mac_permissions.xml

<?xml version="1.0" encoding="utf-8"?>
<policy>

<!-- 
    Sample signer stanza for install policy

    Rules:
    * A signature is a hex encoded X.509 certificate and is required for each signer tag.
    * A <signer signature="" > element may have multiple child elements:
        allow-permission : produces a set of maximal allowed permissions (whitelist).
        deny-permission : produces a blacklist of permissions to deny.
        allow-all : a wildcard tag that will allow every permission requested.
        package : a complex tag which itself defines allow, deny, and wildcard sub elements for
            a specific package name protected by the signature
    * Zero or more global <package name=""> tags are allowed. These tags allow a policy
      to be set outside any signature for specific package names.
    * Unknown tags at any level are skipped.
    * Zero or more signer tags are allowed.
    * Zero or more package tags are allowed per signer tag.
    * A <package name=""> tag may not contain another <package name=""> tag. If found, it's skipped.
    * A <default> tag is allowed that can contain install policy for all apps not signed with a 
      previously listed cert and not having a per package global policy.
    * When multiple sub elements appear for a tag the following logic is used to
        ultimately determine the type of enforcement:
       ** A blacklist is used if at least one deny-permission tag is found
       ** A whitelist is used if not a blacklist and at least one allow-permission tag is found
       ** A wildcard (accept all permission) policy is used if not a blacklist and not a whitelist
          and at least one allow-all tag is present.
       ** If a <package name=""> sub element is found then that sub element's policy is used
          according to the above logic and overrides any signature global policy type.
       ** In order for a policy stanza to be enforced at least one of the above situations must
          apply. Meaning, empty signer, default or package tags will not be accepted.
    * Each signer/default/global package tag is allowed to contain one <seinfo value=""/> tag.
      This tag represents additional info that each app can use in setting a SELinux security
      context on the eventual process. Any <seinfo value=""/> tag found as a child of a
      <package name=""> tag which is protected (sub element of signer or the default tag) is
      ignored. It's possible that multiple seinfo tags are relevant for one app. In the event
      that this happens, the seinfo tag that will be applied is the one for which the corresponding
      policy stanza is used in the policy decision.
    * Strict enforcing of any xml stanza is not enforced in most cases. This mainly applies to
        duplicate tags which are allowed. In the event that a tag already exists, the original
        tag is replaced.
    * There are also no checks on the validity of permission names. Although valid android
        permissions are expected, nothing prevents unknowns.
    * Enforcement decisions:
       - All signatures used to sign an app are checked for policy according to signer tags.
         Only one of the signature policies has to pass however.
       - In the event that none of the signature policies pass, or none even match, then
         a global package policy is sought. If found, this policy mediates the install.
       - The default tag is consulted last if needed.
       - A local package policy always overrides any parent policy.
       - If none of the cases apply then the app is denied.


    Example global package policy
    <package name="com.foo.com">
      <allow-permission name="android.permission.INTERNET" />
      <allow-permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
      <allow-permission name="android.permission.ACCESS_NETWORK_STATE" />
    </package>

    Sample stanzas are given below based on the AOSP developer keys.

-->

    <!-- Platform dev key with AOSP -->
    <signer signature="@PLATFORM" >
      <allow-all />
      <seinfo value="platform" />
    </signer>

