Use signature-level signature for TemporaryStorageProvider and describe the security model

2015-06-29 10:54:04 +02:00
parent 99c06b085b
commit 93e6b6f9b5
2 changed files with 50 additions and 18 deletions
--- a/OpenKeychain/src/main/AndroidManifest.xml
+++ b/OpenKeychain/src/main/AndroidManifest.xml
@@ -48,9 +48,10 @@
        android:name="android.hardware.screen.portrait"
        android:required="false" />

-    <permission android:name="${applicationId}.WRITE_TEMPORARY_STORAGE" />
-
-    <uses-permission android:name="${applicationId}.WRITE_TEMPORARY_STORAGE" />
+    <!-- TemporaryStorageProvider should be writable by OpenKeychain only, thus signature-level permission -->
+    <permission
+        android:name="${applicationId}.WRITE_TEMPORARY_STORAGE"
+        android:protectionLevel="signature" />

    <uses-permission android:name="android.permission.INTERNET" />
    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />