summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Evan Severson <evanseverson@google.com> 2024-03-07 02:42:06 +0000
committer Android (Google) Code Review <android-gerrit@google.com> 2024-03-07 02:42:06 +0000
commit58de5c2bc18fe099c7e11a88c683b1a69b60cf3c (patch)
tree64e81967f613060eeab2daf13a01d448a0405052
parent1d1d7400d1981a8fa1ee83df5fb8489f46146850 (diff)
parent22492125106739575a65eae9d86cf4e6cf5c47a0 (diff)
Merge "Check flags for permissions that are filtered" into main
Diffstat
-rw-r--r--tests/cts/permissionpolicy/Android.bp1
-rw-r--r--tests/cts/permissionpolicy/res/raw/android_manifest.xml1297
-rw-r--r--tests/cts/permissionpolicy/src/android/permissionpolicy/cts/PermissionPolicyTest.java36
3 files changed, 839 insertions, 495 deletions
diff --git a/tests/cts/permissionpolicy/Android.bp b/tests/cts/permissionpolicy/Android.bp
index a2860e264..8f3c42b0e 100644
--- a/tests/cts/permissionpolicy/Android.bp
+++ b/tests/cts/permissionpolicy/Android.bp
@@ -36,6 +36,7 @@ android_test {
"truth",
"permission-test-util-lib",
"androidx.test.rules",
+ "flag-junit",
],
srcs: [
"src/**/*.java",
diff --git a/tests/cts/permissionpolicy/res/raw/android_manifest.xml b/tests/cts/permissionpolicy/res/raw/android_manifest.xml
index 6261e52c6..1acdc75a6 100644
--- a/tests/cts/permissionpolicy/res/raw/android_manifest.xml
+++ b/tests/cts/permissionpolicy/res/raw/android_manifest.xml
@@ -48,6 +48,7 @@
<protected-broadcast android:name="android.intent.action.CANCEL_ENABLE_ROLLBACK" />
<protected-broadcast android:name="android.intent.action.ROLLBACK_COMMITTED" />
<protected-broadcast android:name="android.intent.action.PACKAGE_RESTARTED" />
+ <protected-broadcast android:name="android.intent.action.PACKAGE_UNSTOPPED" />
<protected-broadcast android:name="android.intent.action.PACKAGE_DATA_CLEARED" />
<protected-broadcast android:name="android.intent.action.PACKAGE_FIRST_LAUNCH" />
<protected-broadcast android:name="android.intent.action.PACKAGE_NEEDS_INTEGRITY_VERIFICATION" />
@@ -101,6 +102,7 @@
<protected-broadcast android:name="android.intent.action.OVERLAY_PRIORITY_CHANGED" />
<protected-broadcast android:name="android.intent.action.MY_PACKAGE_SUSPENDED" />
<protected-broadcast android:name="android.intent.action.MY_PACKAGE_UNSUSPENDED" />
+ <protected-broadcast android:name="android.intent.action.UNARCHIVE_PACKAGE" />
<protected-broadcast android:name="android.os.action.POWER_SAVE_MODE_CHANGED" />
<protected-broadcast android:name="android.os.action.DEVICE_IDLE_MODE_CHANGED" />
@@ -144,6 +146,7 @@
<protected-broadcast android:name="android.appwidget.action.APPWIDGET_ENABLED" />
<protected-broadcast android:name="android.appwidget.action.APPWIDGET_HOST_RESTORED" />
<protected-broadcast android:name="android.appwidget.action.APPWIDGET_RESTORED" />
+ <protected-broadcast android:name="android.appwidget.action.APPWIDGET_ENABLE_AND_UPDATE" />
<protected-broadcast android:name="android.os.action.SETTING_RESTORED" />
@@ -176,6 +179,7 @@
<protected-broadcast android:name="android.bluetooth.device.action.CONNECTION_ACCESS_REQUEST" />
<protected-broadcast android:name="android.bluetooth.device.action.SDP_RECORD" />
<protected-broadcast android:name="android.bluetooth.device.action.BATTERY_LEVEL_CHANGED" />
+ <protected-broadcast android:name="android.bluetooth.device.action.REMOTE_ISSUE_OCCURRED" />
<protected-broadcast android:name="android.bluetooth.devicepicker.action.LAUNCH" />
<protected-broadcast android:name="android.bluetooth.devicepicker.action.DEVICE_SELECTED" />
<protected-broadcast
@@ -201,6 +205,8 @@
<protected-broadcast
android:name="android.bluetooth.headsetclient.profile.action.LAST_VTAG" />
<protected-broadcast
+ android:name="android.bluetooth.headsetclient.profile.action.NETWORK_SERVICE_STATE_CHANGED" />
+ <protected-broadcast
android:name="android.bluetooth.hearingaid.profile.action.CONNECTION_STATE_CHANGED" />
<protected-broadcast
android:name="android.bluetooth.hearingaid.profile.action.PLAYING_STATE_CHANGED" />
@@ -257,6 +263,7 @@
android:name="com.android.bluetooth.BluetoothMapContentObserver.action.MESSAGE_DELIVERY" />
<protected-broadcast
android:name="android.bluetooth.pan.profile.action.CONNECTION_STATE_CHANGED" />
+ <protected-broadcast android:name="android.bluetooth.action.HAP_CONNECTION_STATE_CHANGED" />
<protected-broadcast android:name="android.bluetooth.action.LE_AUDIO_CONNECTION_STATE_CHANGED" />
<protected-broadcast android:name="android.bluetooth.action.LE_AUDIO_ACTIVE_DEVICE_CHANGED" />
<protected-broadcast android:name="android.bluetooth.action.LE_AUDIO_CONF_CHANGED" />
@@ -292,6 +299,7 @@
<protected-broadcast android:name="android.hardware.usb.action.USB_STATE" />
<protected-broadcast android:name="android.hardware.usb.action.USB_PORT_CHANGED" />
+ <protected-broadcast android:name="android.hardware.usb.action.USB_PORT_COMPLIANCE_CHANGED" />
<protected-broadcast android:name="android.hardware.usb.action.USB_ACCESSORY_ATTACHED" />
<protected-broadcast android:name="android.hardware.usb.action.USB_ACCESSORY_DETACHED" />
<protected-broadcast android:name="android.hardware.usb.action.USB_ACCESSORY_HANDSHAKE" />
@@ -313,6 +321,7 @@
<protected-broadcast android:name="android.media.MASTER_BALANCE_CHANGED_ACTION" />
<protected-broadcast android:name="android.media.SCO_AUDIO_STATE_CHANGED" />
<protected-broadcast android:name="android.media.ACTION_SCO_AUDIO_STATE_UPDATED" />
+ <protected-broadcast android:name="com.android.server.audio.action.CHECK_MUSIC_ACTIVE" />
<protected-broadcast android:name="android.intent.action.MEDIA_REMOVED" />
<protected-broadcast android:name="android.intent.action.MEDIA_UNMOUNTED" />
@@ -377,6 +386,8 @@
<protected-broadcast android:name="com.android.server.action.REMOTE_BUGREPORT_SHARING_ACCEPTED" />
<protected-broadcast android:name="com.android.server.action.REMOTE_BUGREPORT_SHARING_DECLINED" />
<protected-broadcast android:name="com.android.internal.action.EUICC_FACTORY_RESET" />
+ <protected-broadcast
+ android:name="com.android.internal.action.EUICC_REMOVE_INVISIBLE_SUBSCRIPTIONS" />
<protected-broadcast android:name="com.android.server.usb.ACTION_OPEN_IN_APPS" />
<protected-broadcast android:name="com.android.server.am.DELETE_DUMPHEAP" />
<protected-broadcast android:name="com.android.server.net.action.SNOOZE_WARNING" />
@@ -400,6 +411,7 @@
<protected-broadcast android:name="android.net.wifi.WIFI_AP_STATE_CHANGED" />
<protected-broadcast android:name="android.net.wifi.WIFI_CREDENTIAL_CHANGED" />
<protected-broadcast android:name="android.net.wifi.aware.action.WIFI_AWARE_STATE_CHANGED" />
+ <protected-broadcast android:name="android.net.wifi.aware.action.WIFI_AWARE_RESOURCE_CHANGED" />
<protected-broadcast android:name="android.net.wifi.rtt.action.WIFI_RTT_STATE_CHANGED" />
<protected-broadcast android:name="android.net.wifi.SCAN_RESULTS" />
<protected-broadcast android:name="android.net.wifi.RSSI_CHANGED" />
@@ -470,11 +482,9 @@
android:name="com.android.server.connectivityservice.CONNECTED_TO_PROVISIONING_NETWORK_ACTION" />
<!-- Defined in RestrictionsManager -->
- <protected-broadcast
- android:name="android.intent.action.PERMISSION_RESPONSE_RECEIVED" />
- <!-- Defined in RestrictionsManager -->
+ <protected-broadcast android:name="android.content.action.PERMISSION_RESPONSE_RECEIVED" />
+ <protected-broadcast android:name="android.content.action.REQUEST_PERMISSION" />
- <protected-broadcast android:name="android.intent.action.REQUEST_PERMISSION" />
<protected-broadcast android:name="android.nfc.handover.intent.action.HANDOVER_STARTED" />
<protected-broadcast android:name="android.nfc.handover.intent.action.TRANSFER_DONE" />
<protected-broadcast android:name="android.nfc.handover.intent.action.TRANSFER_PROGRESS" />
@@ -525,6 +535,7 @@
<protected-broadcast android:name="android.intent.action.MANAGED_PROFILE_ADDED" />
<protected-broadcast android:name="android.intent.action.MANAGED_PROFILE_UNLOCKED" />
<protected-broadcast android:name="android.intent.action.MANAGED_PROFILE_REMOVED" />
+ <protected-broadcast android:name="android.app.action.MANAGED_PROFILE_PROVISIONED" />
<protected-broadcast android:name="android.bluetooth.adapter.action.BLE_STATE_CHANGED" />
<protected-broadcast android:name="com.android.bluetooth.map.USER_CONFIRM_TIMEOUT" />
@@ -567,6 +578,7 @@
<protected-broadcast android:name="com.android.settings.network.SWITCH_TO_SUBSCRIPTION" />
<protected-broadcast android:name="com.android.settings.wifi.action.NETWORK_REQUEST" />
+ <protected-broadcast android:name="android.app.action.KEYGUARD_PRIVATE_NOTIFICATIONS_CHANGED" />
<protected-broadcast android:name="NotificationManagerService.TIMEOUT" />
<protected-broadcast android:name="NotificationHistoryDatabase.CLEANUP" />
<protected-broadcast android:name="ScheduleConditionProvider.EVALUATE" />
@@ -652,6 +664,8 @@
<protected-broadcast android:name="android.intent.action.DEVICE_LOCKED_CHANGED" />
+ <protected-broadcast android:name="com.android.content.pm.action.CAN_INTERACT_ACROSS_PROFILES_CHANGED"/>
+
<!-- Added in O -->
<protected-broadcast android:name="android.app.action.APPLICATION_DELEGATION_SCOPES_CHANGED" />
<protected-broadcast android:name="com.android.server.wm.ACTION_REVOKE_SYSTEM_ALERT_WINDOW_PERMISSION" />
@@ -663,7 +677,6 @@
<protected-broadcast android:name="android.media.tv.action.PREVIEW_PROGRAM_BROWSABLE_DISABLED" />
<protected-broadcast android:name="android.media.tv.action.WATCH_NEXT_PROGRAM_BROWSABLE_DISABLED" />
<protected-broadcast android:name="android.media.tv.action.CHANNEL_BROWSABLE_REQUESTED" />
- <protected-broadcast android:name="com.android.server.inputmethod.InputMethodManagerService.SHOW_INPUT_METHOD_PICKER" />
<!-- Made protected in P (was introduced in JB-MR2) -->
<protected-broadcast android:name="android.intent.action.GET_RESTRICTION_ENTRIES" />
@@ -791,14 +804,40 @@
<protected-broadcast android:name="android.telephony.action.CARRIER_SIGNAL_REQUEST_NETWORK_FAILED" />
<protected-broadcast android:name="com.android.phone.settings.CARRIER_PROVISIONING" />
<protected-broadcast android:name="com.android.phone.settings.TRIGGER_CARRIER_PROVISIONING" />
+ <protected-broadcast android:name="com.android.internal.telephony.ACTION_VOWIFI_ENABLED" />
<protected-broadcast android:name="android.telephony.action.ANOMALY_REPORTED" />
<protected-broadcast android:name="android.intent.action.SUBSCRIPTION_INFO_RECORD_ADDED" />
<protected-broadcast android:name="android.intent.action.ACTION_MANAGED_ROAMING_IND" />
<protected-broadcast android:name="android.telephony.ims.action.RCS_SINGLE_REGISTRATION_CAPABILITY_UPDATE" />
<!-- Added in T -->
+ <protected-broadcast android:name="android.safetycenter.action.REFRESH_SAFETY_SOURCES" />
+ <protected-broadcast android:name="android.safetycenter.action.SAFETY_CENTER_ENABLED_CHANGED" />
+ <protected-broadcast android:name="android.app.action.DEVICE_POLICY_RESOURCE_UPDATED" />
+ <protected-broadcast android:name="android.intent.action.SHOW_FOREGROUND_SERVICE_MANAGER" />
+ <protected-broadcast android:name="android.service.autofill.action.DELAYED_FILL" />
+ <protected-broadcast android:name="android.app.action.PROVISIONING_COMPLETED" />
<protected-broadcast android:name="android.app.action.LOST_MODE_LOCATION_UPDATE" />
+ <!-- Added in U -->
+ <protected-broadcast android:name="android.intent.action.PROFILE_ADDED" />
+ <protected-broadcast android:name="android.intent.action.PROFILE_REMOVED" />
+ <protected-broadcast android:name="com.android.internal.telephony.cat.SMS_SENT_ACTION" />
+ <protected-broadcast android:name="com.android.internal.telephony.cat.SMS_DELIVERY_ACTION" />
+ <protected-broadcast android:name="com.android.internal.telephony.data.ACTION_RETRY" />
+ <protected-broadcast android:name="android.companion.virtual.action.VIRTUAL_DEVICE_REMOVED" />
+ <protected-broadcast android:name="com.android.internal.intent.action.FLASH_NOTIFICATION_START_PREVIEW" />
+ <protected-broadcast android:name="com.android.internal.intent.action.FLASH_NOTIFICATION_STOP_PREVIEW" />
+ <protected-broadcast android:name="android.app.admin.action.DEVICE_FINANCING_STATE_CHANGED" />
+ <protected-broadcast android:name="android.app.admin.action.DEVICE_POLICY_SET_RESULT" />
+ <protected-broadcast android:name="android.app.admin.action.DEVICE_POLICY_CHANGED" />
+
+ <!-- Added in V -->
+ <protected-broadcast android:name="android.intent.action.PROFILE_AVAILABLE" />
+ <protected-broadcast android:name="android.intent.action.PROFILE_UNAVAILABLE" />
+ <protected-broadcast android:name="android.app.action.CONSOLIDATED_NOTIFICATION_POLICY_CHANGED" />
+ <protected-broadcast android:name="android.intent.action.MAIN_USER_LOCKSCREEN_KNOWLEDGE_FACTOR_CHANGED" />
+
<!-- ====================================================================== -->
<!-- RUNTIME PERMISSIONS -->
<!-- ====================================================================== -->
@@ -833,6 +872,7 @@
android:label="@string/permlab_readContacts"
android:description="@string/permdesc_readContacts"
android:protectionLevel="dangerous" />
+ <uses-permission android:name="android.permission.READ_CONTACTS" />
<!-- Allows an application to write the user's contacts data.
<p>Protection level: dangerous
@@ -854,7 +894,8 @@
android:permissionGroup="android.permission-group.UNDEFINED"
android:label="@string/permlab_writeVerificationStateE2eeContactKeys"
android:description="@string/permdesc_writeVerificationStateE2eeContactKeys"
- android:protectionLevel="signature|privileged" />
+ android:protectionLevel="signature|privileged"
+ android:featureFlag="android.provider.user_keys" />
<!-- Allows an application to set default account for new contacts.
<p> This permission is only granted to system applications fulfilling the Contacts app role.
@@ -916,7 +957,7 @@
<p>Protection level: dangerous
<p> This is a hard restricted permission which cannot be held by an app until
- the installer on record whitelists the permission. For more details see
+ the installer on record allowlists the permission. For more details see
{@link android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)}.
-->
<permission android:name="android.permission.SEND_SMS"
@@ -930,7 +971,7 @@
<p>Protection level: dangerous
<p> This is a hard restricted permission which cannot be held by an app until
- the installer on record whitelists the permission. For more details see
+ the installer on record allowlists the permission. For more details see
{@link android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)}.
-->
<permission android:name="android.permission.RECEIVE_SMS"
@@ -944,7 +985,7 @@
<p>Protection level: dangerous
<p> This is a hard restricted permission which cannot be held by an app until
- the installer on record whitelists the permission. For more details see
+ the installer on record allowlists the permission. For more details see
{@link android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)}.
