diff options
4 files changed, 586 insertions, 191 deletions
diff --git a/PermissionController/Android.bp b/PermissionController/Android.bp index dd1b82dc7..63fb1a264 100644 --- a/PermissionController/Android.bp +++ b/PermissionController/Android.bp @@ -153,6 +153,7 @@ android_library { "safety-label", "role-controller", "android.permission.flags-aconfig-java-export", + "android.xr.flags-aconfig-java-export", "com.android.permission.flags-aconfig-java-export", "androidx.compose.foundation_foundation", "androidx.compose.runtime_runtime", diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt b/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt index 7ab05b93d..93a1a66df 100644 --- a/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt +++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt @@ -146,6 +146,24 @@ object PermissionMapping { PLATFORM_PERMISSIONS[Manifest.permission.RANGING] = Manifest.permission_group.NEARBY_DEVICES } + // Android XR permissions + if (android.xr.Flags.xrManifestEntries()) { + PLATFORM_PERMISSIONS[Manifest.permission.EYE_TRACKING_COARSE] = + Manifest.permission_group.XR_TRACKING + PLATFORM_PERMISSIONS[Manifest.permission.FACE_TRACKING] = + Manifest.permission_group.XR_TRACKING + PLATFORM_PERMISSIONS[Manifest.permission.HAND_TRACKING] = + Manifest.permission_group.XR_TRACKING + PLATFORM_PERMISSIONS[Manifest.permission.SCENE_UNDERSTANDING_COARSE] = + Manifest.permission_group.XR_TRACKING + + PLATFORM_PERMISSIONS[Manifest.permission.EYE_TRACKING_FINE] = + Manifest.permission_group.XR_TRACKING_SENSITIVE + PLATFORM_PERMISSIONS[Manifest.permission.HEAD_TRACKING] = + Manifest.permission_group.XR_TRACKING_SENSITIVE + PLATFORM_PERMISSIONS[Manifest.permission.SCENE_UNDERSTANDING_FINE] = + Manifest.permission_group.XR_TRACKING_SENSITIVE + } // Any updates to the permissions for the CALL_LOG permission group must also be made in // Permissions {@link com.android.role.controller.model.Permissions} in the role diff --git a/PermissionController/wear-permission-components/src/wear.permission.components/material3/WearPermissionScaffold.kt b/PermissionController/wear-permission-components/src/wear.permission.components/material3/WearPermissionScaffold.kt index f179ac735..296e45e79 100644 --- a/PermissionController/wear-permission-components/src/wear.permission.components/material3/WearPermissionScaffold.kt +++ b/PermissionController/wear-permission-components/src/wear.permission.components/material3/WearPermissionScaffold.kt @@ -297,7 +297,7 @@ private fun BoxScope.LazyColumnView( private fun wearPermissionTimeText(showTime: Boolean): @Composable () -> Unit { return if (showTime) { - { TimeText { time() } } + { TimeText() } } else { {} } diff --git a/tests/cts/permissionpolicy/res/raw/android_manifest.xml b/tests/cts/permissionpolicy/res/raw/android_manifest.xml index 58d110f09..cd80fe78e 100644 --- a/tests/cts/permissionpolicy/res/raw/android_manifest.xml +++ b/tests/cts/permissionpolicy/res/raw/android_manifest.xml @@ -154,6 +154,8 @@ <protected-broadcast android:name="android.app.backup.intent.INIT" /> <protected-broadcast android:name="android.bluetooth.intent.DISCOVERABLE_TIMEOUT" /> + <protected-broadcast android:name="android.bluetooth.action.AUTO_ON_STATE_CHANGED" /> + <protected-broadcast android:name="android.bluetooth.action.CONNECTION_STATE_CHANGED" /> <protected-broadcast android:name="android.bluetooth.adapter.action.STATE_CHANGED" /> <protected-broadcast android:name="android.bluetooth.adapter.action.SCAN_MODE_CHANGED" /> <protected-broadcast android:name="android.bluetooth.adapter.action.DISCOVERY_STARTED" /> @@ -177,6 +179,8 @@ <protected-broadcast android:name="android.bluetooth.device.action.CONNECTION_ACCESS_REPLY" /> <protected-broadcast android:name="android.bluetooth.device.action.CONNECTION_ACCESS_CANCEL" /> <protected-broadcast android:name="android.bluetooth.device.action.CONNECTION_ACCESS_REQUEST" /> + <protected-broadcast android:name="android.bluetooth.device.action.KEY_MISSING" /> + <protected-broadcast android:name="android.bluetooth.device.action.ENCRYPTION_CHANGE" /> <protected-broadcast android:name="android.bluetooth.device.action.SDP_RECORD" /> <protected-broadcast android:name="android.bluetooth.device.action.BATTERY_LEVEL_CHANGED" /> <protected-broadcast android:name="android.bluetooth.device.action.REMOTE_ISSUE_OCCURRED" /> @@ -238,6 +242,8 @@ <protected-broadcast android:name="android.bluetooth.avrcp-controller.profile.action.FOLDER_LIST" /> <protected-broadcast + android:name="android.bluetooth.avrcp-controller.profile.action.PLAYER_SETTING" /> + <protected-broadcast android:name="android.bluetooth.avrcp-controller.profile.action.TRACK_EVENT" /> <protected-broadcast android:name="android.bluetooth.input.profile.action.CONNECTION_STATE_CHANGED" /> @@ -264,6 +270,7 @@ <protected-broadcast android:name="android.bluetooth.pan.profile.action.CONNECTION_STATE_CHANGED" /> <protected-broadcast android:name="android.bluetooth.action.HAP_CONNECTION_STATE_CHANGED" /> + <protected-broadcast android:name="android.bluetooth.action.HAP_DEVICE_AVAILABLE" /> <protected-broadcast android:name="android.bluetooth.action.LE_AUDIO_CONNECTION_STATE_CHANGED" /> <protected-broadcast android:name="android.bluetooth.action.LE_AUDIO_ACTIVE_DEVICE_CHANGED" /> <protected-broadcast android:name="android.bluetooth.action.LE_AUDIO_CONF_CHANGED" /> @@ -297,6 +304,9 @@ <protected-broadcast android:name="android.hardware.display.action.WIFI_DISPLAY_STATUS_CHANGED" /> + <protected-broadcast android:name="android.hardware.hdmi.action.OSD_MESSAGE" /> + <protected-broadcast android:name="android.hardware.hdmi.action.ON_ACTIVE_SOURCE_RECOVERED_DISMISS_UI" /> + <protected-broadcast android:name="android.hardware.usb.action.USB_STATE" /> <protected-broadcast android:name="android.hardware.usb.action.USB_PORT_CHANGED" /> <protected-broadcast android:name="android.hardware.usb.action.USB_PORT_COMPLIANCE_CHANGED" /> @@ -787,6 +797,7 @@ <protected-broadcast android:name="com.android.cellbroadcastreceiver.GET_LATEST_CB_AREA_INFO" /> <protected-broadcast android:name="com.android.internal.telephony.ACTION_CARRIER_CERTIFICATE_DOWNLOAD" /> <protected-broadcast android:name="com.android.internal.telephony.action.COUNTRY_OVERRIDE" /> + <protected-broadcast android:name="com.android.internal.telephony.action.SILENCE_WIFI_CALLING_NOTIFICATION"/> <protected-broadcast android:name="com.android.internal.telephony.OPEN_DEFAULT_SMS_APP" /> <protected-broadcast android:name="com.android.internal.telephony.ACTION_TEST_OVERRIDE_CARRIER_ID" /> <protected-broadcast android:name="android.telephony.action.SIM_CARD_STATE_CHANGED" /> @@ -837,6 +848,12 @@ <protected-broadcast android:name="android.intent.action.PROFILE_UNAVAILABLE" /> <protected-broadcast android:name="android.app.action.CONSOLIDATED_NOTIFICATION_POLICY_CHANGED" /> <protected-broadcast android:name="android.intent.action.MAIN_USER_LOCKSCREEN_KNOWLEDGE_FACTOR_CHANGED" /> + <protected-broadcast android:name="com.android.uwb.uwbcountrycode.GEOCODE_RETRY" /> + <protected-broadcast android:name="android.telephony.satellite.action.SATELLITE_SUBSCRIBER_ID_LIST_CHANGED" /> + <protected-broadcast android:name="android.service.ondeviceintelligence.MODEL_LOADED" /> + <protected-broadcast android:name="android.service.ondeviceintelligence.MODEL_UNLOADED" /> + <protected-broadcast android:name="android.telephony.satellite.action.SATELLITE_START_NON_EMERGENCY_SESSION" /> + <!-- ====================================================================== --> <!-- RUNTIME PERMISSIONS --> @@ -1077,6 +1094,62 @@ <permission android:name="android.permission.SATELLITE_COMMUNICATION" android:protectionLevel="role|signature|privileged" /> + <!-- ================================== --> + <!-- Permissions associated with picture and sound profiles --> + <!-- ================================== --> + <eat-comment /> + + <!