelinux">Appliquer SELinux</string> + <string name="policydesc_enforceSelinux">Bascule entre l\'imposition des régles SELinux et le mode permissif.</string> + <string name="policylab_enforceMmac">Appliquer MMAC</string> + <string name="policydesc_enforceMmac">Bascule entre l\'imposition des régles MMAC et le mode permissif.</string> </resources> diff --git a/core/res/res/values-hu/cm_strings.xml b/core/res/res/values-hu/cm_strings.xml index b39efd8..abfcd4b 100644 --- a/core/res/res/values-hu/cm_strings.xml +++ b/core/res/res/values-hu/cm_strings.xml @@ -64,4 +64,8 @@ <string name="permdesc_cancelNotifications">Lehetővé teszi, hogy más alkalmazások számára törölje az értesítéseket</string> <string name="permlab_interceptSmsSent">kimenő SMS üzenetek elfogása</string> <string name="permdesc_interceptSmsSent">Lehetővé teszi az alkalmazás számára, hogy elfogja a kimenő SMS üzeneteket. A rosszindulatú alkalmazások ezt felhasználhatják az SMS-küldés blokkolására.</string> + <string name="policylab_enforceSelinux">SELinux</string> + <string name="policydesc_enforceSelinux">Váltás a biztonságos és az engedélyező SELinux mód közt.</string> + <string name="policylab_enforceMmac">MMAC</string> + <string name="policydesc_enforceMmac">Váltás a biztonságos és az engedélyező MMAC mód közt.</string> </resources> diff --git a/core/res/res/values-it/cm_strings.xml b/core/res/res/values-it/cm_strings.xml index a771c0f..5e35fe0 100644 --- a/core/res/res/values-it/cm_strings.xml +++ b/core/res/res/values-it/cm_strings.xml @@ -64,4 +64,8 @@ <string name="permdesc_cancelNotifications">Consente all\'applicazione di cancellare le notifiche create da altre applicazioni.</string> <string name="permlab_interceptSmsSent">intercetta SMS in uscita</string> <string name="permdesc_interceptSmsSent">Consente all\'applicazione di intercettare un SMS in uscita. Le applicazioni maligne potrebbero usarlo per impedire la spedizione di SMS.</string> + <string name="policylab_enforceSelinux">Forza SELinux</string> + <string name="policydesc_enforceSelinux">Alterna tra regole restrittive o permissive di SELinux.</string> + <string name="policylab_enforceMmac">Forza MMAC</string> + <string name="policydesc_enforceMmac">Alterna tra regole restrittive o permissive di MMAC.</string> </resources> diff --git a/core/res/res/values-pt/cm_strings.xml b/core/res/res/values-pt/cm_strings.xml index 576d4b6..e3fa837 100644 --- a/core/res/res/values-pt/cm_strings.xml +++ b/core/res/res/values-pt/cm_strings.xml @@ -117,4 +117,8 @@ <string name="permdesc_interceptSmsSent">Permite ao aplicativo interceptar um SMS enviado. Aplicativos maliciosos podem usar isso para evitar que as mensagens SMS sejam enviadas.</string> <string name="permlab_cancelNotifications">cancelar notificações da aplicação</string> <string name="permdesc_cancelNotifications">Permite ao aplicativo cancelar notificações criadas por outros aplicativos.</string> + <string name="policylab_enforceSelinux">Impor SELinux</string> + <string name="policydesc_enforceSelinux">Alternar entre modo de política imperativa ou permissiva de SELinux.</string> + <string name="policylab_enforceMmac">Impor MMAC</string> + <string name="policydesc_enforceMmac">Alternar entre modo de política imperativa ou permissiva de MMAC.</string> </resources>
\ No newline at end of file diff --git a/core/res/res/values/cm_strings.xml b/core/res/res/values/cm_strings.xml index 33f07f0..4e43675 100644 --- a/core/res/res/values/cm_strings.xml +++ b/core/res/res/values/cm_strings.xml @@ -181,4 +181,13 @@ intercept an outgoing SMS. Malicious apps may use this to prevent outgoing SMS messages.</string> + <!-- Title of policy access to start enforcing SELinux policy [CHAR LIMIT=30]--> + <string name="policylab_enforceSelinux">Enforce SELinux</string> + <!-- Description of policy access to start enforcing SELinux policy [CHAR LIMIT=110]--> + <string name="policydesc_enforceSelinux">Toggle SELinux policy enforcing or permissive mode.</string> + <!-- Title of policy access to start enforcing MMAC policy [CHAR LIMIT=30]--> + <string name="policylab_enforceMmac">Enforce MMAC</string> + <!-- Description of policy access to start enforcing MMAC policy [CHAR LIMIT=110]--> + <string name="policydesc_enforceMmac">Toggle MMAC policy enforcing or permissive mode.</string> + </resources> diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml index e9aa1e4..ef66ddd 100644 --- a/core/res/res/values/symbols.xml +++ b/core/res/res/values/symbols.xml @@ -863,6 +863,10 @@ <java-symbol type="string" name="media_route_status_available" /> <java-symbol type="string" name="media_route_status_not_available" /> <java-symbol type="string" name="owner_name" /> + <java-symbol type="string" name="policylab_enforceSelinux" /> + <java-symbol type="string" name="policydesc_enforceSelinux" /> + <java-symbol type="string" name="policylab_enforceMmac" /> + <java-symbol type="string" name="policydesc_enforceMmac" /> <java-symbol type="plurals" name="abbrev_in_num_days" /> <java-symbol type="plurals" name="abbrev_in_num_hours" /> diff --git a/libs/hwui/DisplayListRenderer.cpp b/libs/hwui/DisplayListRenderer.cpp index 7a38b40..8d2a84e 100644 --- a/libs/hwui/DisplayListRenderer.cpp +++ b/libs/hwui/DisplayListRenderer.cpp @@ -1442,6 +1442,9 @@ status_t DisplayListRenderer::prepareDirty(float left, float top, mSaveCount = 1; mSnapshot->setClip(0.0f, 0.0f, mWidth, mHeight); +#ifdef QCOM_HARDWARE + mSnapshot->setTileClip(0.0f, 0.0f, mWidth, mHeight); +#endif mDirtyClip = opaque; mRestoreSaveCount = -1; diff --git a/libs/hwui/OpenGLRenderer.cpp b/libs/hwui/OpenGLRenderer.cpp index 7309e46..efae551 100755 --- a/libs/hwui/OpenGLRenderer.cpp +++ b/libs/hwui/OpenGLRenderer.cpp @@ -179,6 +179,9 @@ status_t OpenGLRenderer::prepareDirty(float left, float top, float right, float mSaveCount = 1; mSnapshot->setClip(left, top, right, bottom); +#ifdef QCOM_HARDWARE + mSnapshot->setTileClip(left, top, right, bottom); +#endif mDirtyClip = true; updateLayers(); @@ -246,11 +249,14 @@ void OpenGLRenderer::syncState() { void OpenGLRenderer::startTiling(const sp<Snapshot>& s, bool opaque) { if (!mSuppressTiling) { +#ifdef QCOM_HARDWARE + const Rect* clip = &mSnapshot->getTileClip(); +#else Rect* clip = mTilingSnapshot->clipRect; if (s->flags & Snapshot::kFlagIsFboLayer) { clip = s->clipRect; } - +#endif mCaches.startTiling(clip->left, s->height - clip->bottom, clip->right - clip->left, clip->bottom - clip->top, opaque); } @@ -800,6 +806,9 @@ bool OpenGLRenderer::createFboLayer(Layer* layer, Rect& bounds, Rect& clip, GLui mSnapshot->fbo = layer->getFbo(); mSnapshot->resetTransform(-bounds.left, -bounds.top, 0.0f); mSnapshot->resetClip(clip.left, clip.top, clip.right, clip.bottom); +#ifdef QCOM_HARDWARE + mSnapshot->setTileClip(clip.left, clip.top, clip.right, clip.bottom); +#endif mSnapshot->viewport.set(0.0f, 0.0f, bounds.getWidth(), bounds.getHeight()); mSnapshot->height = bounds.getHeight(); mSnapshot->flags |= Snapshot::kFlagDirtyOrtho; diff --git a/libs/hwui/Snapshot.cpp b/libs/hwui/Snapshot.cpp index fbc8455..e2675a8 100644 --- a/libs/hwui/Snapshot.cpp +++ b/libs/hwui/Snapshot.cpp @@ -74,6 +74,9 @@ Snapshot::Snapshot(const sp<Snapshot>& s, int saveFlags): } else { region = NULL; } +#ifdef QCOM_HARDWARE + mTileClip.set(s->getTileClip()); +#endif } /////////////////////////////////////////////////////////////////////////////// @@ -192,6 +195,16 @@ const Rect& Snapshot::getLocalClip() { return mLocalClip; } +#ifdef QCOM_HARDWARE +void Snapshot::setTileClip(float left, float top, float right, float bottom) { + mTileClip.set(left, top, right, bottom); +} + +const Rect& Snapshot::getTileClip() { + return mTileClip; +} +#endif + void Snapshot::resetClip(float left, float top, float right, float bottom) { clipRect = &mClipRectRoot; setClip(left, top, right, bottom); diff --git a/libs/hwui/Snapshot.h b/libs/hwui/Snapshot.h index 9c612ff..18d405b 100644 --- a/libs/hwui/Snapshot.h +++ b/libs/hwui/Snapshot.h @@ -104,6 +104,18 @@ public: */ const Rect& getLocalClip(); +#ifdef QCOM_HARDWARE + /** + * Sets the current tile clip. + */ + void setTileClip(float left, float top, float right, float bottom); + + /** + * Returns the current tile clip in local coordinates. + */ + const Rect& getTileClip(); +#endif + /** * Resets the clip to the specified rect. */ @@ -233,6 +245,9 @@ private: mat4 mTransformRoot; Rect mClipRectRoot; Rect mLocalClip; +#ifdef QCOM_HARDWARE + Rect mTileClip; +#endif #if STENCIL_BUFFER_SIZE SkRegion mClipRegionRoot; diff --git a/packages/InputDevices/res/raw/keyboard_layout_hungarian.kcm b/packages/InputDevices/res/raw/keyboard_layout_hungarian.kcm index dafb50b..67127d0 100644 --- a/packages/InputDevices/res/raw/keyboard_layout_hungarian.kcm +++ b/packages/InputDevices/res/raw/keyboard_layout_hungarian.kcm @@ -37,7 +37,7 @@ key 0 { key 1 { label: '1' base: '1' - shift: '!' + shift: '\'' ralt: '\u0303' } diff --git a/packages/SystemUI/res/values-el/cm_strings.xml b/packages/SystemUI/res/values-el/cm_strings.xml index 33b4393..8498343 100644 --- a/packages/SystemUI/res/values-el/cm_strings.xml +++ b/packages/SystemUI/res/values-el/cm_strings.xml @@ -52,8 +52,10 @@ <string name="quick_settings_lte">LTE</string> <string name="quick_settings_lte_off">LTE ανενεργό</string> <string name="quick_settings_volume">Ένταση</string> + <string name="quick_settings_camera_label">Φωτογρ. μηχανή</string> <string name="quick_settings_expanded_desktop">Επεκταμένη</string> <string name="quick_settings_expanded_desktop_off">Κανονική</string> + <string name="quick_settings_camera_error_connect">Δεν είναι δυνατή η σύνδεση με την φωτογραφ. μηχανή</string> <string name="navbar_dialog_title">Επιλέξτε λειτουργία για εκχώρηση</string> <string name="navbar_home_button">Πλήκτρο Home</string> <string name="navbar_recent_button">Πλήκτρο Recent</string> diff --git a/services/java/com/android/server/DevicePolicyManagerService.java b/services/java/com/android/server/DevicePolicyManagerService.java index 6a62809..911b889 100644 --- a/services/java/com/android/server/DevicePolicyManagerService.java +++ b/services/java/com/android/server/DevicePolicyManagerService.java @@ -56,6 +56,7 @@ import android.os.Process; import android.os.RecoverySystem; import android.os.RemoteCallback; import android.os.RemoteException; +import android.os.SELinux; import android.os.ServiceManager; import android.os.SystemClock; import android.os.SystemProperties; @@ -79,9 +80,11 @@ import java.io.IOException; import java.io.PrintWriter; import java.text.DateFormat; import java.util.ArrayList; +import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.List; +import java.util.Map; import java.util.Set; /** @@ -132,12 +135,41 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { public DevicePolicyData(int userHandle) { mUserHandle = userHandle; } + + /** Return the Admin that controls SELinux, or null if there is none. */ + ActiveAdmin findSELinuxAdminLocked() { + final int N = mAdminList.size(); + for (int i = 0; i < N; ++i) { + ActiveAdmin ap = mAdminList.get(i); + if (ap.isSELinuxAdmin) { + // Device admin controls SELinux + return ap; + } + } + // No device admin controls SELinux + return null; + } + + /** Return the admin that controls SE Android MMAC, or null if there is none. */ + ActiveAdmin findMMACadminLocked() { + //Uses very similar code to the SELinux version + final int N = mAdminList.size(); + for (int i = 0; i < N; ++i) { + ActiveAdmin ap = mAdminList.get(i); + if (ap.isMMACadmin) { + return ap; + } + } + return null; + } } final SparseArray<DevicePolicyData> mUserData = new SparseArray<DevicePolicyData>(); Handler mHandler = new Handler(); + Map<String, Boolean> seboolsOrig = null; + BroadcastReceiver mReceiver = new BroadcastReceiver() { @Override public void onReceive(Context context, Intent intent) { @@ -172,6 +204,85 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } }; + private static abstract class PolicyFileDescription { + /** Path to the policy file */ + final String path; + + /** Admin has to be allowed to use this policy type before calling + * these functions. Typically {@link DeviceAdminInfo#USES_POLICY_ENFORCE_SELINUX} */ + final int reqPolicy; + + PolicyFileDescription(String _path, int _reqPolicy) { + path = _path; + reqPolicy = _reqPolicy; + } + + /** Does this admin have exclusive control of the policy */ + abstract boolean isPolicyAdmin(ActiveAdmin admin); + + /** Called after policy is written to the file system */ + abstract boolean doPolicyReload(); + } + + private static class SELinuxPolicyDescription extends PolicyFileDescription { + SELinuxPolicyDescription(String path) { + super(path, DeviceAdminInfo.USES_POLICY_ENFORCE_SELINUX); + } + + @Override + boolean isPolicyAdmin(ActiveAdmin admin) { + return admin.isSELinuxAdmin; + } + + @Override + boolean doPolicyReload() { + SystemProperties.set("selinux.reload_policy", "1"); + return true; + } + } + + private static class MMACpolicyDescription extends PolicyFileDescription { + MMACpolicyDescription(String path) { + super(path, DeviceAdminInfo.USES_POLICY_ENFORCE_MMAC); + } + + @Override + boolean isPolicyAdmin(ActiveAdmin admin) { + return admin.isMMACadmin; + } + + @Override + boolean doPolicyReload() { + //policy is reloaded on reboot + return true; + } + } + + private static final String MMAC_ENFORCE_PROPERTY = "persist.mmac.enforce"; + + private static final String SEPOLICY_PATH_SEPOLICY = "/data/security/sepolicy"; + + private static final String SEPOLICY_PATH_PROPCTXS = "/data/security/property_contexts"; + + private static final String SEPOLICY_PATH_FILECTXS = "/data/security/file_contexts"; + + private static final String SEPOLICY_PATH_SEAPPCTXS = "/data/security/seapp_contexts"; + + private static final String MMAC_POLICY_PATH = "/data/security/mac_permissions.xml"; + + private static final PolicyFileDescription[] POLICY_DESCRIPTIONS = { + // 0 = SEPOLICY_FILE_SEPOLICY + new SELinuxPolicyDescription(SEPOLICY_PATH_SEPOLICY), + // 1 = SEPOLICY_FILE_PROPCTXS + new SELinuxPolicyDescription(SEPOLICY_PATH_PROPCTXS), + // 2 = SEPOLICY_FILE_FILECTXS + new SELinuxPolicyDescription(SEPOLICY_PATH_FILECTXS), + // 3 = SEPOLICY_FILE_SEAPPCTXS + new SELinuxPolicyDescription(SEPOLICY_PATH_SEAPPCTXS), + // 4 = MMAC_POLICY_FILE + new MMACpolicyDescription(MMAC_POLICY_PATH), + }; + static class ActiveAdmin { final DeviceAdminInfo info; @@ -224,8 +335,24 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { String globalProxySpec = null; String globalProxyExclusionList = null; + boolean isSELinuxAdmin = false; + boolean enforceSELinux = false; + Map<String, Boolean> sebools = null; + + boolean isMMACadmin = false; + boolean enforceMMAC = false; + + boolean[] isCustomPolicyFile = new boolean[DevicePolicyManager.SEPOLICY_FILE_COUNT]; + ActiveAdmin(DeviceAdminInfo _info) { info = _info; + if (info != null && getUserHandle().getIdentifier() == UserHandle.USER_OWNER) { + for (int i = 0; i < isCustomPolicyFile.length; ++i) { + isCustomPolicyFile[i] = false; + } + } else { + isCustomPolicyFile = null; + } } int getUid() { return info.getActivityInfo().applicationInfo.uid; } @@ -334,6 +461,63 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { out.attribute(null, "value", Integer.toString(disabledKeyguardFeatures)); out.endTag(null, "disable-keyguard-features"); } + if (isSELinuxAdmin) { + out.startTag(null, "selinux-admin"); + out.attribute(null, "value", Boolean.toString(isSELinuxAdmin)); + out.endTag(null, "selinux-admin"); + if (enforceSELinux) { + out.startTag(null, "enforce-selinux"); + out.attribute(null, "value", Boolean.toString(enforceSELinux)); + out.endTag(null, "enforce-selinux"); + } + Set<String> bools = sebools.keySet(); + for (String s : bools) { + out.startTag(null, "selinux-boolean"); + out.attribute(null, "name", s); + out.attribute(null, "value", sebools.get(s).toString()); + out.endTag(null, "selinux-boolean"); + } + boolean isCustomSELinux = isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEPOLICY]; + if (isCustomSELinux) { + out.startTag(null, "selinux-sepolicy"); + out.attribute(null, "value", Boolean.toString(isCustomSELinux)); + out.endTag(null, "selinux-sepolicy"); + } + boolean isCustomPropCtxs = isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_PROPCTXS]; + if (isCustomPropCtxs) { + out.startTag(null, "selinux-propctxs"); + out.attribute(null, "value", Boolean.toString(isCustomPropCtxs)); + out.endTag(null, "selinux-propctxs"); + } + boolean isCustomFileCtxs = isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_FILECTXS]; + if (isCustomFileCtxs) { + out.startTag(null, "selinux-filectxs"); + out.attribute(null, "value", Boolean.toString(isCustomFileCtxs)); + out.endTag(null, "selinux-filectxs"); + } + boolean isCustomSEAppCtxs = isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEAPPCTXS]; + if (isCustomSEAppCtxs) { + out.startTag(null, "selinux-seappctxs"); + out.attribute(null, "value", Boolean.toString(isCustomSEAppCtxs)); + out.endTag(null, "selinux-seappctxs"); + } + } + if (isMMACadmin) { + out.startTag(null, "mmac-admin"); + out.attribute(null, "value", Boolean.toString(isMMACadmin)); + out.endTag(null, "mmac-admin"); + if (enforceMMAC) { + out.startTag(null, "enforce-mmac"); + out.attribute(null, "value", Boolean.toString(enforceMMAC)); + out.endTag(null, "enforce-mmac"); + } + boolean isCustomMMAC = isCustomPolicyFile[DevicePolicyManager.MMAC_POLICY_FILE]; + if (isCustomMMAC) { + out.startTag(null, "mmac-macperms"); + out.attribute(null, "value", Boolean.toString(isCustomMMAC)); + out.endTag(null, "mmac-macperms"); + } + } } void readFromXml(XmlPullParser parser) @@ -405,6 +589,41 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } else if ("disable-keyguard-features".equals(tag)) { disabledKeyguardFeatures = Integer.parseInt( parser.getAttributeValue(null, "value")); + } else if ("selinux-admin".equals(tag)) { + isSELinuxAdmin = Boolean.parseBoolean( + parser.getAttributeValue(null, "value")); + if (isSELinuxAdmin) { + sebools = new HashMap<String, Boolean>(); + } + } else if ("enforce-selinux".equals(tag)) { + enforceSELinux = Boolean.parseBoolean( + parser.getAttributeValue(null, "value")); + } else if ("selinux-boolean".equals(tag)) { + sebools.put( + parser.getAttributeValue(null, "name"), + Boolean.parseBoolean( + parser.getAttributeValue(null, "value"))); + } else if ("selinux-sepolicy".equals(tag)) { + this.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEPOLICY] = + Boolean.parseBoolean(parser.getAttributeValue(null, "value")); + } else if ("selinux-propctxs".equals(tag)) { + this.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_PROPCTXS] = + Boolean.parseBoolean(parser.getAttributeValue(null, "value")); + } else if ("selinux-filectxs".equals(tag)) { + this.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_FILECTXS] = + Boolean.parseBoolean(parser.getAttributeValue(null, "value")); + } else if ("selinux-seappctxs".equals(tag)) { + this.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEAPPCTXS] = + Boolean.parseBoolean(parser.getAttributeValue(null, "value")); + } else if ("mmac-admin".equals(tag)) { + isMMACadmin = Boolean.parseBoolean( + parser.getAttributeValue(null, "value")); + } else if ("enforce-mmac".equals(tag)) { + enforceMMAC = Boolean.parseBoolean( + parser.getAttributeValue(null, "value")); + } else if ("mmac-macperms".equals(tag)) { + this.isCustomPolicyFile[DevicePolicyManager.MMAC_POLICY_FILE] = + Boolean.parseBoolean(parser.getAttributeValue(null, "value")); } else { Slog.w(TAG, "Unknown admin tag: " + tag); } @@ -463,6 +682,27 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { pw.println(disableCamera); pw.print(prefix); pw.print("disabledKeyguardFeatures="); pw.println(disabledKeyguardFeatures); + pw.print(prefix); pw.print("isSELinuxAdmin="); + pw.println(isSELinuxAdmin); + pw.print(prefix); pw.print("enforceSELinux="); + pw.println(enforceSELinux); + pw.print(prefix); pw.print("sebools="); + pw.println(sebools); + pw.print(prefix); pw.print("customSELinuxPolicy="); + pw.println(isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEPOLICY]); + pw.print(prefix); pw.print("customPropertyContexts="); + pw.println(isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_PROPCTXS]); + pw.print(prefix); pw.print("customFileContexts="); + pw.println(isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_FILECTXS]); + pw.print(prefix); pw.print("customSEappContexts="); + pw.println(isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEAPPCTXS]); + pw.print(prefix); pw.print("isMMACadmin="); + pw.println(isMMACadmin); + pw.print(prefix); pw.print("enforceMMAC="); + pw.println(enforceMMAC); + pw.print(prefix); pw.print("customMMACpolicy="); + pw.println(isCustomPolicyFile[DevicePolicyManager.MMAC_POLICY_FILE]); + } } @@ -689,6 +929,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { DevicePolicyData policy = getUserData(userHandle); boolean doProxyCleanup = admin.info.usesPolicy( DeviceAdminInfo.USES_POLICY_SETS_GLOBAL_PROXY); + boolean doSELinuxCleanup = admin.isSELinuxAdmin; + boolean doMMACcleanup = admin.isMMACadmin; policy.mAdminList.remove(admin); policy.mAdminMap.remove(adminReceiver); validatePasswordOwnerLocked(policy); @@ -696,6 +938,16 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (doProxyCleanup) { resetGlobalProxyLocked(getUserData(userHandle)); } + if (doSELinuxCleanup) { + syncSELinuxPolicyLocked(policy, + admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEPOLICY], + admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_PROPCTXS], + admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_FILECTXS], + admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEAPPCTXS]); + } + if (doMMACcleanup) { + syncMMACpolicyLocked(policy, admin.isCustomPolicyFile[DevicePolicyManager.MMAC_POLICY_FILE]); + } saveSettingsLocked(userHandle); updateMaximumTimeToLockLocked(policy); } @@ -935,6 +1187,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { validatePasswordOwnerLocked(policy); syncDeviceCapabilitiesLocked(policy); updateMaximumTimeToLockLocked(policy); + syncSELinuxPolicyLocked(policy, false, true); + syncMMACpolicyLocked(policy, false, true); } static void validateQualityConstant(int quality) { @@ -992,7 +1246,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } public void systemReady() { + assert DevicePolicyManager.SEPOLICY_FILE_COUNT == POLICY_DESCRIPTIONS.length; synchronized (this) { + saveOriginalSELinuxSettings(); loadSettingsLocked(getUserData(UserHandle.USER_OWNER), UserHandle.USER_OWNER); } } @@ -2313,10 +2569,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { */ public void setKeyguardDisabledFeatures(ComponentName who, int which, int userHandle) { enforceCrossUserPermission(userHandle); + synchronized (this) { if (who == null) { throw new NullPointerException("ComponentName is null"); } + ActiveAdmin ap = getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES); if (ap.disabledKeyguardFeatures != which) { @@ -2364,6 +2622,693 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } + private void saveOriginalSELinuxSettings() { + // SELinux booleans + String[] seboolNames = SELinux.getBooleanNames(); + seboolsOrig = new HashMap<String, Boolean>(seboolNames.length); + for (String sebool : seboolNames) { + boolean value = SELinux.getBooleanValue(sebool); + seboolsOrig.put(sebool, value); + } + seboolsOrig = Collections.unmodifiableMap(seboolsOrig); + } + + // Possible SELinux Admin API states: + // 1: Caller has ENFORCE_SELINUX = {T,F} + // 2: Caller is a SELinux admin = {T,F} + // 3: There is a SELinux admin on the system = {T,F} + // Invariants: + // a) 1=F -> 2=F + // b) 3=F -> 2=F for all admin apps + // States: + // TTT, TTF, TFT, TFF, FTT, FTF, FFT, FFF + // TTT, TFT, TFF, FFT, FFF + // TTF fails b, + // FTT fails a + // FTF fails a,b + + /** Resets the state the SELinux values in an ActiveAdmin to the current state of system */ + private static void resetSELinuxAdmin(ActiveAdmin admin) { + String[] seboolsnames = SELinux.getBooleanNames(); + admin.enforceSELinux = SELinux.isSELinuxEnforced(); + admin.sebools = new HashMap<String, Boolean>(seboolsnames.length); + for (String bool : seboolsnames) { + admin.sebools.put(bool, SELinux.getBooleanValue(bool)); + } + } + + private boolean syncSELinuxPolicyLocked(DevicePolicyData policy, boolean removeAllPolicy) { + return syncSELinuxPolicyLocked(policy, removeAllPolicy, removeAllPolicy, + removeAllPolicy, removeAllPolicy); + } + + private boolean syncSELinuxPolicyLocked(DevicePolicyData policy, boolean removeSELinuxPolicy, + boolean removePropertyContexts, + boolean removeFileContexts, boolean removeSEappContexts) { + return syncSELinuxPolicyLocked(policy, removeSELinuxPolicy, removePropertyContexts, + removeFileContexts, removeSEappContexts, false); + } + + private boolean syncSELinuxPolicyLocked(DevicePolicyData policy, boolean removeAllPolicy, boolean firstBoot) { + return syncSELinuxPolicyLocked(policy, removeAllPolicy, removeAllPolicy, + removeAllPolicy, removeAllPolicy, firstBoot); + } + + /** + * Sync's the current SELinux admin's policies to the device. If there is + * no SELinux admin, then this will set SELinux to permissive mode, + * restore the SELinux boolean values from when the system booted, + * and may remove the {@link SELINUX_POLICY_PATH}, + * {@link PROPERTY_CONTEXTS_PATH}, {@link FILE_CONTEXTS_PATH}, and + * {@link SEAPP_CONTEXTS_PATH} files. + * @return true if policies were synced successfully + */ + private boolean syncSELinuxPolicyLocked(DevicePolicyData policy, + boolean removeSELinuxPolicy, boolean removePropertyContexts, + boolean removeFileContexts, boolean removeSEappContexts, + boolean firstBoot) { + if (!SELinux.isSELinuxEnabled() || policy.mUserHandle != UserHandle.USER_OWNER) { + return false; + } + + ActiveAdmin selinuxAdmin = policy.findSELinuxAdminLocked(); + if (selinuxAdmin == null) { + return false; + } + + boolean systemState = SELinux.isSELinuxEnforced(); + boolean desiredState = selinuxAdmin.enforceSELinux; + if (!firstBoot || !systemState) { + if (systemState != desiredState) { + Slog.v(TAG, "SELinux enforcing was " + systemState + ", to be set to " + desiredState); + boolean res = SELinux.setSELinuxEnforce(desiredState); + Slog.v(TAG, "Change in SELinux enforcing state " + (res ? "succeeded" : "failed")); + if (res == false) { + // this really shouldn't ever happen + resetSELinuxAdmin(selinuxAdmin); + return false; + } + } + } + + Set<String> sebools = selinuxAdmin.sebools.keySet(); + for (String sebool : sebools) { + systemState = SELinux.getBooleanValue(sebool); + desiredState = selinuxAdmin.sebools.get(sebool); + if (systemState != desiredState) { + Slog.v(TAG, "SELinux boolean [" + sebool + "] : " + systemState + " -> " + desiredState); + boolean res = SELinux.setBooleanValue(sebool, desiredState); + Slog.v(TAG, "SELinux boolean " + sebool + " " + (res ? "succeeded" : "failed")); + if (res == false) { + // this really shouldn't ever happen + resetSELinuxAdmin(selinuxAdmin); + return false; + } + } + } + + boolean ret = true; + if (removeSELinuxPolicy || removePropertyContexts + || removeFileContexts || removeSEappContexts) { + File polfile; + polfile = new File(SEPOLICY_PATH_SEPOLICY); + if (removeSELinuxPolicy && polfile.exists() && !polfile.delete()) { + ret = false; + } + polfile = new File(SEPOLICY_PATH_PROPCTXS); + if (removePropertyContexts && polfile.exists() && !polfile.delete()) { + ret = false; + } + polfile = new File(SEPOLICY_PATH_FILECTXS); + if (removeFileContexts && polfile.exists() && !polfile.delete()) { + ret = false; + } + polfile = new File(SEPOLICY_PATH_SEAPPCTXS); + if (removeSEappContexts && polfile.exists() && !polfile.delete()) { + ret = false; + } + SystemProperties.set("selinux.reload_policy", "1"); + } + return ret; + } + + // Cases = 8 + @Override + public boolean isSELinuxAdmin(ComponentName who, int userHandle) { + enforceCrossUserPermission(userHandle); + synchronized (this) { + // Check for permissions + if (who == null) { + throw new NullPointerException("ComponentName is null"); + } + // Only owner can set SELinux settings + if (userHandle != UserHandle.USER_OWNER + || UserHandle.getCallingUserId() != UserHandle.USER_OWNER) { + Slog.w(TAG, "Only owner is allowed to set SELinux settings. User " + + UserHandle.getCallingUserId() + " is not permitted."); + return false; + } + //Case F** = 4 + ActiveAdmin admin = getActiveAdminForCallerLocked(who, + DeviceAdminInfo.USES_POLICY_ENFORCE_SELINUX); + //Case T** = 4 + return admin.isSELinuxAdmin; + } + } + + // Cases = 16 + @Override + public boolean setSELinuxAdmin(ComponentName who, boolean control, int userHandle) { + enforceCrossUserPermission(userHandle); + synchronized (this) { + // Check for permissions + if (who == null) { + throw new NullPointerException("ComponentName is null"); + } + // Only owner can set SELinux settings + if (userHandle != UserHandle.USER_OWNER + || UserHandle.getCallingUserId() != UserHandle.USER_OWNER) { + Slog.w(TAG, "Only owner is allowed to set SELinux settings. User " + + UserHandle.getCallingUserId() + " is not permitted."); + return false; + } + // Case F**(*) = 8 + ActiveAdmin admin = getActiveAdminForCallerLocked(who, + DeviceAdminInfo.USES_POLICY_ENFORCE_SELINUX); + + // Case TT*(T) = 2 + // Case TF*(F) = 2 + if (admin.isSELinuxAdmin == control) { + return true; + } + + DevicePolicyData policy = getUserData(userHandle); + ActiveAdmin curAdmin = policy.findSELinuxAdminLocked(); + + // Case TFF(T) = 1 + if (control && curAdmin == null) { + Slog.v(TAG, "SELinux admin set to " + admin.info.getComponent()); + admin.isSELinuxAdmin = true; + + admin.sebools = new HashMap<String, Boolean>(seboolsOrig.size()); + Set<String> seboolnames = seboolsOrig.keySet(); + for (String sebool : seboolnames) { + boolean value = seboolsOrig.get(sebool); + admin.sebools.put(sebool, value); + } + + saveSettingsLocked(userHandle); + return true; + } + + // Case TTT(F) = 1 + if (!control && curAdmin.equals(admin)) { + boolean setSEpolicyFile = admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEPOLICY]; + boolean setPropertyContextsFile = admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_PROPCTXS]; + boolean setFileContextsFile = admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_FILECTXS]; + boolean setSEappContextsFile = admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEAPPCTXS]; + + Slog.v(TAG, admin.info.getComponent() + " is no longer a SELinux admin"); + + admin.isSELinuxAdmin = false; + admin.enforceSELinux = false; + admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEPOLICY] = false; + admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_PROPCTXS] = false; + admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_FILECTXS] = false; + admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEAPPCTXS] = false; + + saveSettingsLocked(userHandle); + syncSELinuxPolicyLocked(policy, setSEpolicyFile, + setPropertyContextsFile, setFileContextsFile, + setSEappContextsFile); + return true; + } + + //Case TTF(F) = 1 + //Case TFT(T) = 1 + return false; + } + } + + @Override + public boolean getSELinuxEnforcing(ComponentName who, int userHandle) { + enforceCrossUserPermission(userHandle); + synchronized (this) { + // Check for permissions + if (who == null) { + throw new NullPointerException("ComponentName is null"); + } + // Only owner can set SELinux settings + if (userHandle != UserHandle.USER_OWNER + || UserHandle.getCallingUserId() != UserHandle.USER_OWNER) { + Slog.w(TAG, "Only owner is allowed to set SELinux settings. User " + + UserHandle.getCallingUserId() + " is not permitted."); + return false; + } + // Case: F** = 4 + ActiveAdmin admin = getActiveAdminForCallerLocked(who, + DeviceAdminInfo.USES_POLICY_ENFORCE_SELINUX); + // Case: T** = 4 + return admin.isSELinuxAdmin && admin.enforceSELinux; + } + } + + @Override + public boolean setSELinuxEnforcing(ComponentName who, boolean enforcing, int userHandle) { + enforceCrossUserPermission(userHandle); + synchronized (this) { + // Check for permissions + if (who == null) { + throw new NullPointerException("ComponentName is null"); + } + // Only owner can set SELinux settings + if (userHandle != UserHandle.USER_OWNER + || UserHandle.getCallingUserId() != UserHandle.USER_OWNER) { + Slog.w(TAG, "Only owner is allowed to set SELinux settings. User " + + UserHandle.getCallingUserId() + " is not permitted."); + return false; + } + // Case F**(*) = 8 + ActiveAdmin admin = getActiveAdminForCallerLocked(who, + DeviceAdminInfo.USES_POLICY_ENFORCE_SELINUX); + + // Case TF*(*) = 4 + if (!admin.isSELinuxAdmin) { + return false; + } + + // Case TT*(*) = 4 + if (admin.enforceSELinux != enforcing) { + admin.enforceSELinux = enforcing; + saveSettingsLocked(userHandle); + } + DevicePolicyData policy = getUserData(userHandle); + return syncSELinuxPolicyLocked(policy, false); + } + } + + @Override + public List<String> getSELinuxBooleanNames(ComponentName who, int userHandle) { + enforceCrossUserPermission(userHandle); + synchronized (this) { + // Check for permissions + if (who == null) { + throw new NullPointerException("ComponentName is null"); + } + // Only owner can set SELinux settings + if (userHandle != UserHandle.USER_OWNER + || UserHandle.getCallingUserId() != UserHandle.USER_OWNER) { + Slog.w(TAG, "Only owner is allowed to set SELinux settings. User " + + UserHandle.getCallingUserId() + " is not permitted."); + return null; + } + // Case F** = 4 + ActiveAdmin admin = getActiveAdminForCallerLocked(who, + DeviceAdminInfo.USES_POLICY_ENFORCE_SELINUX); + + // Case TF* = 2 + if (!admin.isSELinuxAdmin) { + return null; + } + + // Case TT* = 2 + return new ArrayList<String>(admin.sebools.keySet()); + } + } + + @Override + public boolean getSELinuxBooleanValue(ComponentName who, String name, int userHandle) { + enforceCrossUserPermission(userHandle); + synchronized (this) { + // Check for permissions + if (who == null) { + throw new NullPointerException("ComponentName is null"); + } + // Only owner can set SELinux settings + if (userHandle != UserHandle.USER_OWNER + || UserHandle.getCallingUserId() != UserHandle.USER_OWNER) { + Slog.w(TAG, "Only owner is allowed to set SELinux settings. User " + + UserHandle.getCallingUserId() + " is not permitted."); + return false; + } + // Case F** = 4 + ActiveAdmin admin = getActiveAdminForCallerLocked(who, + DeviceAdminInfo.USES_POLICY_ENFORCE_SELINUX); + + // Case TF* = 2 + if (!admin.isSELinuxAdmin) { + return false; + } + + // Case TT* = 2 + return admin.sebools.containsKey(name) && admin.sebools.get(name); + } + } + + @Override + public boolean setSELinuxBooleanValue(ComponentName who, String name, boolean value, + int userHandle) { + enforceCrossUserPermission(userHandle); + synchronized (this) { + // Check for permissions + if (who == null) { + throw new NullPointerException("ComponentName is null"); + } + // Only owner can set SELinux settings + if (userHandle != UserHandle.USER_OWNER + || UserHandle.getCallingUserId() != UserHandle.USER_OWNER) { + Slog.w(TAG, "Only owner is allowed to set SELinux settings. User " + + UserHandle.getCallingUserId() + " is not permitted."); + return false; + } + ActiveAdmin admin = getActiveAdminForCallerLocked(who, + DeviceAdminInfo.USES_POLICY_ENFORCE_SELINUX); + + if (!admin.isSELinuxAdmin) { + return false; + } + + if (!admin.sebools.containsKey(name)) { + throw new IllegalArgumentException(name + " is not a valid SELinux boolean"); + } + + if (value != admin.sebools.put(name, value)) { + saveSettingsLocked(userHandle); + } + DevicePolicyData policy = getUserData(userHandle); + return syncSELinuxPolicyLocked(policy, false); + } + } + + // Possible MMAC Admin API states: + // 1: Caller has ENFORCE_MMAC = {T,F} + // 2: Caller is a MMAC admin = {T,F} + // 3: There is a MMAC admin on the system = {T,F} + // Invariants: + // a) 1=F -> 2=F + // b) 3=F -> 2=F for all admin apps + // States: + // TTT, TTF, TFT, TFF, FTT, FTF, FFT, FFF + // TTT, TFT, TFF, FFT, FFF + // TTF fails b, + // FTT fails a + // FTF fails a,b + + private boolean syncMMACpolicyLocked(DevicePolicyData policy, boolean removePolicy) { + return syncMMACpolicyLocked(policy, removePolicy, false); + } + + /** + * Sync's the current MMAC admin's policies to the device. If there is + * no MMAC admin, then this will set MMAC to permissive mode + * and may remove the {@link MMAC_POLICY_PATH} file. + * @return true if policies were synced successfully + */ + private boolean syncMMACpolicyLocked(DevicePolicyData policy, boolean removePolicy, + boolean firstBoot) { + if (policy.mUserHandle != UserHandle.USER_OWNER) { + return false; + } + + ActiveAdmin mmacAdmin = policy.findMMACadminLocked(); + if (mmacAdmin == null) { + return false; + } + + boolean systemState = SystemProperties.getBoolean(MMAC_ENFORCE_PROPERTY, false); + boolean enforceMMAC = mmacAdmin.enforceMMAC; + if (!firstBoot || !systemState) { + if (systemState != enforceMMAC) { + Slog.v(TAG, "Changed MMAC enforcing status " + systemState + " to " + enforceMMAC); + SystemProperties.set(MMAC_ENFORCE_PROPERTY, enforceMMAC ? "true" : "false"); + } + } + + boolean ret = true; + if (removePolicy) { + File polFile; + polFile = new File(MMAC_POLICY_PATH); + if (polFile.exists() && !polFile.delete()) { + ret = false; + } + } + return ret; + } + + // Cases = 8 + @Override + public boolean isMMACadmin(ComponentName who, int userHandle) { + //Uses very similar code to the SELinux version + enforceCrossUserPermission(userHandle); + synchronized (this) { + // Check for permissions + if (who == null) { + throw new NullPointerException("ComponentName is null"); + } + // Only owner can set MMAC settings + if (userHandle != UserHandle.USER_OWNER + || UserHandle.getCallingUserId() != UserHandle.USER_OWNER) { + Slog.w(TAG, "Only owner is allowed to set MMAC settings. User " + + UserHandle.getCallingUserId() + " is not permitted."); + return false; + } + // Case F** = 4 + ActiveAdmin admin = getActiveAdminForCallerLocked(who, + DeviceAdminInfo.USES_POLICY_ENFORCE_MMAC); + // Case T** = 4 + return admin.isMMACadmin; + } + } + + // Cases = 16 + @Override + public boolean setMMACadmin(ComponentName who, boolean control, int userHandle) { + //Uses very similar code to the SELinux version + enforceCrossUserPermission(userHandle); + synchronized (this) { + // Check for permissions + if (who == null) { + throw new NullPointerException("ComponentName is null"); + } + // Only owner can set MMAC settings + if (userHandle != UserHandle.USER_OWNER + || UserHandle.getCallingUserId() != UserHandle.USER_OWNER) { + Slog.w(TAG, "Only owner is allowed to set MMAC settings. User " + + UserHandle.getCallingUserId() + " is not permitted."); + return false; + } + // Case F**(*) = 8 + ActiveAdmin admin = getActiveAdminForCallerLocked(who, + DeviceAdminInfo.USES_POLICY_ENFORCE_MMAC); + + // Case TT*(T) = 2 + // Case TF*(F) = 2 + if (admin.isMMACadmin == control) { + return true; + } + + DevicePolicyData policy = getUserData(userHandle); + ActiveAdmin curAdmin = policy.findMMACadminLocked(); + + // Case TFF(T) = 1 + if (control && curAdmin == null) { + Slog.v(TAG, "SE Android MMAC admin set to " + admin.info.getComponent()); + admin.isMMACadmin = true; + saveSettingsLocked(userHandle); + return true; + } + + // Case TTT(F) = 1 + if (!control && curAdmin.equals(admin)) { + boolean setMMACpolicyFile = admin.isCustomPolicyFile[DevicePolicyManager.MMAC_POLICY_FILE]; + Slog.v(TAG, admin.info.getComponent() + " is no longer a SE Android MMAC admin"); + + admin.isMMACadmin = false; + admin.enforceMMAC = false; + admin.isCustomPolicyFile[DevicePolicyManager.MMAC_POLICY_FILE] = false; + + saveSettingsLocked(userHandle); + syncMMACpolicyLocked(policy, setMMACpolicyFile); + return true; + } + } + + // Case TTF(F) = 1 + // Case TFT(T) = 1 + return false; + } + + @Override + public boolean getMMACenforcing(ComponentName who, int userHandle) { + //Uses very similar code to the SELinux version + enforceCrossUserPermission(userHandle); + synchronized (this) { + // Check for permissions + if (who == null) { + throw new NullPointerException("ComponentName is null"); + } + // Only owner can set MMAC settings + if (userHandle != UserHandle.USER_OWNER + || UserHandle.getCallingUserId() != UserHandle.USER_OWNER) { + Slog.w(TAG, "Only owner is allowed to set MMAC settings. User " + + UserHandle.getCallingUserId() + " is not permitted."); + return false; + } + // Case: F** = 4 + ActiveAdmin admin = getActiveAdminForCallerLocked(who, + DeviceAdminInfo.USES_POLICY_ENFORCE_MMAC); + // Case: T** = 4 + return admin.isMMACadmin && admin.enforceMMAC; + } + } + + @Override + public boolean setMMACenforcing(ComponentName who, boolean enforcing, int userHandle) { + //Uses very similar code to the SELinux version + enforceCrossUserPermission(userHandle); + synchronized (this) { + // Check for permissions + if (who == null) { + throw new NullPointerException("ComponentName is null"); + } + // Only owner can set MMAC settings + if (userHandle != UserHandle.USER_OWNER + || UserHandle.getCallingUserId() != UserHandle.USER_OWNER) { + Slog.w(TAG, "Only owner is allowed to set MMAC settings. User " + + UserHandle.getCallingUserId() + " is not permitted."); + return false; + } + // Case F**(*) = 8 + ActiveAdmin admin = getActiveAdminForCallerLocked(who, + DeviceAdminInfo.USES_POLICY_ENFORCE_MMAC); + + // Case TF*(*) = 4 + if (!admin.isMMACadmin) { + return false; + } + + // Case TT*(*) = 4 + if (admin.enforceMMAC != enforcing) { + admin.enforceMMAC = enforcing; + saveSettingsLocked(userHandle); + } + DevicePolicyData policy = getUserData(userHandle); + return syncMMACpolicyLocked(policy, false); + } + } + + @Override + public boolean isCustomPolicyFile(ComponentName who, int policyType, int userHandle) { + enforceCrossUserPermission(userHandle); + synchronized (this) { + // Check for permissions + if (who == null) { + throw new NullPointerException("ComponentName is null"); + } + if (policyType >= DevicePolicyManager.SEPOLICY_FILE_COUNT) { + throw new IllegalArgumentException("policyType is unknown"); + } + // Only owner can set SELinux settings + if (userHandle != UserHandle.USER_OWNER + || UserHandle.getCallingUserId() != UserHandle.USER_OWNER) { + Slog.w(TAG, "Only owner is allowed to set SELinux settings. User " + + UserHandle.getCallingUserId() + " is not permitted."); + return false; + } + PolicyFileDescription desc = POLICY_DESCRIPTIONS[policyType]; + ActiveAdmin admin = getActiveAdminForCallerLocked(who, desc.reqPolicy); + return desc.isPolicyAdmin(admin) && admin.isCustomPolicyFile[policyType]; + } + } + + @Override + public boolean setCustomPolicyFile(ComponentName who, int policyType, byte[] policy, + int userHandle) { + enforceCrossUserPermission(userHandle); + synchronized (this) { + // Check for permissions + if (who == null) { + throw new NullPointerException("ComponentName is null"); + } + if (policyType >= DevicePolicyManager.SEPOLICY_FILE_COUNT) { + throw new IllegalArgumentException("policyType is unknown"); + } + // Only owner can set SELinux settings + if (userHandle != UserHandle.USER_OWNER + || UserHandle.getCallingUserId() != UserHandle.USER_OWNER) { + Slog.w(TAG, "Only owner is allowed to set SELinux settings. User " + + UserHandle.getCallingUserId() + " is not permitted."); + return false; + } + + PolicyFileDescription desc = POLICY_DESCRIPTIONS[policyType]; + File polFile = new File(desc.path); + File polFileTmp = new File(desc.path + ".tmp"); + ActiveAdmin admin = getActiveAdminForCallerLocked(who, + desc.reqPolicy); + if (!desc.isPolicyAdmin(admin)) { + return false; + } + + boolean newPolicy = policy != null; + if (newPolicy != admin.isCustomPolicyFile[policyType]) { + admin.isCustomPolicyFile[policyType] = newPolicy; + saveSettingsLocked(userHandle); + } + boolean ret = writePolicyFile(polFile, polFileTmp, policy); + if (ret) { + desc.doPolicyReload(); + } + return ret; + } + } + + /* Are there better ways than passing a byte[]? This might involve a lot + * of copying. Can we pass file descriptors? Can we pass a path (and what + * are the security implications)? If SELinux is enforcing, can system + * domain access another app's files? + * + * byte[] allows admin apps to set a policy without ever having to write + * the file to to storage, eg an admin app receiving a new policy file over + * data connection. + * + * We don't need to save this policy file somewhere in the ActiveAdmin/xml + * because it's written to /data/system, which is persistent. + */ + private boolean writePolicyFile(File policyFile, File