drgreen/android_frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_frameworks_base/core/res/AndroidManifest.xml

1738 lines
90 KiB
XML
Raw Normal View History

auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<?xml version="1.0" encoding="utf-8"?>
<!--
/* //device/apps/common/AndroidManifest.xml
**
** Copyright 2006, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
** http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/
-->
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
Add boot mode where only "core apps" are started. A core app is one that has coreApp="true" in its manifest tag. The system can successfully boot (though a little painfully) with only framework-res.apk, SettingsProvider.apk, SystemUI.apk, DefaultContainerService.apk, and Launcher2.apk set as core apps. Currently this boot mode is always turned off. Change-Id: Ieaa4a8031c2c391a12996aa8d8b1d65fc2b09d6b
2011-09-12 12:29:43 -07:00
package="android" coreApp="true" android:sharedUserId="android.uid.system"
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
android:sharedUserLabel="@string/android_system_label">
Fix bug #1873249i: Apps can DoS/brick device This is the problem where various things are listening for broadcasts (such as battery status, PIN/PUK/Network) that an application can send to cause harm to the system. Solving this is tricky because many of these broadcasts are sticky, and I have never figured out how to do permissions with sticky broadcasts in a sane way. So instead, I am going to punt on the general problem and just brute force it: There is new a way for system components to declare specific broadcast actions to be protected, which means that only the system and the phone can send them. This is good enough for now. None of it is exposed in the public API so we can make something a little less stupid in the future if we ever need to.
2009-07-09 18:14:31 -07:00
<!-- ================================================ -->
<!-- Special broadcasts that only the system can send -->
<!-- ================================================ -->
<eat-comment />
add account manager permission checking
2009-07-16 16:36:38 -07:00
Fix bug #1873249i: Apps can DoS/brick device This is the problem where various things are listening for broadcasts (such as battery status, PIN/PUK/Network) that an application can send to cause harm to the system. Solving this is tricky because many of these broadcasts are sticky, and I have never figured out how to do permissions with sticky broadcasts in a sane way. So instead, I am going to punt on the general problem and just brute force it: There is new a way for system components to declare specific broadcast actions to be protected, which means that only the system and the phone can send them. This is good enough for now. None of it is exposed in the public API so we can make something a little less stupid in the future if we ever need to.
2009-07-09 18:14:31 -07:00
<protected-broadcast android:name="android.intent.action.SCREEN_OFF" />
<protected-broadcast android:name="android.intent.action.SCREEN_ON" />
<protected-broadcast android:name="android.intent.action.USER_PRESENT" />
<protected-broadcast android:name="android.intent.action.TIME_TICK" />
<protected-broadcast android:name="android.intent.action.TIMEZONE_CHANGED" />
<protected-broadcast android:name="android.intent.action.BOOT_COMPLETED" />
<protected-broadcast android:name="android.intent.action.PACKAGE_INSTALL" />
<protected-broadcast android:name="android.intent.action.PACKAGE_ADDED" />
<protected-broadcast android:name="android.intent.action.PACKAGE_REPLACED" />
Implement issue #3426299: Introduce application "stopped" state The package manager now keeps track of whether an application is stopped. There are new intent flags to control whether intent filters in a stopped application will match the intent. This is currently used in one place, sending broadcasts, so that stopped apps can not be launched due to background processes. The package manager during first init makes sure no applications are in the stopped state. When new applications are installed, that begin in the stopped state. When the activity manager is launching a component of an application, it ensures the application is taken out of the stopped state. The "force stop" button in manage applications will now put an application back in to the stopped state; it can't go back out of the stopped state until one of its components is launched by the activity manager. There will probably be a few more places where we need to filter stopped applications out of intent matches, but doing this for broadcast is a very big first step. This also introduces a new broadcast that is sent to an application after it is replaced with a new .apk. But only if the app is not in the stopped state. This makes it a lot easier for developers to implement code to get their application back in proper running shape after an upgrade. Finally another new broadcast is added that is sent to a package's installer at the first time it is launched. This allows the installer to tell the package about it being installed only when it is first actually used. Change-Id: I589c53ff0e0ece868fe734ace4439c0d202dca2d
2011-02-24 14:40:20 -08:00
<protected-broadcast android:name="android.intent.action.MY_PACKAGE_REPLACED" />
Fix bug #1873249i: Apps can DoS/brick device This is the problem where various things are listening for broadcasts (such as battery status, PIN/PUK/Network) that an application can send to cause harm to the system. Solving this is tricky because many of these broadcasts are sticky, and I have never figured out how to do permissions with sticky broadcasts in a sane way. So instead, I am going to punt on the general problem and just brute force it: There is new a way for system components to declare specific broadcast actions to be protected, which means that only the system and the phone can send them. This is good enough for now. None of it is exposed in the public API so we can make something a little less stupid in the future if we ever need to.
2009-07-09 18:14:31 -07:00
<protected-broadcast android:name="android.intent.action.PACKAGE_REMOVED" />
New broadcast telling when an app is fully removed. Change-Id: Ia516d826f302a01881fa92d9ffdc0adfbf669a4b
2011-08-10 15:00:59 -07:00
<protected-broadcast android:name="android.intent.action.PACKAGE_FULLY_REMOVED" />
Fix bug #1873249i: Apps can DoS/brick device This is the problem where various things are listening for broadcasts (such as battery status, PIN/PUK/Network) that an application can send to cause harm to the system. Solving this is tricky because many of these broadcasts are sticky, and I have never figured out how to do permissions with sticky broadcasts in a sane way. So instead, I am going to punt on the general problem and just brute force it: There is new a way for system components to declare specific broadcast actions to be protected, which means that only the system and the phone can send them. This is good enough for now. None of it is exposed in the public API so we can make something a little less stupid in the future if we ever need to.