-- @FlaggedApi(android.media.tv.flags.Flags.FLAG_APPLY_PICTURE_PROFILES) + Allows an app to apply a {@link MediaQualityManager.PictureProfile} to a layer via + {@link MediaCodec.PARAMETER_KEY_PICTURE_PROFILE} and, additionally, system apps via + {@link SurfaceControl.Transaction#setPictureProfileHandle}. + --> + <permission android:name="android.permission.APPLY_PICTURE_PROFILE" + android:protectionLevel="normal" + android:featureFlag="android.media.tv.flags.apply_picture_profiles"/> + + <!-- @hide + Allows MediaQualityService to observe any {@link MediaQualityManager.PictureProfile} + applied to any layer in the system by apps via + {@link MediaCodec.PARAMETER_KEY_PICTURE_PROFILE} and by system apps via + {@link SurfaceControl.Transaction#setPictureProfileHandle}. + --> + <permission android:name="android.permission.OBSERVE_PICTURE_PROFILES" + android:protectionLevel="signature|privileged" + android:featureFlag="android.media.tv.flags.apply_picture_profiles"/> + + <!-- + @SystemApi + @FlaggedApi("android.media.tv.flags.media_quality_fw") + Allows an application to access its picture profile from the media quality database. + <p> Protection level: signature|privileged|vendor privileged + @hide + --> + <permission android:name="android.permission.MANAGE_GLOBAL_PICTURE_QUALITY_SERVICE" + android:protectionLevel="signature|privileged|vendorPrivileged" + android:featureFlag="android.media.tv.flags.media_quality_fw"/> + + <!-- + @SystemApi + @FlaggedApi("android.media.tv.flags.media_quality_fw") + Allows an application to access its sound profile from the media quality database. + <p> Protection level: signature|privileged|vendor privileged + @hide + --> + <permission android:name="android.permission.MANAGE_GLOBAL_SOUND_QUALITY_SERVICE" + android:protectionLevel="signature|privileged|vendorPrivileged" + android:featureFlag="android.media.tv.flags.media_quality_fw"/> + + <!-- + @FlaggedApi(android.media.tv.flags.Flags.FLAG_MEDIA_QUALITY_FW) + Allows an application to read the aggregated color zones on the screen for use cases like + TV ambient backlight usages. + <p> Protection level: normal + --> + <permission android:name="android.permission.READ_COLOR_ZONES" + android:protectionLevel="normal" + android:featureFlag="android.media.tv.flags.media_quality_fw"/> + <!-- ====================================================================== --> <!-- Permissions for accessing external storage --> <!-- ====================================================================== --> @@ -1492,8 +1565,8 @@ android:description="@string/permdesc_readBasicPhoneState" android:protectionLevel="normal" /> - <!-- Allows read access to the device's phone number(s). This is a subset of the capabilities - granted by {@link #READ_PHONE_STATE} but is exposed to instant applications. + <!-- Allows read access to the device's phone number(s), + which is exposed to instant applications. <p>Protection level: dangerous--> <permission android:name="android.permission.READ_PHONE_NUMBERS" android:permissionGroup="android.permission-group.UNDEFINED" @@ -2424,7 +2497,7 @@ android:label="@string/permlab_nearby_wifi_devices" android:protectionLevel="dangerous" /> - <!-- Required to be able to range to devices using any ranging technology. + <!-- Required to be able to range to devices using generic ranging module. @FlaggedApi("android.permission.flags.ranging_permission_enabled") <p>Protection level: dangerous --> <permission android:name="android.permission.RANGING" @@ -2432,7 +2505,7 @@ android:description="@string/permdesc_ranging" android:label="@string/permlab_ranging" android:protectionLevel="dangerous" - android:featureFlag="android.permission.flags.ranging_permission_enabled" /> + android:featureFlag="android.permission.flags.ranging_permission_enabled"/> <!-- @SystemApi @TestApi Allows an application to suspend other apps, which will prevent the user from using them until they are unsuspended. @@ -2603,7 +2676,7 @@ <uses-permission android:name="android.permission.GET_ACCOUNTS"/> <!-- @SystemApi Allows access to remove an account. - @FlaggedApi("android.app.admin.flags.split_create_managed_profile_enabled") + @FlaggedApi(android.app.admin.flags.Flags.FLAG_SPLIT_CREATE_MANAGED_PROFILE_ENABLED) <p>Not for use by third-party applications. @hide --> <permission android:name="android.permission.REMOVE_ACCOUNTS" @@ -2611,7 +2684,7 @@ android:featureFlag="android.app.admin.flags.split_create_managed_profile_enabled" /> <!-- @SystemApi Allows access to copy an account to another user. - @FlaggedApi("android.app.admin.flags.split_create_managed_profile_enabled") + @FlaggedApi(android.app.admin.flags.Flags.FLAG_SPLIT_CREATE_MANAGED_PROFILE_ENABLED) <p>Not for use by third-party applications. @hide --> <permission android:name="android.permission.COPY_ACCOUNTS" @@ -2660,7 +2733,7 @@ <!-- @SystemApi Allows access to perform vendor effects in the vibrator. <p>Protection level: signature - @FlaggedApi("android.os.vibrator.vendor_vibration_effects") + @FlaggedApi(android.os.vibrator.Flags.FLAG_VENDOR_VIBRATION_EFFECTS) @hide --> <permission android:name="android.permission.VIBRATE_VENDOR_EFFECTS" @@ -2669,8 +2742,8 @@ <!-- @SystemApi Allows access to start a vendor vibration session. <p>Protection level: signature - @FlaggedApi("android.os.vibrator.vendor_vibration_effects") - @hide + @FlaggedApi(android.os.vibrator.Flags.FLAG_VENDOR_VIBRATION_EFFECTS) + @hide --> <permission android:name="android.permission.START_VIBRATION_SESSIONS" android:protectionLevel="signature|privileged" @@ -3315,16 +3388,20 @@ <permission android:name="android.permission.INTERACT_ACROSS_PROFILES" android:protectionLevel="signature|appop" /> - <!-- Allows applications to access profiles with ACCESS_HIDDEN_PROFILES user property - <p>Protection level: normal - @FlaggedApi("android.multiuser.enable_permission_to_access_hidden_profiles") --> + <!-- Allows applications to access profiles with + {@code android.content.pm.UserProperties#PROFILE_API_VISIBILITY_HIDDEN} user property, e.g. + {@link android.os.UserManager#USER_TYPE_PROFILE_PRIVATE}. + <p>Protection level: normal + @FlaggedApi("android.multiuser.enable_permission_to_access_hidden_profiles") --> <permission android:name="android.permission.ACCESS_HIDDEN_PROFILES" android:label="@string/permlab_accessHiddenProfile" android:description="@string/permdesc_accessHiddenProfile" android:protectionLevel="normal" /> - <!-- @SystemApi @hide Allows privileged applications to get details about hidden profile - users. + <!-- @SystemApi @hide Allows privileged applications to get details about profiles with + {@code android.content.pm.UserProperties#PROFILE_API_VISIBILITY_HIDDEN} user property, e.g. + {@link android.os.UserManager#USER_TYPE_PROFILE_PRIVATE}. Removes extra requirements such + as having {@link android.app.role.RoleManager#ROLE_HOME} role for LauncherApps APIs. @FlaggedApi("android.multiuser.enable_permission_to_access_hidden_profiles") --> <permission android:name="android.permission.ACCESS_HIDDEN_PROFILES_FULL" @@ -3388,13 +3465,18 @@ <!-- Allows an application to manage device policy relating to time. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call - APIs protected by this permission on users different to the calling user.--> + APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. + --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_TIME" android:protectionLevel="internal|role" /> <!-- Allows an application to set the grant state of runtime permissions on packages. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS" android:protectionLevel="internal|role" /> @@ -3402,6 +3484,8 @@ <!-- Allows an application to manage the identity of the managing organization. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_ORGANIZATION_IDENTITY" android:protectionLevel="internal|role" /> @@ -3410,6 +3494,8 @@ active policy. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_SUPPORT_MESSAGE" android:protectionLevel="internal|role" /> @@ -3417,6 +3503,8 @@ <!-- Allows an application to manage backup service policy. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_BACKUP_SERVICE" android:protectionLevel="internal|role" /> @@ -3424,6 +3512,8 @@ <!-- Allows an application to manage lock task policy. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_LOCK_TASK" android:protectionLevel="internal|role" /> @@ -3431,6 +3521,8 @@ <!