tempPolicyFile, byte[] policy) { + if (policy == null) { + if (policyFile.exists() && !policyFile.delete()) { + return false; + } + return true; + } else { + if (policy.length == 0) { + return false; + } + JournaledFile journal = new JournaledFile(policyFile, tempPolicyFile); + FileOutputStream stream = null; + try { + stream = new FileOutputStream(journal.chooseForWrite(), false); + stream.write(policy); + stream.flush(); + stream.close(); + journal.commit(); + } catch (IOException err) { + if (stream != null) { + try { + stream.close(); + } catch (IOException ex) { + //ignore + } + } + journal.rollback(); + Slog.w(TAG, err.toString()); + return false; + } + return true; + } + } + @Override protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP) diff --git a/services/java/com/android/server/am/ActivityManagerService.java b/services/java/com/android/server/am/ActivityManagerService.java index d7f9eb4..4c83116 100644 --- a/services/java/com/android/server/am/ActivityManagerService.java +++ b/services/java/com/android/server/am/ActivityManagerService.java @@ -2217,7 +2217,7 @@ public final class ActivityManagerService extends ActivityManagerNative // the PID of the new process, or else throw a RuntimeException. Process.ProcessStartResult startResult = Process.start("android.app.ActivityThread", app.processName, uid, uid, gids, debugFlags, mountExternal, - app.info.targetSdkVersion, null, null); + app.info.targetSdkVersion, app.info.seinfo, null); BatteryStatsImpl bs = app.batteryStats.getBatteryStats(); synchronized (bs) { diff --git a/services/java/com/android/server/am/BatteryStatsService.java b/services/java/com/android/server/am/BatteryStatsService.java index ab20208..99cb2c8 100644 --- a/services/java/com/android/server/am/BatteryStatsService.java +++ b/services/java/com/android/server/am/BatteryStatsService.java @@ -330,6 +330,13 @@ public final class BatteryStatsService extends IBatteryStats.Stub { synchronized (mStats) { mBluetoothPendingStats = false; mStats.noteBluetoothOffLocked(); + mStats.setBtHeadset(null); + } + + BluetoothAdapter adapter = BluetoothAdapter.getDefaultAdapter(); + if (adapter != null && mBluetoothHeadset != null) { + adapter.closeProfileProxy(BluetoothProfile.HEADSET, mBluetoothHeadset); + mBluetoothHeadset = null; } } diff --git a/services/java/com/android/server/location/GpsLocationProvider.java b/services/java/com/android/server/location/GpsLocationProvider.java index 22c52f4..cba2db2 100644 --- a/services/java/com/android/server/location/GpsLocationProvider.java +++ b/services/java/com/android/server/location/GpsLocationProvider.java @@ -1471,7 +1471,7 @@ public class GpsLocationProvider implements LocationProviderInterface { type = AGPS_REF_LOCATION_TYPE_GSM_CELLID; } native_agps_set_ref_location_cellid(type, mcc, mnc, - gsm_cell.getLac(), gsm_cell.getCid()); + gsm_cell.getLac(), gsm_cell.getPsc(), gsm_cell.getCid()); } else { Log.e(TAG,"Error getting cell location info."); } @@ -1642,7 +1642,7 @@ public class GpsLocationProvider implements LocationProviderInterface { // AGPS ril suport private native void native_agps_set_ref_location_cellid(int type, int mcc, int mnc, - int lac, int cid); + int lac, int psc, int cid); private native void native_agps_set_id(int type, String setid); private native void native_update_network_state(boolean connected, int type, diff --git a/services/java/com/android/server/pm/Installer.java b/services/java/com/android/server/pm/Installer.java index 71a6a01..6a071ef 100644 --- a/services/java/com/android/server/pm/Installer.java +++ b/services/java/com/android/server/pm/Installer.java @@ -188,7 +188,7 @@ public final class Installer { } } - public int install(String name, int uid, int gid) { + public int install(String name, int uid, int gid, String seinfo) { StringBuilder builder = new StringBuilder("install"); builder.append(' '); builder.append(name); @@ -196,6 +196,8 @@ public final class Installer { builder.append(uid); builder.append(' '); builder.append(gid); + builder.append(' '); + builder.append(seinfo != null ? seinfo : "!"); return execute(builder.toString()); } @@ -263,7 +265,7 @@ public final class Installer { return execute(builder.toString()); } - public int createUserData(String name, int uid, int userId) { + public int createUserData(String name, int uid, int userId, String seinfo) { StringBuilder builder = new StringBuilder("mkuserdata"); builder.append(' '); builder.append(name); @@ -271,6 +273,8 @@ public final class Installer { builder.append(uid); builder.append(' '); builder.append(userId); + builder.append(' '); + builder.append(seinfo != null ? seinfo : "!"); return execute(builder.toString()); } diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java index f134854..0c09a7e 100644 --- a/services/java/com/android/server/pm/PackageManagerService.java +++ b/services/java/com/android/server/pm/PackageManagerService.java @@ -181,6 +181,8 @@ public class PackageManagerService extends IPackageManager.Stub { private static final boolean DEBUG_PREFERRED = false; static final boolean DEBUG_UPGRADE = false; private static final boolean DEBUG_INSTALL = false; + private static final boolean DEBUG_POLICY = true; + private static final boolean DEBUG_POLICY_INSTALL = DEBUG_POLICY || false; private static final boolean DEBUG_REMOVE = false; private static final boolean DEBUG_BROADCASTS = false; private static final boolean DEBUG_SHOW_INFO = false; @@ -360,6 +362,9 @@ public class PackageManagerService extends IPackageManager.Stub { final HashMap<String, FeatureInfo> mAvailableFeatures = new HashMap<String, FeatureInfo>(); + // If mac_permissions.xml was found for seinfo labeling. + boolean mFoundPolicyFile; + // All available activities, for your resolving pleasure. final ActivityIntentResolver mActivities = new ActivityIntentResolver(); @@ -1035,6 +1040,8 @@ public class PackageManagerService extends IPackageManager.Stub { readPermissions(); + mFoundPolicyFile = SELinuxMMAC.readInstallPolicy(); + mRestoredSettings = mSettings.readLPw(sUserManager.getUsers(false), mSdkVersion, mOnlyCore); long startTime = SystemClock.uptimeMillis(); @@ -3597,16 +3604,16 @@ public class PackageManagerService extends IPackageManager.Stub { } } - private int createDataDirsLI(String packageName, int uid) { + private int createDataDirsLI(String packageName, int uid, String seinfo) { int[] users = sUserManager.getUserIds(); - int res = mInstaller.install(packageName, uid, uid); + int res = mInstaller.install(packageName, uid, uid, seinfo); if (res < 0) { return res; } for (int user : users) { if (user != 0) { res = mInstaller.createUserData(packageName, - UserHandle.getUid(user, uid), user); + UserHandle.getUid(user, uid), user, seinfo); if (res < 0) { return res; } @@ -3876,6 +3883,14 @@ public class PackageManagerService extends IPackageManager.Stub { pkg.applicationInfo.flags |= ApplicationInfo.FLAG_UPDATED_SYSTEM_APP; } + if (mFoundPolicyFile && !SELinuxMMAC.passInstallPolicyChecks(pkg) && + SELinuxMMAC.getEnforcingMode()) { + Slog.w(TAG, "Installing application package " + pkg.packageName + + " failed due to policy."); + mLastScanError = PackageManager.INSTALL_FAILED_POLICY_REJECTED_PERMISSION; + return null; + } + pkg.applicationInfo.uid = pkgSetting.appId; pkg.mExtras = pkgSetting; @@ -4014,7 +4029,8 @@ public class PackageManagerService extends IPackageManager.Stub { recovered = true; // And now re-install the app. - ret = createDataDirsLI(pkgName, pkg.applicationInfo.uid); + ret = createDataDirsLI(pkgName, pkg.applicationInfo.uid, + pkg.applicationInfo.seinfo); if (ret == -1) { // Ack should not happen! msg = prefix + pkg.packageName @@ -4060,7 +4076,8 @@ public class PackageManagerService extends IPackageManager.Stub { Log.v(TAG, "Want this data dir: " + dataPath); } //invoke installer to do the actual installation - int ret = createDataDirsLI(pkgName, pkg.applicationInfo.uid); + int ret = createDataDirsLI(pkgName, pkg.applicationInfo.uid, + pkg.applicationInfo.seinfo); if (ret < 0) { // Error from installer mLastScanError = PackageManager.INSTALL_FAILED_INSUFFICIENT_STORAGE; diff --git a/services/java/com/android/server/pm/SELinuxMMAC.java b/services/java/com/android/server/pm/SELinuxMMAC.java new file mode 100644 index 0000000..b73d75a --- /dev/null +++ b/services/java/com/android/server/pm/SELinuxMMAC.java @@ -0,0 +1,535 @@ +/* + * Copyright (C) 2012 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.pm; + +import android.content.pm.ApplicationInfo; +import android.content.pm.PackageParser; +import android.content.pm.Signature; +import android.os.Environment; +import android.os.SystemProperties; +import android.text.TextUtils; +import android.util.Slog; +import android.util.Xml; + +import com.android.internal.util.XmlUtils; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.FileReader; +import java.io.IOException; + +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.TreeSet; + +import org.xmlpull.v1.XmlPullParser; +import org.xmlpull.v1.XmlPullParserException; + +/** + * Centralized access to SELinux MMAC (middleware MAC) implementation. + * {@hide} + */ +public final class SELinuxMMAC { + + private static final String TAG = "SELinuxMMAC"; + private static final String MMAC_DENY = "MMAC_DENIAL:"; + private static final String MMAC_ENFORCE_PROPERTY = "persist.mmac.enforce"; + private static final boolean DEBUG_POLICY = true; + private static final boolean DEBUG_POLICY_INSTALL = DEBUG_POLICY || false; + + // Signature based policy. + private static final HashMap<Signature, InstallPolicy> SIG_POLICY = + new HashMap<Signature, InstallPolicy>(); + + // Package name based policy. + private static final HashMap<String, InstallPolicy> PKG_POLICY = + new HashMap<String, InstallPolicy>(); + + // Locations of potential install policy files. + private static final File[] INSTALL_POLICY_FILE = { + new File(Environment.getDataDirectory(), "security/mac_permissions.xml"), + new File(Environment.getRootDirectory(), "etc/security/mac_permissions.xml"), + null}; + + private static void flushInstallPolicy() { + SIG_POLICY.clear(); + PKG_POLICY.clear(); + } + + /** + * Parses an MMAC install policy from a predefined list of locations. + * @param none + * @return boolean indicating whether an install policy was correctly parsed. + */ + public static boolean readInstallPolicy() { + + return readInstallPolicy(INSTALL_POLICY_FILE); + } + + /** + * Returns the current status of MMAC enforcing mode. + * @param none + * @return boolean indicating whether or not the device is in enforcing mode. + */ + public static boolean getEnforcingMode() { + return SystemProperties.getBoolean(MMAC_ENFORCE_PROPERTY, false); + } + + /** + * Sets the current status of MMAC enforcing mode. + * @param boolean value to set the enforcing state too. + */ + public static void setEnforcingMode(boolean value) { + SystemProperties.set(MMAC_ENFORCE_PROPERTY, value ? "1" : "0"); + } + + /** + * Parses an MMAC install policy given as an argument. + * @param File object representing the path of the policy. + * @return boolean indicating whether the install policy was correctly parsed. + */ + public static boolean readInstallPolicy(File policyFile) { + + return readInstallPolicy(new File[]{policyFile,null}); + } + + private static boolean readInstallPolicy(File[] policyFiles) { + + FileReader policyFile = null; + int i = 0; + while (policyFile == null && policyFiles != null && policyFiles[i] != null) { + try { + policyFile = new FileReader(policyFiles[i]); + break; + } catch (FileNotFoundException e) { + Slog.d(TAG,"Couldn't find install policy " + policyFiles[i].getPath()); + } + i++; + } + + if (policyFile == null) { + Slog.d(TAG, "MMAC install disabled."); + return false; + } + + Slog.d(TAG, "MMAC install enabled using file " + policyFiles[i].getPath()); + + boolean enforcing = getEnforcingMode(); + String mode = enforcing ? "enforcing" : "permissive"; + Slog.d(TAG, "MMAC install starting in " + mode + " mode."); + + flushInstallPolicy(); + + try { + XmlPullParser parser = Xml.newPullParser(); + parser.setInput(policyFile); + + XmlUtils.beginDocument(parser, "policy"); + while (true) { + XmlUtils.nextElement(parser); + if (parser.getEventType() == XmlPullParser.END_DOCUMENT) { + break; + } + + String tagName = parser.getName(); + if ("signer".equals(tagName)) { + String cert = parser.getAttributeValue(null, "signature"); + if (cert == null) { + Slog.w(TAG, "<signer> without signature at " + + parser.getPositionDescription()); + XmlUtils.skipCurrentTag(parser); + continue; + } + Signature signature; + try { + signature = new Signature(cert); + } catch (IllegalArgumentException e) { + Slog.w(TAG, "<signer> with bad signature at " + + parser.getPositionDescription(), e); + XmlUtils.skipCurrentTag(parser); + continue; + } + + if (signature == null) { + Slog.w(TAG, "<signer> with null signature at " + + parser.getPositionDescription()); + XmlUtils.skipCurrentTag(parser); + continue; + } + InstallPolicy type = determineInstallPolicyType(parser, true); + if (type != null) { + if (DEBUG_POLICY_INSTALL) { + // Pretty print the cert + int rowLength = 75; + int certLength = cert.length(); + int rows = certLength / rowLength; + Slog.i(TAG, "<signer> tag:"); + for (int j = 0; j <= rows; j++) { + int start = rowLength * j; + int rowEndIndex = (rowLength * j) + rowLength; + int end = rowEndIndex < certLength ? rowEndIndex : certLength; + Slog.i(TAG, cert.substring(start, end)); + } + Slog.i(TAG, " Assigned: " + type); + } + + SIG_POLICY.put(signature, type); + } + } else if ("default".equals(tagName)) { + InstallPolicy type = determineInstallPolicyType(parser, true); + if (type != null) { + if (DEBUG_POLICY_INSTALL) + Slog.i(TAG, "<default> tag assigned " + type); + + // The 'null' signature is the default seinfo value + SIG_POLICY.put(null, type); + } + } else if ("package".equals(tagName)) { + String pkgName = parser.getAttributeValue(null, "name"); + if (pkgName == null) { + Slog.w(TAG, "<package> without name at " + + parser.getPositionDescription()); + XmlUtils.skipCurrentTag(parser); + continue; + } + InstallPolicy type = determineInstallPolicyType(parser, false); + if (type != null) { + if (DEBUG_POLICY_INSTALL) + Slog.i(TAG, "<package> outer tag: (" + pkgName + + ") assigned " + type); + + PKG_POLICY.put(pkgName, type); + } + } else { + XmlUtils.skipCurrentTag(parser); + continue; + } + } + } catch (XmlPullParserException e) { + Slog.w(TAG, "Got execption parsing ", e); + } catch (IOException e) { + Slog.w(TAG, "Got execption parsing ", e); + } + try { + policyFile.close(); + } catch (IOException e) { + //omit + } + return true; + } + + private static InstallPolicy determineInstallPolicyType(XmlPullParser parser, + boolean notInsidePackageTag) throws + IOException, XmlPullParserException { + + final HashSet<String> denyPolicyPerms = new