Commit | Line | Data |
---|---|---|
83dc35bd S |
1 | <?xml version="1.0" encoding="utf-8"?> |
2 | <!-- Copyright (C) 2008 The Android Open Source Project | |
3 | ||
4 | Licensed under the Apache License, Version 2.0 (the "License"); | |
5 | you may not use this file except in compliance with the License. | |
6 | You may obtain a copy of the License at | |
7 | ||
8 | http://www.apache.org/licenses/LICENSE-2.0 | |
9 | ||
10 | Unless required by applicable law or agreed to in writing, software | |
11 | distributed under the License is distributed on an "AS IS" BASIS, | |
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
13 | See the License for the specific language governing permissions and | |
14 | limitations under the License. | |
15 | --> | |
16 | ||
17 | <!-- This file is used to define the mappings between lower-level system | |
18 | user and group IDs and the higher-level permission names managed | |
19 | by the platform. | |
20 | ||
21 | Be VERY careful when editing this file! Mistakes made here can open | |
22 | big security holes. | |
23 | --> | |
24 | <permissions> | |
25 | ||
26 | <!-- ================================================================== --> | |
27 | <!-- ================================================================== --> | |
28 | <!-- ================================================================== --> | |
29 | ||
30 | <!-- The following tags are associating low-level group IDs with | |
31 | permission names. By specifying such a mapping, you are saying | |
32 | that any application process granted the given permission will | |
33 | also be running with the given group ID attached to its process, | |
34 | so it can perform any filesystem (read, write, execute) operations | |
35 | allowed for that group. --> | |
36 | ||
37 | <permission name="android.permission.BLUETOOTH_ADMIN" > | |
38 | <group gid="net_bt_admin" /> | |
39 | </permission> | |
40 | ||
41 | <permission name="android.permission.BLUETOOTH" > | |
42 | <group gid="net_bt" /> | |
43 | </permission> | |
44 | ||
45 | <permission name="android.permission.BLUETOOTH_STACK" > | |
46 | <group gid="net_bt_stack" /> | |
47 | </permission> | |
48 | ||
49 | <permission name="android.permission.NET_TUNNELING" > | |
50 | <group gid="vpn" /> | |
51 | </permission> | |
52 | ||
53 | <permission name="com.sec.android.SYSTEM_FILE_ACCESS" > | |
54 | <group gid="system_access" /> | |
55 | </permission> | |
56 | ||
57 | <permission name="android.permission.INTERNET" > | |
58 | <group gid="inet" /> | |
59 | </permission> | |
60 | ||
61 | <permission name="android.permission.READ_LOGS" > | |
62 | <group gid="log" /> | |
63 | </permission> | |
64 | ||
65 | <permission name="android.permission.WRITE_MEDIA_STORAGE" > | |
66 | <group gid="media_rw" /> | |
67 | <group gid="sdcard_rw" /> | |
68 | </permission> | |
69 | ||
70 | <permission name="android.permission.ACCESS_MTP" > | |
71 | <group gid="mtp" /> | |
72 | </permission> | |
73 | ||
74 | <permission name="android.permission.NET_ADMIN" > | |
75 | <group gid="net_admin" /> | |
76 | </permission> | |
77 | ||
78 | <!-- The group that /cache belongs to, linked to the permission | |
79 | set on the applications that can access /cache --> | |
80 | <permission name="android.permission.ACCESS_CACHE_FILESYSTEM" > | |
81 | <group gid="cache" /> | |
82 | </permission> | |
83 | ||
84 | <!-- RW permissions to any system resources owned by group 'diag'. | |
85 | This is for carrier and manufacture diagnostics tools that must be | |
86 | installable from the framework. Be careful. --> | |
87 | <permission name="android.permission.DIAGNOSTIC" > | |
88 | <group gid="input" /> | |
89 | <group gid="diag" /> | |
90 | </permission> | |
91 | ||
92 | <!-- Group that can read detailed network usage statistics --> | |
93 | <permission name="android.permission.READ_NETWORK_USAGE_HISTORY"> | |
94 | <group gid="net_bw_stats" /> | |
95 | </permission> | |
96 | ||
97 | <!-- Group that can modify how network statistics are accounted --> | |
98 | <permission name="android.permission.MODIFY_NETWORK_ACCOUNTING"> | |
99 | <group gid="net_bw_acct" /> | |
100 | </permission> | |
101 | ||
102 | <permission name="android.permission.LOOP_RADIO" > | |
103 | <group gid="loop_radio" /> | |
104 | </permission> | |
105 | ||
106 | <!-- Hotword training apps sometimes need a GID to talk with low-level | |
107 | hardware; give them audio for now until full HAL support is added. --> | |
108 | <permission name="android.permission.MANAGE_VOICE_KEYPHRASES"> | |
109 | <group gid="audio" /> | |
110 | </permission> | |
111 | ||
