Don't verify signatures in ConfigUpdateInstallReceiver
Instead, require the intent sender to hold the new system-or-signature
UPDATE_CONFIG permission. An application holding this permission is
now responsible for verifying the integrity/source of an update, before
sending it to one of the ConfigUpdateInstallReceiver subclasses.
Bug: 8949824
Change-Id: I0925051c1dcef312b8508fb34927150ffbc346f9
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 4a1be2d..11069b3 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -1617,6 +1617,14 @@
android:protectionLevel="signature" />
<uses-permission android:name="android.permission.BIND_JOB_SERVICE"/>
+ <!-- Allows an application to initiate configuration updates
+ <p>An application requesting this permission is responsible for
+ verifying the source and integrity of any update before passing
+ it off to the various individual installer components
+ @hide -->
+ <permission android:name="android.permission.UPDATE_CONFIG"
+ android:protectionLevel="signature|system" />
+
<!-- ========================================= -->
<!-- Permissions for special development tools -->
<!-- ========================================= -->
@@ -2537,42 +2545,48 @@
</intent-filter>
</receiver>
- <receiver android:name="com.android.server.updates.CertPinInstallReceiver" >
+ <receiver android:name="com.android.server.updates.CertPinInstallReceiver"
+ android:permission="android.permission.UPDATE_CONFIG">
<intent-filter>
<action android:name="android.intent.action.UPDATE_PINS" />
<data android:scheme="content" android:host="*" android:mimeType="*/*" />
</intent-filter>
</receiver>
- <receiver android:name="com.android.server.updates.IntentFirewallInstallReceiver" >
+ <receiver android:name="com.android.server.updates.IntentFirewallInstallReceiver"
+ android:permission="android.permission.UPDATE_CONFIG">
<intent-filter>
<action android:name="android.intent.action.UPDATE_INTENT_FIREWALL" />
<data android:scheme="content" android:host="*" android:mimeType="*/*" />
</intent-filter>
</receiver>
- <receiver android:name="com.android.server.updates.SmsShortCodesInstallReceiver" >
+ <receiver android:name="com.android.server.updates.SmsShortCodesInstallReceiver"
+ android:permission="android.permission.UPDATE_CONFIG">
<intent-filter>
<action android:name="android.intent.action.UPDATE_SMS_SHORT_CODES" />
<data android:scheme="content" android:host="*" android:mimeType="*/*" />
</intent-filter>
</receiver>
- <receiver android:name="com.android.server.updates.CarrierProvisioningUrlsInstallReceiver" >
+ <receiver android:name="com.android.server.updates.CarrierProvisioningUrlsInstallReceiver"
+ android:permission="android.permission.UPDATE_CONFIG">
<intent-filter>
<action android:name="android.intent.action.UPDATE_CARRIER_PROVISIONING_URLS" />
<data android:scheme="content" android:host="*" android:mimeType="*/*" />
</intent-filter>
</receiver>
- <receiver android:name="com.android.server.updates.TzDataInstallReceiver" >
+ <receiver android:name="com.android.server.updates.TzDataInstallReceiver"
+ android:permission="android.permission.UPDATE_CONFIG">
<intent-filter>
<action android:name="android.intent.action.UPDATE_TZDATA" />
<data android:scheme="content" android:host="*" android:mimeType="*/*" />
</intent-filter>
</receiver>
- <receiver android:name="com.android.server.updates.SELinuxPolicyInstallReceiver" >
+ <receiver android:name="com.android.server.updates.SELinuxPolicyInstallReceiver"
+ android:permission="android.permission.UPDATE_CONFIG">
<intent-filter>
<action android:name="android.intent.action.UPDATE_SEPOLICY" />
<data android:scheme="content" android:host="*" android:mimeType="*/*" />