2009-07-09 18:14:31 -07:00
<protected-broadcast android:name="android.intent.action.PACKAGE_CHANGED" />
<protected-broadcast android:name="android.intent.action.PACKAGE_RESTARTED" />
<protected-broadcast android:name="android.intent.action.PACKAGE_DATA_CLEARED" />
Implement issue #3426299: Introduce application "stopped" state The package manager now keeps track of whether an application is stopped. There are new intent flags to control whether intent filters in a stopped application will match the intent. This is currently used in one place, sending broadcasts, so that stopped apps can not be launched due to background processes. The package manager during first init makes sure no applications are in the stopped state. When new applications are installed, that begin in the stopped state. When the activity manager is launching a component of an application, it ensures the application is taken out of the stopped state. The "force stop" button in manage applications will now put an application back in to the stopped state; it can't go back out of the stopped state until one of its components is launched by the activity manager. There will probably be a few more places where we need to filter stopped applications out of intent matches, but doing this for broadcast is a very big first step. This also introduces a new broadcast that is sent to an application after it is replaced with a new .apk. But only if the app is not in the stopped state. This makes it a lot easier for developers to implement code to get their application back in proper running shape after an upgrade. Finally another new broadcast is added that is sent to a package's installer at the first time it is launched. This allows the installer to tell the package about it being installed only when it is first actually used. Change-Id: I589c53ff0e0ece868fe734ace4439c0d202dca2d
2011-02-24 14:40:20 -08:00
<protected-broadcast android:name="android.intent.action.PACKAGE_FIRST_LAUNCH" />
Infrastructure to support package verifier Allow a package verifier to approve or disapprove of a package being installed. Change-Id: Ibfea0f2b1aaa4ab1589a4e59f96144702b9bf94b
2011-07-27 11:11:19 -07:00
<protected-broadcast android:name="android.intent.action.PACKAGE_NEEDS_VERIFICATION" />
Fix bug #1873249i: Apps can DoS/brick device This is the problem where various things are listening for broadcasts (such as battery status, PIN/PUK/Network) that an application can send to cause harm to the system. Solving this is tricky because many of these broadcasts are sticky, and I have never figured out how to do permissions with sticky broadcasts in a sane way. So instead, I am going to punt on the general problem and just brute force it: There is new a way for system components to declare specific broadcast actions to be protected, which means that only the system and the phone can send them. This is good enough for now. None of it is exposed in the public API so we can make something a little less stupid in the future if we ever need to.
2009-07-09 18:14:31 -07:00
<protected-broadcast android:name="android.intent.action.UID_REMOVED" />
<protected-broadcast android:name="android.intent.action.CONFIGURATION_CHANGED" />
Fix issue #2256032: Change CONFIGURATION_CHANGED and add a locale changed broadcast You can no longer receive CONFIGURATION_CHANGED in a manifest, which is really really bad (launching apps every time the screen is rotated!). A new LOCALE_CHANGED broadcast is sent that you can receive in a manifest. Change-Id: I80022375f0716db2e672382a29db3cea1af74702
2009-11-11 18:04:39 -08:00
<protected-broadcast android:name="android.intent.action.LOCALE_CHANGED" />
Fix bug #1873249i: Apps can DoS/brick device This is the problem where various things are listening for broadcasts (such as battery status, PIN/PUK/Network) that an application can send to cause harm to the system. Solving this is tricky because many of these broadcasts are sticky, and I have never figured out how to do permissions with sticky broadcasts in a sane way. So instead, I am going to punt on the general problem and just brute force it: There is new a way for system components to declare specific broadcast actions to be protected, which means that only the system and the phone can send them. This is good enough for now. None of it is exposed in the public API so we can make something a little less stupid in the future if we ever need to.
2009-07-09 18:14:31 -07:00
<protected-broadcast android:name="android.intent.action.BATTERY_CHANGED" />
<protected-broadcast android:name="android.intent.action.BATTERY_LOW" />
<protected-broadcast android:name="android.intent.action.BATTERY_OKAY" />
<protected-broadcast android:name="android.intent.action.ACTION_POWER_CONNECTED" />
<protected-broadcast android:name="android.intent.action.ACTION_POWER_DISCONNECTED" />
<protected-broadcast android:name="android.intent.action.ACTION_SHUTDOWN" />
<protected-broadcast android:name="android.intent.action.DEVICE_STORAGE_LOW" />
<protected-broadcast android:name="android.intent.action.DEVICE_STORAGE_OK" />
Allow incoming SMS until internal storage is almost full. Fix for bug 2382830: new incoming SMS should not be rejected when running low on internal phone storage. Testing revealed that the /data partition should have at least 256 KiB available in order to prevent random app crashes (including system apps) due to SQLite transaction failures. With 256 KiB free, the device should safely boot without storage full errors. This takes into account the 36-40 KiB that the YAFFS2 filesystem reports as available even after the partition has been completely filled. I've set the default full threshold to 1 MiB to provide a generous safety margin. For this bug, I changed the DeviceStorageMonitorService demon to send two new hidden notifications for device storage "full" and "not full", when the free space falls below the full threshold (default 1 MiB, but configurable as a system setting), in addition to the existing storage low/okay notifications sent when the storage crosses the threshold of 90% full (also configurable). The SMS code was changed to use these new notifications so that it can accept messages until the data partition has been filled to the maximum safe capacity rather than stopping when it hits 90% full. There should be no negative impact on battery life because the additional check in the storage polling service should be offset by an optimization to cache the free threshold values which were previously being computed every time through the loop. While testing this change, I discovered that SMSDispatcher was being instantiated twice, the first time in GSMPhone/CDMAPhone, and the second time in SimSmsInterfaceManager / RuimSmsInterfaceManager. Changed the code to pass the original SMSDispatcher to the Sim/RuimSmsInterfaceManager constructor. Change-Id: Ie0c6d05294778ab6ee42e0fa01313af96d824c77
2010-08-23 18:16:48 -07:00
<protected-broadcast android:name="android.intent.action.DEVICE_STORAGE_FULL" />
<protected-broadcast android:name="android.intent.action.DEVICE_STORAGE_NOT_FULL" />
Fix bug #1873249i: Apps can DoS/brick device This is the problem where various things are listening for broadcasts (such as battery status, PIN/PUK/Network) that an application can send to cause harm to the system. Solving this is tricky because many of these broadcasts are sticky, and I have never figured out how to do permissions with sticky broadcasts in a sane way. So instead, I am going to punt on the general problem and just brute force it: There is new a way for system components to declare specific broadcast actions to be protected, which means that only the system and the phone can send them. This is good enough for now. None of it is exposed in the public API so we can make something a little less stupid in the future if we ever need to.
