From 6db18a9badeaf76ccfdbf745fa356f2fe024df87 Mon Sep 17 00:00:00 2001 From: goneil Date: Wed, 10 Jan 2018 16:23:11 -0800 Subject: [PATCH] Allow certificates to be stored in the carrier app whitelist Use CARRIER_APP_WHITELIST to store app certificate mapped to package name (instead of just package name as we had before). Bug: 70042722 Test: SettingsBackupTest Test: UiccProfileTest#testParseWhitelistMapFromString() for parsing map Change-Id: Ia0c7c364cd8154272ef62cbbf412036b4eae1b21 --- api/system-current.txt | 2 ++ core/java/android/provider/Settings.java | 20 +++++++++++-------- core/proto/android/providers/settings.proto | 7 ++++--- .../android/telephony/UiccAccessRule.java | 7 +++++++ 4 files changed, 25 insertions(+), 11 deletions(-) diff --git a/api/system-current.txt b/api/system-current.txt index 1235591a7e6b6..257e4315376ec 100644 --- a/api/system-current.txt +++ b/api/system-current.txt @@ -4176,6 +4176,7 @@ package android.provider { method public static boolean putString(android.content.ContentResolver, java.lang.String, java.lang.String, java.lang.String, boolean); method public static void resetToDefaults(android.content.ContentResolver, java.lang.String); field public static final java.lang.String AUTOFILL_COMPAT_ALLOWED_PACKAGES = "autofill_compat_allowed_packages"; + field public static final java.lang.String CARRIER_APP_WHITELIST = "carrier_app_whitelist"; field public static final java.lang.String DEFAULT_SM_DP_PLUS = "default_sm_dp_plus"; field public static final java.lang.String INSTALL_CARRIER_APP_NOTIFICATION_PERSISTENT = "install_carrier_app_notification_persistent"; field public static final java.lang.String INSTALL_CARRIER_APP_NOTIFICATION_SLEEP_MILLIS = "install_carrier_app_notification_sleep_millis"; @@ -5219,6 +5220,7 @@ package android.telephony { method public int describeContents(); method public int getCarrierPrivilegeStatus(android.content.pm.PackageInfo); method public int getCarrierPrivilegeStatus(android.content.pm.Signature, java.lang.String); + method public java.lang.String getCertificateHexString(); method public java.lang.String getPackageName(); method public void writeToParcel(android.os.Parcel, int); field public static final android.os.Parcelable.Creator CREATOR; diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java index 68490ed24ac09..bb1df2113e14f 100644 --- a/core/java/android/provider/Settings.java +++ b/core/java/android/provider/Settings.java @@ -9077,14 +9077,18 @@ public final class Settings { */ public static final String TETHER_OFFLOAD_DISABLED = "tether_offload_disabled"; - /** - * List of carrier apps which are whitelisted to prompt the user for install when - * a sim card with matching uicc carrier privilege rules is inserted. - * - * The value is "package1;package2;..." - * @hide - */ - public static final String CARRIER_APP_WHITELIST = "carrier_app_whitelist"; + /** + * List of certificate (hex string representation of the application's certificate - SHA-1 + * or SHA-256) and carrier app package pairs which are whitelisted to prompt the user for + * install when a sim card with matching UICC carrier privilege rules is inserted. The + * certificate is used as a key, so the certificate encoding here must be the same as the + * certificate encoding used on the SIM. + * + * The value is "cert1:package1;cert2:package2;..." + * @hide + */ + @SystemApi + public static final String CARRIER_APP_WHITELIST = "carrier_app_whitelist"; /** * USB Mass Storage Enabled diff --git a/core/proto/android/providers/settings.proto b/core/proto/android/providers/settings.proto index c35b2ece6070c..3ea08793aad0f 100644 --- a/core/proto/android/providers/settings.proto +++ b/core/proto/android/providers/settings.proto @@ -179,8 +179,9 @@ message GlobalSettingsProto { optional SettingProto tether_dun_required = 114 [ (android.privacy).dest = DEST_AUTOMATIC ]; optional SettingProto tether_dun_apn = 115; optional SettingProto tether_offload_disabled = 301 [ (android.privacy).dest = DEST_AUTOMATIC ]; - // List of carrier apps which are whitelisted to prompt the user for install - // when a SIM card with marchin UICC carrier privilege rules is inserted. + // List of carrier app certificate mapped to carrier app package id which are whitelisted to + // prompt the user for install when a SIM card with matching UICC carrier privilege rules is + // inserted. optional SettingProto carrier_app_whitelist = 116 [ (android.privacy).dest = DEST_AUTOMATIC ]; optional SettingProto usb_mass_storage_enabled = 117 [ (android.privacy).dest = DEST_AUTOMATIC ]; optional SettingProto use_google_mail = 118 [ (android.privacy).dest = DEST_AUTOMATIC ]; @@ -433,7 +434,7 @@ message GlobalSettingsProto { // Please insert fields in the same order as in // frameworks/base/core/java/android/provider/Settings.java. - // Next tag = 356; + // Next tag = 358; } message SecureSettingsProto { diff --git a/telephony/java/android/telephony/UiccAccessRule.java b/telephony/java/android/telephony/UiccAccessRule.java index c3f8a19304098..526733d357f61 100644 --- a/telephony/java/android/telephony/UiccAccessRule.java +++ b/telephony/java/android/telephony/UiccAccessRule.java @@ -156,6 +156,13 @@ public final class UiccAccessRule implements Parcelable { return mPackageName; } + /** + * Returns the hex string of the certificate hash. + */ + public String getCertificateHexString() { + return IccUtils.bytesToHexString(mCertificateHash); + } + /** * Returns the carrier privilege status associated with the given package. *