1<?xml version="1.0" encoding="utf-8"?>
2<!-- Copyright (C) 2008 The Android Open Source Project
3
4     Licensed under the Apache License, Version 2.0 (the "License");
5     you may not use this file except in compliance with the License.
6     You may obtain a copy of the License at
7
8          http://www.apache.org/licenses/LICENSE-2.0
9
10     Unless required by applicable law or agreed to in writing, software
11     distributed under the License is distributed on an "AS IS" BASIS,
12     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13     See the License for the specific language governing permissions and
14     limitations under the License.
15-->
16
17<!-- This file is used to define the mappings between lower-level system
18     user and group IDs and the higher-level permission names managed
19     by the platform.
20
21     Be VERY careful when editing this file!  Mistakes made here can open
22     big security holes.
23-->
24<permissions>
25
26    <!-- ================================================================== -->
27    <!-- ================================================================== -->
28    <!-- ================================================================== -->
29
30    <!-- The following tags are associating low-level group IDs with
31         permission names.  By specifying such a mapping, you are saying
32         that any application process granted the given permission will
33         also be running with the given group ID attached to its process,
34         so it can perform any filesystem (read, write, execute) operations
35         allowed for that group. -->
36
37    <permission name="android.permission.BLUETOOTH_ADMIN" >
38        <group gid="net_bt_admin" />
39    </permission>
40
41    <permission name="android.permission.BLUETOOTH" >
42        <group gid="net_bt" />
43    </permission>
44
45    <permission name="android.permission.BLUETOOTH_STACK" >
46        <group gid="bluetooth" />
47        <group gid="wakelock" />
48        <group gid="uhid" />
49    </permission>
50
51    <permission name="android.permission.NET_TUNNELING" >
52        <group gid="vpn" />
53    </permission>
54
55    <permission name="android.permission.INTERNET" >
56        <group gid="inet" />
57    </permission>
58
59    <permission name="android.permission.READ_LOGS" >
60        <group gid="log" />
61    </permission>
62
63    <permission name="android.permission.MANAGE_EXTERNAL_STORAGE" >
64        <group gid="external_storage" />
65    </permission>
66
67    <permission name="android.permission.ACCESS_MTP" >
68        <group gid="mtp" />
69    </permission>
70
71    <permission name="android.permission.NET_ADMIN" >
72        <group gid="net_admin" />
73    </permission>
74
75    <permission name="android.permission.MAINLINE_NETWORK_STACK" >
76        <group gid="net_admin" />
77        <group gid="net_raw" />
78    </permission>
79
80    <!-- The group that /cache belongs to, linked to the permission
81         set on the applications that can access /cache -->
82    <permission name="android.permission.ACCESS_CACHE_FILESYSTEM" >
83        <group gid="cache" />
84    </permission>
85
86    <!-- RW permissions to any system resources owned by group 'diag'.
