Merge "Revert "Rewrite mac_permissions.xml file.""
diff --git a/mac_permissions.xml b/mac_permissions.xml
index 054b21f..55e7bd8 100644
--- a/mac_permissions.xml
+++ b/mac_permissions.xml
@@ -1,27 +1,197 @@
 <?xml version="1.0" encoding="utf-8"?>
 <policy>
 
+<!-- 
+    Sample signer stanza for install policy
+
+    Rules:
+    * A signature is a hex encoded X.509 certificate and is required for each signer tag.
+    * A <signer signature="" > element may have multiple child elements:
+        allow-permission : produces a set of maximal allowed permissions (whitelist).
+        deny-permission : produces a blacklist of permissions to deny.
+        allow-all : a wildcard tag that will allow every permission requested.
+        package : a complex tag which itself defines allow, deny, and wildcard sub elements for
+            a specific package name protected by the signature
+    * Zero or more global <package name=""> tags are allowed. These tags allow a policy
+      to be set outside any signature for specific package names.
+    * Unknown tags at any level are skipped.
+    * Zero or more signer tags are allowed.
+    * Zero or more package tags are allowed per signer tag.
+    * A <package name=""> tag may not contain another <package name=""> tag. If found, it's skipped.
+    * A <default> tag is allowed that can contain install policy for all apps not signed with a 
+      previously listed cert and not having a per package global policy.
+    * When multiple sub elements appear for a tag the following logic is used to
+        ultimately determine the type of enforcement:
+       ** A blacklist is used if at least one deny-permission tag is found
+       ** A whitelist is used if not a blacklist and at least one allow-permission tag is found
+       ** A wildcard (accept all permission) policy is used if not a blacklist and not a whitelist
+          and at least one allow-all tag is present.
+       ** If a <package name=""> sub element is found then that sub element's policy is used
+          according to the above logic and overrides any signature global policy type.
+       ** In order for a policy stanza to be enforced at least one of the above situations must
+          apply. Meaning, empty signer, default or package tags will not be accepted.
+    * Each signer/default/global package tag is allowed to contain one <seinfo value=""/> tag.
+      This tag represents additional info that each app can use in setting a SELinux security
+      context on the eventual process. Any <seinfo value=""/> tag found as a child of a
+      <package name=""> tag which is protected (sub element of signer or the default tag) is
+      ignored. It's possible that multiple seinfo tags are relevant for one app. In the event
+      that this happens, the seinfo tag that will be applied is the one for which the corresponding
+      policy stanza is used in the policy decision.
+    * Strict enforcing of any xml stanza is not enforced in most cases. This mainly applies to
+        duplicate tags which are allowed. In the event that a tag already exists, the original
+        tag is replaced.
+    * There are also no checks on the validity of permission names. Although valid android
+        permissions are expected, nothing prevents unknowns.
+    * Enforcement decisions:
+       - All signatures used to sign an app are checked for policy according to signer tags.
+         Only one of the signature policies has to pass however.
+       - In the event that none of the signature policies pass, or none even match, then
+         a global package policy is sought. If found, this policy mediates the install.
+       - The default tag is consulted last if needed.
+       - A local package policy always overrides any parent policy.
+       - If none of the cases apply then the app is denied.
+
+
+    Example global package policy
+    <package name="com.foo.com">
+      <allow-permission name="android.permission.INTERNET" />
+      <allow-permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
+      <allow-permission name="android.permission.ACCESS_NETWORK_STATE" />
+    </package>
+
+    Sample stanzas are given below based on the AOSP developer keys.
+
+-->
+
+    <!-- Platform dev key with AOSP -->
     <signer signature="@PLATFORM" >
+      <allow-all />
       <seinfo value="platform" />
     </signer>
 
