[GitHub/Stricted/sm-g903f-system.git] / etc / permissions / platform.xml

<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (C) 2008 The Android Open Source Project

     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
     You may obtain a copy of the License at
  
          http://www.apache.org/licenses/LICENSE-2.0
  
     Unless required by applicable law or agreed to in writing, software
     distributed under the License is distributed on an "AS IS" BASIS,
     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     See the License for the specific language governing permissions and
     limitations under the License.
-->

<!-- This file is used to define the mappings between lower-level system
     user and group IDs and the higher-level permission names managed
     by the platform.

     Be VERY careful when editing this file!  Mistakes made here can open
     big security holes.
-->
<permissions>

    <!-- ================================================================== -->
    <!-- ================================================================== -->
    <!-- ================================================================== -->

    <!-- The following tags are associating low-level group IDs with
         permission names.  By specifying such a mapping, you are saying
         that any application process granted the given permission will
         also be running with the given group ID attached to its process,
         so it can perform any filesystem (read, write, execute) operations
         allowed for that group. -->

    <permission name="android.permission.BLUETOOTH_ADMIN" >
        <group gid="net_bt_admin" />
    </permission>

    <permission name="android.permission.BLUETOOTH" >
        <group gid="net_bt" />
    </permission>

    <permission name="android.permission.BLUETOOTH_STACK" >
        <group gid="net_bt_stack" />
    </permission>

    <permission name="android.permission.NET_TUNNELING" >
        <group gid="vpn" />
    </permission>

    <permission name="com.sec.android.SYSTEM_FILE_ACCESS" >
        <group gid="system_access" />
    </permission>

    <permission name="android.permission.INTERNET" >
        <group gid="inet" />
    </permission>
    
    <permission name="android.permission.READ_LOGS" >
        <group gid="log" />
    </permission>

    <permission name="android.permission.WRITE_MEDIA_STORAGE" >
        <group gid="media_rw" />
        <group gid="sdcard_rw" />
    </permission>

    <permission name="android.permission.ACCESS_MTP" >
        <group gid="mtp" />
    </permission>

    <permission name="android.permission.NET_ADMIN" >
        <group gid="net_admin" />
    </permission>

    <!-- The group that /cache belongs to, linked to the permission
         set on the applications that can access /cache -->
    <permission name="android.permission.ACCESS_CACHE_FILESYSTEM" >
        <group gid="cache" />
    </permission>

    <!-- RW permissions to any system resources owned by group 'diag'.
         This is for carrier and manufacture diagnostics tools that must be
         installable from the framework. Be careful. -->
    <permission name="android.permission.DIAGNOSTIC" >
        <group gid="input" />
        <group gid="diag" />
    </permission>

    <!-- Group that can read detailed network usage statistics -->
    <permission name="android.permission.READ_NETWORK_USAGE_HISTORY">
        <group gid="net_bw_stats" />
    </permission>

    <!-- Group that can modify how network statistics are accounted -->
    <permission name="android.permission.MODIFY_NETWORK_ACCOUNTING">
        <group gid="net_bw_acct" />
    </permission>

    <permission name="android.permission.LOOP_RADIO" >
        <group gid="loop_radio" />
    </permission>
  
    <!-- Hotword training apps sometimes need a GID to talk with low-level
         hardware; give them audio for now until full HAL support is added. -->
    <permission name="android.permission.MANAGE_VOICE_KEYPHRASES">
        <group gid="audio" />
    </permission>

    <permission name="android.permission.ACCESS_FM_RADIO" >
        <group gid="media" />
    </permission>
    
    <!-- The group that releated with VPN -->
    <permission name="com.sec.android.SAMSUNG_MODIFY_ROUTE" >
        <group gid="net_admin" />
    </permission>

    <permission name="com.sec.android.SAMSUNG_TUNTAP" >
        <group gid="vpn" />
    </permission>

    <permission name="com.sec.android.SAMSUNG_MODIFY_IPTABLES" >
        <group gid="net_raw" />
    </permission>

   <!-- The group that releated with URL -->
    <permission name="com.sec.android.SAMSUNG_GET_URL" >
        <group gid="secnetfilter" />
    </permission>

	<!-- Group that can use gscaler -->
    <permission name="com.sec.android.permission.USE_GSCALER" >
        <group gid="graphics" />
    </permission>
	
    <!-- Except for SysScope, DO NOT USE this permission. -->
    <permission name="com.sec.android.app.sysscope.permission.ACCESS_SYSTEM_INFO_SYSSCOPE_ONLY" >
        <group gid="radio" />
    </permission>

    <!-- ================================================================== -->
    <!-- ================================================================== -->
    <!-- ================================================================== -->

    <!-- The following tags are assigning high-level permissions to specific
         user IDs.  These are used to allow specific core system users to
         perform the given operations with the higher-level framework.  For
         example, we give a wide variety of permissions to the shell user
         since that is the user the adb shell runs under and developers and
         others should have a fairly open environment in which to
         interact with the system. -->

