diff options
Diffstat (limited to 'PermissionController/res/xml/roles.xml')
-rw-r--r-- | PermissionController/res/xml/roles.xml | 484 |
1 files changed, 3 insertions, 481 deletions
diff --git a/PermissionController/res/xml/roles.xml b/PermissionController/res/xml/roles.xml index 583cdcbfc..93b8c1f54 100644 --- a/PermissionController/res/xml/roles.xml +++ b/PermissionController/res/xml/roles.xml @@ -23,11 +23,8 @@ <permission name="android.permission.READ_CALL_LOG" /> <permission name="android.permission.WRITE_CALL_LOG" /> <permission name="com.android.voicemail.permission.ADD_VOICEMAIL" /> - <permission name="com.android.voicemail.permission.READ_VOICEMAIL" minSdkVersion="31" /> - <permission name="com.android.voicemail.permission.WRITE_VOICEMAIL" minSdkVersion="31" /> <permission name="android.permission.USE_SIP" /> <permission name="android.permission.PROCESS_OUTGOING_CALLS" /> - <permission name="android.permission.ANSWER_PHONE_CALLS" /> </permission-set> <permission-set name="contacts"> @@ -76,12 +73,6 @@ <permission name="android.permission.WRITE_EXTERNAL_STORAGE" /> </permission-set> - <permission-set name="nearby_devices"> - <permission name="android.permission.BLUETOOTH_ADVERTISE" minSdkVersion="31" /> - <permission name="android.permission.BLUETOOTH_CONNECT" minSdkVersion="31" /> - <permission name="android.permission.BLUETOOTH_SCAN" minSdkVersion="31" /> - </permission-set> - <role name="android.app.role.ASSISTANT" behavior="AssistantRoleBehavior" @@ -122,11 +113,7 @@ <permissions> <permission-set name="sms" /> <permission name="android.permission.READ_CALL_LOG" /> - <permission name="android.permission.ACCESS_BLOBS_ACROSS_USERS" minSdkVersion="31" /> </permissions> - <app-op-permissions> - <app-op-permission name="android.permission.SYSTEM_ALERT_WINDOW" /> - </app-op-permissions> </role> <!--- @@ -207,9 +194,6 @@ <permission-set name="microphone" /> <permission-set name="camera" /> </permissions> - <app-op-permissions> - <app-op-permission name="android.permission.SYSTEM_ALERT_WINDOW" /> - </app-op-permissions> <app-ops> <!-- ~ @see com.android.settings.applications.defaultapps.DefaultPhonePicker#setDefaultKey(String) @@ -293,7 +277,6 @@ <permission-set name="storage" /> <permission-set name="microphone" /> <permission-set name="camera" /> - <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" minSdkVersion="31" /> </permissions> <app-ops> <app-op name="android:write_sms" mode="allowed" /> @@ -356,10 +339,6 @@ </intent-filter> </activity> </required-components> - <permissions> - <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" minSdkVersion="31" /> - <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" minSdkVersion="31" /> - </permissions> </role> <!--- @@ -449,13 +428,12 @@ name="android.app.role.SYSTEM_GALLERY" defaultHolders="config_systemGallery" exclusive="true" - static="true" + fallBackToDefaultHolder="true" systemOnly="true" visible="false"> <permissions> <permission-set name="storage" /> <permission name="android.permission.ACCESS_MEDIA_LOCATION" /> - <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" minSdkVersion="31" /> </permissions> <app-ops> <app-op name="android:write_media_images" mode="allowed" /> @@ -463,427 +441,6 @@ </app-ops> </role> - <role - name="android.app.role.SYSTEM_AUTOMOTIVE_CLUSTER" - behavior="SystemAutomotiveClusterRoleBehavior" - defaultHolders="config_systemAutomotiveCluster" - exclusive="true" - minSdkVersion="31" - static="true" - systemOnly="true" - visible="false"> - <permissions> - <permission name="android.permission.ANSWER_PHONE_CALLS" /> - <permission name="android.permission.READ_CALL_LOG" /> - <permission name="android.permission.READ_CONTACTS" /> - <permission name="android.car.permission.CAR_ENERGY"/> - </permissions> - </role> - - <role - name="android.app.role.COMPANION_DEVICE_WATCH" - behavior="CompanionDeviceWatchRoleBehavior" - description="@string/role_watch_description" - exclusive="false" - minSdkVersion="31" - overrideUserWhenGranting="false" - systemOnly="false" - visible="false"> - <permissions> - <permission-set name="calendar" /> - <permission-set name="phone" /> - <permission-set name="sms" /> - <permission-set name="contacts" /> - <permission-set name="nearby_devices" /> - </permissions> - <app-op-permissions> - <app-op-permission name="android.permission.MANAGE_ONGOING_CALLS" /> - <app-op-permission name="android.permission.USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER" /> - </app-op-permissions> - </role> - - <role - name="android.app.role.SYSTEM_AUTOMOTIVE_PROJECTION" - defaultHolders="config_systemAutomotiveProjection" - exclusive="false" - minSdkVersion="31" - static="true" - systemOnly="true" - visible="false"> - <permissions> - <permission-set name="microphone" /> - <permission-set name="location" /> - <permission-set name="nearby_devices" /> - <permission name="android.permission.CALL_PHONE" /> - <permission name="android.permission.READ_CALENDAR" /> - <permission name="android.permission.READ_CALL_LOG" /> - <permission name="android.permission.READ_CONTACTS" /> - <permission name="android.permission.READ_PHONE_STATE" /> - <permission name="android.permission.RECEIVE_SMS" /> - <permission name="android.permission.SEND_SMS" /> - </permissions> - </role> - - <role - name="android.app.role.SYSTEM_SHELL" - behavior="SystemShellRoleBehavior" - defaultHolders="config_systemShell" - exclusive="true" - minSdkVersion="31" - static="true" - systemOnly="true" - visible="false"> - <permissions> - <!-- Used for CTS testing --> - <permission name="android.permission.ACCESS_RCS_USER_CAPABILITY_EXCHANGE" /> - <permission name="android.permission.PERFORM_IMS_SINGLE_REGISTRATION" /> - <permission name="android.permission.BACKGROUND_CAMERA" /> - <permission name="android.permission.RECORD_BACKGROUND_AUDIO" /> - <permission name="android.permission.BYPASS_ROLE_QUALIFICATION" /> - <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" /> - <permission name="android.permission.MANAGE_SENSOR_PRIVACY" /> - <permission name="android.permission.READ_GLOBAL_APP_SEARCH_DATA" /> - </permissions> - </role> - - <role - name="android.app.role.SYSTEM_CONTACTS" - defaultHolders="config_systemContacts" - exclusive="true" - minSdkVersion="31" - static="true" - systemOnly="true" - visible="false"> - <permissions> - <permission name="android.permission.ACCESS_RCS_USER_CAPABILITY_EXCHANGE" /> - </permissions> - </role> - - <role - name="android.app.role.SYSTEM_SPEECH_RECOGNIZER" - defaultHolders="config_systemSpeechRecognizer" - exclusive="true" - minSdkVersion="31" - static="true" - systemOnly="true" - visible="false"> - <permissions> - <permission name="android.permission.RECORD_AUDIO" /> - <permission name="android.permission.UPDATE_APP_OPS_STATS" /> - </permissions> - <required-components> - <service> - <intent-filter> - <action name="android.speech.RecognitionService" /> - </intent-filter> - </service> - </required-components> - </role> - - <role - name="android.app.role.SYSTEM_WIFI_COEX_MANAGER" - defaultHolders="config_systemWifiCoexManager" - exclusive="true" - minSdkVersion="31" - static="true" - systemOnly="true" - visible="false"> - <permissions> - <permission name="android.permission.WIFI_ACCESS_COEX_UNSAFE_CHANNELS" /> - <permission name="android.permission.WIFI_UPDATE_COEX_UNSAFE_CHANNELS" /> - </permissions> - </role> - - <role - name="android.app.role.SYSTEM_WELLBEING" - defaultHolders="config_systemWellbeing" - exclusive="true" - minSdkVersion="31" - static="true" - systemOnly="true" - visible="false" > - <permissions> - <permission name="android.permission.ACCESS_INSTANT_APPS"/> - <permission name="android.permission.SUSPEND_APPS"/> - <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY"/> - </permissions> - </role> - - <!