Commit | Line | Data |
---|---|---|
d05bb22f S |
1 | <?xml version="1.0" encoding="utf-8"?> |
2 | <!-- Copyright (C) 2008 The Android Open Source Project | |
3 | ||
4 | Licensed under the Apache License, Version 2.0 (the "License"); | |
5 | you may not use this file except in compliance with the License. | |
6 | You may obtain a copy of the License at | |
7 | ||
8 | http://www.apache.org/licenses/LICENSE-2.0 | |
9 | ||
10 | Unless required by applicable law or agreed to in writing, software | |
11 | distributed under the License is distributed on an "AS IS" BASIS, | |
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
13 | See the License for the specific language governing permissions and | |
14 | limitations under the License. | |
15 | --> | |
16 | ||
17 | <!-- This file is used to define the mappings between lower-level system | |
18 | user and group IDs and the higher-level permission names managed | |
19 | by the platform. | |
20 | ||
21 | Be VERY careful when editing this file! Mistakes made here can open | |
22 | big security holes. | |
23 | --> | |
24 | <permissions> | |
25 | ||
26 | <!-- ================================================================== --> | |
27 | <!-- ================================================================== --> | |
28 | <!-- ================================================================== --> | |
29 | ||
30 | <!-- The following tags are associating low-level group IDs with | |
31 | permission names. By specifying such a mapping, you are saying | |
32 | that any application process granted the given permission will | |
33 | also be running with the given group ID attached to its process, | |
34 | so it can perform any filesystem (read, write, execute) operations | |
35 | allowed for that group. --> | |
36 | ||
37 | <permission name="android.permission.BLUETOOTH_ADMIN" > | |
38 | <group gid="net_bt_admin" /> | |
39 | </permission> | |
40 | ||
41 | <permission name="android.permission.BLUETOOTH" > | |
42 | <group gid="net_bt" /> | |
43 | </permission> | |
44 | ||
45 | <permission name="android.permission.BLUETOOTH_STACK" > | |
46 | <group gid="net_bt_stack" /> | |
47 | </permission> | |
48 | ||
49 | <permission name="android.permission.NET_TUNNELING" > | |
50 | <group gid="vpn" /> | |
51 | </permission> | |
52 | ||
53 | <permission name="android.permission.INTERNET" > | |
54 | <group gid="inet" /> | |
55 | </permission> | |
56 | ||
57 | <permission name="android.permission.ACCESS_MTK_MMHW" > | |
58 | <group gid="media" /> | |
59 | <group gid="camera" /> | |
60 | </permission> | |
61 | ||
62 | <permission name="android.permission.READ_LOGS" > | |
63 | <group gid="log" /> | |
64 | </permission> | |
65 | ||
66 | <permission name="android.permission.READ_EXTERNAL_STORAGE" > | |
67 | <group gid="sdcard_r" /> | |
68 | </permission> | |
69 | ||
70 | <permission name="android.permission.WRITE_EXTERNAL_STORAGE" > | |
71 | <group gid="sdcard_r" /> | |
72 | <group gid="sdcard_rw" /> | |
73 | </permission> | |
74 | ||
75 | <permission name="android.permission.ACCESS_ALL_EXTERNAL_STORAGE" > | |
76 | <group gid="sdcard_r" /> | |
77 | <group gid="sdcard_rw" /> | |
78 | <group gid="sdcard_all" /> | |
79 | </permission> | |
80 | ||
81 | <permission name="android.permission.WRITE_MEDIA_STORAGE" > | |
82 | <group gid="media_rw" /> | |
83 | </permission> | |
84 | ||
85 | <permission name="android.permission.ACCESS_MTP" > | |
86 | <group gid="mtp" /> | |
87 | </permission> | |
88 | ||
89 | <permission name="android.permission.NET_ADMIN" > | |
90 | <group gid="net_admin" /> | |
91 | </permission> | |
92 | ||
93 | <!-- The group that /cache belongs to, linked to the permission | |
94 | set on the applications that can access /cache --> | |
95 | <permission name="android.permission.ACCESS_CACHE_FILESYSTEM" > | |
96 | <group gid="cache" /> | |
97 | </permission> | |
98 | ||
99 | <!-- RW permissions to any system resources owned by group 'diag'. | |