-->
<permission android:name="android.permission.READ_SMS"
@@ -958,7 +999,7 @@
<p>Protection level: dangerous
<p> This is a hard restricted permission which cannot be held by an app until
- the installer on record whitelists the permission. For more details see
+ the installer on record allowlists the permission. For more details see
{@link android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)}.
-->
<permission android:name="android.permission.RECEIVE_WAP_PUSH"
@@ -972,7 +1013,7 @@
<p>Protection level: dangerous
<p> This is a hard restricted permission which cannot be held by an app until
- the installer on record whitelists the permission. For more details see
+ the installer on record allowlists the permission. For more details see
{@link android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)}.
-->
<permission android:name="android.permission.RECEIVE_MMS"
@@ -1007,7 +1048,7 @@
<p>Protection level: dangerous
<p> This is a hard restricted permission which cannot be held by an app until
- the installer on record whitelists the permission. For more details see
+ the installer on record allowlists the permission. For more details see
{@link android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)}.
@hide Pending API council approval -->
@@ -1019,27 +1060,10 @@
android:protectionLevel="dangerous" />
<!-- @SystemApi @hide Allows an application to communicate over satellite.
- Only granted if the application is a system app.-->
+ Only granted if the application is a system app or privileged app. -->
<permission android:name="android.permission.SATELLITE_COMMUNICATION"
android:protectionLevel="role|signature|privileged" />
- <!-- @SystemApi @hide Allows an application to bind with satellite service.
- Only granted if the application is a system app.-->
- <permission android:name="android.permission.BIND_SATELLITE_SERVICE"
- android:protectionLevel="signature|privileged|vendorPrivileged" />
-
- <!-- @hide Allows an application to bind with satellite gateway service.
- Only granted if the application is a system app.-->
- <permission android:name="android.permission.BIND_SATELLITE_GATEWAY_SERVICE"
- android:protectionLevel="signature" />
-
- <!-- @SystemApi @hide Required for an application in order to access the last known cell id.
- @FlaggedApi("com.android.server.telecom.flags.telecom_resolve_hidden_dependencies") -->
- <permission android:name="android.permission.ACCESS_LAST_KNOWN_CELL_ID"
- android:protectionLevel="signature"
- android:label="@string/permlab_accessLastKnownCellId"
- android:description="@string/permdesc_accessLastKnownCellId"/>
-
<!-- ====================================================================== -->
<!-- Permissions for accessing external storage -->
<!-- ====================================================================== -->
@@ -1053,28 +1077,41 @@
android:priority="900" />
<!-- Allows an application to read from external storage.
- <p>Any app that declares the {@link #WRITE_EXTERNAL_STORAGE} permission is implicitly
- granted this permission.</p>
+ <p class="note"><strong>Note: </strong>Starting in API level 33, this permission has no
+ effect. If your app accesses other apps' media files, request one or more of these permissions
+ instead: <a href="#READ_MEDIA_IMAGES"><code>READ_MEDIA_IMAGES</code></a>,
+ <a href="#READ_MEDIA_VIDEO"><code>READ_MEDIA_VIDEO</code></a>,
+ <a href="#READ_MEDIA_AUDIO"><code>READ_MEDIA_AUDIO</code></a>. Learn more about the
+ <a href="{@docRoot}training/data-storage/shared/media#storage-permission">storage
+ permissions</a> that are associated with media files.</p>
+
<p>This permission is enforced starting in API level 19. Before API level 19, this
permission is not enforced and all apps still have access to read from external storage.
You can test your app with the permission enforced by enabling <em>Protect USB
- storage</em> under Developer options in the Settings app on a device running Android 4.1 or
- higher.</p>
+ storage</em> under <b>Developer options</b> in the Settings app on a device running Android
+ 4.1 or higher.</p>
<p>Also starting in API level 19, this permission is <em>not</em> required to
- read/write files in your application-specific directories returned by
+ read or write files in your application-specific directories returned by
{@link android.content.Context#getExternalFilesDir} and
- {@link android.content.Context#getExternalCacheDir}.
- <p class="note"><strong>Note:</strong> If <em>both</em> your <a
+ {@link android.content.Context#getExternalCacheDir}.</p>
+ <p>Starting in API level 29, apps don't need to request this permission to access files in
+ their app-specific directory on external storage, or their own files in the
+ <a href="{@docRoot}reference/android/provider/MediaStore"><code>MediaStore</code></a>. Apps
+ shouldn't request this permission unless they need to access other apps' files in the
+ <code>MediaStore</code>. Read more about these changes in the
+ <a href="{@docRoot}training/data-storage#scoped-storage">scoped storage</a> section of the
+ developer documentation.</p>
+ <p>If <em>both</em> your <a
href="{@docRoot}guide/topics/manifest/uses-sdk-element.html#min">{@code
minSdkVersion}</a> and <a
href="{@docRoot}guide/topics/manifest/uses-sdk-element.html#target">{@code
targetSdkVersion}</a> values are set to 3 or lower, the system implicitly
grants your app this permission. If you don't need this permission, be sure your <a
href="{@docRoot}guide/topics/manifest/uses-sdk-element.html#target">{@code
- targetSdkVersion}</a> is 4 or higher.
+ targetSdkVersion}</a> is 4 or higher.</p>
<p> This is a soft restricted permission which cannot be held by an app it its
- full form until the installer on record whitelists the permission.
+ full form until the installer on record allowlists the permission.
Specifically, if the permission is allowlisted the holder app can access
external storage and the visual and aural media collections while if the
permission is not allowlisted the holder app can only access to the visual
@@ -1100,10 +1137,12 @@
<!-- Allows an application to read audio files from external storage.
<p>This permission is enforced starting in API level
- {@link android.os.Build.VERSION_CODES#TIRAMISU}.
+ {@link android.os.Build.VERSION_CODES#TIRAMISU}. An app which targets
+ {@link android.os.Build.VERSION_CODES#TIRAMISU} or higher and needs to read audio files from
+ external storage must hold this permission; {@link #READ_EXTERNAL_STORAGE} is not required.
For apps with a <a href="{@docRoot}guide/topics/manifest/uses-sdk-element.html#target">{@code
- targetSdkVersion}</a> of {@link android.os.Build.VERSION_CODES#S} or lower, this permission
- must not be used and the READ_EXTERNAL_STORAGE permission must be used instead.
+ targetSdkVersion}</a> of {@link android.os.Build.VERSION_CODES#S_V2} or lower, the
+ {@link #READ_EXTERNAL_STORAGE} permission is required, instead, to read audio files.
<p>Protection level: dangerous -->
<permission android:name="android.permission.READ_MEDIA_AUDIO"
android:permissionGroup="android.permission-group.UNDEFINED"
@@ -1119,12 +1158,14 @@
android:description="@string/permgroupdesc_readMediaVisual"
android:priority="1000" />
- <!-- Allows an application to read audio files from external storage.
- <p>This permission is enforced starting in API level
- {@link android.os.Build.VERSION_CODES#TIRAMISU}.
- For apps with a <a href="{@docRoot}guide/topics/manifest/uses-sdk-element.html#target">{@code
- targetSdkVersion}</a> of {@link android.os.Build.VERSION_CODES#S} or lower, this permission
- must not be used and the READ_EXTERNAL_STORAGE permission must be used instead.
+ <!-- Allows an application to read video files from external storage.
+ <p>This permission is enforced starting in API level
+ {@link android.os.Build.VERSION_CODES#TIRAMISU}. An app which targets
+ {@link android.os.Build.VERSION_CODES#TIRAMISU} or higher and needs to read video files from
+ external storage must hold this permission; {@link #READ_EXTERNAL_STORAGE} is not required.
+ For apps with a <a href="{@docRoot}guide/topics/manifest/uses-sdk-element.html#target">{@code
+ targetSdkVersion}</a> of {@link android.os.Build.VERSION_CODES#S_V2} or lower, the
+ {@link #READ_EXTERNAL_STORAGE} permission is required, instead, to read video files.
<p>Protection level: dangerous -->
<permission android:name="android.permission.READ_MEDIA_VIDEO"
android:permissionGroup="android.permission-group.UNDEFINED"
@@ -1134,22 +1175,32 @@
<!-- Allows an application to read image files from external storage.
<p>This permission is enforced starting in API level
- {@link android.os.Build.VERSION_CODES#TIRAMISU}.
+ {@link android.os.Build.VERSION_CODES#TIRAMISU}. An app which targets
+ {@link android.os.Build.VERSION_CODES#TIRAMISU} or higher and needs to read image files from
+ external storage must hold this permission; {@link #READ_EXTERNAL_STORAGE} is not required.
For apps with a <a href="{@docRoot}guide/topics/manifest/uses-sdk-element.html#target">{@code
- targetSdkVersion}</a> of {@link android.os.Build.VERSION_CODES#S} or lower, this permission
- must not be used and the READ_EXTERNAL_STORAGE permission must be used instead.
- <p>Protection level: dangerous -->
+ targetSdkVersion}</a> of {@link android.os.Build.VERSION_CODES#S_V2} or lower, the
+ {@link #READ_EXTERNAL_STORAGE} permission is required, instead, to read image files.
+ <p>Protection level: dangerous -->
<permission android:name="android.permission.READ_MEDIA_IMAGES"
android:permissionGroup="android.permission-group.UNDEFINED"
- android:label="@string/permlab_readMediaImage"
- android:description="@string/permdesc_readMediaImage"
+ android:label="@string/permlab_readMediaImages"
+ android:description="@string/permdesc_readMediaImages"
android:protectionLevel="dangerous" />
<!-- Allows an application to read image or video files from external storage that a user has
selected via the permission prompt photo picker. Apps can check this permission to verify that
a user has decided to use the photo picker, instead of granting access to
- {@link #READ_MEDIA_IMAGES or #READ_MEDIA_VIDEO}. It does not prevent apps from accessing the
- standard photo picker manually.
+ {@link #READ_MEDIA_IMAGES} or {@link #READ_MEDIA_VIDEO}. It does not prevent apps from
+ accessing the standard photo picker manually. This permission should be requested alongside
+ {@link #READ_MEDIA_IMAGES} and/or {@link #READ_MEDIA_VIDEO}, depending on which type of media
+ is desired.
+ <p> This permission will be automatically added to an app's manifest if the app requests
+ {@link #READ_MEDIA_IMAGES}, {@link #READ_MEDIA_VIDEO}, or {@link #ACCESS_MEDIA_LOCATION}
+ regardless of target SDK. If an app does not request this permission, then the grant dialog
+ will return `PERMISSION_GRANTED` for {@link #READ_MEDIA_IMAGES} and/or
+ {@link #READ_MEDIA_VIDEO}, but the app will only have access to the media selected by the
+ user. This false grant state will persist until the app goes into the background.
<p>Protection level: dangerous -->
<permission android:name="android.permission.READ_MEDIA_VISUAL_USER_SELECTED"
android:permissionGroup="android.permission-group.UNDEFINED"
@@ -1158,7 +1209,28 @@
android:protectionLevel="dangerous" />
<!-- Allows an application to write to external storage.
- <p class="note"><strong>Note:</strong> If <em>both</em> your <a
+ <p><strong>Note: </strong>If your app targets {@link android.os.Build.VERSION_CODES#R} or
+ higher, this permission has no effect.
+
+ <p>If your app is on a device that runs API level 19 or higher, you don't need to declare
+ this permission to read and write files in your application-specific directories returned
+ by {@link android.content.Context#getExternalFilesDir} and
+ {@link android.content.Context#getExternalCacheDir}.
+
+ <p>Learn more about how to
+ <a href="{@docRoot}training/data-storage/shared/media#update-other-apps-files">modify media
+ files</a> that your app doesn't own, and how to
+ <a href="{@docRoot}training/data-storage/shared/documents-files">modify non-media files</a>
+ that your app doesn't own.
+
+ <p>If your app is a file manager and needs broad access to external storage files, then
+ the system must place your app on an allowlist so that you can successfully request the
+ <a href="#MANAGE_EXTERNAL_STORAGE><code>MANAGE_EXTERNAL_STORAGE</code></a> permission.
+ Learn more about the appropriate use cases for
+ <a href="{@docRoot}training/data-storage/manage-all-files>managing all files on a storage
+ device</a>.
+
+ <p>If <em>both</em> your <a
href="{@docRoot}guide/topics/manifest/uses-sdk-element.html#min">{@code
minSdkVersion}</a> and <a
href="{@docRoot}guide/topics/manifest/uses-sdk-element.html#target">{@code
@@ -1166,12 +1238,6 @@
grants your app this permission. If you don't need this permission, be sure your <a
href="{@docRoot}guide/topics/manifest/uses-sdk-element.html#target">{@code
targetSdkVersion}</a> is 4 or higher.
- <p>Starting in API level 19, this permission is <em>not</em> required to
- read/write files in your application-specific directories returned by
- {@link android.content.Context#getExternalFilesDir} and
- {@link android.content.Context#getExternalCacheDir}.
- <p>If this permission is not allowlisted for an app that targets an API level before
- {@link android.os.Build.VERSION_CODES#Q} this permission cannot be granted to apps.</p>
<p>Protection level: dangerous</p>
-->
<permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"
@@ -1260,7 +1326,7 @@
<p>Protection level: dangerous
<p> This is a hard restricted permission which cannot be held by an app until
- the installer on record whitelists the permission. For more details see
+ the installer on record allowlists the permission. For more details see
{@link android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)}.
-->
<permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION"
@@ -1322,7 +1388,7 @@
<p>Protection level: dangerous
<p> This is a hard restricted permission which cannot be held by an app until
- the installer on record whitelists the permission. For more details see
+ the installer on record allowlists the permission. For more details see
{@link android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)}.
-->
<permission android:name="android.permission.READ_CALL_LOG"
@@ -1332,8 +1398,7 @@
android:permissionFlags="hardRestricted"
android:protectionLevel="dangerous" />
- <!-- Allows an application to write (but not read) the user's
- call log data.
+ <!-- Allows an application to write and read the user's call log data.
<p class="note"><strong>Note:</strong> If your app uses the
{@link #WRITE_CONTACTS} permission and <em>both</em> your <a
href="{@docRoot}guide/topics/manifest/uses-sdk-element.html#min">{@code
@@ -1346,7 +1411,7 @@
<p>Protection level: dangerous
<p> This is a hard restricted permission which cannot be held by an app until
- the installer on record whitelists the permission. For more details see
+ the installer on record allowlists the permission. For more details see
{@link android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)}.
-->
<permission android:name="android.permission.WRITE_CALL_LOG"
@@ -1362,7 +1427,7 @@
<p>Protection level: dangerous
<p> This is a hard restricted permission which cannot be held by an app until
- the installer on record whitelists the permission. For more details see
+ the installer on record allowlists the permission. For more details see
{@link android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)}.
@deprecated Applications should use {@link android.telecom.CallRedirectionService} instead
@@ -1406,6 +1471,14 @@
android:description="@string/permdesc_readPhoneState"
android:protectionLevel="dangerous" />
+ <!-- Allows read only access to phone state with a non dangerous permission,
+ including the information like cellular network type, software version. -->
+ <permission android:name="android.permission.READ_BASIC_PHONE_STATE"
+ android:permissionGroup="android.permission-group.UNDEFINED"
+ android:label="@string/permlab_readBasicPhoneState"
+ android:description="@string/permdesc_readBasicPhoneState"
+ android:protectionLevel="normal" />
+
<!-- Allows read access to the device's phone number(s). This is a subset of the capabilities
granted by {@link #READ_PHONE_STATE} but is exposed to instant applications.
<p>Protection level: dangerous-->
@@ -1417,7 +1490,9 @@
<!-- Allows an application to initiate a phone call without going through
the Dialer user interface for the user to confirm the call.
- <p>Protection level: dangerous
+ <p class="note"><b>Note:</b> An app holding this permission can also call carrier MMI
+ codes to change settings such as call forwarding or call waiting preferences.</p>
+ <p>Protection level: dangerous</p>
-->
<permission android:name="android.permission.CALL_PHONE"
android:permissionGroup="android.permission-group.UNDEFINED"
@@ -1650,12 +1725,15 @@
<!-- @SystemApi Allows camera access by Headless System User 0 when device is running in
HSUM Mode.
+ @FlaggedApi("com.android.internal.camera.flags.camera_hsum_permission")
@hide -->
<permission android:name="android.permission.CAMERA_HEADLESS_SYSTEM_USER"
android:permissionGroup="android.permission-group.UNDEFINED"
android:label="@string/permlab_cameraHeadlessSystemUser"
android:description="@string/permdesc_cameraHeadlessSystemUser"
- android:protectionLevel="signature" />
+ android:protectionLevel="signature"
+ android:featureFlag="com.android.internal.camera.flags.camera_hsum_permission" />
+
<!-- @SystemApi Allows camera access of allowlisted driver assistance apps
to be controlled separately.
@@ -1692,11 +1770,11 @@
measure what is happening inside their body, such as heart rate.