--- - ~ A role for the notification handler on TV devices. - ~ Note: on TV devices that have the Dashboard screen, the holder for this role is responsible - ~ for it, which is why it needs OBSERVE_SENSOR_PRIVACY permission (the Dashboard displays - ~ the state of the privacy sensors). - --> - <role - name="android.app.role.SYSTEM_TELEVISION_NOTIFICATION_HANDLER" - behavior="TelevisionRoleBehavior" - defaultHolders="config_systemTelevisionNotificationHandler" - exclusive="true" - minSdkVersion="31" - static="true" - systemOnly="true" - visible="false"> - <permissions> - <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY" /> - </permissions> - </role> - - <!--- - A role for the system package that is allowed to create CompanionDeviceManager associations - based on user consent to allow the associated app to manage the associated device. - --> - <role - name="android.app.role.SYSTEM_COMPANION_DEVICE_PROVIDER" - defaultHolders="config_systemCompanionDeviceProvider" - exclusive="true" - minSdkVersion="31" - static="true" - systemOnly="true" - visible="false" > - <permissions> - <permission name="android.permission.ASSOCIATE_COMPANION_DEVICES"/> - </permissions> - </role> - - <!--- - ~ A role for the system package that provides privacy-preserving intelligent processor for - ~ system UI features. - ~ - ~ A package holding this role MUST comply with requirements outlined in the Android CDD - ~ section "9.8.6 Content Capture". - ~ Example link for Android 11: - ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture - ~ - ~ In addition, packages MUST NOT: - ~ - Request INTERNET permission. Instead packages MUST access the internet through - ~ well-defined APIs in an open source project. - ~ - Perform direct binds to other applications, except the following system packages: - ~ - Bluetooth - ~ - Contacts - ~ - Media - ~ - Telephony - ~ - System UI - ~ - Component providing internet APIs (see above) - ~ To achieve this packages MUST set up explicit <allow-association> configuration in the - ~ system config. - --> - <role - name="android.app.role.SYSTEM_UI_INTELLIGENCE" - defaultHolders="config_systemUiIntelligence" - exclusive="true" - minSdkVersion="31" - static="true" - systemOnly="true" - visible="false"> - <permissions> - <permission name="android.permission.ACCESS_SHORTCUTS" /> - <permission name="android.permission.BLUETOOTH_CONNECT" /> - <permission name="android.permission.BLUETOOTH_SCAN" /> - <permission name="android.permission.MANAGE_APP_PREDICTIONS" /> - <permission name="android.permission.UNLIMITED_SHORTCUTS_API_CALLS" /> - <permission name="android.permission.MANAGE_SEARCH_UI" /> - <permission name="android.permission.READ_EXTERNAL_STORAGE" /> - <permission name="android.permission.READ_PEOPLE_DATA" /> - <permission name="android.permission.READ_GLOBAL_APP_SEARCH_DATA" /> - </permissions> - </role> - - <!--- - ~ A role for the system package that provides on-device intelligent processor for ambient - ~ audio. - ~ - ~ A package holding this role MUST comply with requirements outlined in the Android CDD - ~ section "9.8.6 Content Capture". - ~ Example link for Android 11: - ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture - ~ - ~ In addition, packages MUST NOT: - ~ - Request INTERNET permission. Instead packages MUST access the internet through - ~ well-defined APIs in an open source project. - ~ - Perform direct binds to other applications, except the following system packages: - ~ - Bluetooth - ~ - Contacts - ~ - Media - ~ - Telephony - ~ - System UI - ~ - Component providing internet APIs (see above) - ~ To achieve this packages MUST set up explicit <allow-association> configuration in the - ~ system config. - --> - <role - name="android.app.role.SYSTEM_AMBIENT_AUDIO_INTELLIGENCE" - defaultHolders="config_systemAmbientAudioIntelligence" - exclusive="true" - minSdkVersion="31" - static="true" - systemOnly="true" - visible="false"> - <permissions> - <permission name="android.permission.CAPTURE_AUDIO_OUTPUT" /> - <permission name="android.permission.CAPTURE_MEDIA_OUTPUT" /> - <permission name="android.permission.CAPTURE_VOICE_COMMUNICATION_OUTPUT" /> - <permission name="android.permission.MODIFY_AUDIO_ROUTING" /> - <permission name="android.permission.RECORD_AUDIO" /> - <permission name="android.permission.CAPTURE_AUDIO_HOTWORD" /> - <permission name="android.permission.EXEMPT_FROM_AUDIO_RECORD_RESTRICTIONS" /> - <permission name="android.permission.MANAGE_SOUND_TRIGGER" /> - <permission name="android.permission.LOCATION_HARDWARE" /> - <permission name="android.permission.MANAGE_MUSIC_RECOGNITION" /> - <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" /> - </permissions> - </role> - - <!--- - ~ A role for the system package that provides on-device intelligent processor for audio. - ~ - ~ A package holding this role MUST comply with requirements outlined in the Android CDD - ~ section "9.8.6 Content Capture". - ~ Example link for Android 11: - ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture - ~ - ~ In addition, packages MUST NOT: - ~ - Request INTERNET permission. Instead packages MUST access the internet through - ~ well-defined APIs in an open source project. - ~ - Perform direct binds to other applications, except the following system packages: - ~ - Bluetooth - ~ - Contacts - ~ - Media - ~ - Telephony - ~ - System UI - ~ - Component providing internet APIs (see above) - ~ To achieve this packages MUST set up explicit <allow-association> configuration in the - ~ system config. - --> - <role - name="android.app.role.SYSTEM_AUDIO_INTELLIGENCE" - defaultHolders="config_systemAudioIntelligence" - exclusive="true" - minSdkVersion="31" - static="true" - systemOnly="true" - visible="false"> - <permissions> - <permission name="android.permission.CAPTURE_AUDIO_OUTPUT" /> - <permission name="android.permission.CAPTURE_MEDIA_OUTPUT" /> - <permission name="android.permission.CAPTURE_VOICE_COMMUNICATION_OUTPUT" /> - <permission name="android.permission.CONTROL_INCALL_EXPERIENCE" /> - <permission name="android.permission.MODIFY_AUDIO_ROUTING" /> - <permission name="android.permission.MODIFY_PHONE_STATE" /> - <permission name="android.permission.RECORD_AUDIO" /> - <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY" /> - </permissions> - </role> - - <!--- - ~ A role for the system package that provides on-device intelligent processor for - ~ notifications. - ~ - ~ A package holding this role MUST comply with requirements outlined in the Android CDD - ~ section "9.8.6 Content Capture". - ~ Example link for Android 11: - ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture - ~ - ~ In addition, packages MUST NOT: - ~ - Request INTERNET permission. Instead packages MUST access the internet through - ~ well-defined APIs in an open source project. - ~ - Perform direct binds to other applications, except the following system packages: - ~ - Bluetooth - ~ - Contacts - ~ - Media - ~ - Telephony - ~ - System UI - ~ - Component providing internet APIs (see above) - ~ To achieve this packages MUST set up explicit <allow-association> configuration in the - ~ system config. - --> - <role - name="android.app.role.SYSTEM_NOTIFICATION_INTELLIGENCE" - defaultHolders="config_systemNotificationIntelligence" - exclusive="true" - minSdkVersion="31" - static="true" - systemOnly="true" - visible="false"> - <permissions> - <permission name="android.permission.REQUEST_NOTIFICATION_ASSISTANT_SERVICE" /> - <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY" /> - </permissions> - </role> - - <!