-- Allows an application to manage policy regarding modifying applications. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL" android:protectionLevel="internal|role" /> @@ -3438,6 +3530,8 @@ <!-- Allows an application to manage installing from unknown sources policy. <p>MANAGE_SECURITY_CRITICAL_DEVICE_POLICY_ACROSS_USERS is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES" android:protectionLevel="internal|role" /> @@ -3445,6 +3539,8 @@ <!-- Allows an application to manage application restrictions. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_APP_RESTRICTIONS" android:protectionLevel="internal|role" /> @@ -3452,6 +3548,8 @@ <!-- Allows an application to manage calling policy. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_CALLS" android:protectionLevel="internal|role" /> @@ -3459,6 +3557,8 @@ <!-- Allows an application to manage debugging features policy. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES" android:protectionLevel="internal|role" /> @@ -3466,6 +3566,8 @@ <!-- Allows an application to manage policy preventing users from modifying users. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_MODIFY_USERS" android:protectionLevel="internal|role" /> @@ -3473,6 +3575,8 @@ <!-- Allows an application to manage safe boot policy. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_SAFE_BOOT" android:protectionLevel="internal|role" /> @@ -3481,6 +3585,8 @@ enable and disable the microphone. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_MICROPHONE" android:protectionLevel="internal|role" /> @@ -3489,6 +3595,8 @@ enable and disable the camera. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_CAMERA" android:protectionLevel="internal|role" /> @@ -3496,6 +3604,8 @@ <!-- Allows an application to manage policy related to keyguard. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_KEYGUARD" android:protectionLevel="internal|role" /> @@ -3503,6 +3613,8 @@ <!-- Allows an application to set policy related to account management. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT" android:protectionLevel="internal|role" /> @@ -3510,6 +3622,8 @@ <!-- Allows an application to set policy related to hiding and suspending packages. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_PACKAGE_STATE" android:protectionLevel="internal|role" /> @@ -3518,17 +3632,24 @@ challenge on current user. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_RESET_PASSWORD" android:protectionLevel="internal|role" /> - <!-- Allows an application to set policy related to the status bar.--> + <!-- Allows an application to set policy related to the status bar. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. + --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_STATUS_BAR" android:protectionLevel="internal|role" /> <!-- Allows an application to set policy related to bluetooth. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_BLUETOOTH" android:protectionLevel="internal|role" /> @@ -3536,6 +3657,8 @@ <!-- Allows an application to set policy related to fun. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_FUN" android:protectionLevel="internal|role" /> @@ -3543,6 +3666,8 @@ <!-- Allows an application to set policy related to airplane mode. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_AIRPLANE_MODE" android:protectionLevel="internal|role" /> @@ -3550,6 +3675,8 @@ <!-- Allows an application to set policy related to mobile networks. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_MOBILE_NETWORK" android:protectionLevel="internal|role" /> @@ -3557,6 +3684,8 @@ <!-- Allows an application to set policy related to physical media. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_PHYSICAL_MEDIA" android:protectionLevel="internal|role" /> @@ -3564,6 +3693,8 @@ <!-- Allows an application to set policy related to sms. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_SMS" android:protectionLevel="internal|role" /> @@ -3571,6 +3702,8 @@ <!-- Allows an application to set policy related to usb file transfers. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_USB_FILE_TRANSFER" android:protectionLevel="internal|role" /> @@ -3578,6 +3711,8 @@ <!-- Allows an application to set policy related to lock credentials. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_LOCK_CREDENTIALS" android:protectionLevel="internal|role" /> @@ -3585,6 +3720,8 @@ <!-- Allows an application to set policy related to Wifi. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_WIFI" android:protectionLevel="internal|role" /> @@ -3592,6 +3729,8 @@ <!-- Allows an application to set policy related to screen capture. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_SCREEN_CAPTURE" android:protectionLevel="internal|role" /> @@ -3599,6 +3738,8 @@ <!-- Allows an application to set policy related to input methods. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_INPUT_METHODS" android:protectionLevel="internal|role" /> @@ -3607,6 +3748,8 @@ private DNS. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_RESTRICT_PRIVATE_DNS" android:protectionLevel="internal|role" /> @@ -3614,6 +3757,8 @@ <!-- Allows an application to set policy related to the default sms application. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_DEFAULT_SMS" android:protectionLevel="internal|role" /> @@ -3621,6 +3766,8 @@ <!-- Allows an application to set policy related to profiles. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_PROFILES" android:protectionLevel="internal|role" /> @@ -3629,6 +3776,8 @@ cross-profile copy and paste). <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_PROFILE_INTERACTION" android:protectionLevel="internal|role" /> @@ -3636,6 +3785,8 @@ <!-- Allows an application to set policy related to VPNs. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_VPN" android:protectionLevel="internal|role" /> @@ -3643,6 +3794,8 @@ <!-- Allows an application to set policy related to audio output. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_AUDIO_OUTPUT" android:protectionLevel="internal|role" /> @@ -3650,6 +3803,8 @@ <!-- Allows an application to set policy related to the display. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_DISPLAY" android:protectionLevel="internal|role" /> @@ -3657,6 +3812,8 @@ <!-- Allows an application to set policy related to location. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_LOCATION" android:protectionLevel="internal|role" /> @@ -3664,6 +3821,8 @@ <!-- Allows an application to set policy related to factory reset. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_FACTORY_RESET" android:protectionLevel="internal|role" /> @@ -3671,6 +3830,8 @@ <!-- Allows an application to set policy related to the wallpaper. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_WALLPAPER" android:protectionLevel="internal|role" /> @@ -3678,6 +3839,8 @@ <!-- Allows an application to set policy related to the usage of the contents of the screen. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_SCREEN_CONTENT" android:protectionLevel="internal|role" /> @@ -3685,6 +3848,8 @@ <!-- Allows an application to set policy related to system dialogs. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_SYSTEM_DIALOGS" android:protectionLevel="internal|role" /> @@ -3692,6 +3857,8 @@ <!-- Allows an application to set policy related to users running in the background. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_RUN_IN_BACKGROUND" android:protectionLevel="internal|role" /> @@ -3699,6 +3866,8 @@ <!-- Allows an application to set policy related to printing. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_PRINTING" android:protectionLevel="internal|role" /> @@ -3707,12 +3876,16 @@ nearby streaming). <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_NEARBY_COMMUNICATION" android:protectionLevel="internal|role" /> <!-- Allows an application to set policy related to <a href="https://www.threadgroup.org">Thread</a> network. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. @FlaggedApi("com.android.net.thread.platform.flags.thread_user_restriction_enabled") --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_THREAD_NETWORK" @@ -3720,6 +3893,8 @@ <!