HashSet<String>(); + final HashSet<String> allowPolicyPerms = new HashSet<String>(); + + final HashMap<String, InstallPolicy> pkgPolicy = new HashMap<String, InstallPolicy>(); + + int type; + int outerDepth = parser.getDepth(); + boolean allowAll = false; + String seinfo = null; + while ((type=parser.next()) != XmlPullParser.END_DOCUMENT + && (type != XmlPullParser.END_TAG + || parser.getDepth() > outerDepth)) { + if (type == XmlPullParser.END_TAG + || type == XmlPullParser.TEXT) { + continue; + } + + String tagName = parser.getName(); + if ("seinfo".equals(tagName)) { + String seinfoValue = parser.getAttributeValue(null, "value"); + if (validateValue(seinfoValue)) { + seinfo = seinfoValue; + } else { + Slog.w(TAG, "<seinfo> without valid value at " + + parser.getPositionDescription()); + } + } else if ("allow-permission".equals(tagName)) { + String permName = parser.getAttributeValue(null, "name"); + if (permName != null) { + allowPolicyPerms.add(permName); + } else { + Slog.w(TAG, "<allow-permission> without name at " + + parser.getPositionDescription()); + } + } else if ("deny-permission".equals(tagName)) { + String permName = parser.getAttributeValue(null, "name"); + if (permName != null) { + denyPolicyPerms.add(permName); + } else { + Slog.w(TAG, "<deny-permission> without name at " + + parser.getPositionDescription()); + } + } else if ("allow-all".equals(tagName)) { + allowAll = true; + } else if ("package".equals(tagName) && notInsidePackageTag) { + String pkgName = parser.getAttributeValue(null, "name"); + if (pkgName != null) { + InstallPolicy policyType = determineInstallPolicyType(parser, false); + if (policyType != null) { + pkgPolicy.put(pkgName, policyType); + if (DEBUG_POLICY_INSTALL) { + Slog.i(TAG, "<package> inner tag: (" + pkgName + + ") assigned " + policyType); + } + } + continue; + } else { + Slog.w(TAG, "<package> inner tag without name at " + + parser.getPositionDescription()); + } + } + XmlUtils.skipCurrentTag(parser); + } + + // Order is important. Provide the least amount of privilege. + InstallPolicy permPolicyType = null; + if (denyPolicyPerms.size() > 0) { + permPolicyType = new BlackListPolicy(denyPolicyPerms, pkgPolicy, seinfo); + } else if (allowPolicyPerms.size() > 0) { + permPolicyType = new WhiteListPolicy(allowPolicyPerms, pkgPolicy, seinfo); + } else if (allowAll) { + permPolicyType = new InstallPolicy(null, pkgPolicy, seinfo); + } else if (!pkgPolicy.isEmpty()) { + // Consider the case where outside tag has no perms attached + // but has an inner package stanza. All the above cases assume that + // the outer stanza has permission tags, but here we want to ensure + // we capture the inner but deny all outer. + permPolicyType = new DenyPolicy(null, pkgPolicy, seinfo); + } + + return permPolicyType; + } + + static class InstallPolicy { + + final HashSet<String> policyPerms; + final HashMap<String, InstallPolicy> pkgPolicy; + final private String seinfo; + + InstallPolicy(HashSet<String> policyPerms, HashMap<String, InstallPolicy> pkgPolicy, + String seinfo) { + + this.policyPerms = policyPerms; + this.pkgPolicy = pkgPolicy; + this.seinfo = seinfo; + } + + boolean passedPolicyChecks(PackageParser.Package pkg) { + // ensure that local package policy takes precedence + if (pkgPolicy.containsKey(pkg.packageName)) { + return pkgPolicy.get(pkg.packageName).passedPolicyChecks(pkg); + } + return true; + } + + String getSEinfo(String pkgName) { + if (pkgPolicy.containsKey(pkgName)) { + return pkgPolicy.get(pkgName).getSEinfo(pkgName); + } + return seinfo; + } + + public String toString() { + StringBuilder out = new StringBuilder(); + out.append("["); + if (policyPerms != null) { + out.append(TextUtils.join(",\n", new TreeSet<String>(policyPerms))); + } else { + out.append("allow-all"); + } + out.append("]"); + return out.toString(); + } + } + + static class WhiteListPolicy extends InstallPolicy { + + WhiteListPolicy(HashSet<String> policyPerms, HashMap<String, InstallPolicy> pkgPolicy, + String seinfo) { + + super(policyPerms, pkgPolicy, seinfo); + } + + @Override + public boolean passedPolicyChecks(PackageParser.Package pkg) { + // ensure that local package policy takes precedence + if (pkgPolicy.containsKey(pkg.packageName)) { + return pkgPolicy.get(pkg.packageName).passedPolicyChecks(pkg); + } + + Iterator itr = pkg.requestedPermissions.iterator(); + while (itr.hasNext()) { + String perm = (String)itr.next(); + if (!policyPerms.contains(perm)) { + Slog.w(TAG, MMAC_DENY + " Policy whitelist rejected package " + + pkg.packageName + ". The rejected permission is " + perm + + " The maximal set allowed is: " + toString()); + return false; + } + } + return true; + } + + @Override + public String toString() { + return "allowed-permissions => \n" + super.toString(); + } + } + + static class BlackListPolicy extends InstallPolicy { + + BlackListPolicy(HashSet<String> policyPerms, HashMap<String, InstallPolicy> pkgPolicy, + String seinfo) { + + super(policyPerms, pkgPolicy, seinfo); + } + + @Override + public boolean passedPolicyChecks(PackageParser.Package pkg) { + // ensure that local package policy takes precedence + if (pkgPolicy.containsKey(pkg.packageName)) { + return pkgPolicy.get(pkg.packageName).passedPolicyChecks(pkg); + } + + Iterator itr = pkg.requestedPermissions.iterator(); + while (itr.hasNext()) { + String perm = (String)itr.next(); + if (policyPerms.contains(perm)) { + Slog.w(TAG, MMAC_DENY + " Policy blacklisted permission " + perm + + " for package " + pkg.packageName); + return false; + } + } + return true; + } + + @Override + public String toString() { + return "denied-permissions => \n" + super.toString(); + } + } + + static class DenyPolicy extends InstallPolicy { + + DenyPolicy(HashSet<String> policyPerms, HashMap<String, InstallPolicy> pkgPolicy, + String seinfo) { + + super(policyPerms, pkgPolicy, seinfo); + } + + @Override + public boolean passedPolicyChecks(PackageParser.Package pkg) { + // ensure that local package policy takes precedence + if (pkgPolicy.containsKey(pkg.packageName)) { + return pkgPolicy.get(pkg.packageName).passedPolicyChecks(pkg); + } + return false; + } + + @Override + public String toString() { + return "deny-all"; + } + } + + /** + * General validation routine for tag values. + * Returns a boolean indicating if the passed string + * contains only letters or underscores. + */ + private static boolean validateValue(String name) { + if (name == null) + return false; + + final int N = name.length(); + if (N == 0) + return false; + + for (int i = 0; i < N; i++) { + final char c = name.charAt(i); + if ((c < 'a' || c > 'z') && (c < 'A' || c > 'Z') && (c != '_')) { + return false; + } + } + return true; + } + + /** + * Detemines if the package passes policy. If the package does pass + * policy checks then an seinfo label is also assigned to the package. + * @param PackageParser.Package object representing the package + * to installed and labeled. + * @return boolean Indicates whether the package passed policy. + */ + public static boolean passInstallPolicyChecks(PackageParser.Package pkg) { + // We just want one of the signatures to match. + for (Signature s : pkg.mSignatures) { + if (s == null) + continue; + + // Check for a non default signature policy. + if (SIG_POLICY.containsKey(s)) { + InstallPolicy policy = SIG_POLICY.get(s); + if (policy.passedPolicyChecks(pkg)) { + String seinfo = pkg.applicationInfo.seinfo = policy.getSEinfo(pkg.packageName); + if (DEBUG_POLICY_INSTALL) + Slog.i(TAG, "package (" + pkg.packageName + ") installed with " + + " seinfo=" + (seinfo == null ? "null" : seinfo)); + return true; + } + } + } + + // Check for a global per-package policy. + if (PKG_POLICY.containsKey(pkg.packageName)) { + boolean passed = false; + InstallPolicy policy = PKG_POLICY.get(pkg.packageName); + if (policy.passedPolicyChecks(pkg)) { + String seinfo = pkg.applicationInfo.seinfo = policy.getSEinfo(pkg.packageName); + if (DEBUG_POLICY_INSTALL) + Slog.i(TAG, "package (" + pkg.packageName + ") installed with " + + " seinfo=" + (seinfo == null ? "null" : seinfo)); + passed = true; + } + return passed; + } + + // Check for a default policy. + if (SIG_POLICY.containsKey(null)) { + boolean passed = false; + InstallPolicy policy = SIG_POLICY.get(null); + if (policy.passedPolicyChecks(pkg)) { + String seinfo = pkg.applicationInfo.seinfo = policy.getSEinfo(pkg.packageName); + if (DEBUG_POLICY_INSTALL) + Slog.i(TAG, "package (" + pkg.packageName + ") installed with " + + " seinfo=" + (seinfo == null ? "null" : seinfo)); + passed = true; + } + return passed; + } + + // If we get here it's because this package had no policy. + return false; + } +} diff --git a/services/java/com/android/server/pm/Settings.java b/services/java/com/android/server/pm/Settings.java index 4b716ed..47d6bb3 100644 --- a/services/java/com/android/server/pm/Settings.java +++ b/services/java/com/android/server/pm/Settings.java @@ -1375,6 +1375,7 @@ final class Settings { // userId - application-specific user id // debugFlag - 0 or 1 if the package is debuggable. // dataPath - path to package's data path + // seinfo - seinfo label for the app (assigned at install time) // // NOTE: We prefer not to expose all ApplicationInfo flags for now. // @@ -1388,6 +1389,8 @@ final class Settings { sb.append((int)ai.uid); sb.append(isDebug ? " 1 " : " 0 "); sb.append(dataPath); + sb.append(" "); + sb.append(ai.seinfo); sb.append("\n"); str.write(sb.toString().getBytes()); } @@ -2353,7 +2356,8 @@ final class Settings { ps.setInstalled((ps.pkgFlags&ApplicationInfo.FLAG_SYSTEM) != 0, userHandle); // Need to create a data directory for all apps under this user. installer.createUserData(ps.name, - UserHandle.getUid(userHandle, ps.appId), userHandle); + UserHandle.getUid(userHandle, ps.appId), userHandle, + ps.pkg.applicationInfo.seinfo); } readDefaultPreferredAppsLPw(userHandle); writePackageRestrictionsLPr(userHandle); diff --git a/services/jni/com_android_server_location_GpsLocationProvider.cpp b/services/jni/com_android_server_location_GpsLocationProvider.cpp index f2ec1b3..4285ddf 100644 --- a/services/jni/com_android_server_location_GpsLocationProvider.cpp +++ b/services/jni/com_android_server_location_GpsLocationProvider.cpp @@ -375,7 +375,7 @@ static jint android_location_GpsLocationProvider_read_sv_status(JNIEnv* env, job } static void android_location_GpsLocationProvider_agps_set_reference_location_cellid(JNIEnv* env, - jobject obj, jint type, jint mcc, jint mnc, jint lac, jint cid) + jobject obj, jint type, jint mcc, jint mnc, jint lac, jint psc, jint cid) { AGpsRefLocation location; @@ -388,9 +388,13 @@ static void android_location_GpsLocationProvider_agps_set_reference_location_cel case AGPS_REF_LOCATION_TYPE_GSM_CELLID: case AGPS_REF_LOCATION_TYPE_UMTS_CELLID: location.type = type; + location.u.cellID.type = type; location.u.cellID.mcc = mcc; location.u.cellID.mnc = mnc; location.u.cellID.lac = lac; +#ifdef AGPS_USE_PSC + location.u.cellID.psc = psc; +#endif location.u.cellID.cid = cid; break; default: @@ -601,7 +605,7 @@ static JNINativeMethod sMethods[] = { {"native_agps_data_conn_closed", "()V", (void*)android_location_GpsLocationProvider_agps_data_conn_closed}, {"native_agps_data_conn_failed", "()V", (void*)android_location_GpsLocationProvider_agps_data_conn_failed}, {"native_agps_set_id","(ILjava/lang/String;)V",(void*)android_location_GpsLocationProvider_agps_set_id}, - {"native_agps_set_ref_location_cellid","(IIIII)V",(void*)android_location_GpsLocationProvider_agps_set_reference_location_cellid}, + {"native_agps_set_ref_location_cellid","(IIIIII)V",(void*)android_location_GpsLocationProvider_agps_set_reference_location_cellid}, {"native_set_agps_server", "(ILjava/lang/String;I)V", (void*)android_location_GpsLocationProvider_set_agps_server}, {"native_send_ni_response", "(II)V", (void*)android_location_GpsLocationProvider_send_ni_response}, {"native_agps_ni_message", "([BI)V", (void *)android_location_GpsLocationProvider_agps_send_ni_message}, diff --git a/services/tests/servicestests/Android.mk b/services/tests/servicestests/Android.mk index 81a2c14..e303a09 100644 --- a/services/tests/servicestests/Android.mk +++ b/services/tests/servicestests/Android.mk @@ -1,4 +1,14 @@ -LOCAL_PATH:= $(call my-dir) +ACTUAL_LOCAL_PATH := $(call my-dir) + +# this var will hold all the test apk module names later. +FrameworkServicesTests_all_apks := + +# We have to include the subdir makefiles first +# so that FrameworkServicesTests_all_apks will be populated correctly. +include $(call all-makefiles-under,$(ACTUAL_LOCAL_PATH)) + +LOCAL_PATH := $(ACTUAL_LOCAL_PATH) + include $(CLEAR_VARS) # We only want this apk build for tests. @@ -18,5 +28,23 @@ LOCAL_PACKAGE_NAME := FrameworksServicesTests LOCAL_CERTIFICATE := platform +# intermediate dir to include all the test apks as raw resource +FrameworkServicesTests_intermediates := $(call intermediates-dir-for,APPS,$(LOCAL_PACKAGE_NAME))/test_apks/res +LOCAL_RESOURCE_DIR := $(FrameworkServicesTests_intermediates) $(LOCAL_PATH)/res + include $(BUILD_PACKAGE) +# Rules to copy all the test apks to the intermediate raw resource directory +FrameworkServicesTests_all_apks_res := $(addprefix $(FrameworkServicesTests_intermediates)/raw/, \ + $(foreach a, $(FrameworkServicesTests_all_apks), $(patsubst FrameworkServicesTests_%,%,$(a)))) + +$(FrameworkServicesTests_all_apks_res): $(FrameworkServicesTests_intermediates)/raw/%: $(call intermediates-dir-for,APPS,FrameworkServicesTests_%)/package.apk | $(ACP) + $(call copy-file-to-new-target) + +# Use R_file_stamp as dependency because we want the test apks in place before the R.java is generated. +$(R_file_stamp) : $(FrameworkServicesTests_all_apks_res) + +FrameworkServicesTests_all_apks := +FrameworkServicesTests_intermediates := +FrameworkServicesTests_all_apks_res := + diff --git a/services/tests/servicestests/apks/Android.mk b/services/tests/servicestests/apks/Android.mk new file mode 100644 index 0000000..bd1512b --- /dev/null +++ b/services/tests/servicestests/apks/Android.mk @@ -0,0 +1,7 @@ +LOCAL_PATH:= $(call my-dir) +include $(CLEAR_VARS) + +FrameworkServicesTests_BUILD_PACKAGE := $(LOCAL_PATH)/FrameworkServicesTests_apk.mk + +# build sub packages +include $(call all-makefiles-under,$(LOCAL_PATH)) diff --git a/services/tests/servicestests/apks/FrameworkServicesTests_apk.mk b/services/tests/servicestests/apks/FrameworkServicesTests_apk.mk new file mode 100644 index 0000000..1240cb8 --- /dev/null +++ b/services/tests/servicestests/apks/FrameworkServicesTests_apk.mk @@ -0,0 +1,12 @@ + +LOCAL_MODULE_TAGS := tests + +# Disable dexpreopt. +LOCAL_DEX_PREOPT := false + +# Make sure every package name gets the FrameworkServicesTests_ prefix. +LOCAL_PACKAGE_NAME := FrameworkServicesTests_$(LOCAL_PACKAGE_NAME) + +FrameworkServicesTests_all_apks += $(LOCAL_PACKAGE_NAME) + +include $(BUILD_PACKAGE) diff --git a/services/tests/servicestests/apks/mmac_install_media/Android.mk b/services/tests/servicestests/apks/mmac_install_media/Android.mk new file mode 100644 index 0000000..ea9d948 --- /dev/null +++ b/services/tests/servicestests/apks/mmac_install_media/Android.mk @@ -0,0 +1,10 @@ +LOCAL_PATH:= $(call my-dir) +include $(CLEAR_VARS) + +LOCAL_PACKAGE_NAME := signed_media + +LOCAL_SRC_FILES := $(call all-subdir-java-files) + +LOCAL_CERTIFICATE := media + +include $(FrameworkServicesTests_BUILD_PACKAGE) diff --git a/services/tests/servicestests/apks/mmac_install_media/AndroidManifest.xml b/services/tests/servicestests/apks/mmac_install_media/AndroidManifest.xml new file mode 100644 index 0000000..fb7587a --- /dev/null +++ b/services/tests/servicestests/apks/mmac_install_media/AndroidManifest.