1<?xml version="1.0" encoding="utf-8"?> 2<policy> 3 4<!-- 5 Sample signer stanza for install policy 6 7 Rules: 8 * A signature is a hex encoded X.509 certificate and is required for each signer tag. 9 * A <signer signature="" > element may have multiple child elements: 10 allow-permission : produces a set of maximal allowed permissions (whitelist). 11 deny-permission : produces a blacklist of permissions to deny. 12 allow-all : a wildcard tag that will allow every permission requested. 13 package : a complex tag which itself defines allow, deny, and wildcard sub elements for 14 a specific package name protected by the signature 15 * Zero or more global <package name=""> tags are allowed. These tags allow a policy 16 to be set outside any signature for specific package names. 17 * Unknown tags at any level are skipped. 18 * Zero or more signer tags are allowed. 19 * Zero or more package tags are allowed per signer tag. 20 * A <package name=""> tag may not contain another <package name=""> tag. If found, it's skipped. 21 * A <default> tag is allowed that can contain install policy for all apps not signed with a 22 previously listed cert and not having a per package global policy. 23 * When multiple sub elements appear for a tag the following logic is used to 24 ultimately determine the type of enforcement: 25 ** A blacklist is used if at least one deny-permission tag is found 26 ** A whitelist is used if not a blacklist and at least one allow-permission tag is found 27 ** A wildcard (accept all permission) policy is used if not a blacklist and not a whitelist 28 and at least one allow-all tag is present. 29 ** If a <package name=""> sub element is found then that sub element's policy is used 30 according to the above logic and overrides any signature global policy type. 31 ** In order for a policy stanza to be enforced at least one of the above situations must 32 apply. Meaning, empty signer, default or package tags will not be accepted. 33 * Each signer/default/global package tag is allowed to contain one <seinfo value=""/> tag. 34 This tag represents additional info that each app can use in setting a SELinux security 35 context on the eventual process. Any <seinfo value=""/> tag found as a child of a 36 <package name=""> tag which is protected (sub element of signer or the default tag) is 37 ignored. It's possible that multiple seinfo tags are relevant for one app. In the event 38 that this happens, the seinfo tag that will be applied is the one for which the corresponding 39 policy stanza is used in the policy decision. 40 * Strict enforcing of any xml stanza is not enforced in most cases. This mainly applies to 41 duplicate tags which are allowed. In the event that a tag already exists, the original 42 tag is replaced. 43 * There are also no checks on the validity of permission names. Although valid android 44 permissions are expected, nothing prevents unknowns. 45 * Enforcement decisions: 46 - All signatures used to sign an app are checked for policy according to signer tags. 47 Only one of the signature policies has to pass however. 48 - In the event that none of the signature policies pass, or none even match, then 49 a global package policy is sought. If found, this policy mediates the install. 50 - The default tag is consulted last if needed. 51 - A local package policy always overrides any parent policy. 52 - If none of the cases apply then the app is denied. 53 54 55 Example global package policy 56 <package name="com.foo.com"> 57 <allow-permission name="android.permission.INTERNET" /> 58 <allow-permission name="android.permission.WRITE_EXTERNAL_STORAGE" /> 59 <allow-permission name="android.permission.ACCESS_NETWORK_STATE" /> 60 </package> 61 62 Sample stanzas are given below based on the AOSP developer keys. 63 64--> 65 66 <!-- Platform dev key with AOSP --> 67 <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" > 68 <allow-all /> 69 <seinfo value="platform" /> 70 </signer> 71 72 <!