    <!-- Media dev key in AOSP -->
    <signer signature="@MEDIA" >
      <allow-permission name="android.permission.ACCESS_ALL_DOWNLOADS" />
      <allow-permission name="android.permission.ACCESS_CACHE_FILESYSTEM" />
      <allow-permission name="android.permission.ACCESS_DOWNLOAD_MANAGER" />
      <allow-permission name="android.permission.ACCESS_MTP" />
      <allow-permission name="android.permission.ACCESS_NETWORK_STATE" />
      <allow-permission name="android.permission.CONNECTIVITY_INTERNAL" />
      <allow-permission name="android.permission.INTERNET" />
      <allow-permission name="android.permission.MODIFY_NETWORK_ACCOUNTING" />
      <allow-permission name="android.permission.READ_EXTERNAL_STORAGE" />
      <allow-permission name="android.permission.RECEIVE_BOOT_COMPLETED" />
      <allow-permission name="android.permission.RECEIVE_WAP_PUSH" />
      <allow-permission name="android.permission.SEND_DOWNLOAD_COMPLETED_INTENTS" />
      <allow-permission name="android.permission.UPDATE_DEVICE_STATS" />
      <allow-permission name="android.permission.WAKE_LOCK" />
      <allow-permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
      <allow-permission name="android.permission.WRITE_MEDIA_STORAGE" />
      <allow-permission name="android.permission.WRITE_SETTINGS" />
      <seinfo value="media" />
    </signer>

    <!-- shared dev key in AOSP -->
    <signer signature="@SHARED" >
      <allow-permission name="android.permission.ACCESS_COARSE_LOCATION" />
      <allow-permission name="android.permission.ACCESS_FINE_LOCATION" />
      <allow-permission name="android.permission.ACCESS_NETWORK_STATE" />
      <allow-permission name="android.permission.ALLOW_ANY_CODEC_FOR_PLAYBACK" />
      <allow-permission name="android.permission.BIND_APPWIDGET" />
      <allow-permission name="android.permission.BIND_WALLPAPER" />
      <allow-permission name="android.permission.CALL_PHONE" />
      <allow-permission name="android.permission.CALL_PRIVILEGED" />
      <allow-permission name="android.permission.CAMERA" />
      <allow-permission name="android.permission.GET_ACCOUNTS" />
      <allow-permission name="android.permission.GLOBAL_SEARCH" />
      <allow-permission name="android.permission.INTERNET" />
      <allow-permission name="android.permission.MANAGE_ACCOUNTS" />
      <allow-permission name="android.permission.MODIFY_AUDIO_SETTINGS" />
      <allow-permission name="android.permission.MODIFY_PHONE_STATE" />
      <allow-permission name="android.permission.NFC" />
      <allow-permission name="android.permission.PACKAGE_USAGE_STATS" />
      <allow-permission name="android.permission.READ_CALL_LOG" />
      <allow-permission name="android.permission.READ_CONTACTS"/>
      <allow-permission name="android.permission.READ_EXTERNAL_STORAGE" />
      <allow-permission name="android.permission.READ_PHONE_STATE" />
      <allow-permission name="android.permission.READ_PROFILE" />
      <allow-permission name="android.permission.READ_SOCIAL_STREAM" />
      <allow-permission name="android.permission.READ_SYNC_SETTINGS" />
      <allow-permission name="android.permission.READ_SYNC_STATS" />
      <allow-permission name="android.permission.READ_USER_DICTIONARY" />
      <allow-permission name="android.permission.REBOOT" />
      <allow-permission name="android.permission.RECEIVE_BOOT_COMPLETED" />
      <allow-permission name="android.permission.RECORD_AUDIO" />
      <allow-permission name="android.permission.SET_WALLPAPER" />
      <allow-permission name="android.permission.SET_WALLPAPER_COMPONENT" />
      <allow-permission name="android.permission.SET_WALLPAPER_HINTS" />
      <allow-permission name="android.permission.SUBSCRIBED_FEEDS_READ" />
      <allow-permission name="android.permission.SUBSCRIBED_FEEDS_WRITE" />
      <allow-permission name="android.permission.USE_CREDENTIALS" />
      <allow-permission name="android.permission.VIBRATE" />
      <allow-permission name="android.permission.WAKE_LOCK" />
      <allow-permission name="android.permission.WRITE_CALL_LOG" />
      <allow-permission name="android.permission.WRITE_CONTACTS" />
      <allow-permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
      <allow-permission name="android.permission.WRITE_PROFILE" />
      <allow-permission name="android.permission.WRITE_SETTINGS" />
      <allow-permission name="android.permission.WRITE_USER_DICTIONARY" />
      <allow-permission name="com.android.browser.permission.READ_HISTORY_BOOKMARKS"/>
      <allow-permission name="com.android.launcher.permission.INSTALL_SHORTCUT" />
      <allow-permission name="com.android.launcher.permission.READ_SETTINGS" />
      <allow-permission name="com.android.launcher.permission.WRITE_SETTINGS" />
      <allow-permission name="com.android.voicemail.permission.ADD_VOICEMAIL" />
      <allow-permission name="com.android.voicemail.permission.READ_WRITE_ALL_VOICEMAIL" />
      <allow-permission name="com.google.android.googleapps.permission.GOOGLE_AUTH" />
      <allow-permission name="com.google.android.googleapps.permission.GOOGLE_AUTH.cp" />
      <allow-permission name="com.google.android.googleapps.permission.GOOGLE_AUTH.mail" />
      <seinfo value="shared" />
    </signer>