2009-07-09 18:14:31 -07:00
<protected-broadcast android:name="android.intent.action.NEW_OUTGOING_CALL" />
<protected-broadcast android:name="android.intent.action.REBOOT" />
Refactor car mode. Extract all UI behavior from dock observer and ACTION_DOCK_EVENT. Also introduce a desk type to go along with the car type all through the resource system, since we now need to have corresponding high-level broadcasts for desk dock mode. As part of that I also reworked some of the logic for switching modes to all funnel through a single update() call that looks all of the current state to decide what to do next, and fixed various locking issues. In addition I found there were bugs in the configuration change handling causing us to only switch into the car mode config and then never get out of it. Unfortunately now that we are actually changing the configuration for each mode change, the transitions between them are really crummy as we restart all kinds of activities. :(
2010-03-04 18:41:49 -08:00
<protected-broadcast android:name="android.intent.action.DOCK_EVENT" />
Send out a broadcast that the system is being factory reset. Change-Id: I339b7ce58cb3f48316103be49b582d4f7e9b63bf
2011-03-14 15:23:31 -05:00
<protected-broadcast android:name="android.intent.action.MASTER_CLEAR_NOTIFICATION" />
User management and switching Broadcast intents that get sent out when users are added/removed/switched. More work on generating user-specific information in package manager queries. APIs to update user name and query a user by id. Removed Package.mSetStopped and mSetEnabled, since they're not user specific. User removal: - Cleanup ActivityManager, PackageManager, WallpaperManager, AppWidgetService and AccountManager. - Shutdown processes belonging to the user. Don't show vibrate option in long-press power if there's no vibrator. Lock the screen when switching users, to force unlocking. Change-Id: Ib23a721cb75285eef5fd6ba8c7272462764038fa
2012-03-22 16:16:17 -07:00
<protected-broadcast android:name="android.intent.action.USER_ADDED" />
<protected-broadcast android:name="android.intent.action.USER_REMOVED" />
<protected-broadcast android:name="android.intent.action.USER_SWITCHED" />
add account manager permission checking
2009-07-16 16:36:38 -07:00
Refactor car mode. Extract all UI behavior from dock observer and ACTION_DOCK_EVENT. Also introduce a desk type to go along with the car type all through the resource system, since we now need to have corresponding high-level broadcasts for desk dock mode. As part of that I also reworked some of the logic for switching modes to all funnel through a single update() call that looks all of the current state to decide what to do next, and fixed various locking issues. In addition I found there were bugs in the configuration change handling causing us to only switch into the car mode config and then never get out of it. Unfortunately now that we are actually changing the configuration for each mode change, the transitions between them are really crummy as we restart all kinds of activities. :(
2010-03-04 18:41:49 -08:00
<protected-broadcast android:name="android.app.action.ENTER_CAR_MODE" />
<protected-broadcast android:name="android.app.action.EXIT_CAR_MODE" />
<protected-broadcast android:name="android.app.action.ENTER_DESK_MODE" />
<protected-broadcast android:name="android.app.action.EXIT_DESK_MODE" />
Removed permission READ_WRITE_OWN_VOICEMAIL from framework/base. This permission has now been replaced by ADD_VOICEMAIL. Bug: 5098551 Change-Id: Idc993f1674a66f0df3ec699ed14b2e5cfedfe3e8
2011-08-04 14:12:58 +01:00
Clear the device's data from the transport when backup is disabled Turning off backup in the Settings UI constitutes an opt-out of the whole mechanism. For privacy reasons we instruct the backend to wipe all of the data belonging to this device when the user does this. If the attempt fails it is rescheduled in the future based on the transport's requestBackupTime() suggestion. If network connectivity changes prompt the transport to indicate a backup pass is appropriate "now," any pending init operation is processed before the backup schedule is resumed. The broadcasts used internally to the backup manager are now fully protected; third party apps can neither send nor receive them. (Also a minor logging change; don't log 'appropriate' EOF encountered during parsing of a backup data stream.)
2009-09-21 19:36:51 -07:00
<protected-broadcast android:name="android.backup.intent.RUN" />
<protected-broadcast android:name="android.backup.intent.CLEAR" />
<protected-broadcast android:name="android.backup.intent.INIT" />
Allow only System Service to send most Bluetooth intents. Change-Id: I9f63425995f12741b60b85cdffe5a94e97ca03f1
2009-09-15 17:21:10 -07:00
<protected-broadcast android:name="android.bluetooth.adapter.action.STATE_CHANGED" />
<protected-broadcast android:name="android.bluetooth.adapter.action.SCAN_MODE_CHANGED" />
<protected-broadcast android:name="android.bluetooth.adapter.action.DISCOVERY_STARTED" />
<protected-broadcast android:name="android.bluetooth.adapter.action.DISCOVERY_FINISHED" />
<protected-broadcast android:name="android.bluetooth.adapter.action.LOCAL_NAME_CHANGED" />
Add Bluetooth intents to protected broadcasts. Change-Id: I3734a4ff7d964c64ce39ec3f897d3799aa9653f7
2011-09-06 13:03:50 -07:00
<protected-broadcast android:name="android.bluetooth.adapter.action.CONNECTION_STATE_CHANGED" />
Allow only System Service to send most Bluetooth intents. Change-Id: I9f63425995f12741b60b85cdffe5a94e97ca03f1
2009-09-15 17:21:10 -07:00
<protected-broadcast android:name="android.bluetooth.device.action.FOUND" />
<protected-broadcast android:name="android.bluetooth.device.action.DISAPPEARED" />
<protected-broadcast android:name="android.bluetooth.device.action.CLASS_CHANGED" />
<protected-broadcast android:name="android.bluetooth.device.action.ACL_CONNECTED" />
<protected-broadcast android:name="android.bluetooth.device.action.ACL_DISCONNECT_REQUESTED" />
<protected-broadcast android:name="android.bluetooth.device.action.ACL_DISCONNECTED" />
<protected-broadcast android:name="android.bluetooth.device.action.NAME_CHANGED" />
<protected-broadcast android:name="android.bluetooth.device.action.BOND_STATE_CHANGED" />
<protected-broadcast android:name="android.bluetooth.device.action.NAME_FAILED" />
<protected-broadcast android:name="android.bluetooth.device.action.PAIRING_REQUEST" />
<protected-broadcast android:name="android.bluetooth.device.action.PAIRING_CANCEL" />
Add Bluetooth intents to protected broadcasts. Change-Id: I3734a4ff7d964c64ce39ec3f897d3799aa9653f7
2011-09-06 13:03:50 -07:00
<protected-broadcast android:name="android.bluetooth.device.action.CONNECTION_ACCESS_REPLY" />
<protected-broadcast
android:name="android.bluetooth.headset.profile.action.CONNECTION_STATE_CHANGED" />
<protected-broadcast
android:name="android.bluetooth.headset.profile.action.AUDIO_STATE_CHANGED" />
<protected-broadcast
android:name="android.bluetooth.headset.action.VENDOR_SPECIFIC_HEADSET_EVENT" />
<protected-broadcast
android:name="android.bluetooth.a2dp.profile.action.CONNECTION_STATE_CHANGED" />
<protected-broadcast
android:name="android.bluetooth.a2dp.profile.action.PLAYING_STATE_CHANGED" />
<protected-broadcast
android:name="android.bluetooth.input.profile.action.CONNECTION_STATE_CHANGED" />
<protected-broadcast
android:name="android.bluetooth.pan.profile.action.CONNECTION_STATE_CHANGED" />