<p>Protection level: dangerous -->
<permission android:name="android.permission.BODY_SENSORS"
- android:permissionGroup="android.permission-group.UNDEFINED"
- android:label="@string/permlab_bodySensors"
- android:description="@string/permdesc_bodySensors"
- android:backgroundPermission="android.permission.BODY_SENSORS_BACKGROUND"
- android:protectionLevel="dangerous" />
+ android:permissionGroup="android.permission-group.UNDEFINED"
+ android:label="@string/permlab_bodySensors"
+ android:description="@string/permdesc_bodySensors"
+ android:backgroundPermission="android.permission.BODY_SENSORS_BACKGROUND"
+ android:protectionLevel="dangerous" />
<!-- Allows an application to access data from sensors that the user uses to measure what is
happening inside their body, such as heart rate. If you're requesting this permission, you
@@ -1709,11 +1787,11 @@
{@link android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)}.
-->
<permission android:name="android.permission.BODY_SENSORS_BACKGROUND"
- android:permissionGroup="android.permission-group.UNDEFINED"
- android:label="@string/permlab_bodySensors_background"
- android:description="@string/permdesc_bodySensors_background"
- android:protectionLevel="dangerous"
- android:permissionFlags="hardRestricted" />
+ android:permissionGroup="android.permission-group.UNDEFINED"
+ android:label="@string/permlab_bodySensors_background"
+ android:description="@string/permdesc_bodySensors_background"
+ android:protectionLevel="dangerous"
+ android:permissionFlags="hardRestricted" />
<!-- Allows an app to use fingerprint hardware.
<p>Protection level: normal
@@ -1735,7 +1813,7 @@
android:description="@string/permdesc_useBiometric"
android:protectionLevel="normal" />
- <!-- ======================================================================= -->
+ <!-- ====================================================================== -->
<!-- Permissions for posting notifications -->
<!-- ====================================================================== -->
<eat-comment />
@@ -1756,6 +1834,7 @@
android:label="@string/permlab_postNotification"
android:description="@string/permdesc_postNotification"
android:protectionLevel="dangerous|instant" />
+ <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
<!-- ====================================================================== -->
<!-- REMOVED PERMISSIONS -->
@@ -1791,7 +1870,7 @@
android:protectionLevel="normal"
android:permissionFlags="removed"/>
- <!-- @hide We need to keep this around for backwards compatibility -->
+ <!-- @SystemApi @hide We need to keep this around for backwards compatibility -->
<permission android:name="android.permission.WRITE_SMS"
android:protectionLevel="normal"
android:permissionFlags="removed"/>
@@ -1869,7 +1948,7 @@
<permission android:name="android.permission.RECEIVE_EMERGENCY_BROADCAST"
android:protectionLevel="signature|privileged" />
- <!-- Allows an application to monitor incoming Bluetooth MAP messages, to record
+ <!-- @SystemApi Allows an application to monitor incoming Bluetooth MAP messages, to record
or perform processing on them. -->
<!-- @hide -->
<permission android:name="android.permission.RECEIVE_BLUETOOTH_MAP"
@@ -1983,7 +2062,8 @@
<permission android:name="android.permission.ACCESS_MOCK_LOCATION"
android:protectionLevel="signature" />
- <!-- @SystemApi @hide Allows automotive applications to control location
+ <!-- @hide @SystemApi(client=android.annotation.SystemApi.Client.MODULE_LIBRARIES)
+ Allows automotive applications to control location
suspend state for power management use cases.
<p>Not for use by third-party applications.
-->
@@ -2028,10 +2108,10 @@
android:protectionLevel="normal" />
<!-- This permission is used to let OEMs grant their trusted app access to a subset of
- privileged wifi APIs to improve wifi performance. Allows applications to manage
- Wi-Fi network selection related features such as enable or disable global auto-join,
- modify connectivity scan intervals, and approve Wi-Fi Direct connections.
- <p>Not for use by third-party applications. -->
+ privileged wifi APIs to improve wifi performance. Allows applications to manage
+ Wi-Fi network selection related features such as enable or disable global auto-join,
+ modify connectivity scan intervals, and approve Wi-Fi Direct connections.
+ <p>Not for use by third-party applications. -->
<permission android:name="android.permission.MANAGE_WIFI_NETWORK_SELECTION"
android:protectionLevel="signature|privileged|knownSigner"
android:knownCerts="@array/wifi_known_signers" />
@@ -2090,14 +2170,14 @@
modifications.
<p>Not for use by third-party applications. -->
<permission android:name="android.permission.OVERRIDE_WIFI_CONFIG"
- android:protectionLevel="signature|privileged|knownSigner"
- android:knownCerts="@array/wifi_known_signers" />
+ android:protectionLevel="signature|privileged|knownSigner"
+ android:knownCerts="@array/wifi_known_signers" />
- <!-- Allows applications to act as network scorers. @hide @SystemApi-->
+ <!-- @deprecated Allows applications to act as network scorers. @hide @SystemApi-->
<permission android:name="android.permission.SCORE_NETWORKS"
android:protectionLevel="signature|privileged" />
- <!-- Allows applications to request network
+ <!-- @deprecated Allows applications to request network
recommendations and scores from the NetworkScoreService.
@SystemApi
<p>Not for use by third-party applications. @hide -->
@@ -2201,7 +2281,7 @@
<!-- @SystemApi @hide Allows changing Thread network state and access to Thread network
credentials such as Network Key and PSKc.
<p>Not for use by third-party applications.
- @FlaggedApi("com.android.net.thread.flags.thread_enabled") -->
+ @FlaggedApi("com.android.net.thread.platform.flags.thread_enabled_platform") -->
<permission android:name="android.permission.THREAD_NETWORK_PRIVILEGED"
android:protectionLevel="signature|privileged" />
@@ -2251,10 +2331,12 @@
<!-- Allows system apps to call methods to register itself as a mDNS offload engine.
<p>Not for use by third-party or privileged applications.
@SystemApi
+ @FlaggedApi("android.net.platform.flags.register_nsd_offload_engine")
@hide This should only be used by system apps.
-->
<permission android:name="android.permission.REGISTER_NSD_OFFLOAD_ENGINE"
- android:protectionLevel="signature" />
+ android:protectionLevel="signature"
+ android:featureFlag="android.net.platform.flags.register_nsd_offload_engine" />
<!-- ======================================= -->
<!-- Permissions for short range, peripheral networks -->
@@ -2323,7 +2405,8 @@
them from running without explicit user action.
-->
<permission android:name="android.permission.QUARANTINE_APPS"
- android:protectionLevel="signature|verifier" />
+ android:protectionLevel="signature|verifier"
+ android:featureFlag="android.content.pm.quarantined_enabled" />
<!-- Allows applications to discover and pair bluetooth devices.
<p>Protection level: normal
@@ -2339,14 +2422,15 @@
<permission android:name="android.permission.BLUETOOTH_PRIVILEGED"
android:protectionLevel="signature|privileged" />
- <!-- SystemApi Control access to email providers exclusively for Bluetooth
+ <!-- @SystemApi Control access to email providers exclusively for Bluetooth
@hide
-->
<permission android:name="android.permission.BLUETOOTH_MAP"
android:protectionLevel="signature|role" />
<!-- Allows bluetooth stack to access files
- @hide This should only be used by Bluetooth apk.
+ This should only be granted to the Bluetooth apk.
+ @hide @SystemApi(client=android.annotation.SystemApi.Client.MODULE_LIBRARIES)
-->
<permission android:name="android.permission.BLUETOOTH_STACK"
android:protectionLevel="signature|role" />
@@ -2369,6 +2453,8 @@
<p>Protection level: normal
-->
<permission android:name="android.permission.NFC_TRANSACTION_EVENT"
+ android:description="@string/permdesc_nfcTransactionEvent"
+ android:label="@string/permlab_nfcTransactionEvent"
android:protectionLevel="normal" />
<!-- Allows applications to receive NFC preferred payment service information.
@@ -2434,8 +2520,9 @@
<permission android:name="android.permission.NFC_HANDOVER_STATUS"
android:protectionLevel="signature|privileged" />
- <!-- @hide Allows internal management of Bluetooth state when on wireless consent mode.
- <p>Not for use by third-party applications. -->
+ <!-- @SystemApi Allows internal management of Bluetooth state when on wireless consent mode.
+ <p>Not for use by third-party applications.
+ @hide -->
<permission android:name="android.permission.MANAGE_BLUETOOTH_WHEN_WIRELESS_CONSENT_REQUIRED"
android:protectionLevel="signature" />
@@ -2531,6 +2618,15 @@
android:description="@string/permdesc_transmitIr"
android:protectionLevel="normal" />
+ <!-- Allows an app to turn on the screen on, e.g. with
+ {@link android.os.PowerManager#ACQUIRE_CAUSES_WAKEUP}.
+ <p>Intended to only be used by home automation apps.
+ -->
+ <permission android:name="android.permission.TURN_SCREEN_ON"
+ android:label="@string/permlab_turnScreenOn"
+ android:description="@string/permdesc_turnScreenOn"
+ android:protectionLevel="signature|privileged|appop" />
+
<!-- ==================================================== -->
<!-- Permissions related to changing audio settings -->
<!-- ==================================================== -->
@@ -2557,7 +2653,7 @@
<permission android:name="android.permission.LAUNCH_CAPTURE_CONTENT_ACTIVITY_FOR_NOTE"
android:protectionLevel="internal|role" />
- <!-- Allows an application to be notified whenever a screen capture is attempted.
+ <!-- Allows an application to get notified when a screen capture of its windows is attempted.
<p>Protection level: normal
-->
<permission android:name="android.permission.DETECT_SCREEN_CAPTURE"
@@ -2570,7 +2666,8 @@
@FlaggedApi("com.android.window.flags.screen_recording_callbacks")
-->
<permission android:name="android.permission.DETECT_SCREEN_RECORDING"
- android:protectionLevel="normal" />
+ android:protectionLevel="normal"
+ android:featureFlag="com.android.window.flags.screen_recording_callbacks" />
<!-- ======================================== -->
<!-- Permissions for factory reset protection -->
@@ -2692,8 +2789,9 @@
<permission android:name="android.permission.OEM_UNLOCK_STATE"
android:protectionLevel="signature" />
- <!-- @SystemApi @hide Allows configuration of factory reset protection
- <p>Not for use by third-party applications. -->
+ <!-- @SystemApi Allows configuration of factory reset protection
+ @FlaggedApi("android.security.frp_enforcement")
+ @hide <p>Not for use by third-party applications. -->
<permission android:name="android.permission.CONFIGURE_FACTORY_RESET_PROTECTION"
android:protectionLevel="signature|privileged" />
@@ -2804,6 +2902,13 @@
<permission android:name="android.permission.BIND_INCALL_SERVICE"
android:protectionLevel="signature|privileged" />
+ <!-- Must be required by a {@link android.telecom.CallStreamingService},
+ to ensure that only the system can bind to it.
+ <p>Protection level: signature
+ @SystemApi @hide-->
+ <permission android:name="android.permission.BIND_CALL_STREAMING_SERVICE"
+ android:protectionLevel="signature" />
+
<!-- Allows to query ongoing call details and manage ongoing calls
<p>Protection level: signature|appop -->
<permission android:name="android.permission.MANAGE_ONGOING_CALLS"
@@ -2857,13 +2962,6 @@
<permission android:name="android.permission.BIND_CALL_REDIRECTION_SERVICE"
android:protectionLevel="signature|privileged" />
- <!-- Must be required by a {@link android.telecom.CallStreamingService},
- to ensure that only the system can bind to it.
- <p>Protection level: signature
- @SystemApi @hide-->
- <permission android:name="android.permission.BIND_CALL_STREAMING_SERVICE"
- android:protectionLevel="signature" />
-
<!-- Must be required by a {@link android.telecom.ConnectionService},
to ensure that only the system can bind to it.
@deprecated {@link android.telecom.ConnectionService}s should require
@@ -2873,15 +2971,6 @@
<permission android:name="android.permission.BIND_CONNECTION_SERVICE"
android:protectionLevel="signature|privileged" />
- <!-- Must be required by a
- android.service.wallpapereffectsgeneration.WallpaperEffectsGenerationService,
- to ensure that only the system can bind to it.
- @SystemApi @hide This is not a third-party API (intended for OEMs and system apps).
- <p>Protection level: signature
- -->
- <permission android:name="android.permission.BIND_WALLPAPER_EFFECTS_GENERATION_SERVICE"
- android:protectionLevel="signature" />
-
<!-- Must be required by a {@link android.telecom.ConnectionService},
to ensure that only the system can bind to it.
<p>Protection level: signature|privileged
@@ -2929,6 +3018,23 @@
<permission android:name="android.permission.BIND_IMS_SERVICE"
android:protectionLevel="signature|privileged|vendorPrivileged" />
+ <!-- Must be required by a SatelliteService to ensure that only the
+ system can bind to it.
+ <p>Protection level: signature|privileged|vendorPrivileged
+ @SystemApi
+ @hide
+ -->
+ <permission android:name="android.permission.BIND_SATELLITE_SERVICE"
+ android:protectionLevel="signature|privileged|vendorPrivileged" />
+
+ <!-- Must be required by a SatelliteGatewayService to ensure that only the
+ system can bind to it.
+ <p>Protection level: signature
+ @hide
+ -->
+ <permission android:name="android.permission.BIND_SATELLITE_GATEWAY_SERVICE"
+ android:protectionLevel="signature" />
+
<!-- Must be required by a telephony data service to ensure that only the
system can bind to it.
<p>Protection level: signature
@@ -2989,6 +3095,17 @@
<permission android:name="android.permission.ACCESS_RCS_USER_CAPABILITY_EXCHANGE"
android:protectionLevel="internal|role" />
+ <!-- Used to provide the Telecom framework with access to the last known call ID.
+ <p>Protection level: signature
+ @SystemApi
+ @FlaggedApi("com.android.server.telecom.flags.telecom_resolve_hidden_dependencies")
+ @hide
+ -->
+ <permission android:name="android.permission.ACCESS_LAST_KNOWN_CELL_ID"
+ android:protectionLevel="signature"
+ android:label="@string/permlab_accessLastKnownCellId"
+ android:description="@string/permdesc_accessLastKnownCellId"/>
+
<!-- ================================== -->
<!-- Permissions for sdcard interaction -->
<!-- ================================== -->
@@ -3114,7 +3231,7 @@
<permission android:name="android.permission.INTERACT_ACROSS_PROFILES"
android:protectionLevel="signature|appop" />
- <!-- Allows applications to access profiles with PROFILE_API_VISIBILITY_HIDDEN user property
+ <!-- Allows applications to access profiles with ACCESS_HIDDEN_PROFILES user property
<p>Protection level: normal
@FlaggedApi("android.multiuser.enable_permission_to_access_hidden_profiles") -->
<permission android:name="android.permission.ACCESS_HIDDEN_PROFILES"
@@ -3124,21 +3241,21 @@
<!-- @SystemApi @hide Allows privileged applications to get details about hidden profile
users.
- @FlaggedApi("android.multiuser.flags.enable_permission_to_access_hidden_profiles") -->
+ @FlaggedApi("android.multiuser.flags.enable_permission_to_access_hidden_profiles") -->
<permission
android:name="android.permission.ACCESS_HIDDEN_PROFILES_FULL"
android:protectionLevel="signature|privileged" />
+ <!-- @SystemApi @hide Allows starting activities across profiles in the same profile group. -->
+ <permission android:name="android.permission.START_CROSS_PROFILE_ACTIVITIES"
+ android:protectionLevel="signature|role" />
+
<!-- @SystemApi Allows configuring apps to have the INTERACT_ACROSS_PROFILES permission so that
they can interact across profiles in the same profile group.
@hide -->
<permission android:name="android.permission.CONFIGURE_INTERACT_ACROSS_PROFILES"
android:protectionLevel="signature|role" />
- <!-- @SystemApi @hide Allows starting activities across profiles in the same profile group. -->
- <permission android:name="android.permission.START_CROSS_PROFILE_ACTIVITIES"
- android:protectionLevel="signature|role" />
-
<!-- @SystemApi @hide Allows an application to call APIs that allow it to query and manage
users on the device. This permission is not available to
third party applications. -->
@@ -3512,13 +3629,13 @@
<!-- Allows an application to set policy related to <a
href="https://www.threadgroup.org">Thread</a> network.
- @FlaggedApi("com.android.net.thread.flags.thread_user_restriction_enabled")
+ @FlaggedApi("com.android.net.thread.platform.flags.thread_user_restriction_enabled")
-->
<permission android:name="android.permission.MANAGE_DEVICE_POLICY_THREAD_NETWORK"
android:protectionLevel="internal|role" />
<!-- Allows an application to set policy related to sending assist content to a
- privilege app such as the Assistant app.
+ privileged app such as the Assistant app.
@FlaggedApi("android.app.admin.flags.assist_content_user_restriction_enabled")
-->
<permission android:name="android.permission.MANAGE_DEVICE_POLICY_ASSIST_CONTENT"
@@ -3588,7 +3705,7 @@
<permission android:name="android.permission.MANAGE_DEVICE_POLICY_SYSTEM_UPDATES"
android:protectionLevel="internal|role" />
- <!-- Allows an application to query system updates.
