Skip to content

Commit

Permalink
add default permission policy
Browse files Browse the repository at this point in the history 
Co-authored-by: nift4 <[email protected]>
Change-Id: I28714580eadf9bf1c3bf2b7529c6917278a35151
  • Loading branch information
@chris42 @nift4
chris42 and nift4 committed Aug 12, 2021
1 parent 2c34e63 commit 03bca97
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 0 deletions.
20 changes: 20 additions & 0 deletions system/etc/permissions/permissions-com.android.vending.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (C) 2019 chris42 (based on work of ale5k and nanolx)
Copyright (C) 2021 nift4
SPDX-License-Identifer: GPL-3.0-or-later
This file contains permissions to be granted by default.
Default permissions are granted to special platform components and to apps that are approved to get default grants.
The special components are apps that are expected to work out-of-the-box as they provide core use cases.
Fixed permissions cannot be controlled by the user and need a special approval.
Typically these are to ensure either legally mandated functions or the app is considered a part of the OS.
Granting these permissions could prevent issues on some ROMs or on non-clean installations.
-->

<exceptions>
<exception package="com.android.vending">
<!-- Signature spoofing -->
<permission name="android.permission.FAKE_PACKAGE_SIGNATURE" fixed="false"/>
<!-- for the real Play Store, as this permission is buggy -->
<permission name="android.permission.RECIEVE_SMS" fixed="false"/>

This comment has been minimized.

Sign in to view

Copy link
@Fs00

Fs00 Aug 12, 2021

@nift4 There is a typo here (RECIEVE_SMS instead of RECEIVE_SMS). Btw, why is this needed?

This comment has been minimized.

Sign in to view

Copy link
@nift4

nift4 Aug 12, 2021

Author Owner

see bug #20 - also applies to play store. and thanks again :)
</exception>
</exceptions>
31 changes: 31 additions & 0 deletions system/etc/permissions/permissions-com.google.android.gms.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (C) 2019 chris42 (based on work of ale5k and nanolx)
SPDX-License-Identifer: GPL-3.0-or-later
This file contains permissions to be granted by default.
Default permissions are granted to special platform components and to apps that are approved to get default grants.
The special components are apps that are expected to work out-of-the-box as they provide core use cases.
Fixed permissions cannot be controlled by the user and need a special approval.
Typically these are to ensure either legally mandated functions or the app is considered a part of the OS.
Granting these permissions could prevent issues on some ROMs or on non-clean installations.
-->

<exceptions>
<exception package="com.google.android.gms">
<!-- Phone -->
<permission name="android.permission.READ_PHONE_STATE" fixed="false"/>
<permission name="android.permission.RECEIVE_SMS" fixed="false" />
<!-- Account -->
<permission name="android.permission.READ_CONTACTS" fixed="false"/>
<permission name="android.permission.WRITE_CONTACTS" fixed="false"/>
<permission name="android.permission.GET_ACCOUNTS" fixed="false"/>
<!-- Location -->
<permission name="android.permission.ACCESS_FINE_LOCATION" fixed="false"/>
<permission name="android.permission.ACCESS_COARSE_LOCATION" fixed="false"/>
<permission name="org.microg.permission.FORCE_COARSE_LOCATION" fixed="false"/>
<!-- Storage -->
<permission name="android.permission.READ_EXTERNAL_STORAGE" fixed="false"/>
<permission name="android.permission.WRITE_EXTERNAL_STORAGE" fixed="false"/>
<!-- Signature Spoofing -->
<permission name="android.permission.FAKE_PACKAGE_SIGNATURE" fixed="false"/>
</exception>
</exceptions>

0 comments on commit 03bca97

Please sign in to comment.