Allow only System Service to send most Bluetooth intents. Change-Id: I9f63425995f12741b60b85cdffe5a94e97ca03f1
2009-09-15 17:21:10 -07:00
Move USB framework support from android.hardware to android.hardware.usb package Change-Id: I00fd4f0caaa4aebe48f71c576bb211b5f38bf88d Signed-off-by: Mike Lockwood <lockwood@android.com>
2011-03-01 08:04:54 -08:00
<protected-broadcast android:name="android.hardware.usb.action.USB_STATE" />
<protected-broadcast android:name="android.hardware.usb.action.USB_ACCESSORY_ATTACHED" />
<protected-broadcast android:name="android.hardware.usb.action.USB_ACCESSORY_ATTACHED" />
<protected-broadcast android:name="android.hardware.usb.action.USB_DEVICE_ATTACHED" />
<protected-broadcast android:name="android.hardware.usb.action.USB_DEVICE_DETACHED" />
Add a new UEventObserver subclass to broadcast an Intent whe USB state changes. We now broadcast Usb.ACTION_USB_CONNECTED and Usb.ACTION_USB_DISCONNECTED when USB is connected or disconnected. The ACTION_USB_CONNECTED extras indicate the enabled/disabled state of all USB functions. Change-Id: I919fcd5aa8d640d051cec87053f474a9843ed545 Signed-off-by: Mike Lockwood <lockwood@android.com>
2010-06-23 17:36:36 -04:00
Introduce immediate CONNECTIVITY_ACTION variant. New broadcast that is dispatched immediately after connectivity changes have been handled by ConnectivityService, bypassing any applicable CONNECTIVITY_CHANGE_DELAY. Also protect CONNECTIVITY_CHANGE broadcasts, since they should only be sent by system. Bug: 5198167 Change-Id: I75f1fb44b21da1879f0ab960bcaa481126d70fde
2011-08-29 16:02:57 -07:00
<protected-broadcast android:name="android.net.conn.CONNECTIVITY_CHANGE" />
<protected-broadcast android:name="android.net.conn.CONNECTIVITY_CHANGE_IMMEDIATE" />
NFC API revision round 2. - Add the second half of the new NFC API: NfcAdapter, Tag, NdefTag, RawTagConnection, NdefTagConnection. - Add implementations for all of the new NFC API. Change-Id: I8da9fd1d2971ed2c8b76f2a93f207fa9e305b0f6 Signed-off-by: Nick Pelly <npelly@google.com> Conflicts: Android.mk CleanSpec.mk core/java/android/app/ContextImpl.java
2010-10-14 19:16:35 -07:00
<protected-broadcast android:name="android.nfc.action.LLCP_LINK_STATE_CHANGED" />
Implement new NFC-EE API's as shared library (frameworks/base). Change-Id: I45c4eaf59ec78167fc236fdd59676465a5e1bcb7
2011-03-08 11:43:30 -08:00
<protected-broadcast android:name="com.android.nfc_extras.action.RF_FIELD_ON_DETECTED" />
<protected-broadcast android:name="com.android.nfc_extras.action.RF_FIELD_OFF_DETECTED" />
<protected-broadcast android:name="com.android.nfc_extras.action.AID_SELECTED" />
NFC integration Source: Trusted_NFC_Device_Host_AA03.01e02_google.zip code drop (23-Sep-2010) Conflicts: core/java/android/app/ApplicationContext.java core/java/android/provider/Settings.java core/jni/Android.mk core/jni/AndroidRuntime.cpp core/res/AndroidManifest.xml include/utils/Asset.h Change-Id: I62c92f4c79f5ee65126c97602f6bc1c15794e573 Signed-off-by: Nick Pelly <npelly@google.com>
2010-09-23 16:12:11 -07:00
NFC API revision round 2. - Add the second half of the new NFC API: NfcAdapter, Tag, NdefTag, RawTagConnection, NdefTagConnection. - Add implementations for all of the new NFC API. Change-Id: I8da9fd1d2971ed2c8b76f2a93f207fa9e305b0f6 Signed-off-by: Nick Pelly <npelly@google.com> Conflicts: Android.mk CleanSpec.mk core/java/android/app/ContextImpl.java
2010-10-14 19:16:35 -07:00
<protected-broadcast android:name="android.nfc.action.TRANSACTION_DETECTED" />
Tell each VM to flush their DNS cache. bug:3095357 Change-Id: I93de24e3e5a7d8b94d55f4facfffc863a2b8c202
2010-11-02 14:08:23 -07:00
<protected-broadcast android:name="android.intent.action.CLEAR_DNS_CACHE" />
Notify all VMs when proxy changes. bug:2700664 Change-Id: I74cc6e0bd6e66847bf18f524ce851e3e9d2c4e87
2010-10-11 16:00:27 -07:00
<protected-broadcast android:name="android.intent.action.PROXY_CHANGE" />
NFC integration Source: Trusted_NFC_Device_Host_AA03.01e02_google.zip code drop (23-Sep-2010) Conflicts: core/java/android/app/ApplicationContext.java core/java/android/provider/Settings.java core/jni/Android.mk core/jni/AndroidRuntime.cpp core/res/AndroidManifest.xml include/utils/Asset.h Change-Id: I62c92f4c79f5ee65126c97602f6bc1c15794e573 Signed-off-by: Nick Pelly <npelly@google.com>
2010-09-23 16:12:11 -07:00
Merge: Introduce UpdateLocks An "UpdateLock" works similarly to a wake lock in API: the caller is providing a hint to the OS that now is not a good time to interrupt the user/device in order to do intrusive work like applying OTAs. This is particularly important for headless or kiosk-like products where ordinarily the update process will be automatically scheduled and proceed without user or administrator intervention. UpdateLocks require that the caller hold the new signatureOrSystem permission android.permission.UPDATE_LOCK. acquire() and release() will throw security exceptions if this is not the case. The "is now convenient?" state is expressed to interested parties by way of a sticky broadcast sent only to registered listeners. The broadcast is protected; only the system can send it, so listeners can trust it to be accurate. The broadcast intent also includes a timestamp (System.currentTimeMillis()) to help inform listeners that wish to implement scheduling policies based on when the device became idle. The API change here is a tiny one: a dump(PrintWriter) method has been added to the TokenWatcher class to facilitate getting information out of it for dumpsys purposes. UpdateLock itself is still @hide. Bug 5543442 Change-Id: I3709c831fc1883d7cb753cd2d3ee8e10a61e7e48
2012-02-23 14:59:36 -08:00
<protected-broadcast android:name="android.os.UpdateLock.UPDATE_LOCK_CHANGED" />
resolved conflicts for merge of 38d0d562 to honeycomb-plus-aosp Change-Id: Iff9ea08b810b0d142a9227272492c0305a9bcf42
2011-03-14 10:28:11 -07:00
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- ====================================== -->
<!-- Permissions for things that cost money -->
<!-- ====================================== -->
<eat-comment />
Automated import from //branches/master/...@142414,142414
2009-03-24 22:48:12 -07:00
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Used for permissions that can be used to make the user spend money
without their direct involvement. For example, this is the group
for permissions that allow you to directly place phone calls,
directly send SMS messages, etc. -->
<permission-group android:name="android.permission-group.COST_MONEY"
android:label="@string/permgrouplab_costMoney"
android:description="@string/permgroupdesc_costMoney" />
<!-- Allows an application to send SMS messages. -->
<permission android:name="android.permission.SEND_SMS"
android:permissionGroup="android.permission-group.COST_MONEY"
android:protectionLevel="dangerous"
android:label="@string/permlab_sendSms"
android:description="@string/permdesc_sendSms" />
Add private permission for sending SMS via Messaging app When the phone dialer sends an sms, it will use the Messaging app. That way the sent messages will end up in the messaging provider db and sending will be more reliable. Currently, the phone dialer uses the SmsManager directly. For now, the feature is only available to system apps and the permission is private. Bug 4563486 Change-Id: I10f7e1042683164ee61d01a2aaf738d19084da72
2011-08-11 14:27:25 -07:00
<!-- Allows an application to send SMS messages via the Messaging app with no user
input or confirmation.
