Add + enforce new DeviceConfig permissions. Adds these new permissions, and grants them to `adb`: - `ALLOWLISTED_WRITE_DEVICE_CONFIG` - `READ_WRITE_SYNC_DISABLED_MODE_CONFIG` Uses `ALLOWLISTED_WRITE_DEVICE_CONFIG` to restrict writing flags to DeviceConfig unless they are explicitly allowlisted. Revokes `WRITE_DEVICE_CONFIG` from `adb`, and grants it `ALLOWLISTED_WRITE_DEVICE_CONFIG`. Bug: 251818659 Test: m Change-Id: I0d6784a9437e0b0344f47d13dab0f838f63eaded

commit: e8eb9f8da5e8f58e7592e20a1e373954ea2ff0f2 [log] [tgz]
author: Ted Bauer <tedbauer@google.com> Thu Jan 12 15:34:32 2023 +0000
committer: Ted Bauer <tedbauer@google.com> Tue Feb 14 16:27:22 2023 +0000
tree: 0e9640131ea370e51c794bab18ce4cf8380c0e4e
parent: 8bb72213932e1f655d871a2da46d3f2c6c372316 [diff] [blame]
diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index 0664061..1a8fc0d 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml

@@ -147,7 +147,8 @@
     <uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS" />
     <uses-permission android:name="android.permission.LOCATION_BYPASS" />
     <uses-permission android:name="android.permission.READ_DEVICE_CONFIG" />
-    <uses-permission android:name="android.permission.WRITE_DEVICE_CONFIG" />
+    <uses-permission android:name="android.permission.ALLOWLISTED_WRITE_DEVICE_CONFIG" />
+    <uses-permission android:name="android.permission.READ_WRITE_SYNC_DISABLED_MODE_CONFIG" />
     <uses-permission android:name="android.permission.MONITOR_DEVICE_CONFIG_ACCESS" />
     <uses-permission android:name="android.permission.BROADCAST_STICKY" />
     <uses-permission android:name="android.permission.MANAGE_ACCESSIBILITY" />
commit	e8eb9f8da5e8f58e7592e20a1e373954ea2ff0f2	[log] [tgz]
author	Ted Bauer <tedbauer@google.com>	Thu Jan 12 15:34:32 2023 +0000
committer	Ted Bauer <tedbauer@google.com>	Tue Feb 14 16:27:22 2023 +0000
tree	0e9640131ea370e51c794bab18ce4cf8380c0e4e
parent	8bb72213932e1f655d871a2da46d3f2c6c372316 [diff] [blame]