1<?xml version="1.0" encoding="utf-8"?> 2<!-- 3 ~ Copyright (C) 2024 The Android Open Source Project 4 ~ 5 ~ Licensed under the Apache License, Version 2.0 (the "License"); 6 ~ you may not use this file except in compliance with the License. 7 ~ You may obtain a copy of the License at 8 ~ 9 ~ http://www.apache.org/licenses/LICENSE-2.0 10 ~ 11 ~ Unless required by applicable law or agreed to in writing, software 12 ~ distributed under the License is distributed on an "AS IS" BASIS, 13 ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 ~ See the License for the specific language governing permissions and 15 ~ limitations under the License. 16 --> 17 18<!-- 19This XML defines an allowlist of packages that should be exempt from ECM (Enhanced Confirmation 20Mode). 21 22Example usage: 23 24 <enhanced-confirmation-trusted-package 25 package="com.example.app" 26 sha256-cert-digest="E9:7A:BC:2C:D1:CA:8D:58:6A:57:0B:8C:F8:60:AA:D2:8D:13:30:2A:FB:C9:00:2C:5D:53:B2:6C:09:A4:85:A0"/> 27 ... 28 29 <enhanced-confirmation-trusted-installer 30 package="com.example.installer" 31 sha256-cert-digest="E9:7A:BC:2C:D1:CA:8D:58:6A:57:0B:8C:F8:60:AA:D2:8D:13:30:2A:FB:C9:00:2C:5D:53:B2:6C:09:A4:85:A0"/> 32 ... 33 34The <enhanced-confirmation-trusted-package> entry shown in the above example indicates that 35"com.example.app" should be considered a "trusted package". A "trusted package" will be exempt from 36ECM restrictions. 37 38The <enhanced-confirmation-trusted-installer> entry shown in the above example indicates that 39"com.example.app" should be considered a "trusted installer". Apps installed by "trusted installers" 40will be exempt from ECM restrictions, with conditions explained in the next few paragraphs. 41 42If zero <enhanced-confirmation-trusted-installer> entries are declared, then *all* packages will be 43exempt from ECM restrictions, except apps meeting *all* of the following criteria: 44 45 A. The app is not pre-installed, and 46 B. The app has no matching <enhanced-confirmation-trusted-package> entries declared, and 47 C. The app is marked by its installer as coming from an untrustworthy package source. 48 49(For example, an installer may set an app's package source to 50PackageInstaller.PACKAGE_SOURCE_DOWNLOADED_FILE or PackageInstaller.PACKAGE_SOURCE_LOCAL_FILE, 51which are considered untrustworthy.) 52 53If one or more <enhanced-confirmation-trusted-installer> entries are declared, then packages must, 54in order to be exempt from ECM, meet at least one of the following criteria: 55 56 A. Be installed by an installer with a matching <enhanced-confirmation-trusted-installer> entry 57 declared, and be marked as coming from an "trustworthy" package source by the installer, or 58 B. Be installed via a pre-installed installer, and be marked as coming from a "trustworthy" 59 package source by the installer, or 60 C. Have a matching <enhanced-confirmation-trusted-package> entry declared. 61 62For either type of XML element: 63 64- The "package" XML attribute refers to the app's package name. 65- The "sha256-cert-digest" XML attribute refers to the SHA-256 hash of an app signing certificate. 66 67For any entry to successfully apply to a package, both XML attributes must be present, and must 68match the package. That is, the package name must match the "package" attribute, and the app must be 69signed by the signing certificate identified by the "sha256-cert-digest" attribute. 70--> 71 72<config></config> 73