@hide -->
<permission android:name="android.permission.SEND_SMS_NO_CONFIRMATION"
android:permissionGroup="android.permission-group.COST_MONEY"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system"
Add private permission for sending SMS via Messaging app When the phone dialer sends an sms, it will use the Messaging app. That way the sent messages will end up in the messaging provider db and sending will be more reliable. Currently, the phone dialer uses the SmsManager directly. For now, the feature is only available to system apps and the permission is private. Bug 4563486 Change-Id: I10f7e1042683164ee61d01a2aaf738d19084da72
2011-08-11 14:27:25 -07:00
android:label="@string/permlab_sendSmsNoConfirmation"
android:description="@string/permdesc_sendSmsNoConfirmation" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows an application to initiate a phone call without going through
the Dialer user interface for the user to confirm the call
being placed. -->
<permission android:name="android.permission.CALL_PHONE"
android:permissionGroup="android.permission-group.COST_MONEY"
android:protectionLevel="dangerous"
android:label="@string/permlab_callPhone"
android:description="@string/permdesc_callPhone" />
<!-- ================================== -->
<!-- Permissions for accessing messages -->
<!-- ================================== -->
<eat-comment />
Automated import from //branches/master/...@142414,142414
2009-03-24 22:48:12 -07:00
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Used for permissions that allow an application to send messages
on behalf of the user or intercept messages being received by the
user. This is primarily intended for SMS/MMS messaging, such as
receiving or reading an MMS. -->
<permission-group android:name="android.permission-group.MESSAGES"
android:label="@string/permgrouplab_messages"
android:description="@string/permgroupdesc_messages" />
<!-- Allows an application to monitor incoming SMS messages, to record
or perform processing on them. -->
<permission android:name="android.permission.RECEIVE_SMS"
android:permissionGroup="android.permission-group.MESSAGES"
android:protectionLevel="dangerous"
android:label="@string/permlab_receiveSms"
android:description="@string/permdesc_receiveSms" />
<!-- Allows an application to monitor incoming MMS messages, to record
or perform processing on them. -->
<permission android:name="android.permission.RECEIVE_MMS"
android:permissionGroup="android.permission-group.MESSAGES"
android:protectionLevel="dangerous"
android:label="@string/permlab_receiveMms"
android:description="@string/permdesc_receiveMms" />
Enable full support for SMS Cell Broadcast. Implement full support for SMS Cell Broadcast (3GPP TS 23.041). Includes support for ETWS and CMAS emergency message types. Includes GSM and UMTS support (CDMA will be added later). Note: the change to GsmAlphabet.java is only necessary if the SMS national languages support patch has been applied. If that change has not been applied, then the changes to GsmAlphabet.java in this patch set can safely be ignored. Change-Id: Ia0362c53695b8ef9a0982f558f1cffa912def34b
2011-04-26 16:26:46 -07:00
<!-- Allows an application to receive emergency cell broadcast messages,
to record or display them to the user. Reserved for system apps.
@hide Pending API council approval -->
<permission android:name="android.permission.RECEIVE_EMERGENCY_BROADCAST"
android:permissionGroup="android.permission-group.MESSAGES"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system"
Enable full support for SMS Cell Broadcast. Implement full support for SMS Cell Broadcast (3GPP TS 23.041). Includes support for ETWS and CMAS emergency message types. Includes GSM and UMTS support (CDMA will be added later). Note: the change to GsmAlphabet.java is only necessary if the SMS national languages support patch has been applied. If that change has not been applied, then the changes to GsmAlphabet.java in this patch set can safely be ignored. Change-Id: Ia0362c53695b8ef9a0982f558f1cffa912def34b
2011-04-26 16:26:46 -07:00
android:label="@string/permlab_receiveEmergencyBroadcast"
android:description="@string/permdesc_receiveEmergencyBroadcast" />
Add ContentProvider for apps to read received SMS cell broadcasts. The CellBroadcastReceiver app will allow apps with the new permission "android.permission.READ_CELL_BROADCASTS" to read previously received cell broadcast messages from a new ContentProvider database at URI "content://cellbroadcasts". This will enable third parties to provide additional information to users in the event of emergencies without delaying or interfering with the initial system alert dialog to warn the user when the alert is received. Includes a new android.telephony.CellBroadcastMessage class which can be instantiated from the Cursor retrieved from the ContentProvider. This was previously a part of the CellBroadcastReceiver app, but can now be used by third party apps with read permission on the ContentProvider. Change-Id: I2c31f62b63c050c7946de2d81c28a5f4dc6f00b0
2012-04-18 12:32:18 -07:00
<!-- Allows an application to read previously received cell broadcast
messages and to register a content observer to get notifications when
a cell broadcast has been received and added to the database. For
emergency alerts, the database is updated immediately after the
alert dialog and notification sound/vibration/speech are presented.