    <assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="media" />
    <assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="media" />
    <assign-permission name="android.permission.WAKE_LOCK" uid="media" />
    <assign-permission name="android.permission.UPDATE_DEVICE_STATS" uid="media" />
    <assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="media" />
    <assign-permission name="com.samsung.permission.HRM_EXT" uid="media" />
    <assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="graphics" />

    <!-- This is a list of all the libraries available for application
         code to link against. -->

    <library name="android.test.runner"
            file="/system/framework/android.test.runner.jar" />
    <library name="javax.obex"
            file="/system/framework/javax.obex.jar" />
   <!-- <library name="javax.btobex"
            file="/system/framework/javax.btobex.jar"/> -->
    <library name="org.apache.http.legacy"
            file="/system/framework/org.apache.http.legacy.jar" />

    <!-- These are the standard packages that are white-listed to always have internet
         access while in power save mode, even if they aren't in the foreground. -->
    <allow-in-power-save-except-idle package="com.android.providers.downloads" />
	
		<!-- Weather -->
		<allow-in-power-save-except-idle package="com.sec.android.daemonapp" />
    <!-- People Edge -->
    <allow-in-power-save-except-idle package="com.samsung.android.service.peoplestripe" />	
    <!-- Catch Favorites (edge) -->
    <allow-in-power-save-except-idle package="com.samsung.android.widgetapp.yahooedge" />
    <allow-in-power-save-except-idle package="com.samsung.android.widgetapp.newscafeedge" />
    <allow-in-power-save-except-idle package="com.samsung.android.widgetapp.daumedge" />
    <allow-in-power-save-except-idle package="com.samsung.android.widgetapp.sinaedge" />
    <allow-in-power-save-except-idle package="com.samsung.android.app.catchfavorites" />
    <!-- Naver (edge) -->
    <allow-in-power-save-except-idle package="com.samsung.android.app.naver" />
    <!-- QuickTools (edge) -->
    <allow-in-power-save-except-idle package="com.sec.android.app.quicktool" />
    