-- Media dev key in AOSP --> 73 <signer signature="308204a830820390a003020102020900f2b98e6123572c4e300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233343035375a170d3335303930313233343035375a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100ae250c5a16ef97fc2869ac651b3217cc36ba0e86964168d58a049f40ce85867123a3ffb4f6d949c33cf2da3a05c23eacaa57d803889b1759bcf59e7c6f21890ae25085b7ed56aa626c0989ef9ccd36362ca0e8d1b9603fd4d8328767926ccc090c68b775ae7ff30934cc369ef2855a2667df0c667fd0c7cf5d8eba655806737303bb624726eabaedfb72f07ed7a76ab3cb9a381c4b7dcd809b140d891f00213be401f58d6a06a61eadc3a9c2f1c6567285b09ae09342a66fa421eaf93adf7573a028c331d70601ab3af7cc84033ece7c772a3a5b86b0dbe9d777c3a48aa9801edcee2781589f44d9e4113979600576a99410ba81091259dad98c6c68ff784b8f020103a381fc3081f9301d0603551d0e04160414ca293caa8bc0ed3e542eef4205a2bff2b57e4d753081c90603551d230481c13081be8014ca293caa8bc0ed3e542eef4205a2bff2b57e4d75a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2b98e6123572c4e300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010084de9516d5e4a87217a73da8487048f53373a5f733f390d61bdf3cc9e5251625bfcaa7c3159cae275d172a9ae1e876d5458127ac542f68290dd510c0029d8f51e0ee156b7b7b5acdb394241b8ec78b74e5c42c5cafae156caf5bd199a23a27524da072debbe378464a533630b0e4d0ffb7e08ecb701fadb6379c74467f6e00c6ed888595380792038756007872c8e3007af423a57a2cab3a282869b64c4b7bd5fc187d0a7e2415965d5aae4e07a6df751b4a75e9793c918a612b81cd0b628aee0168dc44e47b10d3593260849d6adf6d727dc24444c221d3f9ecc368cad07999f2b8105bc1f20d38d41066cc1411c257a96ea4349f5746565507e4e8020a1a81" > 74 <allow-permission name="android.permission.ACCESS_ALL_DOWNLOADS" /> 75 <allow-permission name="android.permission.ACCESS_CACHE_FILESYSTEM" /> 76 <allow-permission name="android.permission.ACCESS_DOWNLOAD_MANAGER" /> 77 <allow-permission name="android.permission.ACCESS_MTP" /> 78 <allow-permission name="android.permission.ACCESS_NETWORK_STATE" /> 79 <allow-permission name="android.permission.CONNECTIVITY_INTERNAL" /> 80 <allow-permission name="android.permission.INTERNET" /> 81 <allow-permission name="android.permission.MODIFY_NETWORK_ACCOUNTING" /> 82 <allow-permission name="android.permission.READ_EXTERNAL_STORAGE" /> 83 <allow-permission name="android.permission.RECEIVE_BOOT_COMPLETED" /> 84 <allow-permission name="android.permission.RECEIVE_WAP_PUSH" /> 85 <allow-permission name="android.permission.SEND_DOWNLOAD_COMPLETED_INTENTS" /> 86 <allow-permission name="android.permission.UPDATE_DEVICE_STATS" /> 87 <allow-permission name="android.permission.WAKE_LOCK" /> 88 <allow-permission name="android.permission.WRITE_EXTERNAL_STORAGE" /> 89 <allow-permission name="android.permission.WRITE_MEDIA_STORAGE" /> 90 <allow-permission name="android.permission.WRITE_SETTINGS" /> 91 <seinfo value="media" /> 92 </signer> 93 94 <!-- shared dev key in AOSP --> 95 <signer signature="308204a830820390a003020102020900f2a73396bd38767a300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303732333231353735395a170d3335313230393231353735395a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100c8c2dbfd094a2df45c3ff1a32ed21805ec72fc58d017971bd0f6b52c262d70819d191967e158dfd3a2c7f1b3e0e80ce545d79d2848220211eb86f0fd8312d37b420c113750cc94618ae872f4886463bdc4627caa0c0483c86493e3515571170338bfdcc4cd6addd1c0a2f35f5cf24ed3e4043a3e58e2b05e664ccde12bcb67735fd6df1249c369e62542bc0a4729e53917f5c38ffa52d17b73c9c73798ddb18ed481590875547e66bfc5daca4c25a6eb960ed96923709da302ba646cb496b325e86c5c8b2e7a3377b2bbe4c7cf33254291163f689152ac088550c83c508f4bf5adf0aed5a2dca0583f9ab0ad17650db7eea4b23fdb45885547d0feab72183889020103a381fc3081f9301d0603551d0e04160414cb4c7e2cdbb3f0ada98dab79968d172e9dbb1ed13081c90603551d230481c13081be8014cb4c7e2cdbb3f0ada98dab79968d172e9dbb1ed1a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900f2a73396bd38767a300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010040a8d096997959e917a36c44246b6bac2bae05437ecd89794118f7834720352d1c6f8a39b0869942f4da65981faa2951d33971129ec1921d795671c527d6e249f252829faf5b591310311e2de096500d568ad4114a656dc34a8c6f610453afc1ea7992dba4aa7b3f8543a6e35c0728de77fe97eeac83771fd0ec90f8e4449434ee0b6045783e70c7a2e460249260e003cf7608dc352a4c9ef706def4b26050e978ae2fffd7a3323787014915eb3cc874fcc7a9ae930877c5c8c7d1c2e2a8ee863c89180d1855cedba400e7ba43cccaa7243d397e7c0e8e8e4d7d4f92b6bbead49c0cf018069eddca2e7e2fb4668d89dbbd7950d0cd254180fa1eaafc2a556f84" > 