112 | <permission name="android.permission.ACCESS_FM_RADIO" > | |
113 | <group gid="media" /> | |
114 | </permission> | |
115 | ||
116 | <!-- The group that releated with VPN --> | |
117 | <permission name="com.sec.android.SAMSUNG_MODIFY_ROUTE" > | |
118 | <group gid="net_admin" /> | |
119 | </permission> | |
120 | ||
121 | <permission name="com.sec.android.SAMSUNG_TUNTAP" > | |
122 | <group gid="vpn" /> | |
123 | </permission> | |
124 | ||
125 | <permission name="com.sec.android.SAMSUNG_MODIFY_IPTABLES" > | |
126 | <group gid="net_raw" /> | |
127 | </permission> | |
128 | ||
129 | <!-- The group that releated with URL --> | |
130 | <permission name="com.sec.android.SAMSUNG_GET_URL" > | |
131 | <group gid="secnetfilter" /> | |
132 | </permission> | |
133 | ||
134 | <!-- Group that can use gscaler --> | |
135 | <permission name="com.sec.android.permission.USE_GSCALER" > | |
136 | <group gid="graphics" /> | |
137 | </permission> | |
138 | ||
139 | <!-- Except for SysScope, DO NOT USE this permission. --> | |
140 | <permission name="com.sec.android.app.sysscope.permission.ACCESS_SYSTEM_INFO_SYSSCOPE_ONLY" > | |
141 | <group gid="radio" /> | |
142 | </permission> | |
143 | ||
144 | <!-- ================================================================== --> | |
145 | <!-- ================================================================== --> | |
146 | <!-- ================================================================== --> | |
147 | ||
148 | <!-- The following tags are assigning high-level permissions to specific | |
149 | user IDs. These are used to allow specific core system users to | |
150 | perform the given operations with the higher-level framework. For | |
151 | example, we give a wide variety of permissions to the shell user | |
152 | since that is the user the adb shell runs under and developers and | |
153 | others should have a fairly open environment in which to | |
154 | interact with the system. --> | |
155 | ||
156 | <assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="media" /> | |
157 | <assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="media" /> | |
158 | <assign-permission name="android.permission.WAKE_LOCK" uid="media" /> | |
159 | <assign-permission name="android.permission.UPDATE_DEVICE_STATS" uid="media" /> | |
160 | <assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="media" /> | |
161 | <assign-permission name="com.samsung.permission.HRM_EXT" uid="media" /> | |
162 | <assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="graphics" /> | |
163 | ||
164 | <!-- This is a list of all the libraries available for application | |
165 | code to link against. --> | |
166 | ||
167 | <library name="android.test.runner" | |
168 | file="/system/framework/android.test.runner.jar" /> | |
169 | <library name="javax.obex" | |
170 | file="/system/framework/javax.obex.jar" /> | |
171 | <!-- <library name="javax.btobex" | |
172 | file="/system/framework/javax.btobex.jar"/> --> | |
173 | <library name="org.apache.http.legacy" | |
174 | file="/system/framework/org.apache.http.legacy.jar" /> | |
175 | ||
176 | <!-- These are the standard packages that are white-listed to always have internet | |
177 | access while in power save mode, even if they aren't in the foreground. --> | |
178 | <allow-in-power-save-except-idle package="com.android.providers.downloads" /> | |
179 | ||
180 | <!-- Weather --> | |
181 | <allow-in-power-save-except-idle package="com.sec.android.daemonapp" /> | |
182 | <!-- People Edge --> | |
183 | <allow-in-power-save-except-idle package="com.samsung.android.service.peoplestripe" /> | |
184 | <!-- Catch Favorites (edge) --> | |
185 | <allow-in-power-save-except-idle package="com.samsung.android.widgetapp.yahooedge" /> | |
186 | <allow-in-power-save-except-idle package="com.samsung.android.widgetapp.newscafeedge" /> | |
187 | <allow-in-power-save-except-idle package="com.samsung.android.widgetapp.daumedge" /> | |
188 | <allow-in-power-save-except-idle package="com.samsung.android.widgetapp.sinaedge" /> | |
189 | <allow-in-power-save-except-idle package="com.samsung.android.app.catchfavorites" /> | |
190 | <!-- Naver (edge) --> | |
191 | <allow-in-power-save-except-idle package="com.samsung.android.app.naver" /> | |
192 | <!-- QuickTools (edge) --> | |
193 | <allow-in-power-save-except-idle package="com.sec.android.app.quicktool" /> | |
194 | ||
195 | <!-- Enterprise / KNOX License Managent --> | |
196 | <allow-in-power-save-except-idle package="com.samsung.klmsagent" /> | |
197 | <allow-in-power-save-except-idle package="com.sec.enterprise.knox.cloudmdm.smdms" /> | |
198 | </permissions> |