The "read" column is then updated after the user dismisses the alert.
This enables supplementary emergency assistance apps to start loading
additional emergency information (if Internet access is available)
when the alert is first received, and to delay presenting the info
to the user until after the initial alert dialog is dismissed.
@hide Pending API council approval -->
<permission android:name="android.permission.READ_CELL_BROADCASTS"
android:permissionGroup="android.permission-group.MESSAGES"
android:protectionLevel="dangerous"
android:label="@string/permlab_readCellBroadcasts"
android:description="@string/permdesc_readCellBroadcasts" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows an application to read SMS messages. -->
<permission android:name="android.permission.READ_SMS"
android:permissionGroup="android.permission-group.MESSAGES"
android:protectionLevel="dangerous"
android:label="@string/permlab_readSms"
android:description="@string/permdesc_readSms" />
<!-- Allows an application to write SMS messages. -->
<permission android:name="android.permission.WRITE_SMS"
android:permissionGroup="android.permission-group.MESSAGES"
android:protectionLevel="dangerous"
android:label="@string/permlab_writeSms"
android:description="@string/permdesc_writeSms" />
<!-- Allows an application to monitor incoming WAP push messages. -->
<permission android:name="android.permission.RECEIVE_WAP_PUSH"
android:permissionGroup="android.permission-group.MESSAGES"
android:protectionLevel="dangerous"
android:label="@string/permlab_receiveWapPush"
android:description="@string/permdesc_receiveWapPush" />
<!-- =============================================================== -->
<!-- Permissions for accessing personal info (contacts and calendar) -->
<!-- =============================================================== -->
<eat-comment />
Automated import from //branches/master/...@142414,142414
2009-03-24 22:48:12 -07:00
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Used for permissions that provide access to the user's private data,
such as contacts, calendar events, e-mail messages, etc. This includes
both reading and writing of this data (which should generally be
expressed as two distinct permissions). -->
<permission-group android:name="android.permission-group.PERSONAL_INFO"
android:label="@string/permgrouplab_personalInfo"
android:description="@string/permgroupdesc_personalInfo" />
<!-- Allows an application to read the user's contacts data. -->
<permission android:name="android.permission.READ_CONTACTS"
android:permissionGroup="android.permission-group.PERSONAL_INFO"
android:protectionLevel="dangerous"
android:label="@string/permlab_readContacts"
android:description="@string/permdesc_readContacts" />
<!-- Allows an application to write (but not read) the user's
contacts data. -->
<permission android:name="android.permission.WRITE_CONTACTS"
android:permissionGroup="android.permission-group.PERSONAL_INFO"
android:protectionLevel="dangerous"
android:label="@string/permlab_writeContacts"
android:description="@string/permdesc_writeContacts" />
Introduce READ_CALL_LOG and WRITE_CALL_LOG Bug:6141864 Change-Id: I66fcab2a35b8c1c73bac7cfffb9f008c82ed51e8
2012-03-12 13:45:19 -07:00
<!-- Allows an application to read the user's call log. -->
<permission android:name="android.permission.READ_CALL_LOG"
android:permissionGroup="android.permission-group.PERSONAL_INFO"
android:protectionLevel="dangerous"
android:label="@string/permlab_readCallLog"
android:description="@string/permdesc_readCallLog" />
<!-- Allows an application to write (but not read) the user's
contacts data. -->
<permission android:name="android.permission.WRITE_CALL_LOG"
android:permissionGroup="android.permission-group.PERSONAL_INFO"
android:protectionLevel="dangerous"
android:label="@string/permlab_writeCallLog"
android:description="@string/permdesc_writeCallLog" />
API modifications to handle profiles in Contacts. The user's profile is represented as a single Contact, comprised of Raw Contacts which may be contributed from any accounts the user has on the system. Two new permissions have been added: READ_PROFILE and WRITE_PROFILE. These are required for reading or writing any contact data that is designated as part of the user's profile. Contact queries can include the user's profile data by setting the include_profile URI parameter to 1 (this requires READ_PROFILE access). By default, the user's profile data will not be included in any Contact queries. Change-Id: I25616f59622dbb157032c9c435064eb36af6e8e1
2011-05-11 11:39:54 -07:00
<!-- Allows an application to read the user's personal profile data. -->
<permission android:name="android.permission.READ_PROFILE"
android:permissionGroup="android.permission-group.PERSONAL_INFO"
android:protectionLevel="dangerous"
android:label="@string/permlab_readProfile"
android:description="@string/permdesc_readProfile" />
<!-- Allows an application to write (but not read) the user's
personal profile data. -->
<permission android:name="android.permission.WRITE_PROFILE"
android:permissionGroup="android.permission-group.PERSONAL_INFO"
android:protectionLevel="dangerous"
android:label="@string/permlab_writeProfile"
android:description="@string/permdesc_writeProfile" />
Unhide social stream permissions. Bug 5569021 Change-Id: I35ee70418be0e0286294fef54e194831b5fa3b2c
2011-11-17 10:25:00 -08:00
<!-- Allows an application to read from the user's social stream. -->
Add new permissions for read/write social stream. This is a manual merge of a change going in to ICS-FactoryROM. These permissions are needed to separate the (potentially invasive) access to the user's social stream from the existing read/write contacts permission. Per discussion with Android release team, we are also hiding the stream item API until we figure out a better way to guard the data. Bug 5406886 Change-Id: I8339d743c3ebe8923c7ee47f2900444efcf82a52
2011-10-03 18:25:26 -07:00
<permission android:name="android.permission.READ_SOCIAL_STREAM"
android:permissionGroup="android.permission-group.PERSONAL_INFO"
android:protectionLevel="dangerous"
android:label="@string/permlab_readSocialStream"
android:description="@string/permdesc_readSocialStream" />
<!-- Allows an application to write (but not read) the user's
Unhide social stream permissions. Bug 5569021 Change-Id: I35ee70418be0e0286294fef54e194831b5fa3b2c
2011-11-17 10:25:00 -08:00
social stream data. -->
Add new permissions for read/write social stream. This is a manual merge of a change going in to ICS-FactoryROM. These permissions are needed to separate the (potentially invasive) access to the user's social stream from the existing read/write contacts permission. Per discussion with Android release team, we are also hiding the stream item API until we figure out a better way to guard the data. Bug 5406886 Change-Id: I8339d743c3ebe8923c7ee47f2900444efcf82a52
2011-10-03 18:25:26 -07:00
<permission android:name="android.permission.WRITE_SOCIAL_STREAM"
android:permissionGroup="android.permission-group.PERSONAL_INFO"
android:protectionLevel="dangerous"
android:label="@string/permlab_writeSocialStream"
android:description="@string/permdesc_writeSocialStream" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows an application to read the user's calendar data. -->
<permission android:name="android.permission.READ_CALENDAR"
android:permissionGroup="android.permission-group.PERSONAL_INFO"
android:protectionLevel="dangerous"
android:label="@string/permlab_readCalendar"
android:description="@string/permdesc_readCalendar" />
<!-- Allows an application to write (but not read) the user's
calendar data. -->
<permission android:name="android.permission.WRITE_CALENDAR"
android:permissionGroup="android.permission-group.PERSONAL_INFO"
android:protectionLevel="dangerous"
android:label="@string/permlab_writeCalendar"
android:description="@string/permdesc_writeCalendar" />
<!-- Allows an application to read the user dictionary. This should
Automated import from //branches/master/...@142414,142414
2009-03-24 22:48:12 -07:00
really only be required by an IME, or a dictionary editor like
the Settings app.