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- Copyright (C) 2011 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<manifest + xmlns:android="http://schemas.android.com/apk/res/android" + package="com.android.frameworks.servicestests.mmac_install_media"> + + <uses-permission android:name="android.permission.SET_ANIMATION_SCALE" /> + <uses-permission android:name="android.permission.CHANGE_CONFIGURATION" /> + + <application android:hasCode="false"> + </application> + + +</manifest> diff --git a/services/tests/servicestests/apks/mmac_install_media/src/com/android/frameworks/servicestests/DoNothing.java b/services/tests/servicestests/apks/mmac_install_media/src/com/android/frameworks/servicestests/DoNothing.java new file mode 100644 index 0000000..3f3a35c --- /dev/null +++ b/services/tests/servicestests/apks/mmac_install_media/src/com/android/frameworks/servicestests/DoNothing.java @@ -0,0 +1,21 @@ +/* + * Copyright (C) 2012 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.frameworks.servicestests; + +public class DoNothing { + +} diff --git a/services/tests/servicestests/apks/mmac_install_platform/Android.mk b/services/tests/servicestests/apks/mmac_install_platform/Android.mk new file mode 100644 index 0000000..5cdd9ba --- /dev/null +++ b/services/tests/servicestests/apks/mmac_install_platform/Android.mk @@ -0,0 +1,10 @@ +LOCAL_PATH:= $(call my-dir) +include $(CLEAR_VARS) + +LOCAL_PACKAGE_NAME := signed_platform + +LOCAL_SRC_FILES := $(call all-subdir-java-files) + +LOCAL_CERTIFICATE := platform + +include $(FrameworkServicesTests_BUILD_PACKAGE) diff --git a/services/tests/servicestests/apks/mmac_install_platform/AndroidManifest.xml b/services/tests/servicestests/apks/mmac_install_platform/AndroidManifest.xml new file mode 100644 index 0000000..b11b37a --- /dev/null +++ b/services/tests/servicestests/apks/mmac_install_platform/AndroidManifest.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- Copyright (C) 2011 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<manifest + xmlns:android="http://schemas.android.com/apk/res/android" + package="com.android.frameworks.servicestests.mmac_install_platform"> + + <uses-permission android:name="android.permission.SET_ANIMATION_SCALE" /> + <uses-permission android:name="android.permission.CHANGE_CONFIGURATION" /> + + <application android:hasCode="false"> + </application> + + +</manifest> diff --git a/services/tests/servicestests/apks/mmac_install_platform/src/com/android/frameworks/servicestests/DoNothing.java b/services/tests/servicestests/apks/mmac_install_platform/src/com/android/frameworks/servicestests/DoNothing.java new file mode 100644 index 0000000..3f3a35c --- /dev/null +++ b/services/tests/servicestests/apks/mmac_install_platform/src/com/android/frameworks/servicestests/DoNothing.java @@ -0,0 +1,21 @@ +/* + * Copyright (C) 2012 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.frameworks.servicestests; + +public class DoNothing { + +} diff --git a/services/tests/servicestests/apks/mmac_install_platform_2/Android.mk b/services/tests/servicestests/apks/mmac_install_platform_2/Android.mk new file mode 100644 index 0000000..5d8c2c8 --- /dev/null +++ b/services/tests/servicestests/apks/mmac_install_platform_2/Android.mk @@ -0,0 +1,10 @@ +LOCAL_PATH:= $(call my-dir) +include $(CLEAR_VARS) + +LOCAL_PACKAGE_NAME := signed_platform_2 + +LOCAL_SRC_FILES := $(call all-subdir-java-files) + +LOCAL_CERTIFICATE := platform + +include $(FrameworkServicesTests_BUILD_PACKAGE) diff --git a/services/tests/servicestests/apks/mmac_install_platform_2/AndroidManifest.xml b/services/tests/servicestests/apks/mmac_install_platform_2/AndroidManifest.xml new file mode 100644 index 0000000..cb60867 --- /dev/null +++ b/services/tests/servicestests/apks/mmac_install_platform_2/AndroidManifest.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- Copyright (C) 2011 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<manifest + xmlns:android="http://schemas.android.com/apk/res/android" + package="com.android.frameworks.servicestests.mmac_install_platform_2"> + + <uses-permission android:name="android.permission.SET_ANIMATION_SCALE" /> + <uses-permission android:name="android.permission.CHANGE_CONFIGURATION" /> + + <application android:hasCode="false"> + </application> + + +</manifest> diff --git a/services/tests/servicestests/apks/mmac_install_platform_2/src/com/android/frameworks/servicestests/DoNothing.java b/services/tests/servicestests/apks/mmac_install_platform_2/src/com/android/frameworks/servicestests/DoNothing.java new file mode 100644 index 0000000..3f3a35c --- /dev/null +++ b/services/tests/servicestests/apks/mmac_install_platform_2/src/com/android/frameworks/servicestests/DoNothing.java @@ -0,0 +1,21 @@ +/* + * Copyright (C) 2012 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.frameworks.servicestests; + +public class DoNothing { + +} diff --git a/services/tests/servicestests/res/raw/mmac_default_all.xml b/services/tests/servicestests/res/raw/mmac_default_all.xml new file mode 100644 index 0000000..63a2f12 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_default_all.xml @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_default_black.xml b/services/tests/servicestests/res/raw/mmac_default_black.xml new file mode 100644 index 0000000..7d30351 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_default_black.xml @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <default> + <deny-permission name="android.permission.NOPE_PERM1" /> + <deny-permission name="android.permission.NOPE_PERM2" /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_default_black_deny.xml b/services/tests/servicestests/res/raw/mmac_default_black_deny.xml new file mode 100644 index 0000000..ddd779c --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_default_black_deny.xml @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <default> + <deny-permission name="android.permission.SET_ANIMATION_SCALE" /> + <deny-permission name="android.permission.CHANGE_CONFIGURATION" /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_default_inner_pkg.xml b/services/tests/servicestests/res/raw/mmac_default_inner_pkg.xml new file mode 100644 index 0000000..b7c3e36 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_default_inner_pkg.xml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <allow-all /> + <seinfo value="platform" /> + <package name="com.android.frameworks.servicestests.mmac_install_media" > + <allow-all /> + <seinfo value="insidepackage" /> + </package> + </signer> + + <default> + <allow-all /> + <seinfo value="default" /> + <package name="com.android.frameworks.servicestests.mmac_install_media" > + <allow-all /> + <seinfo value="insidedefault" /> + </package> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_default_inner_pkg_deny.xml b/services/tests/servicestests/res/raw/mmac_default_inner_pkg_deny.xml new file mode 100644 index 0000000..6909273 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_default_inner_pkg_deny.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <allow-all /> + <seinfo value="platform" /> + <package name="com.android.frameworks.servicestests.mmac_install_media" > + <allow-all /> + <seinfo value="insidepackage" /> + </package> + </signer> + + <default> + <package name="com.android.frameworks.servicestests.mmac_install_media" > + <deny-permission name="android.permission.SET_ANIMATION_SCALE" /> + <seinfo value="insidedefault" /> + </package> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_default_inner_pkg_out_empty.xml b/services/tests/servicestests/res/raw/mmac_default_inner_pkg_out_empty.xml new file mode 100644 index 0000000..0e7c72b --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_default_inner_pkg_out_empty.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <allow-all /> + <seinfo value="platform" /> + <package name="com.android.frameworks.servicestests.mmac_install_media" > + <allow-all /> + <seinfo value="insidepackage" /> + </package> + </signer> + + <default> + <package name="com.android.frameworks.servicestests.mmac_install_media" > + <allow-all /> + <seinfo value="insidedefault" /> + </package> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_default_null_seinfo.xml b/services/tests/servicestests/res/raw/mmac_default_null_seinfo.xml new file mode 100644 index 0000000..20d4a2c --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_default_null_seinfo.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <default> + <allow-all /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_default_white.xml b/services/tests/servicestests/res/raw/mmac_default_white.xml new file mode 100644 index 0000000..c7f6eab --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_default_white.xml @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <default> + <allow-permission name="android.permission.SET_ANIMATION_SCALE" /> + <allow-permission name="android.permission.CHANGE_CONFIGURATION" /> + <allow-permission name="android.permission.YES1" /> + <allow-permission name="android.permission.YES2" /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_default_white_deny.xml b/services/tests/servicestests/res/raw/mmac_default_white_deny.xml new file mode 100644 index 0000000..0c49ce8 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_default_white_deny.xml @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <default> + <allow-permission name="android.permission.SET_ANIMATION_SCALE" /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_diff_name_deny_outer.xml b/services/tests/servicestests/res/raw/mmac_diff_name_deny_outer.xml new file mode 100644 index 0000000..e9e852c --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_diff_name_deny_outer.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <deny-permission name="android.permission.SET_ANIMATION_SCALE" /> + <seinfo value="platform" /> + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="insidepackage" /> + </package> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_diff_name_skip_outer.xml b/services/tests/servicestests/res/raw/mmac_diff_name_skip_outer.xml new file mode 100644 index 0000000..996e80b --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_diff_name_skip_outer.xml @@ -0,0 +1,28 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="insidepackage" /> + </package> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_inner_seinfo_null_outer_seinfo.xml b/services/tests/servicestests/res/raw/mmac_inner_seinfo_null_outer_seinfo.xml new file mode 100644 index 0000000..8348812 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_inner_seinfo_null_outer_seinfo.xml @@ -0,0 +1,28 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <seinfo value="platform" /> + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + </package> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_inside_pkg_allow_all.xml b/services/tests/servicestests/res/raw/mmac_inside_pkg_allow_all.xml new file mode 100644 index 0000000..f98f80a --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_inside_pkg_allow_all.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <allow-all /> + <seinfo value="platform" /> + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="insidepackage" /> + </package> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_inside_pkg_allow_black.xml b/services/tests/servicestests/res/raw/mmac_inside_pkg_allow_black.xml new file mode 100644 index 0000000..19d46bc --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_inside_pkg_allow_black.xml @@ -0,0 +1,31 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <allow-all /> + <seinfo value="platform" /> + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <deny-permission name="android.permission.NOPE_PERM1" /> + <deny-permission name="android.permission.NOPE_PERM2" /> + <seinfo value="insidepackage" /> + </package> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_inside_pkg_allow_null_seinfo.xml b/services/tests/servicestests/res/raw/mmac_inside_pkg_allow_null_seinfo.xml new file mode 100644 index 0000000..f48bee0 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_inside_pkg_allow_null_seinfo.xml @@ -0,0 +1,32 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <allow-all /> + <seinfo value="platform" /> + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-permission name="android.permission.SET_ANIMATION_SCALE" /> + <allow-permission name="android.permission.CHANGE_CONFIGURATION" /> + <allow-permission name="android.permission.YES1" /> + <allow-permission name="android.permission.YES2" /> + </package> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_inside_pkg_allow_white.xml b/services/tests/servicestests/res/raw/mmac_inside_pkg_allow_white.xml new file mode 100644 index 0000000..83eeb7f --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_inside_pkg_allow_white.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <allow-all /> + <seinfo value="platform" /> + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-permission name="android.permission.SET_ANIMATION_SCALE" /> + <allow-permission name="android.permission.CHANGE_CONFIGURATION" /> + <allow-permission name="android.permission.YES1" /> + <allow-permission name="android.permission.YES2" /> + <seinfo value="insidepackage" /> + </package> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_inside_pkg_deny_default.xml b/services/tests/servicestests/res/raw/mmac_inside_pkg_deny_default.xml new file mode 100644 index 0000000..92f92e1 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_inside_pkg_deny_default.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <allow-all /> + <seinfo value="platform" /> + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-permission name="android.permission.SET_ANIMATION_SCALE" /> + <seinfo value="insidepackage" /> + </package> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.foo" > + <allow-all /> + <seinfo value="package" /> + </package> + + <default> + <allow-permission name="android.permission.SET_ANIMATION_SCALE" /> + <allow-permission name="android.permission.CHANGE_CONFIGURATION" /> + <allow-permission name="android.permission.YES1" /> + <allow-permission name="android.permission.YES2" /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_inside_pkg_deny_noother.xml b/services/tests/servicestests/res/raw/mmac_inside_pkg_deny_noother.xml new file mode 100644 index 0000000..e7d7930 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_inside_pkg_deny_noother.