     <!-- Media dev key in AOSP -->
     <signer signature="@MEDIA" >
+      <allow-permission name="android.permission.ACCESS_ALL_DOWNLOADS" />
+      <allow-permission name="android.permission.ACCESS_CACHE_FILESYSTEM" />
+      <allow-permission name="android.permission.ACCESS_DOWNLOAD_MANAGER" />
+      <allow-permission name="android.permission.ACCESS_MTP" />
+      <allow-permission name="android.permission.ACCESS_NETWORK_STATE" />
+      <allow-permission name="android.permission.CONNECTIVITY_INTERNAL" />
+      <allow-permission name="android.permission.INTERNET" />
+      <allow-permission name="android.permission.MODIFY_NETWORK_ACCOUNTING" />
+      <allow-permission name="android.permission.READ_EXTERNAL_STORAGE" />
+      <allow-permission name="android.permission.RECEIVE_BOOT_COMPLETED" />
+      <allow-permission name="android.permission.RECEIVE_WAP_PUSH" />
+      <allow-permission name="android.permission.SEND_DOWNLOAD_COMPLETED_INTENTS" />
+      <allow-permission name="android.permission.UPDATE_DEVICE_STATS" />
+      <allow-permission name="android.permission.WAKE_LOCK" />
+      <allow-permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
+      <allow-permission name="android.permission.WRITE_MEDIA_STORAGE" />
+      <allow-permission name="android.permission.WRITE_SETTINGS" />
       <seinfo value="media" />
     </signer>
 
     <!-- shared dev key in AOSP -->
     <signer signature="@SHARED" >
+      <allow-permission name="android.permission.ACCESS_COARSE_LOCATION" />
+      <allow-permission name="android.permission.ACCESS_FINE_LOCATION" />
+      <allow-permission name="android.permission.ACCESS_NETWORK_STATE" />
+      <allow-permission name="android.permission.ALLOW_ANY_CODEC_FOR_PLAYBACK" />
+      <allow-permission name="android.permission.BIND_APPWIDGET" />
+      <allow-permission name="android.permission.BIND_WALLPAPER" />
+      <allow-permission name="android.permission.CALL_PHONE" />
+      <allow-permission name="android.permission.CALL_PRIVILEGED" />
+      <allow-permission name="android.permission.CAMERA" />
+      <allow-permission name="android.permission.GET_ACCOUNTS" />
+      <allow-permission name="android.permission.GLOBAL_SEARCH" />
+      <allow-permission name="android.permission.INTERNET" />
+      <allow-permission name="android.permission.MANAGE_ACCOUNTS" />
+      <allow-permission name="android.permission.MODIFY_AUDIO_SETTINGS" />
+      <allow-permission name="android.permission.MODIFY_PHONE_STATE" />
+      <allow-permission name="android.permission.NFC" />
+      <allow-permission name="android.permission.PACKAGE_USAGE_STATS" />
+      <allow-permission name="android.permission.READ_CALL_LOG" />
+      <allow-permission name="android.permission.READ_CONTACTS"/>
+      <allow-permission name="android.permission.READ_EXTERNAL_STORAGE" />
+      <allow-permission name="android.permission.READ_PHONE_STATE" />
+      <allow-permission name="android.permission.READ_PROFILE" />
+      <allow-permission name="android.permission.READ_SOCIAL_STREAM" />
+      <allow-permission name="android.permission.READ_SYNC_SETTINGS" />
+      <allow-permission name="android.permission.READ_SYNC_STATS" />
+      <allow-permission name="android.permission.READ_USER_DICTIONARY" />
+      <allow-permission name="android.permission.REBOOT" />
+      <allow-permission name="android.permission.RECEIVE_BOOT_COMPLETED" />
+      <allow-permission name="android.permission.RECORD_AUDIO" />
+      <allow-permission name="android.permission.SET_WALLPAPER" />
+      <allow-permission name="android.permission.SET_WALLPAPER_COMPONENT" />
+      <allow-permission name="android.permission.SET_WALLPAPER_HINTS" />
+      <allow-permission name="android.permission.SUBSCRIBED_FEEDS_READ" />
+      <allow-permission name="android.permission.SUBSCRIBED_FEEDS_WRITE" />
+      <allow-permission name="android.permission.USE_CREDENTIALS" />
+      <allow-permission name="android.permission.VIBRATE" />
+      <allow-permission name="android.permission.WAKE_LOCK" />
+      <allow-permission name="android.permission.WRITE_CALL_LOG" />
+      <allow-permission name="android.permission.WRITE_CONTACTS" />
+      <allow-permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
+      <allow-permission name="android.permission.WRITE_PROFILE" />
+      <allow-permission name="android.permission.WRITE_SETTINGS" />
+      <allow-permission name="android.permission.WRITE_USER_DICTIONARY" />
+      <allow-permission name="com.android.browser.permission.READ_HISTORY_BOOKMARKS"/>
+      <allow-permission name="com.android.launcher.permission.INSTALL_SHORTCUT" />
+      <allow-permission name="com.android.launcher.permission.READ_SETTINGS" />
+      <allow-permission name="com.android.launcher.permission.WRITE_SETTINGS" />
+      <allow-permission name="com.android.voicemail.permission.ADD_VOICEMAIL" />
+      <allow-permission name="com.android.voicemail.permission.READ_WRITE_ALL_VOICEMAIL" />
+      <allow-permission name="com.google.android.googleapps.permission.GOOGLE_AUTH" />
+      <allow-permission name="com.google.android.googleapps.permission.GOOGLE_AUTH.cp" />
+      <allow-permission name="com.google.android.googleapps.permission.GOOGLE_AUTH.mail" />
       <seinfo value="shared" />
     </signer>
 
