Jay Thomas Sullivan | a14c9e5 | 2024-01-25 18:50:58 -0800 | [diff] [blame] | 1 | <?xml version="1.0" encoding="utf-8"?> |
| 2 | <!-- |
| 3 | ~ Copyright (C) 2024 The Android Open Source Project |
| 4 | ~ |
| 5 | ~ Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | ~ you may not use this file except in compliance with the License. |
| 7 | ~ You may obtain a copy of the License at |
| 8 | ~ |
| 9 | ~ http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | ~ |
| 11 | ~ Unless required by applicable law or agreed to in writing, software |
| 12 | ~ distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | ~ See the License for the specific language governing permissions and |
| 15 | ~ limitations under the License. |
| 16 | --> |
| 17 | |
| 18 | <!-- |
| 19 | This XML defines an allowlist of packages that should be exempt from ECM (Enhanced Confirmation |
| 20 | Mode). |
| 21 | |
| 22 | Example usage: |
| 23 | |
Jay Thomas Sullivan | e1bbeef | 2024-02-06 16:55:41 -0800 | [diff] [blame] | 24 | <enhanced-confirmation-trusted-package |
Jay Thomas Sullivan | a14c9e5 | 2024-01-25 18:50:58 -0800 | [diff] [blame] | 25 | package="com.example.app" |
Jay Thomas Sullivan | e1bbeef | 2024-02-06 16:55:41 -0800 | [diff] [blame] | 26 | sha256-cert-digest="E9:7A:BC:2C:D1:CA:8D:58:6A:57:0B:8C:F8:60:AA:D2:8D:13:30:2A:FB:C9:00:2C:5D:53:B2:6C:09:A4:85:A0"/> |
Jay Thomas Sullivan | e1bbeef | 2024-02-06 16:55:41 -0800 | [diff] [blame] | 27 | ... |
| 28 | |
| 29 | <enhanced-confirmation-trusted-installer |
| 30 | package="com.example.installer" |
| 31 | sha256-cert-digest="E9:7A:BC:2C:D1:CA:8D:58:6A:57:0B:8C:F8:60:AA:D2:8D:13:30:2A:FB:C9:00:2C:5D:53:B2:6C:09:A4:85:A0"/> |
Jay Thomas Sullivan | e1bbeef | 2024-02-06 16:55:41 -0800 | [diff] [blame] | 32 | ... |
| 33 | |
Jay Thomas Sullivan | 590762e | 2024-03-12 18:13:11 -0700 | [diff] [blame] | 34 | The <enhanced-confirmation-trusted-package> entry shown in the above example indicates that |
| 35 | "com.example.app" should be considered a "trusted package". A "trusted package" will be exempt from |
| 36 | ECM restrictions. |
Jay Thomas Sullivan | e1bbeef | 2024-02-06 16:55:41 -0800 | [diff] [blame] | 37 | |
Jay Thomas Sullivan | 590762e | 2024-03-12 18:13:11 -0700 | [diff] [blame] | 38 | The <enhanced-confirmation-trusted-installer> entry shown in the above example indicates that |
| 39 | "com.example.app" should be considered a "trusted installer". Apps installed by "trusted installers" |
| 40 | will be exempt from ECM restrictions, with conditions explained in the next few paragraphs. |
Jay Thomas Sullivan | e1bbeef | 2024-02-06 16:55:41 -0800 | [diff] [blame] | 41 | |
Jay Thomas Sullivan | 590762e | 2024-03-12 18:13:11 -0700 | [diff] [blame] | 42 | If zero <enhanced-confirmation-trusted-installer> entries are declared, then *all* packages will be |
| 43 | exempt from ECM restrictions, except apps meeting *all* of the following criteria: |
| 44 | |
| 45 | A. The app is not pre-installed, and |
| 46 | B. The app has no matching <enhanced-confirmation-trusted-package> entries declared, and |
| 47 | C. The app is marked by its installer as coming from an untrustworthy package source. |
| 48 | |
| 49 | (For example, an installer may set an app's package source to |
| 50 | PackageInstaller.PACKAGE_SOURCE_DOWNLOADED_FILE or PackageInstaller.PACKAGE_SOURCE_LOCAL_FILE, |
| 51 | which are considered untrustworthy.) |
| 52 | |
| 53 | If one or more <enhanced-confirmation-trusted-installer> entries are declared, then packages must, |
| 54 | in order to be exempt from ECM, meet at least one of the following criteria: |
| 55 | |
| 56 | A. Be installed by an installer with a matching <enhanced-confirmation-trusted-installer> entry |
| 57 | declared, and be marked as coming from an "trustworthy" package source by the installer, or |
| 58 | B. Be installed via a pre-installed installer, and be marked as coming from a "trustworthy" |
| 59 | package source by the installer, or |
| 60 | C. Have a matching <enhanced-confirmation-trusted-package> entry declared. |
| 61 | |
| 62 | For either type of XML element: |
Jay Thomas Sullivan | e1bbeef | 2024-02-06 16:55:41 -0800 | [diff] [blame] | 63 | |
| 64 | - The "package" XML attribute refers to the app's package name. |
| 65 | - The "sha256-cert-digest" XML attribute refers to the SHA-256 hash of an app signing certificate. |
| 66 | |
| 67 | For any entry to successfully apply to a package, both XML attributes must be present, and must |
| 68 | match the package. That is, the package name must match the "package" attribute, and the app must be |
Jay Thomas Sullivan | 590762e | 2024-03-12 18:13:11 -0700 | [diff] [blame] | 69 | signed by the signing certificate identified by the "sha256-cert-digest" attribute. |
Jay Thomas Sullivan | a14c9e5 | 2024-01-25 18:50:58 -0800 | [diff] [blame] | 70 | --> |
| 71 | |
| 72 | <config></config> |