-- Allows an application to set policy related to sending assist content to a privileged app such as the Assistant app. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_ASSIST_CONTENT" android:protectionLevel="internal|role" /> @@ -3727,6 +3902,8 @@ <!-- Allows an application to set policy related to windows. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_WINDOWS" android:protectionLevel="internal|role" /> @@ -3734,6 +3911,8 @@ <!-- Allows an application to set policy related to locale. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_LOCALE" android:protectionLevel="internal|role" /> @@ -3741,6 +3920,8 @@ <!-- Allows an application to set policy related to autofill. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_AUTOFILL" android:protectionLevel="internal|role" /> @@ -3748,6 +3929,8 @@ <!-- Allows an application to set policy related to users. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_USERS" android:protectionLevel="internal|role" /> @@ -3755,6 +3938,8 @@ <!-- Allows an application to set policy related to certificates. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_CERTIFICATES" android:protectionLevel="internal|role" /> @@ -3762,6 +3947,8 @@ <!-- Allows an application to set policy related to override APNs. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_OVERRIDE_APN" android:protectionLevel="internal|role" /> @@ -3769,6 +3956,8 @@ <!-- Allows an application to set policy related to security logging. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_SECURITY_LOGGING" android:protectionLevel="internal|role" /> @@ -3783,6 +3972,8 @@ <!-- Allows an application to set policy related to system updates. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_SYSTEM_UPDATES" android:protectionLevel="internal|role" /> @@ -3790,6 +3981,8 @@ <!-- Allows an application query system updates. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_QUERY_SYSTEM_UPDATES" android:protectionLevel="internal|role" /> @@ -3797,6 +3990,8 @@ <!-- Allows an application to set policy related to private DNS. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_PRIVATE_DNS" android:protectionLevel="internal|role" /> @@ -3804,6 +3999,8 @@ <!-- Allows an application to set policy related to settings. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_SETTINGS" android:protectionLevel="internal|role" /> @@ -3811,17 +4008,24 @@ <!-- Allows an application to set policy related to network logging. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_NETWORK_LOGGING" android:protectionLevel="internal|role" /> - <!-- Allows an application to set policy related to usb data signalling.--> + <!-- Allows an application to set policy related to usb data signalling. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. + --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_USB_DATA_SIGNALLING" android:protectionLevel="internal|role" /> <!-- Allows an application to set policy related to suspending personal apps. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_SUSPEND_PERSONAL_APPS" android:protectionLevel="internal|role" /> @@ -3829,13 +4033,17 @@ <!-- Allows an application to set policy related to keeping uninstalled packages. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_KEEP_UNINSTALLED_PACKAGES" android:protectionLevel="internal|role" /> <!-- Allows an application to manage policy related to accessibility. - <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call - APIs protected by this permission on users different to the calling user. + <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to + call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_ACCESSIBILITY" android:protectionLevel="internal|role" /> @@ -3843,6 +4051,8 @@ <!-- Allows an application to manage policy related to common criteria mode. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_COMMON_CRITERIA_MODE" android:protectionLevel="internal|role" /> @@ -3850,6 +4060,8 @@ <!-- Allows an application to manage policy related to metered data. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_METERED_DATA" android:protectionLevel="internal|role" /> @@ -3857,6 +4069,8 @@ <!-- Allows an application to set a network-independent global HTTP proxy. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_PROXY" android:protectionLevel="internal|role" /> @@ -3864,6 +4078,8 @@ <!-- Allows an application to request bugreports with user consent. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_BUGREPORT" android:protectionLevel="internal|role" /> @@ -3871,6 +4087,8 @@ <!-- Allows an application to manage policy related to application user data. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_APP_USER_DATA" android:protectionLevel="internal|role" /> @@ -3879,6 +4097,8 @@ permission. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_LOCK" android:protectionLevel="internal|role" /> @@ -3894,6 +4114,8 @@ <!-- Allows an application to manage policy related to system apps. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_SYSTEM_APPS" android:protectionLevel="internal|role" /> @@ -3901,16 +4123,23 @@ <!-- Allows an application to manage policy related to wiping data. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is required to call APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_WIPE_DATA" android:protectionLevel="internal|role" /> <!-- Allows an application to manage policy related to the Memory Tagging Extension (MTE). + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_MTE" android:protectionLevel="internal|role" /> - <!-- Allows an application to manage policy related to device identifiers. --> + <!-- Allows an application to manage policy related to device identifiers. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. + --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_DEVICE_IDENTIFIERS" android:protectionLevel="internal|role" /> @@ -3921,46 +4150,62 @@ <permission android:name="android.permission.MANAGE_DEVICE_POLICY_CONTENT_PROTECTION" android:protectionLevel="internal|role" /> - <!-- Allows an application to manage policy related to executing app functions. + <!-- Allows an application to manage policy related to AppFunctions. <p>Protection level: internal|role @FlaggedApi(android.app.appfunctions.flags.Flags.FLAG_ENABLE_APP_FUNCTION_MANAGER) --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_APP_FUNCTIONS" - android:protectionLevel="internal|role" - android:featureFlag="android.app.appfunctions.flags.enable_app_function_manager" /> + android:featureFlag="android.app.appfunctions.flags.enable_app_function_manager" + android:protectionLevel="internal|role" /> <!-- Allows an application to set policy related to subscriptions downloaded by an admin. <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call - APIs protected by this permission on users different to the calling user. + APIs protected by this permission on users different to the calling user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_MANAGED_SUBSCRIPTIONS" android:protectionLevel="internal|role" /> - <!-- Allows an application to manage policy related to block package uninstallation. --> + <!-- Allows an application to manage policy related to block package uninstallation. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. + --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_BLOCK_UNINSTALL" android:protectionLevel="internal|role" /> - <!-- Allows an application to manage policy related to camera toggle. --> + <!-- Allows an application to manage policy related to camera toggle. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. + --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_CAMERA_TOGGLE" android:protectionLevel="internal|role" /> - <!-- Allows an application to manage policy related to microphone toggle. --> + <!-- Allows an application to manage policy related to microphone toggle. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. + --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_MICROPHONE_TOGGLE" android:protectionLevel="internal|role" /> <!