+ <!-- Allows an application query system updates.
<p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is
required to call APIs protected by this permission on users different to the calling user.
-->
@@ -3723,16 +3840,15 @@
android:protectionLevel="internal|role" />
<!-- Allows an application to set policy related to subscriptions downloaded by an admin.
- <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call
- APIs protected by this permission on users different to the calling user.
- @FlaggedApi("android.app.admin.flags.esim_management_enabled")
- -->
+ <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call
+ APIs protected by this permission on users different to the calling user.
+ @FlaggedApi("android.app.admin.flags.esim_management_enabled") -->
<permission android:name="android.permission.MANAGE_DEVICE_POLICY_MANAGED_SUBSCRIPTIONS"
android:protectionLevel="internal|role" />
+
<!-- Allows an application to manage policy related to block package uninstallation.
@FlaggedApi("android.app.admin.flags.dedicated_device_control_api_enabled")
-->
-
<permission android:name="android.permission.MANAGE_DEVICE_POLICY_BLOCK_UNINSTALL"
android:protectionLevel="internal|role" />
@@ -3778,6 +3894,7 @@
@hide This is not a third-party API (intended for OEMs and system apps). -->
<permission android:name="android.permission.MANAGE_ENHANCED_CONFIRMATION_STATES"
android:protectionLevel="signature|installer" />
+ <uses-permission android:name="android.permission.MANAGE_ENHANCED_CONFIRMATION_STATES" />
<!-- @SystemApi @hide Allows an application to set a device owner on retail demo devices.-->
<permission android:name="android.permission.PROVISION_DEMO_DEVICE"
@@ -3794,11 +3911,6 @@
<permission android:name="android.permission.FORCE_DEVICE_POLICY_MANAGER_LOGS"
android:protectionLevel="signature" />
- <!-- @SystemApi Allows an application to write to the security log buffer in logd.
- @hide -->
- <permission android:name="android.permission.WRITE_SECURITY_LOG"
- android:protectionLevel="signature|privileged" />
-
<!-- Allows an application to get full detailed information about
recently running tasks, with full fidelity to the real state.
@hide -->
@@ -3888,13 +4000,15 @@
android:description="@string/permdesc_killBackgroundProcesses"
android:protectionLevel="normal" />
- <!-- @deprecated Allows an application to call
+ <!-- Allows an application to call
{@link android.app.ActivityManager#killBackgroundProcesses}.
<p>As of Android version {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE},
the {@link android.app.ActivityManager#killBackgroundProcesses} is no longer available to
third party applications. For backwards compatibility, the background processes of the
- caller's own package will still be killed when calling this API, meanwhile this permission
- is not required anymore in this case.
+ caller's own package will still be killed when calling this API. If the caller has
+ the system permission {@code KILL_ALL_BACKGROUND_PROCESSES}, other processes will be
+ killed too.
+
<p>Protection level: normal
-->
<permission android:name="android.permission.KILL_BACKGROUND_PROCESSES"
@@ -4003,7 +4117,9 @@
<p>Protection level: normal
-->
<permission android:name="android.permission.REQUEST_COMPANION_START_FOREGROUND_SERVICES_FROM_BACKGROUND"
- android:protectionLevel="normal"/>
+ android:label="@string/permlab_startForegroundServicesFromBackground"
+ android:description="@string/permdesc_startForegroundServicesFromBackground"
+ android:protectionLevel="normal"/>
<!-- Allows a companion app to use data in the background.
<p>Protection level: normal
@@ -4013,20 +4129,14 @@
android:description="@string/permdesc_useDataInBackground"
android:protectionLevel="normal" />
- <!-- Allows an application to subscribe to notifications about the nearby devices' presence
- status change base on the UUIDs.
- <p>Not for use by third-party applications.</p>
- @FlaggedApi("android.companion.flags.device_uuid_presence")
- -->
- <permission android:name="android.permission.REQUEST_OBSERVE_DEVICE_UUID_PRESENCE"
- android:protectionLevel="signature|privileged" />
-
<!-- Allows app to request to be associated with a device via
{@link android.companion.CompanionDeviceManager}
as a "watch"
<p>Protection level: normal
-->
<permission android:name="android.permission.REQUEST_COMPANION_PROFILE_WATCH"
+ android:label="@string/permlab_companionProfileWatch"
+ android:description="@string/permdesc_companionProfileWatch"
android:protectionLevel="normal" />
<!-- Allows app to request to be associated with a device via
@@ -4046,8 +4156,7 @@
<permission android:name="android.permission.REQUEST_COMPANION_PROFILE_APP_STREAMING"
android:protectionLevel="signature|privileged" />
- <!-- Allows application to request to be associated with a virtual device associated to a
- nearby device capable of rendering an entire OS
+ <!-- Allows application to request to stream content from an Android host to a nearby device
({@link android.companion.AssociationRequest#DEVICE_PROFILE_NEARBY_DEVICE_STREAMING})
by {@link android.companion.CompanionDeviceManager}.
<p>Not for use by third-party applications.
@@ -4065,11 +4174,11 @@
android:protectionLevel="internal|role" />
<!-- Allows application to request to be associated with a computer to share functionality
- and/or data with other devices, such as notifications, photos and media
- ({@link android.companion.AssociationRequest#DEVICE_PROFILE_COMPUTER})
- by {@link android.companion.CompanionDeviceManager}.
- <p>Not for use by third-party applications.
- -->
+ and/or data with other devices, such as notifications, photos and media
+ ({@link android.companion.AssociationRequest#DEVICE_PROFILE_COMPUTER})
+ by {@link android.companion.CompanionDeviceManager}.
+ <p>Not for use by third-party applications.
+ -->
<permission android:name="android.permission.REQUEST_COMPANION_PROFILE_COMPUTER"
android:protectionLevel="signature|privileged" />
@@ -4102,6 +4211,8 @@
<!-- Allows an app to prevent non-system-overlay windows from being drawn on top of it -->
<permission android:name="android.permission.HIDE_OVERLAY_WINDOWS"
+ android:label="@string/permlab_hideOverlayWindows"
+ android:description="@string/permdesc_hideOverlayWindows"
android:protectionLevel="normal" />
<!-- ================================== -->
@@ -4125,8 +4236,7 @@
android:description="@string/permdesc_setWallpaperHints"
android:protectionLevel="normal" />
- <!-- Allow the app to read the system wallpaper image without
- holding the READ_EXTERNAL_STORAGE permission.
+ <!-- Allow the app to read the system and lock wallpaper images.
<p>Not for use by third-party applications.
@hide
@SystemApi
@@ -4137,6 +4247,7 @@
<!-- Allow apps to always update wallpaper by sending data.
@SystemApi
@hide
+ @FlaggedApi("com.android.window.flags.always_update_wallpaper_permission")
-->
<permission android:name="android.permission.ALWAYS_UPDATE_WALLPAPER"
android:protectionLevel="internal|role" />
@@ -4300,11 +4411,6 @@
<permission android:name="android.permission.WRITE_DEVICE_CONFIG"
android:protectionLevel="signature|verifier|configurator"/>
- <!-- @SystemApi @hide Allows an application to read config settings.
- <p>Not for use by third-party applications. -->
- <permission android:name="android.permission.READ_DEVICE_CONFIG"
- android:protectionLevel="signature|preinstalled" />
-
<!-- @SystemApi @TestApi @hide Allows an application to modify only allowlisted settings.
<p>Not for use by third-party applications. -->
<permission android:name="android.permission.WRITE_ALLOWLISTED_DEVICE_CONFIG"
@@ -4315,6 +4421,11 @@
<permission android:name="android.permission.READ_WRITE_SYNC_DISABLED_MODE_CONFIG"
android:protectionLevel="signature|verifier|configurator"/>
+ <!-- @SystemApi @hide Allows an application to read config settings.
+ <p>Not for use by third-party applications. -->
+ <permission android:name="android.permission.READ_DEVICE_CONFIG"
+ android:protectionLevel="signature|preinstalled" />
+
<!-- @SystemApi @hide Allows applications like settings to read system-owned
application-specific locale configs.
<p>Not for use by third-party applications. -->
@@ -4326,7 +4437,7 @@
<permission android:name="android.permission.SET_APP_SPECIFIC_LOCALECONFIG"
android:protectionLevel="signature" />
- <!-- @hide Allows an application to monitor {@link android.provider.Settings.Config} access.
+ <!-- @SystemApi @hide Allows an application to monitor {@link android.provider.Settings.Config} access.
<p>Not for use by third-party applications. -->
<permission android:name="android.permission.MONITOR_DEVICE_CONFIG_ACCESS"
android:protectionLevel="signature"/>
@@ -4501,7 +4612,8 @@
<!-- Allows an application to query the current time zone rules state
on device.
- @SystemApi @hide -->
+ @SystemApi @hide
+ @deprecated Vestigial permission declaration. No longer used. -->
<permission android:name="android.permission.QUERY_TIME_ZONE_RULES"
android:protectionLevel="signature|privileged" />
@@ -4510,7 +4622,8 @@
<p>An application requesting this permission is responsible for
verifying the source and integrity of the update before passing
it off to the installer components.
- @SystemApi @hide -->
+ @SystemApi @hide
+ @deprecated Vestigial permission declaration. No longer used. -->
<permission android:name="android.permission.UPDATE_TIME_ZONE_RULES"
android:protectionLevel="signature|privileged" />
@@ -4564,6 +4677,45 @@
<permission android:name="android.permission.REQUEST_UNIQUE_ID_ATTESTATION"
android:protectionLevel="signature" />
+ <!-- Allows an application to get enabled credential manager providers.
+ @hide -->
+ <permission android:name="android.permission.LIST_ENABLED_CREDENTIAL_PROVIDERS"
+ android:protectionLevel="signature|privileged" />
+
+ <!-- Allows a system application to be registered with credential manager without
+ having to be enabled by the user.
+ @hide @SystemApi -->
+ <permission android:name="android.permission.PROVIDE_DEFAULT_ENABLED_CREDENTIAL_SERVICE"
+ android:protectionLevel="signature|privileged" />
+
+ <!-- Allows specifying candidate credential providers to be queried in Credential Manager
+ get flows, or to be preferred as a default in the Credential Manager create flows.
+ <p>Protection level: normal -->
+ <permission android:name="android.permission.CREDENTIAL_MANAGER_SET_ALLOWED_PROVIDERS"
+ android:protectionLevel="normal" />
+
+ <!-- Allows a browser to invoke credential manager APIs on behalf of another RP.
+ <p>Protection level: normal -->
+ <permission android:name="android.permission.CREDENTIAL_MANAGER_SET_ORIGIN"
+ android:protectionLevel="normal" />
+
+ <!-- Allows a browser to invoke the set of query apis to get metadata about credential
+ candidates prepared during the CredentialManager.prepareGetCredential API.
+ <p>Protection level: normal -->
+ <permission android:name="android.permission.CREDENTIAL_MANAGER_QUERY_CANDIDATE_CREDENTIALS"
+ android:protectionLevel="normal" />
+
+ <!-- Allows permission to use Credential Manager UI for providing and saving credentials
+ @hide -->
+ <permission android:name="android.permission.LAUNCH_CREDENTIAL_SELECTOR"
+ android:protectionLevel="signature" />
+
+ <!-- Allows an application to be able to store and retrieve credentials from a remote
+ device.
+ <p>Protection level: signature|privileged|role -->
+ <permission android:name="android.permission.PROVIDE_REMOTE_CREDENTIALS"
+ android:protectionLevel="signature|privileged|role" />
+
<!-- ========================================= -->
<!-- Permissions for special development tools -->
<!-- ========================================= -->
@@ -4591,15 +4743,17 @@
<permission android:name="android.permission.READ_LOGS"
android:protectionLevel="signature|privileged|development" />
- <!-- Allows an application to access the data in Dropbox-->
- <permission android:name="android.permission.READ_DROPBOX_DATA"
- android:protectionLevel="signature|privileged|development" />
-
<!-- Configure an application for debugging.
<p>Not for use by third-party applications. -->
<permission android:name="android.permission.SET_DEBUG_APP"
android:protectionLevel="signature|privileged|development" />
+ <!-- Allows an application to access the data in Dropbox.
+ <p>Not for use by third-party applications.
+ @FlaggedApi("com.android.server.feature.flags.enable_read_dropbox_permission") -->
+ <permission android:name="android.permission.READ_DROPBOX_DATA"
+ android:protectionLevel="signature|privileged|development" />
+
<!-- Allows an application to set the maximum number of (not needed)
application processes that can be running.
<p>Not for use by third-party applications. -->
@@ -4734,7 +4888,7 @@
<permission android:name="android.permission.MANAGE_APP_OPS_RESTRICTIONS"
android:protectionLevel="signature|installer" />
- <!-- Allows an application to update the user app op modes.
+ <!-- @TestApi Allows an application to update the user app op modes.
Not for use by third party apps.
@hide -->
<permission android:name="android.permission.MANAGE_APP_OPS_MODES"
@@ -4815,6 +4969,13 @@
<permission android:name="android.permission.CHANGE_ACCESSIBILITY_VOLUME"
android:protectionLevel="signature" />
+ <!-- @FlaggedApi("com.android.server.accessibility.motion_event_observing")
+ @hide
+ @TestApi
+ Allows an accessibility service to observe motion events without consuming them. -->
+ <permission android:name="android.permission.ACCESSIBILITY_MOTION_EVENT_OBSERVING"
+ android:protectionLevel="signature" />
+
<!-- @hide Allows an application to collect frame statistics -->
<permission android:name="android.permission.FRAME_STATS"
android:protectionLevel="signature" />
@@ -4862,9 +5023,9 @@
android:protectionLevel="signature|recents" />
<!-- @SystemApi Allows an application to set the system audio caption and its UI
- enabled state.
- <p>Not for use by third-party applications.
- @hide -->
+ enabled state.
+ <p>Not for use by third-party applications.
+ @hide -->
<permission android:name="android.permission.SET_SYSTEM_AUDIO_CAPTION"
android:protectionLevel="signature|role" />
@@ -4883,7 +5044,8 @@
android:protectionLevel="signature" />
<!-- Allows access to Test APIs defined in {@link android.view.inputmethod.InputMethodManager}.
- @hide -->
+ @hide
+ @TestApi -->
<permission android:name="android.permission.TEST_INPUT_METHOD"
android:protectionLevel="signature" />
@@ -4995,32 +5157,6 @@
android:protectionLevel="signature" />
<uses-permission android:name="android.permission.BIND_ROTATION_RESOLVER_SERVICE" />
- <!-- @SystemApi Allows an application to access ambient context service.
- @hide <p>Not for use by third-party applications.</p> -->
- <permission android:name="android.permission.ACCESS_AMBIENT_CONTEXT_EVENT"
- android:protectionLevel="signature|privileged|role"/>
-
- <!-- @SystemApi Required by a AmbientContextEventDetectionService
- to ensure that only the service with this permission can bind to it.
- @hide <p>Not for use by third-party applications.</p> -->
- <permission android:name="android.permission.BIND_AMBIENT_CONTEXT_DETECTION_SERVICE"
- android:protectionLevel="signature"/>
-
- <!-- @SystemApi Required by a WearableSensingService to
- ensure that only the caller with this permission can bind to it.
- <p> Protection level: signature
- @hide
- -->
- <permission android:name="android.permission.BIND_WEARABLE_SENSING_SERVICE"
- android:protectionLevel="signature" />
-
- <!-- @SystemApi Allows an app to manage the wearable sensing service.
- <p>Protection level: signature|privileged
- @hide
- -->
- <permission android:name="android.permission.MANAGE_WEARABLE_SENSING_SERVICE"
- android:protectionLevel="signature|privileged" />
-
<!-- Must be required by a {@link android.net.VpnService},
to ensure that only the system can bind to it.
<p>Protection level: signature
@@ -5028,33 +5164,6 @@
<permission android:name="android.permission.BIND_VPN_SERVICE"
android:protectionLevel="signature" />
- <!-- @SystemApi Allows an app to use the on-device intelligence service.
- <p>Protection level: signature|privileged
- @hide
- @FlaggedApi("android.app.ondeviceintelligence.flags.enable_on_device_intelligence")
- -->
- <permission android:name="android.permission.USE_ON_DEVICE_INTELLIGENCE"
- android:protectionLevel="signature|privileged" />
-
-
- <!-- @SystemApi Allows an app to bind the on-device intelligence service.
- <p>Protection level: signature|privileged
- @hide
- @FlaggedApi("android.app.ondeviceintelligence.flags.enable_ondevice_intelligence")
- -->
- <permission android:name="android.permission.BIND_ON_DEVICE_INTELLIGENCE_SERVICE"
- android:protectionLevel="signature|privileged" />
-
-
- <!-- @SystemApi Allows an app to bind the on-device trusted service.
- <p>Protection level: signature|privileged
- @hide
- @FlaggedApi("android.app.ondeviceintelligence.flags.enable_ondevice_intelligence")
- -->
- <permission android:name="android.permission.BIND_ON_DEVICE_SANDBOXED_INFERENCE_SERVICE"
- android:protectionLevel="signature"/>
-
-
<!-- Must be required by a {@link android.service.wallpaper.WallpaperService},
to ensure that only the system can bind to it.