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
@hide Pending API council approval -->
<permission android:name="android.permission.READ_USER_DICTIONARY"
android:permissionGroup="android.permission-group.PERSONAL_INFO"
android:protectionLevel="dangerous"
android:label="@string/permlab_readDictionary"
android:description="@string/permdesc_readDictionary" />
<!-- Allows an application to write to the user dictionary.
@hide Pending API council approval -->
<permission android:name="android.permission.WRITE_USER_DICTIONARY"
android:permissionGroup="android.permission-group.PERSONAL_INFO"
android:protectionLevel="normal"
android:label="@string/permlab_writeDictionary"
android:description="@string/permdesc_writeDictionary" />
Make browser bookmarks permissions part of the public API.
2009-06-19 14:13:08 -04:00
<!-- Allows an application to read (but not write) the user's
browsing history and bookmarks. -->
Use the old string for bookmarks permissions. When we made the bookmark permissions public, we also changed their names, which might break existing apps. Change them back. Depends on a change in packages/apps/Browser
2009-07-27 11:10:28 -04:00
<permission android:name="com.android.browser.permission.READ_HISTORY_BOOKMARKS"
Make browser bookmarks permissions part of the public API.
2009-06-19 14:13:08 -04:00
android:permissionGroup="android.permission-group.PERSONAL_INFO"
android:label="@string/permlab_readHistoryBookmarks"
android:description="@string/permdesc_readHistoryBookmarks"
android:protectionLevel="dangerous" />
<!-- Allows an application to write (but not read) the user's
browsing history and bookmarks. -->
Use the old string for bookmarks permissions. When we made the bookmark permissions public, we also changed their names, which might break existing apps. Change them back. Depends on a change in packages/apps/Browser
2009-07-27 11:10:28 -04:00
<permission android:name="com.android.browser.permission.WRITE_HISTORY_BOOKMARKS"
Make browser bookmarks permissions part of the public API.
2009-06-19 14:13:08 -04:00
android:permissionGroup="android.permission-group.PERSONAL_INFO"
android:label="@string/permlab_writeHistoryBookmarks"
android:description="@string/permdesc_writeHistoryBookmarks"
android:protectionLevel="dangerous" />
Add new Alarm provider class for setting an alarm. The new class provides static variables for creating an intent to broadcast to applications implementing the alarm clock. A new permission has been added and applications are recommended to require this permission if accepting the set alarm broadcast. Change-Id: I7b1014acdc54371cbda19bcf9b5c395b647aa413
2010-09-22 08:16:53 -04:00
<!-- Allows an application to broadcast an Intent to set an alarm for the
user. -->
<permission android:name="com.android.alarm.permission.SET_ALARM"
android:permissionGroup="android.permission-group.PERSONAL_INFO"
android:label="@string/permlab_setAlarm"
android:description="@string/permdesc_setAlarm"
android:protectionLevel="normal" />
Step1 of renaming READ_WRITE_OWN_VOICEMAIL to ADD_VOICEMAILS. READ_WRITE_OWN_VOICEMAIL sounds a confusing name. Dianne recommened to rename it to ADD_VOICEMAILS as this simply allows 3rd party apps to add new voicemails to the system. The fact that we allow the app to acces only its own voicemail is implicit and need not be highlighted in the permission name. See bug: 5098551 for more details This CL implements the 1st step of this change by adding the permission ADD_VOICEMAILS. A follow up CL will remove READ_WRITE_OWN_VOICEMAIL once content provider and contacts app have been modified to start using the new ADD_VOICEMAILS permission instead. Bug: 5098551 Change-Id: I515e7967bdb0e8498a60a32983f9122ce10dcc4a
2011-08-02 19:25:50 +01:00
<!-- Allows an application to add voicemails into the system. -->
<permission android:name="com.android.voicemail.permission.ADD_VOICEMAIL"
android:permissionGroup="android.permission-group.PERSONAL_INFO"
android:protectionLevel="dangerous"
android:label="@string/permlab_addVoicemail"
android:description="@string/permdesc_addVoicemail" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- ======================================= -->
<!-- Permissions for accessing location info -->
<!-- ======================================= -->
<eat-comment />
Automated import from //branches/master/...@142414,142414
2009-03-24 22:48:12 -07:00
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Used for permissions that allow access to the user's current
location. -->
<permission-group android:name="android.permission-group.LOCATION"
android:label="@string/permgrouplab_location"
android:description="@string/permgroupdesc_location" />
<!-- Allows an application to access fine (e.g., GPS) location -->
<permission android:name="android.permission.ACCESS_FINE_LOCATION"
android:permissionGroup="android.permission-group.LOCATION"
android:protectionLevel="dangerous"
android:label="@string/permlab_accessFineLocation"
android:description="@string/permdesc_accessFineLocation" />
<!-- Allows an application to access coarse (e.g., Cell-ID, WiFi) location -->
<permission android:name="android.permission.ACCESS_COARSE_LOCATION"
android:permissionGroup="android.permission-group.LOCATION"
android:protectionLevel="dangerous"
android:label="@string/permlab_accessCoarseLocation"
android:description="@string/permdesc_accessCoarseLocation" />
<!-- Allows an application to create mock location providers for testing -->
<permission android:name="android.permission.ACCESS_MOCK_LOCATION"
android:permissionGroup="android.permission-group.LOCATION"
AI 145994: Integrate #145778 from Donut. Automated import of CL 145994
2009-04-13 16:11:55 -07:00
android:protectionLevel="dangerous"
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
android:label="@string/permlab_accessMockLocation"
android:description="@string/permdesc_accessMockLocation" />
<!-- Allows an application to access extra location provider commands -->
<permission android:name="android.permission.ACCESS_LOCATION_EXTRA_COMMANDS"
android:permissionGroup="android.permission-group.LOCATION"
AI 145994: Integrate #145778 from Donut. Automated import of CL 145994
2009-04-13 16:11:55 -07:00
android:protectionLevel="normal"
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