    <!-- release dev key in AOSP -->
    <signer signature="@RELEASE" >
      <seinfo value="release" />
      <deny-permission name="android.permission.BRICK" />
      <deny-permission name="android.permission.READ_LOGS" />
      <deny-permission name="com.android.browser.permission.READ_HISTORY_BOOKMARKS" />
      <deny-permission name="com.android.browser.permission.WRITE_HISTORY_BOOKMARKS" />
      <package name="com.android.browser" >
        <allow-permission name="android.permission.ACCESS_COARSE_LOCATION"/>
        <allow-permission name="android.permission.ACCESS_DOWNLOAD_MANAGER"/>
        <allow-permission name="android.permission.ACCESS_FINE_LOCATION"/>
        <allow-permission name="android.permission.ACCESS_NETWORK_STATE"/>
        <allow-permission name="android.permission.ACCESS_WIFI_STATE"/>
        <allow-permission name="android.permission.GET_ACCOUNTS"/>
        <allow-permission name="android.permission.INTERNET" />
        <allow-permission name="android.permission.MANAGE_ACCOUNTS" />
        <allow-permission name="android.permission.NFC" />
        <allow-permission name="android.permission.READ_CONTACTS" />
        <allow-permission name="android.permission.READ_EXTERNAL_STORAGE" />
        <allow-permission name="android.permission.READ_PROFILE" />
        <allow-permission name="android.permission.READ_SYNC_SETTINGS" />
        <allow-permission name="android.permission.SEND_DOWNLOAD_COMPLETED_INTENTS" />
        <allow-permission name="android.permission.SET_WALLPAPER" />
        <allow-permission name="android.permission.USE_CREDENTIALS"/>
        <allow-permission name="android.permission.WAKE_LOCK"/>
        <allow-permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
        <allow-permission name="android.permission.WRITE_SETTINGS" />
        <allow-permission name="android.permission.WRITE_SYNC_SETTINGS" />
        <allow-permission name="com.android.browser.permission.READ_HISTORY_BOOKMARKS"/>
        <allow-permission name="com.android.browser.permission.WRITE_HISTORY_BOOKMARKS"/>
        <allow-permission name="com.android.launcher.permission.INSTALL_SHORTCUT"/>
      </package>
    </signer>

    <!-- All other keys -->
    <default>
      <seinfo value="default" />
      <deny-permission name="android.permission.ACCESS_COARSE_LOCATION" />
      <deny-permission name="android.permission.ACCESS_FINE_LOCATION" />
      <deny-permission name="android.permission.AUTHENTICATE_ACCOUNTS" />
      <deny-permission name="android.permission.CALL_PHONE" />
      <deny-permission name="android.permission.CAMERA" />
      <deny-permission name="android.permission.READ_LOGS" />
      <deny-permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
    </default>

</policy>