<p>Protection level: signature|privileged
@@ -5062,14 +5171,14 @@
<permission android:name="android.permission.BIND_WALLPAPER"
android:protectionLevel="signature|privileged" />
+
<!-- Must be required by a game service to ensure that only the
system can bind to it.
<p>Protection level: signature
- @SystemApi
@hide
-->
<permission android:name="android.permission.BIND_GAME_SERVICE"
- android:protectionLevel="signature" />
+ android:protectionLevel="signature" />
<!-- Must be required by a {@link android.service.voice.VoiceInteractionService},
to ensure that only the system can bind to it.
@@ -5086,15 +5195,6 @@
<permission android:name="android.permission.BIND_HOTWORD_DETECTION_SERVICE"
android:protectionLevel="signature" />
- <!-- @SystemApi Must be required by a {@link android.service.voice.visualQueryDetection},
- to ensure that only the system can bind to it.
- <p>Protection level: signature
- @hide This is not a third-party API (intended for OEMs and system apps).
- -->
- <permission android:name="android.permission.BIND_VISUAL_QUERY_DETECTION_SERVICE"
- android:protectionLevel="signature" />
-
-
<!-- @SystemApi Allows an application to manage hotword detection and visual query detection
on the device.
<p>Protection level: internal|preinstalled
@@ -5103,6 +5203,14 @@
<permission android:name="android.permission.MANAGE_HOTWORD_DETECTION"
android:protectionLevel="internal|preinstalled" />
+ <!-- @SystemApi Must be required by a {@link android.service.voice.VisualQueryDetectionService},
+ to ensure that only the system can bind to it.
+ <p>Protection level: signature
+ @hide This is not a third-party API (intended for OEMs and system apps).
+ -->
+ <permission android:name="android.permission.BIND_VISUAL_QUERY_DETECTION_SERVICE"
+ android:protectionLevel="signature" />
+
<!-- Allows an application to subscribe to keyguard locked (i.e., showing) state.
<p>Protection level: signature|role
<p>Intended for use by ROLE_ASSISTANT and signature apps only.
@@ -5110,13 +5218,6 @@
<permission android:name="android.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE"
android:protectionLevel="signature|module|role"/>
- <!-- Must be required by a {@link android.service.credentials.CredentialProviderService},
- to ensure that only the system can bind to it.
- <p>Protection level: signature
- -->
- <permission android:name="android.permission.BIND_CREDENTIAL_PROVIDER_SERVICE"
- android:protectionLevel="signature" />
-
<!-- Must be required by a {@link android.service.autofill.AutofillService},
to ensure that only the system can bind to it.
<p>Protection level: signature
@@ -5133,12 +5234,19 @@
<permission android:name="android.permission.BIND_FIELD_CLASSIFICATION_SERVICE"
android:protectionLevel="signature" />
- <!-- Alternative version of android.permission.BIND_AUTOFILL_FIELD_CLASSIFICATION_SERVICE.
- This permission was renamed during the O previews but it was supported on the final O
- release, so we need to carry it over.
+ <!-- Must be required by a CredentialProviderService to ensure that only the
+ system can bind to it.
<p>Protection level: signature
- @hide
- -->
+ -->
+ <permission android:name="android.permission.BIND_CREDENTIAL_PROVIDER_SERVICE"
+ android:protectionLevel="signature" />
+
+ <!-- Alternative version of android.permission.BIND_AUTOFILL_FIELD_CLASSIFICATION_SERVICE.
+ This permission was renamed during the O previews but it was supported on the final O
+ release, so we need to carry it over.
+ <p>Protection level: signature
+ @hide
+ -->
<permission android:name="android.permission.BIND_AUTOFILL"
android:protectionLevel="signature" />
@@ -5174,9 +5282,9 @@
android:protectionLevel="signature" />
<!-- Must be required by a android.service.selectiontoolbar.SelectionToolbarRenderService,
- to ensure that only the system can bind to it.
- @hide This is not a third-party API (intended for OEMs and system apps).
- <p>Protection level: signature
+ to ensure that only the system can bind to it.
+ @hide This is not a third-party API (intended for OEMs and system apps).
+ <p>Protection level: signature
-->
<permission android:name="android.permission.BIND_SELECTION_TOOLBAR_RENDER_SERVICE"
android:protectionLevel="signature" />
@@ -5212,6 +5320,16 @@
<permission android:name="android.permission.BIND_CONTENT_SUGGESTIONS_SERVICE"
android:protectionLevel="signature" />
+ <!-- Must be required by a
+ android.service.wallpapereffectsgeneration.WallpaperEffectsGenerationService,
+ to ensure that only the system can bind to it.
+ @SystemApi @hide This is not a third-party API (intended for OEMs and system apps).
+ <p>Protection level: signature
+ -->
+ <permission android:name="android.permission.BIND_WALLPAPER_EFFECTS_GENERATION_SERVICE"
+ android:protectionLevel="signature" />
+
+
<!-- Must be declared by a android.service.musicrecognition.MusicRecognitionService,
to ensure that only the system can bind to it.
@SystemApi @hide This is not a third-party API (intended for OEMs and system apps).
@@ -5234,7 +5352,9 @@
this permission, it must hold the permission and be the active VoiceInteractionService in
the system.
{@see Settings.Secure.VOICE_INTERACTION_SERVICE}
- @hide -->
+ @hide @SystemApi Intended for OEM and system apps.
+ <p>Protection level: signature|privileged
+ -->
<permission android:name="android.permission.MANAGE_VOICE_KEYPHRASES"
android:protectionLevel="signature|privileged" />
@@ -5243,7 +5363,9 @@
sound models at any time. This permission should be reserved for system enrollment
applications detected by {@link android.hardware.soundtrigger.KeyphraseEnrollmentInfo}
only.
- @hide <p>Not for use by third-party applications.</p> -->
+ @hide @SystemApi Intended for OEM and system apps.
+ <p>Protection level: signature|privileged
+ -->
<permission android:name="android.permission.KEYPHRASE_ENROLLMENT_APPLICATION"
android:protectionLevel="signature|privileged" />
@@ -5256,6 +5378,7 @@
<!-- Must be required by a android.media.tv.ad.TvAdService to ensure that only the system can
bind to it.
<p>Protection level: signature|privileged
+ @FlaggedApi("android.media.tv.flags.enable_ad_service_fw")
-->
<permission android:name="android.permission.BIND_TV_AD_SERVICE"
android:protectionLevel="signature|privileged" />
@@ -5283,15 +5406,6 @@
<permission android:name="android.permission.BIND_TV_REMOTE_SERVICE"
android:protectionLevel="signature|privileged" />
- <!-- @SystemApi Allows TV input apps and TV apps to use TIS extension interfaces for
- domain-specific features.
- <p>Protection level: signature|privileged|vendorPrivileged
- <p>Not for use by third-party applications.
- @hide
- -->
- <permission android:name="android.permission.TIS_EXTENSION_INTERFACE"
- android:protectionLevel="signature|privileged|vendorPrivileged" />
-
<!-- @SystemApi
Must be required for a virtual remote controller for TV.
<p>Protection level: signature|privileged
@@ -5335,7 +5449,7 @@
<!-- @SystemApi This permission is required by Media Resource Manager Service when
system services create MediaCodecs on behalf of other processes and apps.
- <p>Protection level: signature
+ <p>Protection level: signature|privileged|vendorPrivileged
<p>Not for use by third-party applications.
@hide -->
<permission android:name="android.permission.MEDIA_RESOURCE_OVERRIDE_PID"
@@ -5409,26 +5523,6 @@
<permission android:name="android.permission.SET_KEYBOARD_LAYOUT"
android:protectionLevel="signature" />
- <!-- Allows low-level access for re-mapping modifier keys.
- <p>Not for use by third-party applications.
- @hide
- @TestApi -->
- <permission android:name="android.permission.REMAP_MODIFIER_KEYS"
- android:protectionLevel="signature" />
-
- <!-- Allows low-level access for monitoring keyboard backlight changes.
- <p>Not for use by third-party applications.
- @hide -->
- <permission android:name="android.permission.MONITOR_KEYBOARD_BACKLIGHT"
- android:protectionLevel="signature" />
-
- <!-- Allows low-level access for monitoring changes to sticky modifier state, when A11y
- Sitcky keys feature is enabled.
- <p>Not for use by third-party applications.
- @hide -->
- <permission android:name="android.permission.MONITOR_STICKY_MODIFIER_STATE"
- android:protectionLevel="signature" />
-
<!-- Allows an app to schedule a prioritized alarm that can be used to perform
background work even when the device is in doze.
<p>Not for use by third-party applications.
@@ -5439,27 +5533,53 @@
android:protectionLevel="signature|privileged"/>
<!-- Allows applications to use exact alarm APIs.
- <p>Exact alarms should only be used for user-facing features.
- For more details, see <a
- href="{@docRoot}about/versions/12/behavior-changes-12#exact-alarm-permission">
- Exact alarm permission</a>.
- <p>Apps who hold this permission and target API level 31 or above, always stay in the
+ <p>This is a special access permission that can be revoked by the system or the user.
+ It should only be used to enable <b>user-facing features</b> that require exact alarms.
+ For more details, please go through the associated
+ <a href="{@docRoot}training/scheduling/alarms#exact">developer docs</a>.
+ <p>Apps need to target API {@link android.os.Build.VERSION_CODES#S} or above to be able to
+ request this permission. Note that apps targeting lower API levels do not need this
+ permission to use exact alarm APIs.
+ <p>Apps that hold this permission and target API
+ {@link android.os.Build.VERSION_CODES#TIRAMISU} and below always stay in the
{@link android.app.usage.UsageStatsManager#STANDBY_BUCKET_WORKING_SET WORKING_SET} or
lower standby bucket.
- Applications targeting API level 30 or below do not need this permission to use
- exact alarm APIs.
+ <p>If your app relies on exact alarms for core functionality, it can instead request
+ {@link android.Manifest.permission#USE_EXACT_ALARM} once it targets API
+ {@link android.os.Build.VERSION_CODES#TIRAMISU}. All apps using exact alarms for secondary
+ features (which should still be user facing) should continue using this permission.
+ <p>Protection level: signature|privileged|appop
-->
<permission android:name="android.permission.SCHEDULE_EXACT_ALARM"
+ android:label="@string/permlab_schedule_exact_alarm"
+ android:description="@string/permdesc_schedule_exact_alarm"
android:protectionLevel="signature|privileged|appop"/>
- <!-- Allows apps to use exact alarms just like with SCHEDULE_EXACT_ALARM but without needing
- to request this permission from the user.
- <p><b>This is only for apps that rely on exact alarms for their core functionality.</b>
- App stores may enforce policies to audit and review the use of this permission. Any app that
- requests this but is found to not require exact alarms for its primary function may be
- removed from the app store.
+ <!-- Allows apps to use exact alarms just like with {@link
+ android.Manifest.permission#SCHEDULE_EXACT_ALARM} but without needing to request this
+ permission from the user.
+ <p><b> This is only intended for use by apps that rely on exact alarms for their core
+ functionality.</b> You should continue using {@code SCHEDULE_EXACT_ALARM} if your app needs
+ exact alarms for a secondary feature that users may or may not use within your app.
+ <p> Keep in mind that this is a powerful permission and app stores may enforce policies to
+ audit and review the use of this permission. Such audits may involve removal from the app
+ store if the app is found to be misusing this permission.
+ <p> Apps need to target API {@link android.os.Build.VERSION_CODES#TIRAMISU} or above to be
+ able to request this permission. Note that only one of {@code USE_EXACT_ALARM} or
+ {@code SCHEDULE_EXACT_ALARM} should be requested on a device. If your app is already using
+ {@code SCHEDULE_EXACT_ALARM} on older SDKs but needs {@code USE_EXACT_ALARM} on SDK 33 and
+ above, then {@code SCHEDULE_EXACT_ALARM} should be declared with a max-sdk attribute, like:
+ <pre>
+ &lt;uses-permission android:name="android.permission.SCHEDULE_EXACT_ALARM"
+ &Tab; android:maxSdkVersion="32" /&gt;
+ </pre>
+ <p>Apps that hold this permission, always stay in the
+ {@link android.app.usage.UsageStatsManager#STANDBY_BUCKET_WORKING_SET WORKING_SET} or
+ lower standby bucket.
-->
<permission android:name="android.permission.USE_EXACT_ALARM"
+ android:label="@string/permlab_use_exact_alarm"
+ android:description="@string/permdesc_use_exact_alarm"
android:protectionLevel="normal"/>
<!-- Allows an application to query tablet mode state and monitor changes
@@ -5550,9 +5670,10 @@
of a session based install.
<p>Not for use by third-party applications.
@hide
+ @FlaggedApi("android.content.pm.get_resolved_apk_path")
-->
<permission android:name="android.permission.READ_INSTALLED_SESSION_PATHS"
- android:protectionLevel="signature|installer" />
+ android:protectionLevel="signature|installer" />
<uses-permission android:name="android.permission.READ_INSTALLED_SESSION_PATHS" />
<!-- Allows an application to use System Data Loaders.
@@ -5640,7 +5761,7 @@
<permission android:name="android.permission.CHANGE_COMPONENT_ENABLED_STATE"
android:protectionLevel="signature|privileged|role" />
- <!-- @SystemApi Allows an application to grant specific permissions.
+ <!-- @SystemApi @TestApi iAllows an application to grant specific permissions.
@hide -->
<permission android:name="android.permission.GRANT_RUNTIME_PERMISSIONS"
android:protectionLevel="signature|installer|verifier" />
@@ -5662,11 +5783,11 @@
<permission android:name="android.permission.REVOKE_RUNTIME_PERMISSIONS"
android:protectionLevel="signature|installer|verifier" />
- <!-- @TestApi Allows an application to revoke the POST_NOTIFICATIONS permission from an app
- without killing the app. Only granted to the shell.
- @hide -->
+ <!-- @TestApi Allows an application to revoke the POST_NOTIFICATIONS permission from an app
+ without killing the app. Only granted to the shell.
+ @hide -->
<permission android:name="android.permission.REVOKE_POST_NOTIFICATIONS_WITHOUT_KILL"
- android:protectionLevel="signature" />
+ android:protectionLevel="signature" />
<!-- @SystemApi Allows the system to read runtime permission state.
@hide -->
@@ -5680,7 +5801,7 @@
<permission android:name="android.permission.RESTORE_RUNTIME_PERMISSIONS"
android:protectionLevel="signature" />
- <!-- @SystemApi Allows an application to change policy_fixed permissions.
+ <!-- @SystemApi @TestApi Allows an application to change policy_fixed permissions.
@hide -->
<permission android:name="android.permission.ADJUST_RUNTIME_PERMISSIONS_POLICY"
android:protectionLevel="signature|installer" />
@@ -5691,7 +5812,7 @@
android:protectionLevel="signature" />
<!-- @SystemApi Allows an application to allowlist restricted permissions
- on any of the whitelists.
+ on any of the allowlists.
@hide -->
<permission android:name="android.permission.WHITELIST_RESTRICTED_PERMISSIONS"
android:protectionLevel="signature|installer" />
@@ -5715,6 +5836,7 @@
@hide -->
<permission android:name="android.permission.MANAGE_ROLE_HOLDERS"
android:protectionLevel="signature|installer|module" />
+ <uses-permission android:name="android.permission.MANAGE_ROLE_HOLDERS" />
<!-- @SystemApi Allows an application to manage the holders of roles associated with default
applications.
@@ -5739,21 +5861,34 @@
<!-- Allows an application to manage the companion devices.
@hide -->
<permission android:name="android.permission.MANAGE_COMPANION_DEVICES"
- android:protectionLevel="signature|role|module" />
+ android:protectionLevel="module|signature|role" />
<!-- Allows an application to subscribe to notifications about the presence status change
of their associated companion device
-->
<permission android:name="android.permission.REQUEST_OBSERVE_COMPANION_DEVICE_PRESENCE"
+ android:label="@string/permlab_observeCompanionDevicePresence"
+ android:description="@string/permdesc_observeCompanionDevicePresence"
android:protectionLevel="normal" />
+ <!-- Allows an application to subscribe to notifications about the nearby devices' presence
+ status change base on the UUIDs.
+ <p>Not for use by third-party applications.</p>
+ @FlaggedApi("android.companion.flags.device_presence")
+ -->
+ <permission android:name="android.permission.REQUEST_OBSERVE_DEVICE_UUID_PRESENCE"
+ android:protectionLevel="signature|privileged" />
+
<!-- Allows an application to deliver companion messages to system
-->
<permission android:name="android.permission.DELIVER_COMPANION_MESSAGES"
+ android:label="@string/permlab_deliverCompanionMessages"
+ android:description="@string/permdesc_deliverCompanionMessages"
android:protectionLevel="normal" />
- <!-- Allows an application to use companion transports
- @hide -->
+ <!-- @hide @FlaggedApi("android.companion.flags.companion_transport_apis")
+ Allows an application to send and receive messages via CDM transports.