-- Allows an application to set device policies outside the current user that are critical for securing data within the current user. <p>Holding this permission allows the use of other held MANAGE_DEVICE_POLICY_* - permissions across all users on the device provided they are required for securing data - within the current user.--> + permissions across all users on the device provided they are required for securing data + within the current user. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. + --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL" android:protectionLevel="internal|role" /> <!-- Allows an application to set device policies outside the current user that are required for securing device ownership without accessing user data. <p>Holding this permission allows the use of other held MANAGE_DEVICE_POLICY_* - permissions across all users on the device provided they do not grant access to user - data. --> + permissions across all users on the device provided they do not grant access to user data. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. + --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS" android:protectionLevel="internal|role" /> @@ -3968,7 +4213,10 @@ <p>Fuller form of {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} that removes the restriction on accessing user data. <p>Holding this permission allows the use of any other held MANAGE_DEVICE_POLICY_* - permissions across all users on the device.--> + permissions across all users on the device. + <p>Protection level: internal|role + <p>Intended for use by the DEVICE_POLICY_MANAGEMENT role only. + --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL" android:protectionLevel="internal|role" /> @@ -3987,19 +4235,24 @@ android:protectionLevel="signature|installer" /> <uses-permission android:name="android.permission.MANAGE_ENHANCED_CONFIRMATION_STATES" /> - <!-- Allows an application to toggle the device's advanced protection mode status. - @FlaggedApi("android.security.aapm_api") + <!-- Allows an application to modify the device's advanced protection mode status, and query + the list of enabled features + @FlaggedApi(android.security.Flags.FLAG_AAPM_API) @SystemApi @hide --> <permission android:name="android.permission.MANAGE_ADVANCED_PROTECTION_MODE" android:protectionLevel="signature|privileged" android:featureFlag="android.security.aapm_api"/> + <uses-permission android:name="android.permission.MANAGE_ADVANCED_PROTECTION_MODE" + android:featureFlag="android.security.aapm_api"/> <!-- Allows an application to query the device's advanced protection mode status. - @FlaggedApi("android.security.aapm_api") --> + @FlaggedApi(android.security.Flags.FLAG_AAPM_API) --> <permission android:name="android.permission.QUERY_ADVANCED_PROTECTION_MODE" android:protectionLevel="normal" android:featureFlag="android.security.aapm_api"/> + <uses-permission android:name="android.permission.QUERY_ADVANCED_PROTECTION_MODE" + android:featureFlag="android.security.aapm_api"/> <!-- Allows an application to read the state of the IntrusionDetectionService @FlaggedApi(android.security.Flags.FLAG_AFL_API) @@ -4175,62 +4428,6 @@ android:protectionLevel="signature" /> <!-- ================================== --> - <!-- Permissions associated with picture profiles and processing --> - <!-- ================================== --> - <eat-comment /> - - <!-- @FlaggedApi(android.media.tv.flags.Flags.apply_picture_profiles) - Allows an app to apply a {@link MediaQualityManager.PictureProfile} to a layer via - {@link MediaCodec.PARAMETER_KEY_PICTURE_PROFILE} and, additionally, system apps via - {@link SurfaceControl.Transaction#setPictureProfileHandle}. - --> - <permission android:name="android.permission.APPLY_PICTURE_PROFILE" - android:protectionLevel="normal" - android:featureFlag="android.media.tv.flags.apply_picture_profiles"/> - - <!-- @hide - Allows MediaQualityManager to observe any {@link MediaQualityManager.PictureProfile} - applied to any layer in the system by apps via - {@link MediaCodec.PARAMETER_KEY_PICTURE_PROFILE} and by system apps via - {@link SurfaceControl.Transaction#setPictureProfileHandle}. - --> - <permission android:name="android.permission.OBSERVE_PICTURE_PROFILES" - android:protectionLevel="signature|privileged" - android:featureFlag="android.media.tv.flags.apply_picture_profiles"/> - - <!-- - @SystemApi - @FlaggedApi("android.media.tv.flags.media_quality_fw") - Allows an application to access its picture profile from the media quality database. - <p> Protection level: signature|privileged|vendor privileged - @hide - --> - <permission android:name="android.permission.MANAGE_GLOBAL_PICTURE_QUALITY_SERVICE" - android:protectionLevel="signature|privileged|vendorPrivileged" - android:featureFlag="android.media.tv.flags.media_quality_fw"/> - - <!-- - @SystemApi - @FlaggedApi("android.media.tv.flags.media_quality_fw") - Allows an application to access its sound profile from the media quality database. - <p> Protection level: signature|privileged|vendor privileged - @hide - --> - <permission android:name="android.permission.MANAGE_GLOBAL_SOUND_QUALITY_SERVICE" - android:protectionLevel="signature|privileged|vendorPrivileged" - android:featureFlag="android.media.tv.flags.media_quality_fw"/> - - <!-- - @FlaggedApi(android.media.tv.flags.Flags.FLAG_MEDIA_QUALITY_FW) - Allows an application to read the aggregated color zones on the screen for use cases like - TV ambient backlight usages. - <p> Protection level: normal - --> - <permission android:name="android.permission.READ_COLOR_ZONES" - android:protectionLevel="normal" - android:featureFlag="android.media.tv.flags.media_quality_fw"/> - - <!-- ================================== --> <!-- Permissions affecting the display of other applications --> <!-- ================================== --> <eat-comment /> @@ -4356,15 +4553,15 @@ <permission android:name="android.permission.REQUEST_COMPANION_PROFILE_NEARBY_DEVICE_STREAMING" android:protectionLevel="signature|privileged" /> - <!-- Allows application to request to stream sensor data such as camera, audio and IMU between - an Android host and a nearby device + <!-- Allows application to request to stream content from an Android host to a nearby device ({@link android.companion.AssociationRequest#DEVICE_PROFILE_SENSOR_DEVICE_STREAMING}) by {@link android.companion.CompanionDeviceManager}. <p>Not for use by third-party applications. + @FlaggedApi(android.companion.virtualdevice.flags.Flags.FLAG_ENABLE_LIMITED_VDM_ROLE) --> <permission android:name="android.permission.REQUEST_COMPANION_PROFILE_SENSOR_DEVICE_STREAMING" android:protectionLevel="signature|privileged" - android:featureFlag="android.companion.virtualdevice.flags.enable_limited_vdm_role"/> + android:featureFlag="android.companion.virtualdevice.flags.enable_limited_vdm_role" /> <!-- Allows application to request to be associated with a vehicle head unit capable of automotive projection @@ -4423,7 +4620,7 @@ to enter PiP when the user leaves the app. This permission should only be used for certain PiP <a href="{@docRoot}training/tv/get-started/multitasking#usage-types">usage types</a>. - @FlaggedApi("android.app.enable_tv_implicit_enter_pip_restriction") + @FlaggedApi(android.app.Flags.FLAG_ENABLE_TV_IMPLICIT_ENTER_PIP_RESTRICTION) --> <permission android:name="android.permission.TV_IMPLICIT_ENTER_PIP" android:protectionLevel="normal" @@ -4891,7 +5088,7 @@ <permission android:name="android.permission.REQUEST_UNIQUE_ID_ATTESTATION" android:protectionLevel="signature" /> - <!-- Allows the caller to bind with Remote Key Provisioning service. + <!-- Allows an application to use the RemoteKeyProvisioningService. @hide --> <permission android:name="android.permission.BIND_RKP_SERVICE" android:protectionLevel="signature" /> @@ -5033,6 +5230,182 @@ android:protectionLevel="signature|privileged" /> <!-- ==================================== --> + <!-- Permissions for XR perception data --> + <!-- ==================================== --> + <eat-comment /> + + <!