default-permissions for permissive signature spoofing

FakeStore/Android.mk

@@ -8,6 +8,13 @@ LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT_ETC)/permissions
 LOCAL_SRC_FILES := $(LOCAL_MODULE)
 include $(BUILD_PREBUILT)
 
+include $(CLEAR_VARS)
+LOCAL_MODULE := default-permissions-com.android.vending.xml
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT_ETC)/default-permissions
+LOCAL_SRC_FILES := $(LOCAL_MODULE)
+include $(BUILD_PREBUILT)
+
 include $(CLEAR_VARS)
 LOCAL_MODULE_TAGS := optional
 LOCAL_MODULE := FakeStore
@@ -16,7 +23,7 @@ LOCAL_MODULE_CLASS := APPS
 LOCAL_PRIVILEGED_MODULE := true
 LOCAL_MODULE_SUFFIX := $(COMMON_ANDROID_PACKAGE_SUFFIX)
 LOCAL_CERTIFICATE := PRESIGNED
-LOCAL_REQUIRED_MODULES := privapp-permissions-com.android.vending.xml
+LOCAL_REQUIRED_MODULES := privapp-permissions-com.android.vending.xml default-permissions-com.android.vending.xml
 LOCAL_PRODUCT_MODULE := true
 include $(BUILD_PREBUILT)
 

FakeStore/default-permissions-com.android.vending.xml

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<exceptions>
+    <exception package="com.android.vending">
+        <!-- for permissive signature spoofing, where the permission is "dangerous" -->
+        <permission name="android.permission.FAKE_PACKAGE_SIGNATURE" fixed="false"/>
+    </exception>
+</exceptions>

FakeStore/privapp-permissions-com.android.vending.xml

@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <permissions>
     <privapp-permissions package="com.android.vending">
+        <!-- for restrictive signature spoofing, where the permission is "signature|privileged" -->
         <permission name="android.permission.FAKE_PACKAGE_SIGNATURE"/>
     </privapp-permissions>
 </permissions>