+ -->
<permission android:name="android.permission.USE_COMPANION_TRANSPORTS"
android:protectionLevel="signature" />
@@ -5778,7 +5913,7 @@
<permission android:name="android.permission.ROTATE_SURFACE_FLINGER"
android:protectionLevel="signature|recents" />
- <!-- @SystemApi Allows an application to provide hints to SurfaceFlinger that can influence
+ <!-- Allows an application to provide hints to SurfaceFlinger that can influence
its wakes up time to compose the next frame. This is a subset of the capabilities granted
by {@link #ACCESS_SURFACE_FLINGER}.
<p>Not for use by third-party applications.
@@ -5795,6 +5930,13 @@
<permission android:name="android.permission.READ_FRAME_BUFFER"
android:protectionLevel="signature|recents" />
+ <!-- Allows an application to change the touch mode state.
+ Without this permission, an app can only change the touch mode
+ if it currently has focus.
+ @hide -->
+ <permission android:name="android.permission.MODIFY_TOUCH_MODE_STATE"
+ android:protectionLevel="signature" />
+
<!-- Allows an application to use InputFlinger's low level features.
@hide -->
<permission android:name="android.permission.ACCESS_INPUT_FLINGER"
@@ -5807,12 +5949,10 @@
<permission android:name="android.permission.DISABLE_INPUT_DEVICE"
android:protectionLevel="signature" />
- <!-- Allows an application to configure and connect to Wifi displays
- @hide
- @SystemApi -->
+ <!-- Allows an application to configure and connect to Wifi displays -->
<permission android:name="android.permission.CONFIGURE_WIFI_DISPLAY"
- android:protectionLevel="signature|knownSigner"
- android:knownCerts="@array/wifi_known_signers" />
+ android:protectionLevel="signature|knownSigner"
+ android:knownCerts="@array/wifi_known_signers" />
<!-- Allows an application to control low-level features of Wifi displays
such as opening an RTSP socket. This permission should only be used
@@ -5847,7 +5987,7 @@
<permission android:name="android.permission.CONTROL_DISPLAY_COLOR_TRANSFORMS"
android:protectionLevel="signature|privileged" />
- <!-- Allows an application to collect usage infomation about brightness slider changes.
+ <!-- Allows an application to collect usage information about brightness slider changes.
<p>Not for use by third-party applications.</p>
@hide
@SystemApi
@@ -5992,21 +6132,21 @@
<permission android:name="android.permission.MODIFY_AUDIO_ROUTING"
android:protectionLevel="signature|privileged|role" />
- <!-- @SystemApi Allows an application to access the uplink and downlink audio of an ongoing
- call.
- <p>Not for use by third-party applications.</p>
- @hide -->
- <permission android:name="android.permission.CALL_AUDIO_INTERCEPTION"
- android:protectionLevel="signature|privileged|role" />
-
<!--@SystemApi Allows an application to modify system audio settings that shouldn't be
- controllable by external apps, such as volume settings or volume behaviors for audio
- devices, regardless of their connection status.
- <p>Not for use by third-party applications.
- @hide -->
+ controllable by external apps, such as volume settings or volume behaviors for audio
+ devices, regardless of their connection status.
+ <p>Not for use by third-party applications.
+ @hide -->
<permission android:name="android.permission.MODIFY_AUDIO_SETTINGS_PRIVILEGED"
android:protectionLevel="signature|privileged" />
+ <!-- @SystemApi Allows an application to access the uplink and downlink audio of an ongoing
+ call.
+ <p>Not for use by third-party applications.</p>
+ @hide -->
+ <permission android:name="android.permission.CALL_AUDIO_INTERCEPTION"
+ android:protectionLevel="signature|privileged|role" />
+
<!-- @TestApi Allows an application to query audio related state.
@hide -->
<permission android:name="android.permission.QUERY_AUDIO_STATE"
@@ -6052,9 +6192,9 @@
android:protectionLevel="signature|privileged" />
<!-- Allows an application to control the routing of media apps.
- <p>Only for use by role COMPANION_DEVICE_WATCH</p>
- @FlaggedApi("com.android.media.flags.enable_privileged_routing_for_media_routing_control")
- -->
+ <p>Only for use by role COMPANION_DEVICE_WATCH</p>
+ @FlaggedApi("com.android.media.flags.enable_privileged_routing_for_media_routing_control")
+ -->
<permission android:name="android.permission.MEDIA_ROUTING_CONTROL"
android:protectionLevel="signature|appop" />
@@ -6112,7 +6252,7 @@
<!-- @hide @SystemApi Allows an application to manage Low Power Standby settings.
<p>Not for use by third-party applications. -->
<permission android:name="android.permission.MANAGE_LOW_POWER_STANDBY"
- android:protectionLevel="signature|privileged" />
+ android:protectionLevel="signature|privileged" />
<!-- @hide @SystemApi Allows an application to request ports to remain open during
Low Power Standby.
@@ -6176,6 +6316,7 @@
<p>Not for use by third-party applications. -->
<permission android:name="android.permission.CALL_PRIVILEGED"
android:protectionLevel="signature|privileged" />
+ <uses-permission android:name="android.permission.CALL_PRIVILEGED" />
<!-- @SystemApi Allows an application to perform CDMA OTA provisioning @hide -->
<permission android:name="android.permission.PERFORM_CDMA_PROVISIONING"
@@ -6242,8 +6383,7 @@
<permission android:name="android.permission.CHANGE_APP_IDLE_STATE"
android:protectionLevel="signature|privileged" />
- <!-- @hide @TestApi @SystemApi Allows an application to change the estimated launch time
- of an app.
+ <!-- @hide @SystemApi Allows an application to change the estimated launch time of an app.
<p>Not for use by third-party applications. -->
<permission android:name="android.permission.CHANGE_APP_LAUNCH_TIME_ESTIMATE"
android:protectionLevel="signature|privileged" />
@@ -6303,11 +6443,6 @@
<permission android:name="android.permission.RECOVER_KEYSTORE"
android:protectionLevel="signature|privileged" />
- <!-- @SystemApi Allows application to verify lockscreen credentials provided by a remote device.
- @hide -->
- <permission android:name="android.permission.CHECK_REMOTE_LOCKSCREEN"
- android:protectionLevel="signature|privileged" />
-
<!-- Allows a package to launch the secure full-backup confirmation UI.
ONLY the system process may hold this permission.
@hide -->
@@ -6405,8 +6540,8 @@
<permission android:name="android.permission.SET_WALLPAPER_COMPONENT"
android:protectionLevel="signature|privileged" />
- <!-- @SystemApi Allows applications to set wallpaper dim amount.
- @hide -->
+ <!-- @SystemApi Allows applications to set the wallpaper dim amount.
+ @hide. -->
<permission android:name="android.permission.SET_WALLPAPER_DIM_AMOUNT"
android:protectionLevel="signature|privileged" />
@@ -6606,6 +6741,11 @@
<permission android:name="android.permission.SET_AND_VERIFY_LOCKSCREEN_CREDENTIALS"
android:protectionLevel="signature"/>
+ <!-- @SystemApi Allows application to verify lockscreen credentials provided by a remote device.
+ @hide -->
+ <permission android:name="android.permission.CHECK_REMOTE_LOCKSCREEN"
+ android:protectionLevel="signature|privileged" />
+
<!-- Allows managing (adding, removing) fingerprint templates. Reserved for the system. @hide -->
<permission android:name="android.permission.MANAGE_FINGERPRINT"
android:protectionLevel="signature|privileged" />
@@ -6634,12 +6774,12 @@
<!-- Allows the system to control the BiometricDialog (SystemUI). Reserved for the system. @hide -->
<permission android:name="android.permission.MANAGE_BIOMETRIC_DIALOG"
- android:protectionLevel="signature" />
+ android:protectionLevel="signature" />
<!-- Allows an application to set the BiometricDialog (SystemUI) logo .
- <p>Not for use by third-party applications.
- @FlaggedApi("android.hardware.biometrics.custom_biometric_prompt")
--->
+ <p>Not for use by third-party applications.
+ @FlaggedApi("android.hardware.biometrics.custom_biometric_prompt")
+ -->
<permission android:name="android.permission.SET_BIOMETRIC_DIALOG_LOGO"
android:protectionLevel="signature" />
@@ -6952,12 +7092,16 @@
<!-- Allows the holder to read blocked numbers. See
{@link android.provider.BlockedNumberContract}.
+ @SystemApi
+ @FlaggedApi("com.android.server.telecom.flags.telecom_resolve_hidden_dependencies")
@hide -->
<permission android:name="android.permission.READ_BLOCKED_NUMBERS"
android:protectionLevel="signature" />
<!-- Allows the holder to write blocked numbers. See
{@link android.provider.BlockedNumberContract}.
+ @SystemApi
+ @FlaggedApi("com.android.server.telecom.flags.telecom_resolve_hidden_dependencies")
@hide -->
<permission android:name="android.permission.WRITE_BLOCKED_NUMBERS"
android:protectionLevel="signature" />
@@ -7016,6 +7160,11 @@
<permission android:name="android.permission.MANAGE_ROTATION_RESOLVER"
android:protectionLevel="signature"/>
+ <!-- @SystemApi Allows an application to manage the cloudsearch service.
+ @hide <p>Not for use by third-party applications.</p> -->
+ <permission android:name="android.permission.MANAGE_CLOUDSEARCH"
+ android:protectionLevel="signature|privileged|role" />
+
<!-- @SystemApi Allows an application to manage the music recognition service.
@hide <p>Not for use by third-party applications.</p> -->
<permission android:name="android.permission.MANAGE_MUSIC_RECOGNITION"
@@ -7047,34 +7196,23 @@
android:protectionLevel="signature" />
<!-- @SystemApi Allows an application to access the smartspace service as a client.
+ @FlaggedApi(android.app.smartspace.flags.Flags.FLAG_ACCESS_SMARTSPACE)
@hide <p>Not for use by third-party applications.</p> -->
<permission android:name="android.permission.ACCESS_SMARTSPACE"
android:protectionLevel="signature|privileged|development" />
<!-- @SystemApi Allows an application to manage the wallpaper effects
- generation service.
- @hide <p>Not for use by third-party applications.</p> -->
+ generation service.
+ @hide <p>Not for use by third-party applications.</p> -->
<permission android:name="android.permission.MANAGE_WALLPAPER_EFFECTS_GENERATION"
android:protectionLevel="signature|privileged" />
- <!-- @SystemApi Allows an application to manage the cloudsearch service.
- @hide <p>Not for use by third-party applications.</p> -->
- <permission android:name="android.permission.MANAGE_CLOUDSEARCH"
- android:protectionLevel="signature|privileged|role" />
-
<!-- Allows an app to set the theme overlay in /vendor/overlay
being used.
@hide <p>Not for use by third-party applications.</p> -->
<permission android:name="android.permission.MODIFY_THEME_OVERLAY"
android:protectionLevel="signature" />
-
- <!-- Allows reporting the ThemeOverlayController readiness.
- @hide <p>Not for use by third-party applications.</p> -->
- <permission android:name="android.permission.SET_THEME_OVERLAY_CONTROLLER_READY"
- android:protectionLevel="signature|setup"/>
-
-
<!-- Allows an instant app to create foreground services.
<p>Protection level: signature|development|instant|appop -->
<permission android:name="android.permission.INSTANT_APP_FOREGROUND_SERVICE"
@@ -7094,6 +7232,8 @@
<p>Protection level: normal|instant
-->
<permission android:name="android.permission.FOREGROUND_SERVICE_CAMERA"
+ android:description="@string/permdesc_foregroundServiceCamera"
+ android:label="@string/permlab_foregroundServiceCamera"
android:protectionLevel="normal|instant" />
<!-- Allows a regular application to use {@link android.app.Service#startForeground
@@ -7101,6 +7241,8 @@
<p>Protection level: normal|instant
-->
<permission android:name="android.permission.FOREGROUND_SERVICE_CONNECTED_DEVICE"
+ android:description="@string/permdesc_foregroundServiceConnectedDevice"
+ android:label="@string/permlab_foregroundServiceConnectedDevice"
android:protectionLevel="normal|instant" />
<!-- Allows a regular application to use {@link android.app.Service#startForeground
@@ -7108,6 +7250,8 @@
<p>Protection level: normal|instant
-->
<permission android:name="android.permission.FOREGROUND_SERVICE_DATA_SYNC"
+ android:description="@string/permdesc_foregroundServiceDataSync"
+ android:label="@string/permlab_foregroundServiceDataSync"
android:protectionLevel="normal|instant" />
<!-- Allows a regular application to use {@link android.app.Service#startForeground
@@ -7115,6 +7259,8 @@
<p>Protection level: normal|instant
-->
<permission android:name="android.permission.FOREGROUND_SERVICE_LOCATION"
+ android:description="@string/permdesc_foregroundServiceLocation"
+ android:label="@string/permlab_foregroundServiceLocation"
android:protectionLevel="normal|instant" />
<!-- Allows a regular application to use {@link android.app.Service#startForeground
@@ -7122,6 +7268,8 @@
<p>Protection level: normal|instant
-->
<permission android:name="android.permission.FOREGROUND_SERVICE_MEDIA_PLAYBACK"
+ android:description="@string/permdesc_foregroundServiceMediaPlayback"
+ android:label="@string/permlab_foregroundServiceMediaPlayback"
android:protectionLevel="normal|instant" />
<!-- Allows a regular application to use {@link android.app.Service#startForeground
@@ -7129,6 +7277,8 @@
<p>Protection level: normal|instant
-->
<permission android:name="android.permission.FOREGROUND_SERVICE_MEDIA_PROJECTION"
+ android:description="@string/permdesc_foregroundServiceMediaProjection"
+ android:label="@string/permlab_foregroundServiceMediaProjection"
android:protectionLevel="normal|instant" />
<!-- Allows a regular application to use {@link android.app.Service#startForeground
@@ -7136,6 +7286,8 @@
<p>Protection level: normal|instant
-->
<permission android:name="android.permission.FOREGROUND_SERVICE_MICROPHONE"
+ android:description="@string/permdesc_foregroundServiceMicrophone"
+ android:label="@string/permlab_foregroundServiceMicrophone"
android:protectionLevel="normal|instant" />
<!-- Allows a regular application to use {@link android.app.Service#startForeground
@@ -7143,6 +7295,8 @@
<p>Protection level: normal|instant
-->
<permission android:name="android.permission.FOREGROUND_SERVICE_PHONE_CALL"
+ android:description="@string/permdesc_foregroundServicePhoneCall"
+ android:label="@string/permlab_foregroundServicePhoneCall"
android:protectionLevel="normal|instant" />
<!-- Allows a regular application to use {@link android.app.Service#startForeground
@@ -7150,6 +7304,8 @@
<p>Protection level: normal|instant
-->
<permission android:name="android.permission.FOREGROUND_SERVICE_HEALTH"
+ android:description="@string/permdesc_foregroundServiceHealth"
+ android:label="@string/permlab_foregroundServiceHealth"
android:protectionLevel="normal|instant" />
<!-- Allows a regular application to use {@link android.app.Service#startForeground
@@ -7157,6 +7313,8 @@
<p>Protection level: normal|instant
-->
<permission android:name="android.permission.FOREGROUND_SERVICE_REMOTE_MESSAGING"
+ android:description="@string/permdesc_foregroundServiceRemoteMessaging"
+ android:label="@string/permlab_foregroundServiceRemoteMessaging"
android:protectionLevel="normal|instant" />
<!-- Allows a regular application to use {@link android.app.Service#startForeground
@@ -7166,6 +7324,8 @@
<p>Protection level: normal|instant
-->
<permission android:name="android.permission.FOREGROUND_SERVICE_SYSTEM_EXEMPTED"
+ android:description="@string/permdesc_foregroundServiceSystemExempted"
+ android:label="@string/permlab_foregroundServiceSystemExempted"
android:protectionLevel="normal|instant" />
<!-- Allows a regular application to use {@link android.app.Service#startForeground
@@ -7193,6 +7353,8 @@
<p>Protection level: normal|appop|instant
-->
<permission android:name="android.permission.FOREGROUND_SERVICE_SPECIAL_USE"
+ android:description="@string/permdesc_foregroundServiceSpecialUse"
+ android:label="@string/permlab_foregroundServiceSpecialUse"
android:protectionLevel="normal|appop|instant" />
<!-- @SystemApi Allows to access all app shortcuts.
@@ -7287,17 +7449,11 @@
android:protectionLevel="signature" />
<!-- @SystemApi Allows modifying accessibility state.
+ <p> The only approved role for this permission is COMPANION_DEVICE_APP_STREAMING.
@hide -->
<permission android:name="android.permission.MANAGE_ACCESSIBILITY"
android:protectionLevel="signature|setup|recents|role" />
- <!-- @FlaggedApi("com.android.server.accessibility.motion_event_observing")
- @hide
- @TestApi
- Allows an accessibility service to observe motion events without consuming them. -->
- <permission android:name="android.permission.ACCESSIBILITY_MOTION_EVENT_OBSERVING"
- android:protectionLevel="signature" />
-
<!-- @SystemApi Allows an app to grant a profile owner access to device identifiers.