-- Used for permissions that are associated with accessing XR + tracked information about the person using the device and the + environment around them. + + @FlaggedApi(android.xr.Flags.FLAG_XR_MANIFEST_ENTRIES) --> + <permission-group android:name="android.permission-group.XR_TRACKING" + android:label="@string/permgrouplab_xr_tracking" + android:description="@string/permgroupdesc_xr_tracking" + android:priority="100" + android:featureFlag="android.xr.xr_manifest_entries" /> + + <!-- Allows an application to get approximate eye gaze. + + <p>Protection level: dangerous + + @FlaggedApi(android.xr.Flags.FLAG_XR_MANIFEST_ENTRIES) --> + <permission android:name="android.permission.EYE_TRACKING_COARSE" + android:protectionLevel="dangerous" + android:permissionGroup="android.permission-group.UNDEFINED" + android:label="@string/permlab_eye_tracking_coarse" + android:description="@string/permdesc_eye_tracking_coarse" + android:featureFlag="android.xr.xr_manifest_entries" /> + + <!-- Allows an application to get face tracking data. + + <p>Protection level: dangerous + + @FlaggedApi(android.xr.Flags.FLAG_XR_MANIFEST_ENTRIES) --> + <permission android:name="android.permission.FACE_TRACKING" + android:protectionLevel="dangerous" + android:permissionGroup="android.permission-group.UNDEFINED" + android:label="@string/permlab_face_tracking" + android:description="@string/permdesc_face_tracking" + android:featureFlag="android.xr.xr_manifest_entries" /> + + <!-- Allows an application to get hand tracking data. + + <p>Protection level: dangerous + + @FlaggedApi(android.xr.Flags.FLAG_XR_MANIFEST_ENTRIES) --> + <permission android:name="android.permission.HAND_TRACKING" + android:protectionLevel="dangerous" + android:permissionGroup="android.permission-group.UNDEFINED" + android:label="@string/permlab_hand_tracking" + android:description="@string/permdesc_hand_tracking" + android:featureFlag="android.xr.xr_manifest_entries" /> + + <!-- Allows an application to get data derived by sensing the + user's environment. + + <p>Protection level: dangerous + + @FlaggedApi(android.xr.Flags.FLAG_XR_MANIFEST_ENTRIES) --> + <permission android:name="android.permission.SCENE_UNDERSTANDING_COARSE" + android:protectionLevel="dangerous" + android:permissionGroup="android.permission-group.UNDEFINED" + android:description="@string/permdesc_scene_understanding_coarse" + android:label="@string/permlab_scene_understanding_coarse" + android:featureFlag="android.xr.xr_manifest_entries" /> + + <!-- Used for permissions that are associated with accessing + particularly sensitive XR tracking data. + + @FlaggedApi(android.xr.Flags.FLAG_XR_MANIFEST_ENTRIES) --> + <permission-group android:name="android.permission-group.XR_TRACKING_SENSITIVE" + android:label="@string/permgrouplab_xr_tracking_sensitive" + android:description="@string/permgroupdesc_xr_tracking_sensitive" + android:priority="100" + android:featureFlag="android.xr.xr_manifest_entries" /> + + <!-- Allows an application to get precise eye gaze data. + + <p>Protection level: dangerous + + @FlaggedApi(android.xr.Flags.FLAG_XR_MANIFEST_ENTRIES) --> + <permission android:name="android.permission.EYE_TRACKING_FINE" + android:protectionLevel="dangerous" + android:permissionGroup="android.permission-group.UNDEFINED" + android:label="@string/permlab_eye_tracking_fine" + android:description="@string/permdesc_eye_tracking_fine" + android:featureFlag="android.xr.xr_manifest_entries" /> + + <!-- Allows an application to get head tracking data. Unmanaged + activities (OpenXR activities with the manifest property + "android.window.PROPERTY_XR_ACTIVITY_START_MODE" set to + "XR_ACTIVITY_START_MODE_FULL_SPACE_UNMANAGED") do not require + this permission to get head tracking data. + + {@see https://developer.android.com/develop/xr/get-started#property_activity_xr_start_mode_property} + + <p>Protection level: dangerous + + @FlaggedApi(android.xr.Flags.FLAG_XR_MANIFEST_ENTRIES) --> + <permission android:name="android.permission.HEAD_TRACKING" + android:protectionLevel="dangerous" + android:permissionGroup="android.permission-group.UNDEFINED" + android:label="@string/permlab_head_tracking" + android:description="@string/permdesc_head_tracking" + android:featureFlag="android.xr.xr_manifest_entries" /> + + <!-- Allows an application to get highly precise data derived by sensing the + user's environment, such as a depth map. + + <p>Protection level: dangerous + + @FlaggedApi(android.xr.Flags.FLAG_XR_MANIFEST_ENTRIES) --> + <permission android:name="android.permission.SCENE_UNDERSTANDING_FINE" + android:protectionLevel="dangerous" + android:permissionGroup="android.permission-group.UNDEFINED" + android:description="@string/permdesc_scene_understanding_fine" + android:label="@string/permlab_scene_understanding_fine" + android:featureFlag="android.xr.xr_manifest_entries" /> + + <!-- Allows an application to trigger Eye Calibration, which + calibrates for IPD (inter-pupillary distance) adjustment and + eye tracking. + + <p>Protection level: signature|privileged + + @SystemApi + @FlaggedApi(android.xr.Flags.FLAG_XR_MANIFEST_ENTRIES) + @hide --> + <permission android:name="android.permission.EYE_CALIBRATION" + android:protectionLevel="signature|privileged" + android:featureFlag="android.xr.xr_manifest_entries" /> + + <!-- Allows an application to trigger Face Tracking Calibration. + + <p>Protection level: signature|privileged + + @SystemApi + @FlaggedApi(android.xr.Flags.FLAG_XR_MANIFEST_ENTRIES) + @hide --> + <permission android:name="android.permission.FACE_TRACKING_CALIBRATION" + android:protectionLevel="signature|privileged" + android:featureFlag="android.xr.xr_manifest_entries" /> + + <!-- Allows an application to import an anchor created and + exported by another application. + + <p>Protection level: signature|privileged + + @SystemApi + @FlaggedApi(android.xr.Flags.FLAG_XR_MANIFEST_ENTRIES) + @hide --> + <permission android:name="android.permission.IMPORT_XR_ANCHOR" + android:protectionLevel="signature|privileged" + android:featureFlag="android.xr.xr_manifest_entries" /> + + <!-- Allows an application to access XR tracking data while in the + background. Without this permission, XR tracking data such as + head tracking, hand tracking, eye tracking, or face tracking + is only available to an activity it is in the + foreground. With this permission, such data is also available + to services and to activities that are in the background. + + <p>This permission must be granted in addition to the + corresponding permission such as {@link #HEAD_TRACKING} or + {@link #FACE_TRACKING} for the data being accessed. + + <p>Protection level: normal|appop + + @SystemApi + @FlaggedApi(android.xr.Flags.FLAG_XR_MANIFEST_ENTRIES) + @hide --> + <permission android:name="android.permission.XR_TRACKING_IN_BACKGROUND" + android:protectionLevel="normal|appop" + android:description="@string/permdesc_xr_tracking_in_background" + android:label="@string/permlab_xr_tracking_in_background" + android:featureFlag="android.xr.xr_manifest_entries" /> + + <!-- ==================================== --> <!-- Private permissions --> <!-- ==================================== --> <eat-comment /> @@ -5209,10 +5582,9 @@ <permission android:name="android.permission.CHANGE_ACCESSIBILITY_VOLUME" android:protectionLevel="signature" /> - <!-- @FlaggedApi("com.android.server.accessibility.motion_event_observing") - @hide - @TestApi - Allows an accessibility service to observe motion events without consuming them. --> + <!-- @TestApi Allows an accessibility service to observe motion events + without consuming them. + @hide --> <permission android:name="android.permission.ACCESSIBILITY_MOTION_EVENT_OBSERVING" android:protectionLevel="signature" /> @@ -5457,17 +5829,17 @@ <p>Intended for use by ROLE_ASSISTANT, VDM, and signature apps only. --> <permission android:name="android.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE" - android:protectionLevel="signature|module|role" - android:featureFlag="!android.security.subscribe_to_keyguard_locked_state_perm_priv_flag"/> + android:protectionLevel="signature|module|role" + android:featureFlag="!android.security.subscribe_to_keyguard_locked_state_perm_priv_flag"/> <!