100 | This is for carrier and manufacture diagnostics tools that must be | |
101 | installable from the framework. Be careful. --> | |
102 | <permission name="android.permission.DIAGNOSTIC" > | |
103 | <group gid="input" /> | |
104 | <group gid="diag" /> | |
105 | </permission> | |
106 | ||
107 | <!-- Group that can read detailed network usage statistics --> | |
108 | <permission name="android.permission.READ_NETWORK_USAGE_HISTORY"> | |
109 | <group gid="net_bw_stats" /> | |
110 | </permission> | |
111 | ||
112 | <!-- Group that can modify how network statistics are accounted --> | |
113 | <permission name="android.permission.MODIFY_NETWORK_ACCOUNTING"> | |
114 | <group gid="net_bw_acct" /> | |
115 | </permission> | |
116 | ||
117 | <permission name="android.permission.LOOP_RADIO" > | |
118 | <group gid="loop_radio" /> | |
119 | </permission> | |
120 | ||
121 | <permission name="android.permission.ACCESS_FM_RADIO" > | |
122 | <group gid="media" /> | |
123 | </permission> | |
124 | ||
125 | <!-- Hotword training apps sometimes need a GID to talk with low-level | |
126 | hardware; give them audio for now until full HAL support is added. --> | |
127 | <permission name="android.permission.MANAGE_VOICE_KEYPHRASES"> | |
128 | <group gid="audio" /> | |
129 | </permission> | |
130 | ||
131 | <!-- ================================================================== --> | |
132 | <!-- ================================================================== --> | |
133 | <!-- ================================================================== --> | |
134 | ||
135 | <!-- The following tags are assigning high-level permissions to specific | |
136 | user IDs. These are used to allow specific core system users to | |
137 | perform the given operations with the higher-level framework. For | |
138 | example, we give a wide variety of permissions to the shell user | |
139 | since that is the user the adb shell runs under and developers and | |
140 | others should have a fairly open environment in which to | |
141 | interact with the system. --> | |
142 | ||
143 | <assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="media" /> | |
144 | <assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="media" /> | |
145 | <assign-permission name="android.permission.WAKE_LOCK" uid="media" /> | |
146 | <assign-permission name="android.permission.UPDATE_DEVICE_STATS" uid="media" /> | |
147 | <assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="media" /> | |
148 | <assign-permission name="android.permission.CAMERA" uid="media" /> | |
149 | ||
150 | <assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="graphics" /> | |
151 | ||
152 | <!-- This is a list of all the libraries available for application | |
153 | code to link against. --> | |
154 | ||
155 | <library name="android.test.runner" | |
156 | file="/system/framework/android.test.runner.jar" /> | |
157 | <library name="javax.obex" | |
158 | file="/system/framework/javax.obex.jar"/> | |
159 | ||
160 | <!-- These are the standard packages that are white-listed to always have internet | |
161 | access while in power save mode, even if they aren't in the foreground. --> | |
162 | <allow-in-power-save package="com.android.providers.downloads" /> | |
9ff65a5e S |
163 | |
164 | <!-- Whitelist of what components are permitted as backup data transports. The | |
165 | 'service' attribute here is a flattened ComponentName string. --> | |
166 | <backup-transport-whitelisted-service | |
167 | service="android/com.android.internal.backup.LocalTransportService" /> | |
168 | <backup-transport-whitelisted-service | |
169 | service="com.google.android.backup/.BackupTransportService" /> | |
170 | <backup-transport-whitelisted-service | |
171 | service="com.google.android.gms/.backup.BackupTransportService" /> | |
172 | <backup-transport-whitelisted-service | |
173 | service="com.google.android.gms/.backup.component.D2dTransportService" /> | |
d05bb22f | 174 | </permissions> |