87         This is for carrier and manufacture diagnostics tools that must be
88         installable from the framework. Be careful. -->
89    <permission name="android.permission.DIAGNOSTIC" >
90        <group gid="input" />
91        <group gid="diag" />
92    </permission>
93
94    <!-- Group that can read detailed network usage statistics -->
95    <permission name="android.permission.READ_NETWORK_USAGE_HISTORY">
96        <group gid="net_bw_stats" />
97    </permission>
98
99    <!-- Group that can modify how network statistics are accounted -->
100    <permission name="android.permission.UPDATE_DEVICE_STATS">
101        <group gid="net_bw_acct" />
102    </permission>
103
104    <permission name="android.permission.LOOP_RADIO" >
105        <group gid="loop_radio" />
106    </permission>
107
108    <!-- Hotword training apps sometimes need a GID to talk with low-level
109         hardware; give them audio for now until full HAL support is added. -->
110    <permission name="android.permission.MANAGE_VOICE_KEYPHRASES">
111        <group gid="audio" />
112    </permission>
113
114    <permission name="android.permission.ACCESS_BROADCAST_RADIO" >
115        <!-- /dev/fm is gid media, not audio -->
116        <group gid="media" />
117    </permission>
118
119    <permission name="android.permission.USE_RESERVED_DISK">
120        <group gid="reserved_disk" />
121    </permission>
122
123    <!-- These are permissions that were mapped to gids but we need
124         to keep them here until an upgrade from L to the current
125         version is to be supported. These permissions are built-in
126         and in L were not stored in packages.xml as a result if they
127         are not defined here while parsing packages.xml we would
128         ignore these permissions being granted to apps and not
129         propagate the granted state. From N we are storing the
130         built-in permissions in packages.xml as the saved storage
131         is negligible (one tag with the permission) compared to
132         the fragility as one can remove a built-in permission which
133         no longer needs to be mapped to gids and break grant propagation. -->
134    <permission name="android.permission.READ_EXTERNAL_STORAGE" />
135    <permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
136
137    <!-- ================================================================== -->
138    <!-- ================================================================== -->
139    <!-- ================================================================== -->
140
141    <!-- The following tags are assigning high-level permissions to specific
142         user IDs.  These are used to allow specific core system users to
143         perform the given operations with the higher-level framework.  For
144         example, we give a wide variety of permissions to the shell user
145         since that is the user the adb shell runs under and developers and
146         others should have a fairly open environment in which to
147         interact with the system. -->
148
149    <assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="media" />
150    <assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="media" />
151    <assign-permission name="android.permission.WAKE_LOCK" uid="media" />
152    <assign-permission name="android.permission.UPDATE_DEVICE_STATS" uid="media" />
153    <assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="media" />
154    <assign-permission name="android.permission.GET_PROCESS_STATE_AND_OOM_SCORE" uid="media" />
155    <assign-permission name="android.permission.INTERNET" uid="media" />
156
157    <assign-permission name="android.permission.INTERNET" uid="shell" />
158
159    <assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="audioserver" />
160    <assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="audioserver" />
161    <assign-permission name="android.permission.WAKE_LOCK" uid="audioserver" />
162    <assign-permission name="android.permission.UPDATE_DEVICE_STATS" uid="audioserver" />
163    <assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="audioserver" />
164    <assign-permission name="android.permission.PACKAGE_USAGE_STATS" uid="audioserver" />
165
166    <assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="cameraserver" />
167    <assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="cameraserver" />
168    <assign-permission name="android.permission.WAKE_LOCK" uid="cameraserver" />
169    <assign-permission name="android.permission.UPDATE_DEVICE_STATS" uid="cameraserver" />
170    <assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="cameraserver" />
171    <assign-permission name="android.permission.GET_PROCESS_STATE_AND_OOM_SCORE" uid="cameraserver" />
172    <assign-permission name="android.permission.PACKAGE_USAGE_STATS" uid="cameraserver" />
173    <assign-permission name="android.permission.WATCH_APPOPS" uid="cameraserver" />
174    <assign-permission name="android.permission.MANAGE_APP_OPS_MODES" uid="cameraserver" />
175
176    <assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="graphics" />
177
178    <assign-permission name="android.permission.DUMP" uid="incidentd" />