-- Allows an application to subscribe to device locked and keyguard locked (i.e., showing) state. - <p>Protection level: signature|module|role|privileged + <p>Protection level: signature|privileged|module|role <p>Intended for use by ROLE_ASSISTANT, VDM, and signature / privileged apps only. --> <permission android:name="android.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE" - android:protectionLevel="signature|module|role|privileged" - android:featureFlag="android.security.subscribe_to_keyguard_locked_state_perm_priv_flag"/> + android:protectionLevel="signature|privileged|module|role" + android:featureFlag="android.security.subscribe_to_keyguard_locked_state_perm_priv_flag"/> <!-- Must be required by a {@link android.service.autofill.AutofillService}, to ensure that only the system can bind to it. @@ -5641,6 +6013,17 @@ <permission android:name="android.permission.BIND_TV_INPUT" android:protectionLevel="signature|privileged" /> + <!-- This permission is required among systems services to always keep the + binding with TvInputManagerService. + <p>This should only be used by the OEM TvInputService. + @FlaggedApi("android.media.tv.flags.tif_unbind_inactive_tis") + <p>Protection level: signature|privileged|vendorPrivileged + @hide + --> + <permission android:name="android.permission.ALWAYS_BOUND_TV_INPUT" + android:protectionLevel="signature|privileged|vendorPrivileged" + android:featureFlag="android.media.tv.flags.tif_unbind_inactive_tis"/> + <!-- Must be required by a {@link android.media.tv.interactive.TvInteractiveAppService} to ensure that only the system can bind to it. <p>Protection level: signature|privileged @@ -5698,15 +6081,6 @@ <permission android:name="android.permission.TUNER_RESOURCE_ACCESS" android:protectionLevel="signature|privileged|vendorPrivileged" /> - <!-- This permission is required among systems services to always keep the - binding with TvInputManagerService. - <p>Protection level: signature|privileged|vendorPrivileged - <p>This should only be used by the OEM TvInputService. - @hide --> - <permission android:name="android.permission.ALWAYS_BOUND_TV_INPUT" - android:protectionLevel="signature|privileged|vendorPrivileged" - android:featureFlag="android.media.tv.flags.tif_unbind_inactive_tis"/> - <!-- @SystemApi This permission is required by Media Resource Manager Service when system services create MediaCodecs on behalf of other processes and apps. <p>Protection level: signature|privileged|vendorPrivileged @@ -5755,17 +6129,6 @@ <permission android:name="android.permission.LOCK_DEVICE" android:protectionLevel="signature|privileged" /> - <!-- @SystemApi - @FlaggedApi(android.security.Flags.FLAG_SECURE_LOCKDOWN) - Allows an application to lock down the device into an enhanced security state. - <p>Not for use by third-party applications. - <p>Protection level: signature|privileged - @hide - --> - <permission android:name="android.permission.MANAGE_SECURE_LOCK_DEVICE" - android:protectionLevel="signature|privileged" - android:featureFlag="android.security.secure_lockdown" /> - <!-- @SystemApi Allows low-level access to setting the orientation (actually rotation) of the screen. <p>Not for use by third-party applications. @@ -6145,7 +6508,7 @@ <!-- Allows an application to subscribe to notifications about the nearby devices' presence status change base on the UUIDs. <p>Not for use by third-party applications.</p> - @FlaggedApi("android.companion.flags.device_presence") + @FlaggedApi("android.companion.device_presence") --> <permission android:name="android.permission.REQUEST_OBSERVE_DEVICE_UUID_PRESENCE" android:protectionLevel="signature|privileged" /> @@ -6158,8 +6521,7 @@ android:protectionLevel="normal" /> <!-- Allows an application to send and receive messages via CDM transports. - @hide - --> + @hide --> <permission android:name="android.permission.USE_COMPANION_TRANSPORTS" android:protectionLevel="signature" /> @@ -6377,10 +6739,10 @@ android:protectionLevel="signature|privileged|role" /> <!-- @SystemApi Allows an application to bypass concurrency restrictions while - recording audio. For example, apps with this permission can continue to record - while a voice call is active.</p> - @FlaggedApi(android.media.audio.Flags.FLAG_CONCURRENT_AUDIO_RECORD_BYPASS_PERMISSION) - @hide --> + recording audio. For example, apps with this permission can continue to record + while a voice call is active.</p> + @FlaggedApi(android.media.audio.Flags.FLAG_CONCURRENT_AUDIO_RECORD_BYPASS_PERMISSION) + @hide --> <permission android:name="android.permission.BYPASS_CONCURRENT_RECORD_AUDIO_RESTRICTION" android:featureFlag="android.media.audio.concurrent_audio_record_bypass_permission" android:protectionLevel="signature|privileged" /> @@ -7071,9 +7433,8 @@ android:protectionLevel="signature" /> <!-- Allows an application to set the advanced features on BiometricDialog (SystemUI), including - logo, logo description. + logo, logo description, and content view with more options button. <p>Not for use by third-party applications. - @FlaggedApi("android.hardware.biometrics.custom_biometric_prompt") --> <permission android:name="android.permission.SET_BIOMETRIC_DIALOG_ADVANCED" android:protectionLevel="signature|privileged" /> @@ -7503,9 +7864,9 @@ <permission android:name="android.permission.ACCESS_SMARTSPACE" android:protectionLevel="signature|privileged|development" /> - <!-- @SystemApi Allows an application to access the contextual search - service as a client. - @hide <p>Not for use by third-party applications.</p> --> + <!-- @SystemApi Allows an application to start a contextual search. + @FlaggedApi("android.app.contextualsearch.flags.enable_service") + @hide <p>Not for use by third-party applications.</p> --> <permission android:name="android.permission.ACCESS_CONTEXTUAL_SEARCH" android:protectionLevel="signature|privileged" android:featureFlag="android.app.contextualsearch.flags.enable_service"/> @@ -7722,7 +8083,8 @@ <permission android:name="android.permission.BIND_CARRIER_MESSAGING_CLIENT_SERVICE" android:protectionLevel="signature" /> - <!-- Must be required by an {@link android.service.watchdog.ExplicitHealthCheckService} to + <!-- @FlaggedApi(android.crashrecovery.flags.Flags.FLAG_ENABLE_CRASHRECOVERY) @SystemApi + Must be required by an {@link android.service.watchdog.ExplicitHealthCheckService} to ensure that only the system can bind to it. @hide This is not a third-party API (intended for OEMs and system apps). --> @@ -7848,7 +8210,7 @@ <!-- @SystemApi Allows an application to access shared libraries. @hide --> <permission android:name="android.permission.ACCESS_SHARED_LIBRARIES" - android:protectionLevel="signature|installer|role" + android:protectionLevel="signature|installer|role" android:featureFlag="android.content.pm.sdk_dependency_installer" /> <!-- @SystemApi Permission held by the system to allow binding to the dependency installer role @@ -7942,8 +8304,6 @@ android:protectionLevel="signature|role"/> <!-- Allows an application to create displays that mirror other displays' content. - <p>Not for use by third-party applications. - <p>Protection level: internal|role @FlaggedApi(android.companion.virtualdevice.flags.Flags.FLAG_ENABLE_LIMITED_VDM_ROLE) @hide @SystemApi --> <permission android:name="android.permission.ADD_MIRROR_DISPLAY" @@ -8127,12 +8487,8 @@ <!-- Allows an application to perform actions on behalf of users inside of applications. <p>This permission is currently only granted to privileged system apps. - <p>Apps contributing app functions can opt to disallow callers with this permission, - limiting to only callers with {@link android.permission.EXECUTE_APP_FUNCTIONS_TRUSTED} - instead. - <p>Protection level: internal|role - @hide - @FlaggedApi(android.app.appfunctions.flags.Flags.FLAG_ENABLE_APP_FUNCTION_MANAGER) --> + <p>Protection level: internal|privileged + @FlaggedApi(android.app.appfunctions.flags.Flags.FLAG_ENABLE_APP_FUNCTION_MANAGER) --> <permission android:name="android.permission.EXECUTE_APP_FUNCTIONS" android:featureFlag="android.app.appfunctions.flags.enable_app_function_manager" android:protectionLevel="internal|privileged" /> @@ -8259,7 +8615,7 @@ <permission android:name="android.permission.MONITOR_STICKY_MODIFIER_STATE" android:protectionLevel="signature" /> - <!