Allow certificates to be stored in the carrier app whitelist

Use CARRIER_APP_WHITELIST to store app certificate mapped to package name (instead of just package name as we had before). Bug: 70042722 Test: SettingsBackupTest Test: UiccProfileTest#testParseWhitelistMapFromString() for parsing map Change-Id: Ia0c7c364cd8154272ef62cbbf412036b4eae1b21
2018-01-10 16:23:11 -08:00
parent cfd17093cd
commit 6db18a9bad
4 changed files with 25 additions and 11 deletions
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -4176,6 +4176,7 @@ package android.provider {
    method public static boolean putString(android.content.ContentResolver, java.lang.String, java.lang.String, java.lang.String, boolean);
    method public static void resetToDefaults(android.content.ContentResolver, java.lang.String);
    field public static final java.lang.String AUTOFILL_COMPAT_ALLOWED_PACKAGES = "autofill_compat_allowed_packages";
+    field public static final java.lang.String CARRIER_APP_WHITELIST = "carrier_app_whitelist";
    field public static final java.lang.String DEFAULT_SM_DP_PLUS = "default_sm_dp_plus";
    field public static final java.lang.String INSTALL_CARRIER_APP_NOTIFICATION_PERSISTENT = "install_carrier_app_notification_persistent";
    field public static final java.lang.String INSTALL_CARRIER_APP_NOTIFICATION_SLEEP_MILLIS = "install_carrier_app_notification_sleep_millis";
@@ -5219,6 +5220,7 @@ package android.telephony {
    method public int describeContents();
    method public int getCarrierPrivilegeStatus(android.content.pm.PackageInfo);
    method public int getCarrierPrivilegeStatus(android.content.pm.Signature, java.lang.String);
+    method public java.lang.String getCertificateHexString();
    method public java.lang.String getPackageName();
    method public void writeToParcel(android.os.Parcel, int);
    field public static final android.os.Parcelable.Creator<android.telephony.UiccAccessRule> CREATOR;
--- a/core/java/android/provider/Settings.java
+++ b/core/java/android/provider/Settings.java
@@ -9077,14 +9077,18 @@ public final class Settings {
         */
        public static final String TETHER_OFFLOAD_DISABLED = "tether_offload_disabled";

-       /**
-        * List of carrier apps which are whitelisted to prompt the user for install when
-        * a sim card with matching uicc carrier privilege rules is inserted.
-        *
-        * The value is "package1;package2;..."
-        * @hide
-        */
-       public static final String CARRIER_APP_WHITELIST = "carrier_app_whitelist";
+        /**
+         * List of certificate (hex string representation of the application's certificate - SHA-1
+         * or SHA-256) and carrier app package pairs which are whitelisted to prompt the user for
+         * install when a sim card with matching UICC carrier privilege rules is inserted.  The
+         * certificate is used as a key, so the certificate encoding here must be the same as the
+         * certificate encoding used on the SIM.
+         *
+         * The value is "cert1:package1;cert2:package2;..."
+         * @hide
+         */
+        @SystemApi
+        public static final String CARRIER_APP_WHITELIST = "carrier_app_whitelist";

       /**
        * USB Mass Storage Enabled
--- a/core/proto/android/providers/settings.proto
+++ b/core/proto/android/providers/settings.proto
@@ -179,8 +179,9 @@ message GlobalSettingsProto {
    optional SettingProto tether_dun_required = 114 [ (android.privacy).dest = DEST_AUTOMATIC ];
    optional SettingProto tether_dun_apn = 115;
    optional SettingProto tether_offload_disabled = 301 [ (android.privacy).dest = DEST_AUTOMATIC ];
-    // List of carrier apps which are whitelisted to prompt the user for install
-    // when a SIM card with marchin UICC carrier privilege rules is inserted.
+    // List of carrier app certificate mapped to carrier app package id which are whitelisted to
+    // prompt the user for install when a SIM card with matching UICC carrier privilege rules is
+    // inserted.
    optional SettingProto carrier_app_whitelist = 116 [ (android.privacy).dest = DEST_AUTOMATIC ];
    optional SettingProto usb_mass_storage_enabled = 117 [ (android.privacy).dest = DEST_AUTOMATIC ];
    optional SettingProto use_google_mail = 118 [ (android.privacy).dest = DEST_AUTOMATIC ];
@@ -433,7 +434,7 @@ message GlobalSettingsProto {

    // Please insert fields in the same order as in
    // frameworks/base/core/java/android/provider/Settings.java.
-    // Next tag = 356;
+    // Next tag = 358;
 }

 message SecureSettingsProto {
--- a/telephony/java/android/telephony/UiccAccessRule.java
+++ b/telephony/java/android/telephony/UiccAccessRule.java
@@ -156,6 +156,13 @@ public final class UiccAccessRule implements Parcelable {
        return mPackageName;
    }

+    /**
+     * Returns the hex string of the certificate hash.
+     */
+    public String getCertificateHexString() {
+        return IccUtils.bytesToHexString(mCertificateHash);
+    }
+
    /**
     * Returns the carrier privilege status associated with the given package.
     *