96 <allow-permission name="android.permission.ACCESS_COARSE_LOCATION" /> 97 <allow-permission name="android.permission.ACCESS_FINE_LOCATION" /> 98 <allow-permission name="android.permission.ACCESS_NETWORK_STATE" /> 99 <allow-permission name="android.permission.ALLOW_ANY_CODEC_FOR_PLAYBACK" /> 100 <allow-permission name="android.permission.BIND_APPWIDGET" /> 101 <allow-permission name="android.permission.BIND_WALLPAPER" /> 102 <allow-permission name="android.permission.CALL_PHONE" /> 103 <allow-permission name="android.permission.CALL_PRIVILEGED" /> 104 <allow-permission name="android.permission.CAMERA" /> 105 <allow-permission name="android.permission.GET_ACCOUNTS" /> 106 <allow-permission name="android.permission.GLOBAL_SEARCH" /> 107 <allow-permission name="android.permission.INTERNET" /> 108 <allow-permission name="android.permission.MANAGE_ACCOUNTS" /> 109 <allow-permission name="android.permission.MODIFY_AUDIO_SETTINGS" /> 110 <allow-permission name="android.permission.MODIFY_PHONE_STATE" /> 111 <allow-permission name="android.permission.NFC" /> 112 <allow-permission name="android.permission.PACKAGE_USAGE_STATS" /> 113 <allow-permission name="android.permission.READ_CALL_LOG" /> 114 <allow-permission name="android.permission.READ_CONTACTS"/> 115 <allow-permission name="android.permission.READ_EXTERNAL_STORAGE" /> 116 <allow-permission name="android.permission.READ_PHONE_STATE" /> 117 <allow-permission name="android.permission.READ_PROFILE" /> 118 <allow-permission name="android.permission.READ_SOCIAL_STREAM" /> 119 <allow-permission name="android.permission.READ_SYNC_SETTINGS" /> 120 <allow-permission name="android.permission.READ_SYNC_STATS" /> 121 <allow-permission name="android.permission.READ_USER_DICTIONARY" /> 122 <allow-permission name="android.permission.REBOOT" /> 123 <allow-permission name="android.permission.RECEIVE_BOOT_COMPLETED" /> 124 <allow-permission name="android.permission.RECORD_AUDIO" /> 125 <allow-permission name="android.permission.SET_WALLPAPER" /> 126 <allow-permission name="android.permission.SET_WALLPAPER_COMPONENT" /> 127 <allow-permission name="android.permission.SET_WALLPAPER_HINTS" /> 128 <allow-permission name="android.permission.SUBSCRIBED_FEEDS_READ" /> 129 <allow-permission name="android.permission.SUBSCRIBED_FEEDS_WRITE" /> 130 <allow-permission name="android.permission.USE_CREDENTIALS" /> 131 <allow-permission name="android.permission.VIBRATE" /> 132 <allow-permission name="android.permission.WAKE_LOCK" /> 133 <allow-permission name="android.permission.WRITE_CALL_LOG" /> 134 <allow-permission name="android.permission.WRITE_CONTACTS" /> 135 <allow-permission name="android.permission.WRITE_EXTERNAL_STORAGE" /> 136 <allow-permission name="android.permission.WRITE_PROFILE" /> 137 <allow-permission name="android.permission.WRITE_SETTINGS" /> 138 <allow-permission name="android.permission.WRITE_USER_DICTIONARY" /> 139 <allow-permission name="com.android.browser.permission.READ_HISTORY_BOOKMARKS"/> 140 <allow-permission name="com.android.launcher.permission.INSTALL_SHORTCUT" /> 141 <allow-permission name="com.android.launcher.permission.READ_SETTINGS" /> 142 <allow-permission name="com.android.launcher.permission.WRITE_SETTINGS" /> 143 <allow-permission name="com.android.voicemail.permission.ADD_VOICEMAIL" /> 144 <allow-permission name="com.android.voicemail.permission.READ_WRITE_ALL_VOICEMAIL" /> 145 <allow-permission name="com.google.android.googleapps.permission.GOOGLE_AUTH" /> 146 <allow-permission name="com.google.android.googleapps.permission.GOOGLE_AUTH.cp" /> 147 <allow-permission name="com.google.android.googleapps.permission.GOOGLE_AUTH.mail" /> 148 <seinfo value="shared" /> 149 </signer> 150 151 <!