blob: 973bcb5c1475482ee696f3fe2a47e32292b6ff13 [file] [log] [blame]
Jay Thomas Sullivana14c9e52024-01-25 18:50:58 -08001<?xml version="1.0" encoding="utf-8"?>
2<!--
3 ~ Copyright (C) 2024 The Android Open Source Project
4 ~
5 ~ Licensed under the Apache License, Version 2.0 (the "License");
6 ~ you may not use this file except in compliance with the License.
7 ~ You may obtain a copy of the License at
8 ~
9 ~ http://www.apache.org/licenses/LICENSE-2.0
10 ~
11 ~ Unless required by applicable law or agreed to in writing, software
12 ~ distributed under the License is distributed on an "AS IS" BASIS,
13 ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ~ See the License for the specific language governing permissions and
15 ~ limitations under the License.
16 -->
17
18<!--
19This XML defines an allowlist of packages that should be exempt from ECM (Enhanced Confirmation
20Mode).
21
22Example usage:
23
Jay Thomas Sullivane1bbeef2024-02-06 16:55:41 -080024 <enhanced-confirmation-trusted-package
Jay Thomas Sullivana14c9e52024-01-25 18:50:58 -080025 package="com.example.app"
Jay Thomas Sullivane1bbeef2024-02-06 16:55:41 -080026 sha256-cert-digest="E9:7A:BC:2C:D1:CA:8D:58:6A:57:0B:8C:F8:60:AA:D2:8D:13:30:2A:FB:C9:00:2C:5D:53:B2:6C:09:A4:85:A0"/>
Jay Thomas Sullivane1bbeef2024-02-06 16:55:41 -080027 ...
28
29 <enhanced-confirmation-trusted-installer
30 package="com.example.installer"
31 sha256-cert-digest="E9:7A:BC:2C:D1:CA:8D:58:6A:57:0B:8C:F8:60:AA:D2:8D:13:30:2A:FB:C9:00:2C:5D:53:B2:6C:09:A4:85:A0"/>
Jay Thomas Sullivane1bbeef2024-02-06 16:55:41 -080032 ...
33
Jay Thomas Sullivan590762e2024-03-12 18:13:11 -070034The <enhanced-confirmation-trusted-package> entry shown in the above example indicates that
35"com.example.app" should be considered a "trusted package". A "trusted package" will be exempt from
36ECM restrictions.
Jay Thomas Sullivane1bbeef2024-02-06 16:55:41 -080037
Jay Thomas Sullivan590762e2024-03-12 18:13:11 -070038The <enhanced-confirmation-trusted-installer> entry shown in the above example indicates that
39"com.example.app" should be considered a "trusted installer". Apps installed by "trusted installers"
40will be exempt from ECM restrictions, with conditions explained in the next few paragraphs.
Jay Thomas Sullivane1bbeef2024-02-06 16:55:41 -080041
Jay Thomas Sullivan590762e2024-03-12 18:13:11 -070042If zero <enhanced-confirmation-trusted-installer> entries are declared, then *all* packages will be
43exempt from ECM restrictions, except apps meeting *all* of the following criteria:
44
45 A. The app is not pre-installed, and
46 B. The app has no matching <enhanced-confirmation-trusted-package> entries declared, and
47 C. The app is marked by its installer as coming from an untrustworthy package source.
48
49(For example, an installer may set an app's package source to
50PackageInstaller.PACKAGE_SOURCE_DOWNLOADED_FILE or PackageInstaller.PACKAGE_SOURCE_LOCAL_FILE,
51which are considered untrustworthy.)
52
53If one or more <enhanced-confirmation-trusted-installer> entries are declared, then packages must,
54in order to be exempt from ECM, meet at least one of the following criteria:
55
56 A. Be installed by an installer with a matching <enhanced-confirmation-trusted-installer> entry
57 declared, and be marked as coming from an "trustworthy" package source by the installer, or
58 B. Be installed via a pre-installed installer, and be marked as coming from a "trustworthy"
59 package source by the installer, or
60 C. Have a matching <enhanced-confirmation-trusted-package> entry declared.
61
62For either type of XML element:
Jay Thomas Sullivane1bbeef2024-02-06 16:55:41 -080063
64- The "package" XML attribute refers to the app's package name.
65- The "sha256-cert-digest" XML attribute refers to the SHA-256 hash of an app signing certificate.
66
67For any entry to successfully apply to a package, both XML attributes must be present, and must
68match the package. That is, the package name must match the "package" attribute, and the app must be
Jay Thomas Sullivan590762e2024-03-12 18:13:11 -070069signed by the signing certificate identified by the "sha256-cert-digest" attribute.
Jay Thomas Sullivana14c9e52024-01-25 18:50:58 -080070-->
71
72<config></config>