179    <assign-permission name="android.permission.PACKAGE_USAGE_STATS" uid="incidentd" />
180    <assign-permission name="android.permission.INTERACT_ACROSS_USERS" uid="incidentd" />
181    <assign-permission name="android.permission.REQUEST_INCIDENT_REPORT_APPROVAL" uid="incidentd" />
182    <assign-permission name="android.permission.PEEK_DROPBOX_DATA" uid="incidentd" />
183
184    <assign-permission name="android.permission.ACCESS_LOWPAN_STATE" uid="lowpan" />
185    <assign-permission name="android.permission.MANAGE_LOWPAN_INTERFACES" uid="lowpan" />
186
187    <assign-permission name="android.permission.DUMP" uid="statsd" />
188    <assign-permission name="android.permission.PACKAGE_USAGE_STATS" uid="statsd" />
189    <assign-permission name="android.permission.STATSCOMPANION" uid="statsd" />
190    <assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="statsd" />
191
192    <assign-permission name="android.permission.REGISTER_STATS_PULL_ATOM" uid="gpu_service" />
193
194    <split-permission name="android.permission.ACCESS_FINE_LOCATION">
195        <new-permission name="android.permission.ACCESS_COARSE_LOCATION" />
196    </split-permission>
197    <split-permission name="android.permission.WRITE_EXTERNAL_STORAGE">
198        <new-permission name="android.permission.READ_EXTERNAL_STORAGE" />
199    </split-permission>
200    <split-permission name="android.permission.READ_PRIVILEGED_PHONE_STATE">
201        <new-permission name="android.permission.READ_PHONE_STATE" />
202    </split-permission>
203    <split-permission name="android.permission.READ_CONTACTS"
204                      targetSdk="16">
205        <new-permission name="android.permission.READ_CALL_LOG" />
206    </split-permission>
207    <split-permission name="android.permission.WRITE_CONTACTS"
208                      targetSdk="16">
209        <new-permission name="android.permission.WRITE_CALL_LOG" />
210    </split-permission>
211    <split-permission name="android.permission.ACCESS_FINE_LOCATION"
212                      targetSdk="29">
213        <new-permission name="android.permission.ACCESS_BACKGROUND_LOCATION" />
214    </split-permission>
215    <split-permission name="android.permission.ACCESS_COARSE_LOCATION"
216                      targetSdk="29">
217        <new-permission name="android.permission.ACCESS_BACKGROUND_LOCATION" />
218    </split-permission>
219    <split-permission name="android.permission.READ_EXTERNAL_STORAGE"
220                      targetSdk="29">
221        <new-permission name="android.permission.ACCESS_MEDIA_LOCATION" />
222    </split-permission>
223
224    <!-- This is a list of all the libraries available for application
225         code to link against. -->
226
227    <library name="android.test.base"
228            file="/system/framework/android.test.base.jar" />
229    <library name="android.test.mock"
230            file="/system/framework/android.test.mock.jar"
231            dependency="android.test.base" />
232    <library name="android.test.runner"
233            file="/system/framework/android.test.runner.jar"
234            dependency="android.test.base:android.test.mock" />
235
236    <!-- In BOOT_JARS historically, and now added to legacy applications. -->
237    <library name="android.hidl.base-V1.0-java"
238            file="/system/framework/android.hidl.base-V1.0-java.jar" />
239    <library name="android.hidl.manager-V1.0-java"
240            file="/system/framework/android.hidl.manager-V1.0-java.jar"
241            dependency="android.hidl.base-V1.0-java" />
242
243    <!-- These are the standard packages that are white-listed to always have internet
244         access while in power save mode, even if they aren't in the foreground. -->
245    <allow-in-power-save package="com.android.providers.downloads" />
246
247    <!-- These are the standard packages that are white-listed to always have internet
248         access while in data mode, even if they aren't in the foreground. -->
249    <allow-in-data-usage-save package="com.android.providers.downloads" />
250
251    <!-- This is a core platform component that needs to freely run in the background -->
252    <allow-in-power-save package="com.android.cellbroadcastreceiver.module" />
253    <allow-in-power-save package="com.android.cellbroadcastreceiver" />
254    <allow-in-power-save package="com.android.shell" />
255
256    <!-- Whitelist system providers -->
257    <allow-in-power-save-except-idle package="com.android.providers.calendar" />
258    <allow-in-power-save-except-idle package="com.android.providers.contacts" />
259
260    <!-- The PAC proxy process must have network access, otherwise no app will
261         be able to connect to the internet when such a proxy is in use, since
262         all outgoing connections originate from this app. -->
263    <allow-in-power-save-except-idle package="com.android.proxyhandler" />
264
265    <!-- These are the packages that are white-listed to be able to run as system user -->
266    <system-user-whitelisted-app package="com.android.settings" />
267
268    <!-- These are the packages that shouldn't run as system user -->
269    <system-user-blacklisted-app package="com.android.wallpaper.livepicker" />
270</permissions>
271