privapp-permissions: add all privileged permissions for GmsCore and FakeStore
The previous whitelist only granted FAKE_PACKAGE_SIGNATURE. With ro.control_privapp_permissions=enforce, PKMS throws a fatal exception for each missing privileged permission, killing system_server before ActivityManagerService can register — causing the bootloop. Added all android.permission.* entries with protectionLevel including "privileged" that GmsCore and FakeStore declare in their manifests.
This commit is contained in:
@@ -15,15 +15,35 @@
|
||||
limitations under the License.
|
||||
-->
|
||||
<permissions>
|
||||
<!-- Grant signature spoofing to MicroG packages only.
|
||||
FAKE_PACKAGE_SIGNATURE is signature|privileged so it cannot be
|
||||
requested by arbitrary apps; this file is the only grant path. -->
|
||||
<!-- MicroG GmsCore (com.google.android.gms) — privileged product app -->
|
||||
<privapp-permissions package="com.google.android.gms">
|
||||
<permission name="android.permission.FAKE_PACKAGE_SIGNATURE"/>
|
||||
<permission name="android.permission.CHANGE_DEVICE_IDLE_TEMP_WHITELIST"/>
|
||||
<permission name="android.permission.DUMP"/>
|
||||
<permission name="android.permission.INSTALL_LOCATION_PROVIDER"/>
|
||||
<permission name="android.permission.INTERACT_ACROSS_USERS"/>
|
||||
<permission name="android.permission.LOCATION_HARDWARE"/>
|
||||
<permission name="android.permission.MANAGE_USB"/>
|
||||
<permission name="android.permission.MODIFY_PHONE_STATE"/>
|
||||
<permission name="android.permission.NETWORK_SCAN"/>
|
||||
<permission name="android.permission.PROVIDE_DEFAULT_ENABLED_CREDENTIAL_SERVICE"/>
|
||||
<permission name="android.permission.PROVIDE_REMOTE_CREDENTIALS"/>
|
||||
<permission name="android.permission.START_ACTIVITIES_FROM_BACKGROUND"/>
|
||||
<permission name="android.permission.UPDATE_APP_OPS_STATS"/>
|
||||
<permission name="android.permission.WATCH_APPOPS"/>
|
||||
<permission name="android.permission.WRITE_SECURE_SETTINGS"/>
|
||||
</privapp-permissions>
|
||||
|
||||
<!-- MicroG FakeStore (com.android.vending) — privileged product app -->
|
||||
<privapp-permissions package="com.android.vending">
|
||||
<permission name="android.permission.FAKE_PACKAGE_SIGNATURE"/>
|
||||
<permission name="android.permission.DELETE_PACKAGES"/>
|
||||
<permission name="android.permission.DUMP"/>
|
||||
<permission name="android.permission.INSTALL_PACKAGES"/>
|
||||
<permission name="android.permission.INTERACT_ACROSS_USERS"/>
|
||||
</privapp-permissions>
|
||||
|
||||
<!-- MicroG GsfProxy (com.google.android.gsf) — privileged product app -->
|
||||
<privapp-permissions package="com.google.android.gsf">
|
||||
<permission name="android.permission.FAKE_PACKAGE_SIGNATURE"/>
|
||||
</privapp-permissions>
|
||||
|
||||
Reference in New Issue
Block a user