<p>Not for use by third-party applications.
@deprecated
@@ -7412,8 +7568,8 @@
<!-- Allows input events to be monitored. Very dangerous! @hide -->
<permission android:name="android.permission.MONITOR_INPUT"
android:protectionLevel="signature|recents" />
- <!-- Allows the use of FLAG_SLIPPERY, which permits touch events to slip from the current
- window to the window where the touch currently is on top of. @hide -->
+ <!-- @SystemApi Allows the use of FLAG_SLIPPERY, which permits touch events to slip from the
+ current window to the window where the touch currently is on top of. @hide -->
<permission android:name="android.permission.ALLOW_SLIPPERY_TOUCHES"
android:protectionLevel="signature|privileged|recents|role" />
<!-- Allows the caller to change the associations between input devices and displays.
@@ -7475,6 +7631,11 @@
<permission android:name="android.permission.RESET_APP_ERRORS"
android:protectionLevel="signature" />
+ <!-- @hide Allows ThemeOverlayController to delay launch of Home / SetupWizard on boot, ensuring
+ Theme Palettes and Colors are ready -->
+ <permission android:name="android.permission.SET_THEME_OVERLAY_CONTROLLER_READY"
+ android:protectionLevel="signature|setup" />
+
<!-- @hide Allows an application to create/destroy input consumer. -->
<permission android:name="android.permission.INPUT_CONSUMER"
android:protectionLevel="signature" />
@@ -7504,38 +7665,34 @@
<permission android:name="android.permission.MANAGE_GAME_MODE"
android:protectionLevel="signature|privileged" />
+ <!-- @TestApi Allows setting the game service provider, meant for tests only.
+ @hide -->
+ <permission android:name="android.permission.SET_GAME_SERVICE"
+ android:protectionLevel="signature" />
+
<!-- @SystemApi Allows accessing the frame rate per second of a given application
- @hide -->
+ @hide -->
<permission android:name="android.permission.ACCESS_FPS_COUNTER"
android:protectionLevel="signature|privileged" />
- <!-- @SystemApi Allows managing the GameService APIs
- @hide -->
+ <!-- @SystemApi Allows the GameService provider to create GameSession and call GameSession
+ APIs and overlay a view on top of the game's Activity.
+ @hide -->
<permission android:name="android.permission.MANAGE_GAME_ACTIVITY"
android:protectionLevel="signature|privileged" />
- <!-- Allows managing the Game service
- @hide @TestApi Used only for testing. -->
- <permission android:name="android.permission.SET_GAME_SERVICE"
- android:protectionLevel="signature" />
-
<!-- @SystemApi Allows the holder to register callbacks to inform the RebootReadinessManager
when they are performing reboot-blocking work.
@hide -->
<permission android:name="android.permission.SIGNAL_REBOOT_READINESS"
android:protectionLevel="signature|privileged" />
- <!-- @SystemApi Allows an application to change the touch mode state.
- @hide -->
- <permission android:name="android.permission.MODIFY_TOUCH_MODE_STATE"
- android:protectionLevel="signature" />
-
<!-- @SystemApi Allows the holder to launch an Intent Resolver flow with custom presentation
and/or targets.
- @FlaggedApi("android.service.chooser.support_nfc_resolver")
+ @FlaggedApi("android.nfc.enable_nfc_mainline")
@hide -->
<permission android:name="android.permission.SHOW_CUSTOMIZED_RESOLVER"
- android:protectionLevel="signature|privileged" />
+ android:protectionLevel="signature|privileged" />
<!-- @hide Allows an application to get a People Tile preview for a given shortcut. -->
<permission android:name="android.permission.GET_PEOPLE_TILE_PREVIEW"
@@ -7553,7 +7710,10 @@
android:protectionLevel="signature|privileged" />
<!-- Allows an application to read nearby streaming policy. The policy controls
- whether to allow the device to stream its notifications and apps to nearby devices. -->
+ whether to allow the device to stream its notifications and apps to nearby devices.
+ Applications that are not the device owner will need this permission to call
+ {@link android.app.admin.DevicePolicyManager#getNearbyNotificationStreamingPolicy} or
+ {@link android.app.admin.DevicePolicyManager#getNearbyAppStreamingPolicy}. -->
<permission android:name="android.permission.READ_NEARBY_STREAMING_POLICY"
android:protectionLevel="normal" />
@@ -7589,6 +7749,7 @@
android:protectionLevel="normal" />
<uses-permission android:name="android.permission.ENFORCE_UPDATE_OWNERSHIP" />
+
<!-- Allows an application to take screenshots of layers that normally would be blacked out when
a screenshot is taken. Specifically, layers that have the flag
{@link android.view.SurfaceControl#SECURE} will be screenshot if the caller requests to
@@ -7599,16 +7760,8 @@
<permission android:name="android.permission.CAPTURE_BLACKOUT_CONTENT"
android:protectionLevel="signature" />
- <!-- Allows read only access to phone state with a non dangerous permission,
- including the information like cellular network type, software version. -->
- <permission android:name="android.permission.READ_BASIC_PHONE_STATE"
- android:permissionGroup="android.permission-group.UNDEFINED"
- android:label="@string/permlab_readBasicPhoneState"
- android:description="@string/permdesc_readBasicPhoneState"
- android:protectionLevel="normal" />
-
<!-- @SystemApi Allows an application to query over global data in AppSearch.
- @hide -->
+ @hide -->
<permission android:name="android.permission.READ_GLOBAL_APP_SEARCH_DATA"
android:protectionLevel="internal|role" />
@@ -7679,6 +7832,19 @@
<permission android:name="android.permission.MANAGE_SAFETY_CENTER"
android:protectionLevel="internal|installer|role" />
+ <!-- @SystemApi Allows an application to access the AmbientContextEvent service.
+ @hide
+ -->
+ <permission android:name="android.permission.ACCESS_AMBIENT_CONTEXT_EVENT"
+ android:protectionLevel="signature|privileged|role"/>
+
+ <!-- @SystemApi Required by a AmbientContextEventDetectionService
+ to ensure that only the service with this permission can bind to it.
+ @hide
+ -->
+ <permission android:name="android.permission.BIND_AMBIENT_CONTEXT_DETECTION_SERVICE"
+ android:protectionLevel="signature" />
+
<!-- @SystemApi Allows an app to set keep-clear areas without restrictions on the size or
number of keep-clear areas (see {@link android.view.View#setPreferKeepClearRects}).
When the system arranges floating windows onscreen, it might decide to ignore keep-clear
@@ -7695,9 +7861,23 @@
<permission android:name="android.permission.SET_UNRESTRICTED_GESTURE_EXCLUSION"
android:protectionLevel="signature|privileged|recents" />
+ <!-- @SystemApi Allows TV input apps and TV apps to use TIS extension interfaces for
+ domain-specific features.
+ <p>Protection level: signature|privileged|vendorPrivileged
+ <p>Not for use by third-party applications.
+ @hide
+ -->
+ <permission android:name="android.permission.TIS_EXTENSION_INTERFACE"
+ android:protectionLevel="signature|privileged|vendorPrivileged" />
+
+ <!-- @SystemApi Allows an application to write to the security log buffer in logd.
+ @hide -->
+ <permission android:name="android.permission.WRITE_SECURITY_LOG"
+ android:protectionLevel="signature|privileged" />
+
<!-- Allows an UID to be visible to the application based on an interaction between the
two apps. This permission is not intended to be held by apps.
- @hide @TestApi -->
+ @hide @TestApi @SystemApi(client=android.annotation.SystemApi.Client.MODULE_LIBRARIES) -->
<permission android:name="android.permission.MAKE_UID_VISIBLE"
android:protectionLevel="signature" />
@@ -7705,21 +7885,77 @@
@hide -->
<permission android:name="android.permission.HANDLE_QUERY_PACKAGE_RESTART"
android:protectionLevel="signature" />
+
+ <!-- Allows low-level access to re-mapping modifier keys.
+ <p>Not for use by third-party applications.
+ @hide
+ @TestApi -->
+ <permission android:name="android.permission.REMAP_MODIFIER_KEYS"
+ android:protectionLevel="signature" />
+
+ <!-- Allows low-level access to monitor keyboard backlight changes.
+ <p>Not for use by third-party applications.
+ @hide -->
+ <permission android:name="android.permission.MONITOR_KEYBOARD_BACKLIGHT"
+ android:protectionLevel="signature" />
+
+ <!-- Allows low-level access to monitor sticky modifier state changes when A11Y Sticky keys
+ feature is enabled.
+ <p>Not for use by third-party applications.
+ @hide -->
+ <permission android:name="android.permission.MONITOR_STICKY_MODIFIER_STATE"
+ android:protectionLevel="signature" />
+
<uses-permission android:name="android.permission.HANDLE_QUERY_PACKAGE_RESTART" />
<!-- Allows financed device kiosk apps to perform actions on the Device Lock service
- @hide @TestApi @SystemApi(client=android.annotation.SystemApi.Client.MODULE_LIBRARIES) -->
+ <p>Protection level: internal|role
+ <p>Intended for use by the FINANCED_DEVICE_KIOSK role only.
+ -->
<permission android:name="android.permission.MANAGE_DEVICE_LOCK_STATE"
android:protectionLevel="internal|role" />
- <!-- Allows an app to turn on the screen on, e.g. with
- {@link android.os.PowerManager#ACQUIRE_CAUSES_WAKEUP}.
- <p>Intended to only be used by home automation apps.
+ <!-- @SystemApi Required by a WearableSensingService to
+ ensure that only the caller with this permission can bind to it.
+ <p> Protection level: signature
+ @hide
-->
- <permission android:name="android.permission.TURN_SCREEN_ON"
- android:label="@string/permlab_turnScreenOn"
- android:description="@string/permdesc_turnScreenOn"
- android:protectionLevel="signature|privileged|appop" />
+ <permission android:name="android.permission.BIND_WEARABLE_SENSING_SERVICE"
+ android:protectionLevel="signature" />
+
+ <!-- @SystemApi Allows an app to manage the wearable sensing service.
+ <p>Protection level: signature|privileged
+ @hide
+ -->
+ <permission android:name="android.permission.MANAGE_WEARABLE_SENSING_SERVICE"
+ android:protectionLevel="signature|privileged" />
+
+ <!-- @SystemApi Allows an app to use the on-device intelligence service.
+ <p>Protection level: signature|privileged
+ @hide
+ @FlaggedApi("android.app.ondeviceintelligence.flags.enable_on_device_intelligence")
+ -->
+ <permission android:name="android.permission.USE_ON_DEVICE_INTELLIGENCE"
+ android:protectionLevel="signature|privileged" />
+
+
+ <!-- @SystemApi Allows an app to bind the on-device intelligence service.
+ <p>Protection level: signature|privileged
+ @hide
+ @FlaggedApi("android.app.ondeviceintelligence.flags.enable_on_device_intelligence")
+ -->
+ <permission android:name="android.permission.BIND_ON_DEVICE_INTELLIGENCE_SERVICE"
+ android:protectionLevel="signature|privileged" />
+
+
+ <!-- @SystemApi Allows an app to bind the on-device sandboxed service.
+ <p>Protection level: signature|privileged
+ @hide
+ @FlaggedApi("android.app.ondeviceintelligence.flags.enable_on_device_intelligence")
+ -->
+ <permission android:name="android.permission.BIND_ON_DEVICE_SANDBOXED_INFERENCE_SERVICE"
+ android:protectionLevel="signature"/>
+
<!-- Allows applications to use the user-initiated jobs API. For more details
see {@link android.app.job.JobInfo.Builder#setUserInitiated}.
@@ -7738,50 +7974,10 @@
<permission android:name="android.permission.RUN_BACKUP_JOBS"
android:protectionLevel="signature|privileged|appop"/>
- <!-- Allows a browser to invoke the set of credential candidate query apis.
- <p>Protection level: normal
- -->
- <permission android:name="android.permission.CREDENTIAL_MANAGER_QUERY_CANDIDATE_CREDENTIALS"
- android:protectionLevel="normal" />
-
- <!-- Allows browsers to call on behalf of another app by passing in a custom origin.
- <p>Protection level: normal
- -->
- <permission android:name="android.permission.CREDENTIAL_MANAGER_SET_ORIGIN"
- android:protectionLevel="normal"/>
-
- <!-- Allows specifying candidate credential providers to be queried in Credential Manager
- get flows, or to be preferred as a default in the Credential Manager create flows.
- <p>Protection level: normal -->
- <permission android:name="android.permission.CREDENTIAL_MANAGER_SET_ALLOWED_PROVIDERS"
- android:protectionLevel="normal"/>
-
- <!-- Allows permission to use Credential Manager UI for providing and saving credentials
- @hide -->
- <permission android:name="android.permission.LAUNCH_CREDENTIAL_SELECTOR"
- android:protectionLevel="signature" />
-
- <!-- Allows an app to list Credential Manager providers.
- @hide
- -->
- <permission android:name="android.permission.LIST_ENABLED_CREDENTIAL_PROVIDERS"
- android:protectionLevel="signature|privileged"/>
-
- <!-- Allows a system application to be registered with credential manager without
- having to be enabled by the user.
- @SystemApi
- @hide -->
- <permission android:name="android.permission.PROVIDE_DEFAULT_ENABLED_CREDENTIAL_SERVICE"
- android:protectionLevel="signature|privileged" />
-
- <!-- Allows an application to be able to store and retrieve credentials from a remote
- device. -->
- <permission android:name="android.permission.PROVIDE_REMOTE_CREDENTIALS"
- android:protectionLevel="signature|privileged|role" />
-
<!-- Allows an app access to the installer provided app metadata.
@SystemApi
- @hide -->
+ @hide
+ -->
<permission android:name="android.permission.GET_APP_METADATA"
android:protectionLevel="signature|installer|verifier" />
@@ -7796,15 +7992,15 @@
<permission android:name="android.permission.DELETE_STAGED_HEALTH_CONNECT_REMOTE_DATA"
android:protectionLevel="signature" />
- <!-- @hide @TestApi Allows CTS tests running in Sandbox mode to launch activities -->
+ <!-- @hide @TestApi Allows tests running in CTS-in-sandbox mode to launch activities -->
<permission android:name="android.permission.START_ACTIVITIES_FROM_SDK_SANDBOX"
android:protectionLevel="signature" />
<!-- @SystemApi Allows the holder to call health connect migration APIs.
- @hide -->
+ @hide -->
<permission android:name="android.permission.MIGRATE_HEALTH_CONNECT_DATA"
- android:protectionLevel="signature|knownSigner"
- android:knownCerts="@array/config_healthConnectMigrationKnownSigners" />
+ android:protectionLevel="signature|knownSigner"
+ android:knownCerts="@array/config_healthConnectMigrationKnownSigners" />
<!-- @SystemApi Allows an app to query apps in clone profile. The permission is
bidirectional in nature, i.e. cloned apps would be able to query apps in root user.
@@ -7847,6 +8043,7 @@
<permission android:name="android.permission.GET_ANY_PROVIDER_TYPE"
android:protectionLevel="signature" />
+
<!-- @hide Allows internal applications to read and synchronize non-core flags.
Apps without this permission can only read a subset of flags specifically intended
for use in "core", (i.e. third party apps). Apps with this permission can define their
@@ -7855,14 +8052,14 @@
<p>Protection level: signature
-->
<permission android:name="android.permission.SYNC_FLAGS"
- android:protectionLevel="signature" />
+ android:protectionLevel="signature" />
<!-- @hide Allows internal applications to override flags in the FeatureFlags service.
<p>Not for use by third-party applications.
<p>Protection level: signature
-->
<permission android:name="android.permission.WRITE_FLAGS"
- android:protectionLevel="signature" />
+ android:protectionLevel="signature" />
<!-- @hide @SystemApi
@FlaggedApi("android.app.get_binding_uid_importance")
@@ -7874,10 +8071,10 @@
android:protectionLevel="signature|privileged" />
<!-- @hide Allows internal applications to manage displays.
- <p>This means intercept internal signals about displays being (dis-)connected
- and being able to enable or disable connected displays.
- <p>Not for use by third-party applications.
- <p>Protection level: signature
+ <p>This means intercept internal signals about displays being (dis-)connected
+ and being able to enable or disable the external displays.
+ <p>Not for use by third-party applications.
+ <p>Protection level: signature
-->
<permission android:name="android.permission.MANAGE_DISPLAYS"
android:protectionLevel="signature" />
@@ -7905,7 +8102,8 @@
<permission android:name="android.permission.OVERRIDE_SYSTEM_KEY_BEHAVIOR_IN_FOCUSED_WINDOW"
android:protectionLevel="signature|privileged" />
- <!-- @FlaggedApi("com.android.server.notification.flags.redact_otp_notifications_from_untrusted_listeners")
+ <!-- @hide @SystemApi
+ @FlaggedApi("com.android.server.notification.flags.redact_otp_notifications_from_untrusted_listeners")
Allows apps with a NotificationListenerService to receive notifications with sensitive
information
<p>Apps with a NotificationListenerService without this permission will not be able
@@ -7916,14 +8114,14 @@
android:protectionLevel="signature|role" />
<!-- @SystemApi
- @FlaggedApi("android.app.bic_client")
- Allows app to call BackgroundInstallControlManager API to retrieve silently installed apps
- for all users on device.