     <!-- release dev key in AOSP -->
     <signer signature="@RELEASE" >
+      <seinfo value="release" />
+      <deny-permission name="android.permission.BRICK" />
+      <deny-permission name="android.permission.READ_LOGS" />
+      <deny-permission name="com.android.browser.permission.READ_HISTORY_BOOKMARKS" />
+      <deny-permission name="com.android.browser.permission.WRITE_HISTORY_BOOKMARKS" />
+      <package name="com.android.browser" >
+        <allow-permission name="android.permission.ACCESS_COARSE_LOCATION"/>
+        <allow-permission name="android.permission.ACCESS_DOWNLOAD_MANAGER"/>
+        <allow-permission name="android.permission.ACCESS_FINE_LOCATION"/>
+        <allow-permission name="android.permission.ACCESS_NETWORK_STATE"/>
+        <allow-permission name="android.permission.ACCESS_WIFI_STATE"/>
+        <allow-permission name="android.permission.GET_ACCOUNTS"/>
+        <allow-permission name="android.permission.INTERNET" />
+        <allow-permission name="android.permission.MANAGE_ACCOUNTS" />
+        <allow-permission name="android.permission.NFC" />
+        <allow-permission name="android.permission.READ_CONTACTS" />
+        <allow-permission name="android.permission.READ_EXTERNAL_STORAGE" />
+        <allow-permission name="android.permission.READ_PROFILE" />
+        <allow-permission name="android.permission.READ_SYNC_SETTINGS" />
+        <allow-permission name="android.permission.SEND_DOWNLOAD_COMPLETED_INTENTS" />
+        <allow-permission name="android.permission.SET_WALLPAPER" />
+        <allow-permission name="android.permission.USE_CREDENTIALS"/>
+        <allow-permission name="android.permission.WAKE_LOCK"/>
+        <allow-permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
+        <allow-permission name="android.permission.WRITE_SETTINGS" />
+        <allow-permission name="android.permission.WRITE_SYNC_SETTINGS" />
+        <allow-permission name="com.android.browser.permission.READ_HISTORY_BOOKMARKS"/>
+        <allow-permission name="com.android.browser.permission.WRITE_HISTORY_BOOKMARKS"/>
+        <allow-permission name="com.android.launcher.permission.INSTALL_SHORTCUT"/>
+      </package>
     </signer>
 
     <!-- All other keys -->
     <default>
       <seinfo value="default" />
+      <deny-permission name="android.permission.ACCESS_COARSE_LOCATION" />
+      <deny-permission name="android.permission.ACCESS_FINE_LOCATION" />
+      <deny-permission name="android.permission.AUTHENTICATE_ACCOUNTS" />
+      <deny-permission name="android.permission.CALL_PHONE" />
+      <deny-permission name="android.permission.CAMERA" />
+      <deny-permission name="android.permission.READ_LOGS" />
+      <deny-permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
     </default>
 
 </policy>