-- release dev key in AOSP --> 152 <signer signature="308204a830820390a003020102020900936eacbe07f201df300d06092a864886f70d0101050500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303232393031333334365a170d3335303731373031333334365a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100d6931904dec60b24b1edc762e0d9d8253e3ecd6ceb1de2ff068ca8e8bca8cd6bd3786ea70aa76ce60ebb0f993559ffd93e77a943e7e83d4b64b8e4fea2d3e656f1e267a81bbfb230b578c20443be4c7218b846f5211586f038a14e89c2be387f8ebecf8fcac3da1ee330c9ea93d0a7c3dc4af350220d50080732e0809717ee6a053359e6a694ec2cb3f284a0a466c87a94d83b31093a67372e2f6412c06e6d42f15818dffe0381cc0cd444da6cddc3b82458194801b32564134fbfde98c9287748dbf5676a540d8154c8bbca07b9e247553311c46b9af76fdeeccc8e69e7c8a2d08e782620943f99727d3c04fe72991d99df9bae38a0b2177fa31d5b6afee91f020103a381fc3081f9301d0603551d0e04160414485900563d272c46ae118605a47419ac09ca8c113081c90603551d230481c13081be8014485900563d272c46ae118605a47419ac09ca8c11a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900936eacbe07f201df300c0603551d13040530030101ff300d06092a864886f70d010105050003820101007aaf968ceb50c441055118d0daabaf015b8a765a27a715a2c2b44f221415ffdace03095abfa42df70708726c2069e5c36eddae0400be29452c084bc27eb6a17eac9dbe182c204eb15311f455d824b656dbe4dc2240912d7586fe88951d01a8feb5ae5a4260535df83431052422468c36e22c2a5ef994d61dd7306ae4c9f6951ba3c12f1d1914ddc61f1a62da2df827f603fea5603b2c540dbd7c019c36bab29a4271c117df523cdbc5f3817a49e0efa60cbd7f74177e7a4f193d43f4220772666e4c4d83e1bd5a86087cf34f2dec21e245ca6c2bb016e683638050d2c430eea7c26a1c49d3760a58ab7f1a82cc938b4831384324bd0401fa12163a50570e684d" > 153 <seinfo value="release" /> 154 <deny-permission name="android.permission.BRICK" /> 155 <deny-permission name="android.permission.READ_LOGS" /> 156 <deny-permission name="com.android.browser.permission.READ_HISTORY_BOOKMARKS" /> 157 <deny-permission name="com.android.browser.permission.WRITE_HISTORY_BOOKMARKS" /> 158 <package name="com.android.browser" > 159 <allow-permission name="android.permission.ACCESS_COARSE_LOCATION"/> 160 <allow-permission name="android.permission.ACCESS_DOWNLOAD_MANAGER"/> 161 <allow-permission name="android.permission.ACCESS_FINE_LOCATION"/> 162 <allow-permission name="android.permission.ACCESS_NETWORK_STATE"/> 163 <allow-permission name="android.permission.ACCESS_WIFI_STATE"/> 164 <allow-permission name="android.permission.GET_ACCOUNTS"/> 165 <allow-permission name="android.permission.INTERNET" /> 166 <allow-permission name="android.permission.MANAGE_ACCOUNTS" /> 167 <allow-permission name="android.permission.NFC" /> 168 <allow-permission name="android.permission.READ_CONTACTS" /> 169 <allow-permission name="android.permission.READ_EXTERNAL_STORAGE" /> 170 <allow-permission name="android.permission.READ_PROFILE" /> 171 <allow-permission name="android.permission.READ_SYNC_SETTINGS" /> 172 <allow-permission name="android.permission.SEND_DOWNLOAD_COMPLETED_INTENTS" /> 173 <allow-permission name="android.permission.SET_WALLPAPER" /> 174 <allow-permission name="android.permission.USE_CREDENTIALS"/> 175 <allow-permission name="android.permission.WAKE_LOCK"/> 176 <allow-permission name="android.permission.WRITE_EXTERNAL_STORAGE" /> 177 <allow-permission name="android.permission.WRITE_SETTINGS" /> 178 <allow-permission name="android.permission.WRITE_SYNC_SETTINGS" /> 179 <allow-permission name="com.android.browser.permission.READ_HISTORY_BOOKMARKS"/> 180 <allow-permission name="com.android.browser.permission.WRITE_HISTORY_BOOKMARKS"/> 181 <allow-permission name="com.android.launcher.permission.INSTALL_SHORTCUT"/> 182 </package> 183 </signer> 184 185 <!-- All other keys --> 186 <default> 187 <seinfo value="default" /> 188 <deny-permission name="android.permission.ACCESS_COARSE_LOCATION" /> 189 <deny-permission name="android.permission.ACCESS_FINE_LOCATION" /> 190 <deny-permission name="android.permission.AUTHENTICATE_ACCOUNTS" /> 191 <deny-permission name="android.permission.CALL_PHONE" /> 192 <deny-permission name="android.permission.CAMERA" /> 193 <deny-permission name="android.permission.READ_LOGS" /> 194 <deny-permission name="android.permission.WRITE_EXTERNAL_STORAGE" /> 195 </default> 196 197</policy> 198