- <p>Apps with a BackgroundInstallControlManager client will not be able to call any API without
- this permission.
- <p>Protection level: signature|role
- @hide
- -->
+ @FlaggedApi("android.app.bic_client")
+ Allows app to call BackgroundInstallControlManager API to retrieve silently installed apps
+ for all users on device.
+ <p>Apps with a BackgroundInstallControlManager client will not be able to call any API without
+ this permission.
+ <p>Protection level: signature|role
+ @hide
+ -->
<permission android:name="android.permission.GET_BACKGROUND_INSTALLED_PACKAGES"
android:protectionLevel="signature|role" />
@@ -7943,7 +8141,7 @@
@hide
-->
<permission android:name="android.permission.EMERGENCY_INSTALL_PACKAGES"
- android:protectionLevel="signature|privileged" />
+ android:protectionLevel="signature|privileged"/>
<!-- Attribution for Geofencing service. -->
<attribution android:tag="GeofencingService" android:label="@string/geofencing_service"/>
@@ -7965,6 +8163,9 @@
<p>Not for use by third-party applications.</p> -->
<attribution android:tag="MusicRecognitionManagerService"
android:label="@string/music_recognition_manager_service"/>
+ <!-- Attribution for Device Policy Manager service. -->
+ <attribution android:tag="DevicePolicyManagerService"
+ android:label="@string/device_policy_manager_service"/>
<application android:process="system"
android:persistent="true"
@@ -7979,22 +8180,6 @@
android:defaultToDeviceProtectedStorage="true"
android:forceQueryable="true"
android:directBootAware="true">
- <activity android:name="com.android.internal.app.ChooserActivity"
- android:theme="@style/Theme.DeviceDefault.Chooser"
- android:finishOnCloseSystemDialogs="true"
- android:excludeFromRecents="true"
- android:documentLaunchMode="never"
- android:relinquishTaskIdentity="true"
- android:configChanges="screenSize|smallestScreenSize|screenLayout|orientation|keyboard|keyboardHidden"
- android:process=":ui"
- android:exported="true"
- android:visibleToInstantApps="true">
- <intent-filter android:priority="100">
- <action android:name="android.intent.action.CHOOSER" />
- <category android:name="android.intent.category.DEFAULT" />
- <category android:name="android.intent.category.VOICE" />
- </intent-filter>
- </activity>
<activity android:name="com.android.internal.accessibility.dialog.AccessibilityShortcutChooserActivity"
android:exported="false"
android:theme="@style/Theme.DeviceDefault.Dialog.Alert.DayNight"
@@ -8024,10 +8209,25 @@
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
</activity>
+ <activity android:name="com.android.internal.app.NfcResolverActivity"
+ android:theme="@style/Theme.Dialog.Alert"
+ android:finishOnCloseSystemDialogs="true"
+ android:excludeFromRecents="true"
+ android:multiprocess="true"
+ android:permission="android.permission.SHOW_CUSTOMIZED_RESOLVER"
+ android:exported="true">
+ <intent-filter android:priority="100" >
+ <action android:name="android.nfc.action.SHOW_NFC_RESOLVER" />
+ <category android:name="android.intent.category.DEFAULT" />
+ </intent-filter>
+ </activity>
<activity android:name="com.android.internal.app.IntentForwarderActivity"
android:finishOnCloseSystemDialogs="true"
- android:theme="@style/Theme.Translucent.NoTitleBar"
+ android:theme="@style/Theme.DeviceDefault.Resolver"
android:excludeFromRecents="true"
+ android:documentLaunchMode="never"
+ android:relinquishTaskIdentity="true"
+ android:configChanges="screenSize|smallestScreenSize|screenLayout|orientation|keyboard|keyboardHidden"
android:label="@string/user_owner_label"
android:exported="true"
android:visibleToInstantApps="true"
@@ -8052,8 +8252,9 @@
android:process=":ui">
</activity>
<activity android:name="com.android.internal.app.PlatLogoActivity"
- android:theme="@style/Theme.DeviceDefault.Wallpaper.NoTitleBar"
+ android:theme="@style/Theme.NoTitleBar.Fullscreen"
android:configChanges="orientation|screenSize|screenLayout|keyboardHidden"
+ android:enableOnBackInvokedCallback="true"
android:icon="@drawable/platlogo"
android:process=":ui">
</activity>
@@ -8125,12 +8326,6 @@
</intent-filter>
</activity>
- <activity android:name="com.android.internal.app.NetInitiatedActivity"
- android:theme="@style/Theme.Dialog.Confirmation"
- android:excludeFromRecents="true"
- android:process=":ui">
- </activity>
-
<activity android:name="com.android.internal.app.SystemUserHomeActivity"
android:enabled="false"
android:process=":ui"
@@ -8168,6 +8363,12 @@
android:process=":ui">
</activity>
+ <activity android:name="com.android.internal.app.SetScreenLockDialogActivity"
+ android:theme="@style/Theme.Dialog.Confirmation"
+ android:excludeFromRecents="true"
+ android:process=":ui">
+ </activity>
+
<activity android:name="com.android.internal.app.BlockedAppActivity"
android:theme="@style/Theme.Dialog.Confirmation"
android:excludeFromRecents="true"
@@ -8175,6 +8376,12 @@
android:process=":ui">
</activity>
+ <activity android:name="com.android.internal.app.BlockedAppStreamingActivity"
+ android:theme="@style/Theme.Dialog.Confirmation"
+ android:excludeFromRecents="true"
+ android:process=":ui">
+ </activity>
+
<activity android:name="com.android.internal.app.LaunchAfterAuthenticationActivity"
android:theme="@style/Theme.Translucent.NoTitleBar"
android:excludeFromRecents="true"
@@ -8200,6 +8407,13 @@
android:exported="false">
</activity>
+ <activity android:name="android.service.games.GameSessionTrampolineActivity"
+ android:excludeFromRecents="true"
+ android:exported="true"
+ android:permission="android.permission.MANAGE_GAME_ACTIVITY"
+ android:theme="@style/Theme.GameSessionTrampoline">
+ </activity>
+
<receiver android:name="com.android.server.BootReceiver"
android:exported="true"
android:systemUserOnly="true">
@@ -8341,6 +8555,16 @@
</intent-filter>
</receiver>
+ <!-- Broadcast Receiver listens to sufficient verifier broadcast from Package Manager
+ when installing new SDK. Verification of SDK code during installation time is run
+ to determine compatibility with privacy sandbox restrictions. -->
+ <receiver android:name="com.android.server.sdksandbox.SdkSandboxVerifierReceiver"
+ android:exported="false">
+ <intent-filter>
+ <action android:name="android.intent.action.PACKAGE_NEEDS_VERIFICATION"/>
+ </intent-filter>
+ </receiver>
+
<service android:name="android.hardware.location.GeofenceHardwareService"
android:permission="android.permission.LOCATION_HARDWARE"
android:exported="false" />
@@ -8350,6 +8574,11 @@
android:permission="android.permission.BIND_JOB_SERVICE" >
</service>
+ <service android:name="com.android.server.SmartStorageMaintIdler"
+ android:exported="true"
+ android:permission="android.permission.BIND_JOB_SERVICE" >
+ </service>
+
<service android:name="com.android.server.ZramWriteback"
android:exported="false"
android:permission="android.permission.BIND_JOB_SERVICE" >
@@ -8377,6 +8606,18 @@
android:permission="android.permission.BIND_JOB_SERVICE">
</service>
+ <service android:name="com.android.server.selinux.SelinuxAuditLogsService"
+ android:permission="android.permission.BIND_JOB_SERVICE">
+ </service>
+
+ <service android:name="com.android.server.compos.IsolatedCompilationJobService"
+ android:permission="android.permission.BIND_JOB_SERVICE">
+ </service>
+
+ <service android:name="com.android.system.virtualmachine.SecretkeeperJobService"
+ android:permission="android.permission.BIND_JOB_SERVICE">
+ </service>
+
<service android:name="com.android.server.PruneInstantAppsJobService"
android:permission="android.permission.BIND_JOB_SERVICE" >
</service>
@@ -8413,6 +8654,10 @@
android:permission="android.permission.BIND_JOB_SERVICE" >
</service>
+ <service android:name="com.android.server.pm.GentleUpdateHelper$Service"
+ android:permission="android.permission.BIND_JOB_SERVICE" >
+ </service>
+
<service
android:name="com.android.server.autofill.AutofillCompatAccessibilityService"
android:permission="android.permission.BIND_ACCESSIBILITY_SERVICE"
@@ -8427,6 +8672,42 @@
android:permission="android.permission.BIND_JOB_SERVICE">
</service>
+ <service android:name="com.android.server.companion.association.InactiveAssociationsRemovalService"
+ android:permission="android.permission.BIND_JOB_SERVICE">
+ </service>
+
+ <service android:name="com.android.server.appsearch.contactsindexer.ContactsIndexerMaintenanceService"
+ android:permission="android.permission.BIND_JOB_SERVICE">
+ </service>
+
+ <service android:name="com.android.server.BinaryTransparencyService$UpdateMeasurementsJobService"
+ android:permission="android.permission.BIND_JOB_SERVICE">
+ </service>
+
+ <service android:name="com.android.server.notification.ReviewNotificationPermissionsJobService"
+ android:permission="android.permission.BIND_JOB_SERVICE">
+ </service>
+
+ <service android:name="com.android.server.notification.NotificationHistoryJobService"
+ android:permission="android.permission.BIND_JOB_SERVICE" >
+ </service>
+
+ <service android:name="com.android.server.notification.NotificationBitmapJobService"
+ android:permission="android.permission.BIND_JOB_SERVICE" >
+ </service>
+
+ <service android:name="com.android.server.healthconnect.HealthConnectDailyService"
+ android:permission="android.permission.BIND_JOB_SERVICE" >
+ </service>
+
+ <service android:name="com.android.server.healthconnect.migration.MigrationBroadcastJobService"
+ android:permission="android.permission.BIND_JOB_SERVICE">
+ </service>
+
+ <service android:name="com.android.server.healthconnect.backuprestore.BackupRestore$BackupRestoreJobService"
+ android:permission="android.permission.BIND_JOB_SERVICE">
+ </service>
+
<service android:name="com.android.server.pm.PackageManagerShellCommandDataLoader"
android:exported="false">
<intent-filter>
@@ -8434,6 +8715,38 @@
</intent-filter>
</service>
+ <!-- TODO: Move to ExtServices or relevant component. -->
+ <service android:name="android.service.selectiontoolbar.DefaultSelectionToolbarRenderService"
+ android:permission="android.permission.BIND_SELECTION_TOOLBAR_RENDER_SERVICE"
+ android:process=":ui"
+ android:exported="false">
+ <intent-filter>
+ <action android:name="android.service.selectiontoolbar.SelectionToolbarRenderService"/>
+ </intent-filter>
+ </service>
+
+ <service android:name="com.android.server.art.BackgroundDexoptJobService"
+ android:permission="android.permission.BIND_JOB_SERVICE" >
+ </service>
+
+ <service android:name="com.android.server.companion.datatransfer.contextsync.CallMetadataSyncInCallService"
+ android:permission="android.permission.BIND_INCALL_SERVICE"
+ android:exported="true">
+ <meta-data android:name="android.telecom.INCLUDE_SELF_MANAGED_CALLS"
+ android:value="true" />
+ <intent-filter>
+ <action android:name="android.telecom.InCallService"/>
+ </intent-filter>
+ </service>
+
+ <service android:name="com.android.server.companion.datatransfer.contextsync.CallMetadataSyncConnectionService"
+ android:permission="android.permission.BIND_TELECOM_CONNECTION_SERVICE"
+ android:exported="true">
+ <intent-filter>
+ <action android:name="android.telecom.ConnectionService"/>
+ </intent-filter>
+ </service>
+
<provider
android:name="com.android.server.textclassifier.IconsContentProvider"
android:authorities="com.android.textclassifier.icons"
@@ -8442,6 +8755,10 @@
android:exported="true">
</provider>
+ <meta-data
+ android:name="com.android.server.patch.25239169"
+ android:value="true" />
+
</application>
</manifest>
diff --git a/tests/cts/permissionpolicy/src/android/permissionpolicy/cts/PermissionPolicyTest.java b/tests/cts/permissionpolicy/src/android/permissionpolicy/cts/PermissionPolicyTest.java
index 94bd2be1b..c28b5d560 100644
--- a/tests/cts/permissionpolicy/src/android/permissionpolicy/cts/PermissionPolicyTest.java
+++ b/tests/cts/permissionpolicy/src/android/permissionpolicy/cts/PermissionPolicyTest.java
@@ -19,6 +19,7 @@ package android.permissionpolicy.cts;
import static android.content.pm.PermissionInfo.FLAG_INSTALLED;
import static android.content.pm.PermissionInfo.PROTECTION_MASK_BASE;
import static android.os.Build.VERSION.SECURITY_PATCH;
+import static android.os.Build.VERSION_CODES.UPSIDE_DOWN_CAKE;
import static com.google.common.truth.Truth.assertWithMessage;
@@ -32,13 +33,12 @@ import android.content.pm.PermissionInfo;
import android.os.Process;
import android.os.SystemProperties;
import android.platform.test.annotations.AppModeFull;
+import android.platform.test.flag.junit.DeviceFlagsValueProvider;
import android.util.ArrayMap;
import android.util.ArraySet;
import android.util.Log;
import android.util.Xml;
-import com.android.modules.utils.build.SdkLevel;
-
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.test.ext.junit.runners.AndroidJUnit4;
@@ -87,6 +87,7 @@ public class PermissionPolicyTest {
private static final String ATTR_PERMISSION_FLAGS = "permissionFlags";
private static final String ATTR_PROTECTION_LEVEL = "protectionLevel";
private static final String ATTR_BACKGROUND_PERMISSION = "backgroundPermission";
+ private static final String ATTR_FEATURE_FLAG = "featureFlag";
private static final Context sContext =
InstrumentationRegistry.getInstrumentation().getTargetContext();
@@ -117,13 +118,17 @@ public class PermissionPolicyTest {
declaredGroupsSet.add(declaredGroup.name);
}
+ boolean filterFlaggedPermissions = sContext.getPackageManager()
+ .getApplicationInfo(PLATFORM_PACKAGE_NAME, 0).minSdkVersion <= UPSIDE_DOWN_CAKE;
+
Set<String> expectedPermissionGroups = loadExpectedPermissionGroupNames(
R.raw.android_manifest);
List<ExpectedPermissionInfo> expectedPermissions = loadExpectedPermissions(
- R.raw.android_manifest);
+ R.raw.android_manifest, filterFlaggedPermissions);
if (sContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)) {
- expectedPermissions.addAll(loadExpectedPermissions(R.raw.automotive_android_manifest));
+ expectedPermissions.addAll(loadExpectedPermissions(R.raw.automotive_android_manifest,
+ filterFlaggedPermissions));
String carServicePackageName = SystemProperties.get("ro.android.car.carservice.package",
null);
@@ -301,8 +306,11 @@ public class PermissionPolicyTest {
return false;
}
- private List<ExpectedPermissionInfo> loadExpectedPermissions(int resourceId) throws Exception {
+ private List<ExpectedPermissionInfo> loadExpectedPermissions(int resourceId,
+ boolean filterFlaggedPermissions) throws Exception {
List<ExpectedPermissionInfo> permissions = new ArrayList<>();
+ DeviceFlagsValueProvider flagsValueProvider = new DeviceFlagsValueProvider();
+ flagsValueProvider.setUp();
try (InputStream in = sContext.getResources().openRawResource(resourceId)) {
XmlPullParser parser = Xml.newPullParser();
parser.setInput(in, null);
@@ -315,6 +323,22 @@ public class PermissionPolicyTest {
continue;
}
if (TAG_PERMISSION.equals(parser.getName())) {
+ if (filterFlaggedPermissions) {
+ String featureFlag = parser.getAttributeValue(null, ATTR_FEATURE_FLAG);
+ if (featureFlag != null) {
+ featureFlag = featureFlag.trim();
+ boolean invert = featureFlag.startsWith("!");
+ if (invert) {
+ featureFlag = featureFlag.substring(1).trim();
+ }
+ boolean flagEnabled =
+ invert != flagsValueProvider.getBoolean(featureFlag);
+ if (!flagEnabled) {
+ continue;
+ }
+ }
+ }
+
ExpectedPermissionInfo permissionInfo = new ExpectedPermissionInfo(
parser.getAttributeValue(null, ATTR_NAME),
parser.getAttributeValue(null, ATTR_PERMISSION_GROUP),
@@ -328,6 +352,8 @@ public class PermissionPolicyTest {
Log.e(LOG_TAG, "Unknown tag " + parser.getName());
}
}
+ } finally {
+ flagsValueProvider.tearDownBeforeTest();
}
return permissions;
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-10-21 10:28:23 +0000