-- Allows low-level access to manage key gestures + <!-- Allows low-level access to manage key gestures. <p>Not for use by third-party applications. @hide --> <permission android:name="android.permission.MANAGE_KEY_GESTURES" @@ -8271,8 +8627,8 @@ <p>Protection level: signature @hide --> <permission android:name="android.permission.LISTEN_FOR_KEY_ACTIVITY" - android:protectionLevel="signature" - android:featureFlag="com.android.hardware.input.key_event_activity_detection"/> + android:protectionLevel="signature" + android:featureFlag="com.android.hardware.input.key_event_activity_detection" /> <uses-permission android:name="android.permission.HANDLE_QUERY_PACKAGE_RESTART" /> @@ -8494,16 +8850,8 @@ <permission android:name="android.permission.OVERRIDE_SYSTEM_KEY_BEHAVIOR_IN_FOCUSED_WINDOW" android:protectionLevel="signature|privileged" /> - <!-- Allows internal applications to restrict display modes - <p>Protection level: signature - @FlaggedApi("com.android.server.display.feature.flags.enable_restrict_display_modes") - @hide - --> - <permission android:name="android.permission.RESTRICT_DISPLAY_MODES" - android:protectionLevel="signature" /> - <!-- @hide @SystemApi - @FlaggedApi("com.android.server.notification.flags.redact_otp_notifications_from_untrusted_listeners") + @FlaggedApi("android.view.flags.sensitive_content_app_protection_api") Allows apps with a NotificationListenerService to receive notifications with sensitive information <p>Apps with a NotificationListenerService without this permission will not be able @@ -8543,6 +8891,14 @@ <permission android:name="android.permission.EMERGENCY_INSTALL_PACKAGES" android:protectionLevel="signature|privileged"/> + <!-- Allows internal applications to restrict display modes + <p>Not for use by third-party applications. + <p>Protection level: signature + @hide + --> + <permission android:name="android.permission.RESTRICT_DISPLAY_MODES" + android:protectionLevel="signature" /> + <!-- Allows internal applications to override screen timeout temporarily <p>Protection level: signature <p>Not for use by third-party applications. @@ -8561,9 +8917,38 @@ <permission android:name="android.permission.SETUP_FSVERITY" android:protectionLevel="signature|privileged"/> + <!-- @SystemApi + @FlaggedApi(android.security.Flags.FLAG_SECURE_LOCKDOWN) + Allows an application to lock down the device into an enhanced security state. + <p>Not for use by third-party applications. + <p>Protection level: signature|privileged + @hide + --> + <permission android:name="android.permission.MANAGE_SECURE_LOCK_DEVICE" + android:protectionLevel="signature|privileged" + android:featureFlag="android.security.secure_lockdown" /> + + <!-- Allows app to enter trade-in-mode. + <p>Protection level: signature + @hide + --> + <permission android:name="android.permission.ENTER_TRADE_IN_MODE" + android:protectionLevel="signature|privileged" + android:featureFlag="com.android.tradeinmode.flags.enable_trade_in_mode" /> + + <!-- @SystemApi + @FlaggedApi(com.android.art.flags.Flags.FLAG_EXECUTABLE_METHOD_FILE_OFFSETS) + Ability to read program metadata and attach dynamic instrumentation. + <p>Protection level: signature + @hide + --> + <permission android:name="android.permission.DYNAMIC_INSTRUMENTATION" + android:protectionLevel="signature" + android:featureFlag="com.android.art.flags.executable_method_file_offsets" /> + <!-- @SystemApi - @FlaggedApi("android.content.pm.uid_based_provider_lookup") + @FlaggedApi(android.content.pm.Flags.FLAG_UID_BASED_PROVIDER_LOOKUP) Allows an app to resolve components (e.g ContentProviders) on behalf of other UIDs <p>Protection level: signature|privileged @@ -8572,7 +8957,8 @@ <permission android:name="android.permission.RESOLVE_COMPONENT_FOR_UID" android:protectionLevel="signature|privileged" - android:featureFlag="android.content.pm.uid_based_provider_lookup"/> + android:featureFlag="android.content.pm.uid_based_provider_lookup" /> + <uses-permission android:name="android.permission.RESOLVE_COMPONENT_FOR_UID" /> <!-- @TestApi @@ -8585,24 +8971,6 @@ <permission android:name="android.permission.RESERVED_FOR_TESTING_SIGNATURE" android:protectionLevel="signature"/> - <!-- Allows app to enter trade-in-mode. - <p>Protection level: signature|privileged - @hide - --> - <permission android:name="android.permission.ENTER_TRADE_IN_MODE" - android:protectionLevel="signature|privileged" - android:featureFlag="com.android.tradeinmode.flags.enable_trade_in_mode" /> - - <!-- @SystemApi - @FlaggedApi(com.android.art.flags.Flags.FLAG_EXECUTABLE_METHOD_FILE_OFFSETS) - Ability to read program metadata and attach dynamic instrumentation. - <p>Protection level: signature - @hide - --> - <permission android:name="android.permission.DYNAMIC_INSTRUMENTATION" - android:protectionLevel="signature" - android:featureFlag="com.android.art.flags.executable_method_file_offsets" /> - <!-- @SystemApi @FlaggedApi("android.media.tv.flags.kids_mode_tvdb_sharing") This permission is required when accessing information related to @@ -8679,7 +9047,7 @@ </activity> <activity android:name="com.android.internal.accessibility.dialog.AccessibilityButtonChooserActivity" android:exported="false" - android:theme="@style/Theme.DeviceDefault.Resolver" + android:theme="@style/AccessibilityButtonChooserDialog" android:finishOnCloseSystemDialogs="true" android:excludeFromRecents="true" android:documentLaunchMode="never" @@ -8783,7 +9151,7 @@ <activity android:name="android.accounts.GrantCredentialsPermissionActivity" android:excludeFromRecents="true" android:exported="true" - android:theme="@style/Theme.DeviceDefault.Light.DialogWhenLarge" + android:theme="@style/GrantCredentialsPermissionActivity" android:process=":ui" android:visibleToInstantApps="true"> </activity> @@ -8859,9 +9227,11 @@ android:process=":ui"> </activity> + <!-- BlockedAppStreamingActivity is launched as the system user. --> <activity android:name="com.android.internal.app.BlockedAppStreamingActivity" android:theme="@style/Theme.Dialog.Confirmation" android:excludeFromRecents="true" + android:showForAllUsers="true" android:process=":ui"> </activity> @@ -9053,6 +9423,11 @@ android:permission="android.permission.BIND_JOB_SERVICE" > </service> + <service android:name="com.android.server.memory.ZramMaintenance" + android:exported="false" + android:permission="android.permission.BIND_JOB_SERVICE" > + </service> + <service android:name="com.android.server.ZramWriteback" android:exported="false" android:permission="android.permission.BIND_JOB_SERVICE" > @@ -9207,22 +9582,23 @@ android:permission="android.permission.BIND_JOB_SERVICE" > </service> - <service android:name="android.app.ecm.EnhancedConfirmationCallTrackerService" - android:permission="android.permission.BIND_INCALL_SERVICE" - android:featureFlag="android.permission.flags.enhanced_confirmation_in_call_apis_enabled" - android:exported="true"> + <service android:name="com.android.server.companion.datatransfer.contextsync.CallMetadataSyncInCallService" + android:permission="android.permission.BIND_INCALL_SERVICE" + android:enabled="@bool/config_enableContextSyncInCall" + android:exported="true"> <meta-data android:name="android.telecom.INCLUDE_SELF_MANAGED_CALLS" - android:value="true" /> + android:value="true" /> <intent-filter> <action android:name="android.telecom.InCallService"/> </intent-filter> </service> - <service android:name="com.android.server.companion.datatransfer.contextsync.CallMetadataSyncInCallService" - android:permission="android.permission.BIND_INCALL_SERVICE" - android:exported="true"> + <service android:name="com.android.ecm.EnhancedConfirmationCallTrackerService" + android:permission="android.permission.BIND_INCALL_SERVICE" + android:featureFlag="android.permission.flags.enhanced_confirmation_in_call_apis_enabled" + android:exported="true"> <meta-data android:name="android.telecom.INCLUDE_SELF_MANAGED_CALLS" - android:value="true" /> + android:value="true" /> <intent-filter> <action android:name="android.telecom.InCallService"/> </intent-filter> |