--- - ~ A role for the system package that provides on-device intelligent processor for text. - ~ - ~ A package holding this role MUST comply with requirements outlined in the Android CDD - ~ section "9.8.6 Content Capture". - ~ Example link for Android 11: - ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture - ~ - ~ In addition, packages MUST NOT: - ~ - Request INTERNET permission. Instead packages MUST access the internet through - ~ well-defined APIs in an open source project. - ~ - Perform direct binds to other applications, except the following system packages: - ~ - Bluetooth - ~ - Contacts - ~ - Media - ~ - Telephony - ~ - System UI - ~ - Component providing internet APIs (see above) - ~ To achieve this packages MUST set up explicit <allow-association> configuration in the - ~ system config. - --> - <role - name="android.app.role.SYSTEM_TEXT_INTELLIGENCE" - defaultHolders="config_systemTextIntelligence" - exclusive="true" - minSdkVersion="31" - static="true" - systemOnly="true" - visible="false"> - <permissions> - <permission name="android.permission.MANAGE_UI_TRANSLATION" /> - <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY" /> - </permissions> - </role> - - <!--- - ~ A role for the system package that provides on-device intelligent processor for visual - ~ features. - ~ - ~ A package holding this role MUST comply with requirements outlined in the Android CDD - ~ section "9.8.6 Content Capture". - ~ Example link for Android 11: - ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture - ~ - ~ In addition, packages MUST NOT: - ~ - Request INTERNET permission. Instead packages MUST access the internet through - ~ well-defined APIs in an open source project. - ~ - Perform direct binds to other applications, except the following system packages: - ~ - Bluetooth - ~ - Contacts - ~ - Media - ~ - Telephony - ~ - System UI - ~ - Component providing internet APIs (see above) - ~ To achieve this packages MUST set up explicit <allow-association> configuration in the - ~ system config. - --> - <role - name="android.app.role.SYSTEM_VISUAL_INTELLIGENCE" - defaultHolders="config_systemVisualIntelligence" - exclusive="true" - minSdkVersion="31" - static="true" - systemOnly="true" - visible="false"> - <permissions> - <permission name="android.permission.CAMERA" /> - <permission name="android.permission.SYSTEM_CAMERA" /> - <permission name="android.permission.UPDATE_DEVICE_STATS" /> - <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" /> - </permissions> - </role> - <!--- ~ A role for the system package that serves as the activity recognizer on the device. ~ This is the application that provides the data behind the activity recognition @@ -891,10 +448,9 @@ --> <role name="android.app.role.SYSTEM_ACTIVITY_RECOGNIZER" - allowBypassingQualification="true" defaultHolders="config_systemActivityRecognizer" - exclusive="false" - static="true" + exclusive="true" + fallBackToDefaultHolder="true" systemOnly="true" visible="false"> <required-components> @@ -906,38 +462,4 @@ </required-components> </role> - <!--- - ~ A role for the system UI package. - --> - <role - name="android.app.role.SYSTEM_UI" - defaultHolders="config_systemUi" - exclusive="true" - minSdkVersion="31" - static="true" - systemOnly="true" - visible="false"> - <permissions> - <permission name="android.permission.MANAGE_SENSOR_PRIVACY" /> - <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" /> - </permissions> - </role> - - <!--- - ~ A role for the package responsible for interacting with a TV remote. - --> - <role - name="android.app.role.SYSTEM_TELEVISION_REMOTE_SERVICE" - behavior="TelevisionRoleBehavior" - defaultHolders="config_systemTelevisionRemoteService" - exclusive="true" - minSdkVersion="31" - static="true" - systemOnly="true" - visible="false"> - <permissions> - <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" /> - </permissions> - </role> - </roles> |