Snap for 4739962 from b5c17bb374d4534171a288d41edea9184f47d3de to pi-release
Change-Id: I3c956427b24537dd74cf93adccf1b0ea3aef694e
diff --git a/src/main/java/com/android/apksig/SigningCertificateLineage.java b/src/main/java/com/android/apksig/SigningCertificateLineage.java
index 440f13d..8c2c7e5 100644
--- a/src/main/java/com/android/apksig/SigningCertificateLineage.java
+++ b/src/main/java/com/android/apksig/SigningCertificateLineage.java
@@ -89,6 +89,11 @@
*/
private static final int PAST_CERT_ROLLBACK = 8;
+ /**
+ * Preserve authenticator module-based access in AccountManager gated by signing certificate.
+ */
+ private static final int PAST_CERT_AUTH = 16;
+
private final int mMinSdkVersion;
/**
@@ -414,7 +419,8 @@
// TODO add API to modify flags corresponding to a given signing certificate
private static int calculateDefaultFlags() {
- return PAST_CERT_INSTALLED_DATA | PAST_CERT_PERMISSION | PAST_CERT_SHARED_USER_ID;
+ return PAST_CERT_INSTALLED_DATA | PAST_CERT_PERMISSION
+ | PAST_CERT_SHARED_USER_ID | PAST_CERT_AUTH;
}
/**
@@ -598,6 +604,20 @@
}
/**
+ * Set the {@code PAST_CERT_AUTH} flag in this capabilities object. This flag
+ * is used by the platform to determine whether or not privileged access based on
+ * authenticator module signing certificates should be granted.
+ */
+ public Builder setAuth(boolean enabled) {
+ if (enabled) {
+ mFlags |= PAST_CERT_AUTH;
+ } else {
+ mFlags &= ~PAST_CERT_AUTH;
+ }
+ return this;
+ }
+
+ /**
* Returns a new {@code SignerConfig} instance configured based on the configuration of
* this builder.
*/