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <allow-all /> + <seinfo value="platform" /> + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-permission name="android.permission.SET_ANIMATION_SCALE" /> + <seinfo value="insidepackage" /> + </package> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.foo" > + <allow-all /> + <seinfo value="package" /> + </package> + + <default> + <allow-permission name="android.permission.CHANGE_CONFIGURATION" /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_inside_pkg_deny_pkg.xml b/services/tests/servicestests/res/raw/mmac_inside_pkg_deny_pkg.xml new file mode 100644 index 0000000..e39e7f0 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_inside_pkg_deny_pkg.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <allow-all /> + <seinfo value="platform" /> + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <deny-permission name="android.permission.SET_ANIMATION_SCALE" /> + <seinfo value="insidepackage" /> + </package> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_no_match.xml b/services/tests/servicestests/res/raw/mmac_no_match.xml new file mode 100644 index 0000000..4f8621a --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_no_match.xml @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- shared dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2a73396bd38767a300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303732333231353735395a170d3335313230393231353735395a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100c8c2dbfd094a2df45c3ff1a32ed21805ec72fc58d017971bd0f6b52c262d70819d191967e158dfd3a2c7f1b3e0e80ce545d79d2848220211eb86f0fd8312d37b420c113750cc94618ae872f4886463bdc4627caa0c0483c86493e3515571170338bfdcc4cd6addd1c0a2f35f5cf24ed3e4043a3e58e2b05e664ccde12bcb67735fd6df1249c369e62542bc0a4729e53917f5c38ffa52d17b73c9c73798ddb18ed481590875547e66bfc5daca4c25a6eb960ed96923709da302ba646cb496b325e86c5c8b2e7a3377b2bbe4c7cf33254291163f689152ac088550c83c508f4bf5adf0aed5a2dca0583f9ab0ad17650db7eea4b23fdb45885547d0feab72183889020103a381fc3081f9301d0603551d0e04160414cb4c7e2cdbb3f0ada98dab79968d172e9dbb1ed13081c90603551d230481c13081be8014cb4c7e2cdbb3f0ada98dab79968d172e9dbb1ed1a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2a73396bd38767a300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010040a8d096997959e917a36c44246b6bac2bae05437ecd89794118f7834720352d1c6f8a39b0869942f4da65981faa2951d33971129ec1921d795671c527d6e249f252829faf5b591310311e2de096500d568ad4114a656dc34a8c6f610453afc1ea7992dba4aa7b3f8543a6e35c0728de77fe97eeac83771fd0ec90f8e4449434ee0b6045783e70c7a2e460249260e003cf7608dc352a4c9ef706def4b26050e978ae2fffd7a3323787014915eb3cc874fcc7a9ae930877c5c8c7d1c2e2a8ee863c89180d1855cedba400e7ba43cccaa7243d397e7c0e8e8e4d7d4f92b6bbead49c0cf018069eddca2e7e2fb4668d89dbbd7950d0cd254180fa1eaafc2a556f84" > + <seinfo value="shared" /> + </signer> + + <package name="bad.package.name" > + <seinfo value="per-package" /> + </package> + + <!-- no default value --> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_outer_no_rule_catch_inner.xml b/services/tests/servicestests/res/raw/mmac_outer_no_rule_catch_inner.xml new file mode 100644 index 0000000..996e80b --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_outer_no_rule_catch_inner.xml @@ -0,0 +1,28 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="insidepackage" /> + </package> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_pkg_all.xml b/services/tests/servicestests/res/raw/mmac_pkg_all.xml new file mode 100644 index 0000000..6d9c9c9 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_pkg_all.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_pkg_black.xml b/services/tests/servicestests/res/raw/mmac_pkg_black.xml new file mode 100644 index 0000000..a52167c --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_pkg_black.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <deny-permission name="android.permission.NOPE_PERM1" /> + <deny-permission name="android.permission.NOPE_PERM2" /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_pkg_deny_black.xml b/services/tests/servicestests/res/raw/mmac_pkg_deny_black.xml new file mode 100644 index 0000000..4aa6555 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_pkg_deny_black.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <deny-permission name="android.permission.SET_ANIMATION_SCALE" /> + <deny-permission name="android.permission.CHANGE_CONFIGURATION" /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_pkg_deny_white.xml b/services/tests/servicestests/res/raw/mmac_pkg_deny_white.xml new file mode 100644 index 0000000..fbb4625 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_pkg_deny_white.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-permission name="android.permission.SET_ANIMATION_SCALE" /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_pkg_null_seinfo.xml b/services/tests/servicestests/res/raw/mmac_pkg_null_seinfo.xml new file mode 100644 index 0000000..ed9030d --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_pkg_null_seinfo.xml @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-permission name="android.permission.SET_ANIMATION_SCALE" /> + <allow-permission name="android.permission.CHANGE_CONFIGURATION" /> + <allow-permission name="android.permission.YES1" /> + <allow-permission name="android.permission.YES2" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_pkg_white.xml b/services/tests/servicestests/res/raw/mmac_pkg_white.xml new file mode 100644 index 0000000..7c3de78 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_pkg_white.xml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-permission name="android.permission.SET_ANIMATION_SCALE" /> + <allow-permission name="android.permission.CHANGE_CONFIGURATION" /> + <allow-permission name="android.permission.YES1" /> + <allow-permission name="android.permission.YES2" /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_same_name_diff_cert.xml b/services/tests/servicestests/res/raw/mmac_same_name_diff_cert.xml new file mode 100644 index 0000000..b376cd0 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_same_name_diff_cert.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <allow-all /> + <seinfo value="platform" /> + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="insidepackage" /> + </package> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_media" > + <allow-all /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_sig_all.xml b/services/tests/servicestests/res/raw/mmac_sig_all.xml new file mode 100644 index 0000000..513b890 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_sig_all.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <allow-all /> + <seinfo value="platform" /> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_sig_black.xml b/services/tests/servicestests/res/raw/mmac_sig_black.xml new file mode 100644 index 0000000..2a54380 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_sig_black.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <deny-permission name="android.permission.NOPE_PERM" /> + <seinfo value="platform" /> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_sig_deny_default_allow.xml b/services/tests/servicestests/res/raw/mmac_sig_deny_default_allow.xml new file mode 100644 index 0000000..4f2b808 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_sig_deny_default_allow.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <allow-permission name="android.permission.SET_ANIMATION_SCALE" /> + <seinfo value="platform" /> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <default> + <deny-permission name="android.permission.NOPE_PERM" /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_sig_deny_default_deny.xml b/services/tests/servicestests/res/raw/mmac_sig_deny_default_deny.xml new file mode 100644 index 0000000..f2e9200 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_sig_deny_default_deny.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <deny-permission name="android.permission.SET_ANIMATION_SCALE" /> + <seinfo value="platform" /> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <default> + <allow-permission name="android.permission.SET_ANIMATION_SCALE" /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_sig_deny_noother.xml b/services/tests/servicestests/res/raw/mmac_sig_deny_noother.xml new file mode 100644 index 0000000..a82e9e6 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_sig_deny_noother.xml @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <deny-permission name="android.permission.SET_ANIMATION_SCALE" /> + <seinfo value="platform" /> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_sig_deny_pkg_allow.xml b/services/tests/servicestests/res/raw/mmac_sig_deny_pkg_allow.xml new file mode 100644 index 0000000..e994946 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_sig_deny_pkg_allow.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <allow-permission name="android.permission.SET_ANIMATION_SCALE" /> + <seinfo value="platform" /> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_sig_deny_pkg_deny.xml b/services/tests/servicestests/res/raw/mmac_sig_deny_pkg_deny.xml new file mode 100644 index 0000000..014bdc6 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_sig_deny_pkg_deny.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <allow-permission name="android.permission.SET_ANIMATION_SCALE" /> + <seinfo value="platform" /> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <deny-permission name="android.permission.SET_ANIMATION_SCALE" /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_sig_null.xml b/services/tests/servicestests/res/raw/mmac_sig_null.xml new file mode 100644 index 0000000..86ab088 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_sig_null.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <deny-permission name="android.permission.NOPE_PERM" /> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/res/raw/mmac_sig_white.xml b/services/tests/servicestests/res/raw/mmac_sig_white.xml new file mode 100644 index 0000000..66fe3a7 --- /dev/null +++ b/services/tests/servicestests/res/raw/mmac_sig_white.xml @@ -0,0 +1,29 @@ +<?xml version="1.0" encoding="utf-8"?> +<policy> + + <!-- Platform dev key with AOSP --> + <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > + <allow-permission name="android.permission.SET_ANIMATION_SCALE" /> + <allow-permission name="android.permission.CHANGE_CONFIGURATION" /> + <allow-permission name="android.permission.WRITE_SETTINGS" /> + <allow-permission name="android.permission.SET_WALLPAPER" /> + <seinfo value="platform" /> + </signer> + + <!-- Media dev key in AOSP --> + <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > + <allow-all /> + <seinfo value="media" /> + </signer> + + <package name="com.android.frameworks.servicestests.mmac_install_platform" > + <allow-all /> + <seinfo value="package" /> + </package> + + <default> + <allow-all /> + <seinfo value="default" /> + </default> + +</policy> diff --git a/services/tests/servicestests/src/com/android/server/pm/PackageManagerSettingsTests.java b/services/tests/servicestests/src/com/android/server/pm/PackageManagerSettingsTests.java index 0f531b7..3cf48a0 100644 --- a/services/tests/servicestests/src/com/android/server/pm/PackageManagerSettingsTests.java +++ b/services/tests/servicestests/src/com/android/server/pm/PackageManagerSettingsTests.java @@ -111,9 +111,9 @@ public class PackageManagerSettingsTests extends AndroidTestCase { private void writePackagesList() { writeFile(new File(getContext().getFilesDir(), "system/packages.list"), - ( "com.google.app1 11000 0 /data/data/com.google.app1" - + "com.google.app2 11001 0 /data/data/com.google.app2" - + "com.android.app3 11030 0 /data/data/com.android.app3") + ( "com.google.app1 11000 0 /data/data/com.google.app1 seinfo1" + + "com.google.app2 11001 0 /data/data/com.google.app2 seinfo2" + + "com.android.app3 11030 0 /data/data/com.android.app3 seinfo3") .getBytes()); } diff --git a/services/tests/servicestests/src/com/android/server/pm/SELinuxMMACTests.java b/services/tests/servicestests/src/com/android/server/pm/SELinuxMMACTests.java new file mode 100644 index 0000000..d4c2d57 --- /dev/null +++ b/services/tests/servicestests/src/com/android/server/pm/SELinuxMMACTests.java @@ -0,0 +1,523 @@ +/* + * Copyright (C) 2012 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.pm; + +//import android.content.pm.PackageManagerTests; +import android.content.pm.PackageParser; +import android.content.res.Resources; +import android.content.res.Resources.NotFoundException; +import android.net.Uri; +import android.os.FileUtils; +import android.test.AndroidTestCase; +import android.test.suitebuilder.annotation.LargeTest; +import android.util.DisplayMetrics; +import android.util.Log; + +import com.android.frameworks.servicestests.R; + +import java.io.File; +import java.io.FileReader; +import java.io.InputStream; + +/** Test {@link SELinuxMMAC} functionality. */ +public class SELinuxMMACTests extends AndroidTestCase { + + private static final String TAG = "SELinuxMMACTests"; + + private static File MAC_INSTALL_TMP; + private static File APK_INSTALL_TMP; + private static final String MAC_INSTALL_TMP_NAME = "mac_install_policy"; + private static final String APK_INSTALL_TMP_NAME = "install.apk"; + + @Override + protected void setUp() throws Exception { + super.setUp(); + + // Need a tmp file to hold the various mmac install files. + File filesDir = mContext.getFilesDir(); + MAC_INSTALL_TMP = new File(filesDir, MAC_INSTALL_TMP_NAME); + assertNotNull(MAC_INSTALL_TMP); + + // Need a tmp file to hold the apk + APK_INSTALL_TMP = new File(filesDir, APK_INSTALL_TMP_NAME); + assertNotNull(APK_INSTALL_TMP); + } + + @Override + protected void tearDown() throws Exception { + super.tearDown(); + + // Just in case still around + MAC_INSTALL_TMP.delete(); + APK_INSTALL_TMP.delete(); + + // Reload the original policy + SELinuxMMAC.readInstallPolicy(); + } + + void failStr(String errMsg) { + Log.w(TAG, "errMsg="+errMsg); + fail(errMsg); + } + + void failStr(Exception e) { + failStr(e.getMessage()); + } + + private PackageParser.Package parsePackage(Uri packageURI) { + final String archiveFilePath = packageURI.getPath(); + PackageParser packageParser = new PackageParser(archiveFilePath); + File sourceFile = new File(archiveFilePath); + DisplayMetrics metrics = new DisplayMetrics(); + metrics.setToDefaults(); + PackageParser.Package