    <!-- Enterprise / KNOX License Managent -->
    <allow-in-power-save-except-idle package="com.samsung.klmsagent" />
    <allow-in-power-save-except-idle package="com.sec.enterprise.knox.cloudmdm.smdms" />
</permissions>
Commit	Line	Data
83dc35bd S	1	<?xml version="1.0" encoding="utf-8"?>
	2	<!-- Copyright (C) 2008 The Android Open Source Project
	3
	4	Licensed under the Apache License, Version 2.0 (the "License");
	5	you may not use this file except in compliance with the License.
	6	You may obtain a copy of the License at
	7
	8	http://www.apache.org/licenses/LICENSE-2.0
	9
	10	Unless required by applicable law or agreed to in writing, software
	11	distributed under the License is distributed on an "AS IS" BASIS,
	12	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	13	See the License for the specific language governing permissions and
	14	limitations under the License.
	15	-->
	16
	17	<!-- This file is used to define the mappings between lower-level system
	18	user and group IDs and the higher-level permission names managed
	19	by the platform.
	20
	21	Be VERY careful when editing this file! Mistakes made here can open
	22	big security holes.
	23	-->
	24	<permissions>
	25
	26	<!-- ================================================================== -->
	27	<!-- ================================================================== -->
	28	<!-- ================================================================== -->
	29
	30	<!-- The following tags are associating low-level group IDs with
	31	permission names. By specifying such a mapping, you are saying
	32	that any application process granted the given permission will
	33	also be running with the given group ID attached to its process,
	34	so it can perform any filesystem (read, write, execute) operations
	35	allowed for that group. -->
	36
	37	<permission name="android.permission.BLUETOOTH_ADMIN" >
	38	<group gid="net_bt_admin" />
	39	</permission>
	40
	41	<permission name="android.permission.BLUETOOTH" >
	42	<group gid="net_bt" />
	43	</permission>
	44
	45	<permission name="android.permission.BLUETOOTH_STACK" >
	46	<group gid="net_bt_stack" />
	47	</permission>
	48
	49	<permission name="android.permission.NET_TUNNELING" >
	50	<group gid="vpn" />
	51	</permission>
	52
	53	<permission name="com.sec.android.SYSTEM_FILE_ACCESS" >
	54	<group gid="system_access" />
	55	</permission>
	56
	57	<permission name="android.permission.INTERNET" >
	58	<group gid="inet" />
	59	</permission>
	60
	61	<permission name="android.permission.READ_LOGS" >
	62	<group gid="log" />
	63	</permission>
	64
65	<permission name="android.permission.WRITE_MEDIA_STORAGE" >
66	<group gid="media_rw" />
67	<group gid="sdcard_rw" />
68	</permission>
69
70	<permission name="android.permission.ACCESS_MTP" >
71	<group gid="mtp" />
72	</permission>
73
74	<permission name="android.permission.NET_ADMIN" >
75	<group gid="net_admin" />
76	</permission>
77
78	<!-- The group that /cache belongs to, linked to the permission
79	set on the applications that can access /cache -->
80	<permission name="android.permission.ACCESS_CACHE_FILESYSTEM" >
81	<group gid="cache" />
82	</permission>
83
84	<!-- RW permissions to any system resources owned by group 'diag'.
85	This is for carrier and manufacture diagnostics tools that must be
86	installable from the framework. Be careful. -->
87	<permission name="android.permission.DIAGNOSTIC" >
88	<group gid="input" />
89	<group gid="diag" />
90	</permission>
91
92	<!-- Group that can read detailed network usage statistics -->
93	<permission name="android.permission.READ_NETWORK_USAGE_HISTORY">
94	<group gid="net_bw_stats" />
95	</permission>
96
97	<!-- Group that can modify how network statistics are accounted -->
98	<permission name="android.permission.MODIFY_NETWORK_ACCOUNTING">
99	<group gid="net_bw_acct" />
100	</permission>
101
102	<permission name="android.permission.LOOP_RADIO" >
103	<group gid="loop_radio" />
104	</permission>
105
106	<!-- Hotword training apps sometimes need a GID to talk with low-level
107	hardware; give them audio for now until full HAL support is added. -->
108	<permission name="android.permission.MANAGE_VOICE_KEYPHRASES">
109	<group gid="audio" />
110	</permission>
111
112	<permission name="android.permission.ACCESS_FM_RADIO" >
113	<group gid="media" />
114	</permission>
115
116	<!-- The group that releated with VPN -->
117	<permission name="com.sec.android.SAMSUNG_MODIFY_ROUTE" >
118	<group gid="net_admin" />
119	</permission>
120
121	<permission name="com.sec.android.SAMSUNG_TUNTAP" >
122	<group gid="vpn" />
123	</permission>
124
125	<permission name="com.sec.android.SAMSUNG_MODIFY_IPTABLES" >
126	<group gid="net_raw" />
127	</permission>
128
129	<!-- The group that releated with URL -->
130	<permission name="com.sec.android.SAMSUNG_GET_URL" >
131	<group gid="secnetfilter" />
132	</permission>
133
134	<!-- Group that can use gscaler -->
135	<permission name="com.sec.android.permission.USE_GSCALER" >
136	<group gid="graphics" />
137	</permission>
138
139	<!-- Except for SysScope, DO NOT USE this permission. -->
140	<permission name="com.sec.android.app.sysscope.permission.ACCESS_SYSTEM_INFO_SYSSCOPE_ONLY" >
141	<group gid="radio" />
142	</permission>
143
144	<!-- ================================================================== -->
145	<!-- ================================================================== -->
146	<!-- ================================================================== -->
147
148	<!-- The following tags are assigning high-level permissions to specific
149	user IDs. These are used to allow specific core system users to
150	perform the given operations with the higher-level framework. For
151	example, we give a wide variety of permissions to the shell user
152	since that is the user the adb shell runs under and developers and
153	others should have a fairly open environment in which to
154	interact with the system. -->
155
156	<assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="media" />
157	<assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="media" />
158	<assign-permission name="android.permission.WAKE_LOCK" uid="media" />
159	<assign-permission name="android.permission.UPDATE_DEVICE_STATS" uid="media" />
160	<assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="media" />
161	<assign-permission name="com.samsung.permission.HRM_EXT" uid="media" />
162	<assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="graphics" />
163
164	<!-- This is a list of all the libraries available for application
165	code to link against. -->
166
167	<library name="android.test.runner"
168	file="/system/framework/android.test.runner.jar" />
169	<library name="javax.obex"
170	file="/system/framework/javax.obex.jar" />
171	<!-- <library name="javax.btobex"
172	file="/system/framework/javax.btobex.jar"/> -->
173	<library name="org.apache.http.legacy"
174	file="/system/framework/org.apache.http.legacy.jar" />
175
176	<!-- These are the standard packages that are white-listed to always have internet
177	access while in power save mode, even if they aren't in the foreground. -->
178	<allow-in-power-save-except-idle package="com.android.providers.downloads" />
179
180	<!-- Weather -->
181	<allow-in-power-save-except-idle package="com.sec.android.daemonapp" />
182	<!-- People Edge -->
183	<allow-in-power-save-except-idle package="com.samsung.android.service.peoplestripe" />
184	<!-- Catch Favorites (edge) -->
185	<allow-in-power-save-except-idle package="com.samsung.android.widgetapp.yahooedge" />
186	<allow-in-power-save-except-idle package="com.samsung.android.widgetapp.newscafeedge" />
187	<allow-in-power-save-except-idle package="com.samsung.android.widgetapp.daumedge" />
188	<allow-in-power-save-except-idle package="com.samsung.android.widgetapp.sinaedge" />
189	<allow-in-power-save-except-idle package="com.samsung.android.app.catchfavorites" />
190	<!-- Naver (edge) -->
191	<allow-in-power-save-except-idle package="com.samsung.android.app.naver" />
192	<!-- QuickTools (edge) -->
193	<allow-in-power-save-except-idle package="com.sec.android.app.quicktool" />
194
195	<!-- Enterprise / KNOX License Managent -->
196	<allow-in-power-save-except-idle package="com.samsung.klmsagent" />
197	<allow-in-power-save-except-idle package="com.sec.enterprise.knox.cloudmdm.smdms" />
198	</permissions>