pkg = packageParser.parsePackage(sourceFile, + archiveFilePath, + metrics, 0); + assertNotNull(pkg); + assertTrue(packageParser.collectCertificates(pkg,0)); + packageParser = null; + return pkg; + } + + Uri getResourceURI(int fileResId, File outFile) { + Resources res = mContext.getResources(); + InputStream is = null; + try { + is = res.openRawResource(fileResId); + } catch (NotFoundException e) { + failStr("Failed to load resource with id: " + fileResId); + } + assertNotNull(is); + FileUtils.setPermissions(outFile.getPath(), + FileUtils.S_IRWXU | FileUtils.S_IRWXG | FileUtils.S_IRWXO, + -1, -1); + assertTrue(FileUtils.copyToFile(is, outFile)); + FileUtils.setPermissions(outFile.getPath(), + FileUtils.S_IRWXU | FileUtils.S_IRWXG | FileUtils.S_IRWXO, + -1, -1); + return Uri.fromFile(outFile); + } + + /** + * Takes the policy xml file as a resource, the apk as a resource, + * the expected seinfo string, and the expected install value. + * We mock a package install here by calling parsePackage. + */ + void checkInstallMMAC(int policyRes, int apkRes, + String expectedSeinfo, + boolean expectedPassed) { + // grab policy file + Uri policyURI = getResourceURI(policyRes, MAC_INSTALL_TMP); + assertNotNull(policyURI); + // parse the policy file + boolean ret = SELinuxMMAC.readInstallPolicy(new File(policyURI.getPath())); + assertTrue(ret); + // grab the apk + Uri apkURI = getResourceURI(apkRes, APK_INSTALL_TMP); + assertNotNull(apkURI); + // "install" the apk + PackageParser.Package pkg = parsePackage(apkURI); + assertNotNull(pkg); + assertNotNull(pkg.packageName); + // check for correct passed policy value + boolean passed = SELinuxMMAC.passInstallPolicyChecks(pkg); + assertEquals(expectedPassed, passed); + // check for correct seinfo label + String seinfo = pkg.applicationInfo.seinfo; + if (seinfo == null) + seinfo = "null"; + assertEquals(expectedSeinfo, seinfo); + + // delete policy and apk + MAC_INSTALL_TMP.delete(); + APK_INSTALL_TMP.delete(); + } + + /* + * Requested policy file doesn't exist. + */ + @LargeTest + public void testINSTALL_POLICY_BADPATH() { + boolean ret = SELinuxMMAC.readInstallPolicy(new File("/d/o/e/s/n/t/e/x/i/s/t")); + assertFalse(ret); + } + + /* + * Requested policy file is null object. + */ + @LargeTest + public void testINSTALL_POLICY_NULL() { + boolean ret = SELinuxMMAC.readInstallPolicy(null); + assertFalse(ret); + } + + /* + * No need to test a valid install policy file. All the tests + * below test it implicitly. + */ + + /* + * Signature stanza hits. apk is installed from allow-all. + */ + @LargeTest + public void testSIGNATURE_ALLOWALL_INSTALLED() { + checkInstallMMAC(R.raw.mmac_sig_all, R.raw.signed_platform, + "platform", true); + } + + /* + * Signature stanza hits. apk is installed from whitelist. + */ + @LargeTest + public void testSIGNATURE_WHITELIST_INSTALLED() { + checkInstallMMAC(R.raw.mmac_sig_white, R.raw.signed_platform, + "platform", true); + } + + /* + * Signature stanza hits. apk is installed from blacklist. + */ + @LargeTest + public void testSIGNATURE_BLACKLIST_INSTALLED() { + checkInstallMMAC(R.raw.mmac_sig_black, R.raw.signed_platform, + "platform", true); + } + + /* + * Signature stanza hits. apk is installed. null seinfo tag. + */ + @LargeTest + public void testSIGNATURE_INSTALLED_NULL_SEINFO() { + checkInstallMMAC(R.raw.mmac_sig_null, R.raw.signed_platform, + "null", true); + } + + /* + * Signature stanza hits. apk is denied. + * Package stanza allows. + */ + @LargeTest + public void testSIGNATURE_DENIED_PACKAGE_ALLOWS() { + checkInstallMMAC(R.raw.mmac_sig_deny_pkg_allow, R.raw.signed_platform, + "package", true); + } + + /* + * Signature stanza hits. apk is denied. + * Package stanza then denys. + */ + @LargeTest + public void testSIGNATURE_DENIED_PACKAGE_DENY() { + checkInstallMMAC(R.raw.mmac_sig_deny_pkg_deny, R.raw.signed_platform, + "null", false); + } + + /* + * Signature stanza hits. apk is denied. + * Default stanza allows. + */ + @LargeTest + public void testSIGNATURE_DENIED_DEFAULT_ALLOWS() { + checkInstallMMAC(R.raw.mmac_sig_deny_default_allow, R.raw.signed_platform, + "default", true); + } + + /* + * Signature stanza hits yet denys. Default stanza hits and denys. + */ + @LargeTest + public void testSIGNATURE_DENY_DEFAULT_DENY() { + checkInstallMMAC(R.raw.mmac_sig_deny_default_deny, R.raw.signed_platform, + "null", false); + } + + /* + * Signature stanza hits. apk is denied. + * No other policy present. + */ + @LargeTest + public void testSIGNATURE_DENIED_NOOTHER_POLICY() { + checkInstallMMAC(R.raw.mmac_sig_deny_noother, R.raw.signed_platform, + "null", false); + } + + /* + * Package stanza hits. apk is installed from allow-all. + */ + @LargeTest + public void testPACKAGE_ALLOWALL_INSTALLED() { + checkInstallMMAC(R.raw.mmac_pkg_all, R.raw.signed_platform, + "package", true); + } + + /* + * Package stanza hits. apk is installed from whitelist. + */ + @LargeTest + public void testPACKAGE_WHITELIST_INSTALLED() { + checkInstallMMAC(R.raw.mmac_pkg_white, R.raw.signed_platform, + "package", true); + } + + /* + * Package stanza hits. apk is installed from blacklist. + */ + @LargeTest + public void testPACKAGE_BLACKLIST_INSTALLED() { + checkInstallMMAC(R.raw.mmac_pkg_black, R.raw.signed_platform, + "package", true); + } + + /* + * Package stanza hits. apk is installed. seinfo is null. + */ + @LargeTest + public void testPACKAGE_INSTALLED_NULL_SEINFO() { + checkInstallMMAC(R.raw.mmac_pkg_null_seinfo, R.raw.signed_platform, + "null", true); + } + + /* + * Package stanza hits. apk is denied on whitelist. + */ + @LargeTest + public void testPACKAGE_WHITELIST_DENIED() { + checkInstallMMAC(R.raw.mmac_pkg_deny_white, R.raw.signed_platform, + "null", false); + } + + /* + * Package stanza hits. apk is denied on blacklist. + */ + @LargeTest + public void testPACKAGE_BLACKLIST_DENIED() { + checkInstallMMAC(R.raw.mmac_pkg_deny_black, R.raw.signed_platform, + "null", false); + } + + /* + * Default stanza hits. apk is installed from allowall. + */ + @LargeTest + public void testDEFAULT_ALLOWALL_INSTALLED() { + checkInstallMMAC(R.raw.mmac_default_all, R.raw.signed_platform, + "default", true); + } + + /* + * Default stanza hits. apk is installed from whitelist. + */ + @LargeTest + public void testDEFAULT_WHITELIST_INSTALLED() { + checkInstallMMAC(R.raw.mmac_default_white, R.raw.signed_platform, + "default", true); + } + + /* + * Default stanza hits. apk is installed from blacklist. + */ + @LargeTest + public void testDEFAULT_BLACKLIST_INSTALLED() { + checkInstallMMAC(R.raw.mmac_default_black, R.raw.signed_platform, + "default", true); + } + + /* + * Default stanza hits. apk installed. null seinfo. + */ + @LargeTest + public void testDEFAULT_INSTALLED_NULL_SEINFO() { + checkInstallMMAC(R.raw.mmac_default_null_seinfo, R.raw.signed_platform, + "null", true); + } + + /* + * Default stanza hits. apk is denied on whitelist. + */ + @LargeTest + public void testDEFAULT_WHITELIST_DENIED() { + checkInstallMMAC(R.raw.mmac_default_white_deny, R.raw.signed_platform, + "null", false); + } + + /* + * Default stanza hits. apk is denied on blacklist. + */ + @LargeTest + public void testDEFAULT_BLACKLIST_DENIED() { + checkInstallMMAC(R.raw.mmac_default_black_deny, R.raw.signed_platform, + "null", false); + } + + /* + * No matching entry in policy. + */ + @LargeTest + public void testNO_MATCHING_POLICY() { + checkInstallMMAC(R.raw.mmac_no_match, R.raw.signed_platform, + "null", false); + } + + /* + * Signature catches yet there is a package stanza inside that allows + * based on allow-all. + */ + @LargeTest + public void testPACKAGE_INSIDE_SIG_ALLOW_ALL() { + checkInstallMMAC(R.raw.mmac_inside_pkg_allow_all, R.raw.signed_platform, + "insidepackage", true); + } + + /* + * Signature catches yet there is a package stanza inside that allows + * based on whitelist. + */ + @LargeTest + public void testPACKAGE_INSIDE_SIG_ALLOW_WHITE() { + checkInstallMMAC(R.raw.mmac_inside_pkg_allow_white, R.raw.signed_platform, + "insidepackage", true); + } + + /* + * Signature catches yet there is a package stanza inside that allows + * based on blacklist. + */ + @LargeTest + public void testPACKAGE_INSIDE_SIG_ALLOW_BLACK() { + checkInstallMMAC(R.raw.mmac_inside_pkg_allow_black, R.raw.signed_platform, + "insidepackage", true); + } + + /* + * Signature catches yet there is a package stanza inside that denies + * based on blacklist. Stand alone package stanza then allows. + */ + @LargeTest + public void testPACKAGE_INSIDE_SIG_DENY_PKG_OUT_ALLOWS() { + checkInstallMMAC(R.raw.mmac_inside_pkg_deny_pkg, R.raw.signed_platform, + "package", true); + } + + /* + * Signature catches yet there is a package stanza inside that denies + * based on whitelist. default stanza catches and allows. + */ + @LargeTest + public void testPACKAGE_INSIDE_SIG_DENY_DEFAULT_ALLOWS() { + checkInstallMMAC(R.raw.mmac_inside_pkg_deny_default, R.raw.signed_platform, + "default", true); + } + + /* + * Signature catches yet there is a package stanza inside that denies. + * No other policy catches. app is denied. + */ + @LargeTest + public void testPACKAGE_INSIDE_SIG_DENY_NOOTHER() { + checkInstallMMAC(R.raw.mmac_inside_pkg_deny_noother, R.raw.signed_platform, + "null", false); + } + + /* + * Signature catches yet there is a package stanza inside that allows. + * However, the seingo tag is null. + */ + @LargeTest + public void testPACKAGE_INSIDE_SIG_ALLOWS_NULL_SEINFO() { + checkInstallMMAC(R.raw.mmac_inside_pkg_allow_null_seinfo, R.raw.signed_platform, + "null", true); + } + + /* + * Signature stanza has inner package stanza. Outer sig stanza + * has no rules. Check app signed with same key, diff pkg name, doesn't + * catch on outer signer stanza. Catches on default though. + */ + @LargeTest + public void testPACKAGE_SAME_CERT_DIFF_NAME_SKIPS_OUTER() { + checkInstallMMAC(R.raw.mmac_diff_name_skip_outer, R.raw.signed_platform_2, + "default", true); + } + + /* + * Signature stanza has inner package stanza. Outer sig stanza + * has no rules. Check app catches on inner. + */ + @LargeTest + public void testPACKAGE_INNER_HITS_NO_OUTER_RULES() { + checkInstallMMAC(R.raw.mmac_outer_no_rule_catch_inner, R.raw.signed_platform, + "insidepackage", true); + } + + /* + * Signature stanza has inner package stanza with no seinfo tag. + * Outer sig stanza has no rules but seinfo tag. Check app labeled null. + */ + @LargeTest + public void testPACKAGE_INSIDE_SIG_ALLOWS_NULL_SEINFO_OUTER_SEINFO_MISSED() { + checkInstallMMAC(R.raw.mmac_inner_seinfo_null_outer_seinfo, R.raw.signed_platform, + "null", true); + } + + /* + * Signature stanza has inner package stanza. Outer sig stanza + * has blacklist. Check app signed with same key, diff pkg name, + * denied on outer signer stanza. Catches on default though. + */ + @LargeTest + public void testPACKAGE_SAME_CERT_DIFF_NAME_DENIED_OUTER() { + checkInstallMMAC(R.raw.mmac_diff_name_deny_outer, R.raw.signed_platform_2, + "default", true); + } + + /* + * Signature stanza has inner package stanza. Check that app + * with same package name, diff key, catches on another cert. + */ + @LargeTest + public void testPACKAGE_DIFF_CERT_SAME_NAME() { + checkInstallMMAC(R.raw.mmac_same_name_diff_cert, R.raw.signed_media, + "media", true); + } + + /* + * Default stanza with inner package that hits. Outer not empty. + */ + @LargeTest + public void testPACKAGE_INNER_DEFAULT() { + checkInstallMMAC(R.raw.mmac_default_inner_pkg, R.raw.signed_media, + "insidedefault", true); + } + + /* + * Default stanza with inner package that hits. Outer empty. + */ + @LargeTest + public void testPACKAGE_INNER_DEFAULT_OUTER_EMPTY() { + checkInstallMMAC(R.raw.mmac_default_inner_pkg_out_empty, R.raw.signed_media, + "insidedefault", true); + } + + /* + * Default stanza with inner package that denies. + */ + @LargeTest + public void testPACKAGE_INNER_DEFAULT_DENY() { + checkInstallMMAC(R.raw.mmac_default_inner_pkg_deny, R.raw.signed_media, + "null", false); + } +} diff --git a/telephony/java/android/telephony/SignalStrength.java b/telephony/java/android/telephony/SignalStrength.java index c063290..098a3a5 100644 --- a/telephony/java/android/telephony/SignalStrength.java +++ b/telephony/java/android/telephony/SignalStrength.java @@ -336,7 +336,7 @@ public class SignalStrength implements Parcelable { mCdmaEcio = (mCdmaEcio > 0) ? -mCdmaEcio : -160; mEvdoDbm = (mEvdoDbm > 0) ? -mEvdoDbm : -120; - mEvdoEcio = (mEvdoEcio > 0) ? -mEvdoEcio : -1; + mEvdoEcio = (mEvdoEcio >= 0) ? -mEvdoEcio : -1; mEvdoSnr = ((mEvdoSnr > 0) && (mEvdoSnr <= 8)) ? mEvdoSnr : -1; // TS 36.214 Physical Layer Section 5.1.3, TS 36.331 RRC @@ -455,9 +455,10 @@ public class SignalStrength implements Parcelable { int level; if (isGsm) { + boolean lteChecks = (getLteRsrp() == INVALID && getLteRsrq() == INVALID && getLteRssnr() == INVALID && getLteSignalStrenght() == 99); boolean oldRil = needsOldRilFeature("signalstrength"); level = getLteLevel(); - if (level == SIGNAL_STRENGTH_NONE_OR_UNKNOWN || oldRil) { + if ((level == SIGNAL_STRENGTH_NONE_OR_UNKNOWN && getGsmAsuLevel() != 99 && lteChecks) || oldRil) { level = getGsmLevel(); } } else { @@ -487,7 +488,8 @@ public class SignalStrength implements Parcelable { int asuLevel; if (isGsm) { boolean oldRil = needsOldRilFeature("signalstrength"); - if (getLteLevel() == SIGNAL_STRENGTH_NONE_OR_UNKNOWN || oldRil) { + boolean lteChecks = (getLteRsrp() == INVALID && getLteRsrq() == INVALID && getLteRssnr() == INVALID && getLteSignalStrenght() == 99); + if ((getLteLevel() == SIGNAL_STRENGTH_NONE_OR_UNKNOWN && getGsmAsuLevel() != 99 && lteChecks) || oldRil) { asuLevel = getGsmAsuLevel(); } else { asuLevel = getLteAsuLevel(); @@ -520,7 +522,8 @@ public class SignalStrength implements Parcelable { if(isGsm()) { boolean oldRil = needsOldRilFeature("signalstrength"); - if (getLteLevel() == SIGNAL_STRENGTH_NONE_OR_UNKNOWN || oldRil) { + boolean lteChecks = (getLteRsrp() == INVALID && getLteRsrq() == INVALID && getLteRssnr() == INVALID && getLteSignalStrenght() == 99); + if ((getLteLevel() == SIGNAL_STRENGTH_NONE_OR_UNKNOWN && getGsmAsuLevel() != 99 && lteChecks) || oldRil) { dBm = getGsmDbm(); } else { dBm = getLteDbm(); diff --git a/telephony/java/com/android/internal/telephony/RILConstants.java b/telephony/java/com/android/internal/telephony/RILConstants.java index d93da8f..feac45b 100644 --- a/telephony/java/com/android/internal/telephony/RILConstants.java +++ b/telephony/java/com/android/internal/telephony/RILConstants.java @@ -293,7 +293,7 @@ cat include/telephony/ril.h | \ int RIL_UNSOL_RINGBACK_TONE = 1029; int RIL_UNSOL_RESEND_INCALL_MUTE = 1030; int RIL_UNSOL_CDMA_SUBSCRIPTION_SOURCE_CHANGED = 1031; - int RIL_UNSOl_CDMA_PRL_CHANGED = 1032; + int RIL_UNSOL_CDMA_PRL_CHANGED = 1032; int RIL_UNSOL_EXIT_EMERGENCY_CALLBACK_MODE = 1033; int RIL_UNSOL_RIL_CONNECTED = 1034; int RIL_UNSOL_VOICE_RADIO_TECH_CHANGED = 1035; |