android:label="@string/permlab_accessLocationExtraCommands"
android:description="@string/permdesc_accessLocationExtraCommands" />
location: Add support for location providers outside of the system process. Also added new permissions android.permission.INSTALL_LOCATION_PROVIDER and android.permission.INSTALL_LOCATION_COLLECTOR to the public API. Signed-off-by: Mike Lockwood <lockwood@android.com>
2009-05-01 11:30:34 -04:00
<!-- Allows an application to install a location provider into the Location Manager -->
<permission android:name="android.permission.INSTALL_LOCATION_PROVIDER"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system"
location: Add support for location providers outside of the system process. Also added new permissions android.permission.INSTALL_LOCATION_PROVIDER and android.permission.INSTALL_LOCATION_COLLECTOR to the public API. Signed-off-by: Mike Lockwood <lockwood@android.com>
2009-05-01 11:30:34 -04:00
android:label="@string/permlab_installLocationProvider"
android:description="@string/permdesc_installLocationProvider" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- ======================================= -->
<!-- Permissions for accessing networks -->
<!-- ======================================= -->
<eat-comment />
Automated import from //branches/master/...@142414,142414
2009-03-24 22:48:12 -07:00
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Used for permissions that provide access to networking services. The
main permission here is internet access, but this is also an
appropriate group for accessing or modifying any network configuration
or other related network operations. -->
<permission-group android:name="android.permission-group.NETWORK"
android:label="@string/permgrouplab_network"
android:description="@string/permgroupdesc_network" />
<!-- Allows applications to open network sockets. -->
<permission android:name="android.permission.INTERNET"
android:permissionGroup="android.permission-group.NETWORK"
android:protectionLevel="dangerous"
android:description="@string/permdesc_createNetworkSockets"
android:label="@string/permlab_createNetworkSockets" />
<!-- Allows applications to access information about networks -->
<permission android:name="android.permission.ACCESS_NETWORK_STATE"
android:permissionGroup="android.permission-group.NETWORK"
android:protectionLevel="normal"
android:description="@string/permdesc_accessNetworkState"
android:label="@string/permlab_accessNetworkState" />
<!-- Allows applications to access information about Wi-Fi networks -->
<permission android:name="android.permission.ACCESS_WIFI_STATE"
android:permissionGroup="android.permission-group.NETWORK"
android:protectionLevel="normal"
android:description="@string/permdesc_accessWifiState"
android:label="@string/permlab_accessWifiState" />
Fix build. Missed a commit that fixed some issues. bug:5237167 Change-Id: I61e44831e2c3f1cf613ca1387aa95d712b7d2ded
2011-11-08 10:12:25 -08:00
<!-- @hide -->
Wimax : wimax framework related open source. Integrate wimax network related changes into Android Framework. - In Connectivity service, start wimax service. - 4G icon display in StatusBarPolicy. - DHCP renew add. - Add radio for wiamx Change-Id: I2d9012247edfdf49d71ca7e1414afd0006f330ca Signed-off-by: tk.mun <tk.mun@samsung.com> bug:5237167
2011-10-13 22:51:57 +09:00
<permission android:name="android.permission.ACCESS_WIMAX_STATE"
android:permissionGroup="android.permission-group.NETWORK"
android:protectionLevel="normal"
android:description="@string/permdesc_accessWimaxState"
android:label="@string/permlab_accessWimaxState" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows applications to connect to paired bluetooth devices -->
<permission android:name="android.permission.BLUETOOTH"
android:permissionGroup="android.permission-group.NETWORK"
android:protectionLevel="dangerous"
android:description="@string/permdesc_bluetooth"
android:label="@string/permlab_bluetooth" />
Minor doc update. Change-Id: I1d29adfccbdc196a145a2c2a044d63b00e5f788b
2011-02-15 13:34:38 -08:00
<!-- Allows applications to perform I/O operations over NFC -->
Fix up NFC permissions. The initial (vendor) implementation had 4 perms, replace with 1. Requires no permissions: - Viewing UID, type of discovered tags and cards. - Viewing the NDEF message contents of NDEF formatted tags and cards. Requires android.permission.NFC - Get/Set the local tag "MyTag" - Creating or using a RawTagConnection (transceive()) - Creating or using a NdefTagConnection (write()/read()) Change-Id: I1b585c7d91738bed6261277061a48cf7c939482a Signed-off-by: Nick Pelly <npelly@google.com>
2010-10-17 19:05:47 -07:00
<permission android:name="android.permission.NFC"
NFC integration Source: Trusted_NFC_Device_Host_AA03.01e02_google.zip code drop (23-Sep-2010) Conflicts: core/java/android/app/ApplicationContext.java core/java/android/provider/Settings.java core/jni/Android.mk core/jni/AndroidRuntime.cpp core/res/AndroidManifest.xml include/utils/Asset.h Change-Id: I62c92f4c79f5ee65126c97602f6bc1c15794e573 Signed-off-by: Nick Pelly <npelly@google.com>
2010-09-23 16:12:11 -07:00
android:permissionGroup="android.permission-group.NETWORK"
android:protectionLevel="dangerous"
Fix up NFC permissions. The initial (vendor) implementation had 4 perms, replace with 1. Requires no permissions: - Viewing UID, type of discovered tags and cards. - Viewing the NDEF message contents of NDEF formatted tags and cards. Requires android.permission.NFC - Get/Set the local tag "MyTag" - Creating or using a RawTagConnection (transceive()) - Creating or using a NdefTagConnection (write()/read()) Change-Id: I1b585c7d91738bed6261277061a48cf7c939482a Signed-off-by: Nick Pelly <npelly@google.com>
2010-10-17 19:05:47 -07:00
android:description="@string/permdesc_nfc"
android:label="@string/permlab_nfc" />
NFC integration Source: Trusted_NFC_Device_Host_AA03.01e02_google.zip code drop (23-Sep-2010) Conflicts: core/java/android/app/ApplicationContext.java core/java/android/provider/Settings.java core/jni/Android.mk core/jni/AndroidRuntime.cpp core/res/AndroidManifest.xml include/utils/Asset.h Change-Id: I62c92f4c79f5ee65126c97602f6bc1c15794e573 Signed-off-by: Nick Pelly <npelly@google.com>
2010-09-23 16:12:11 -07:00
Unhide SIP API. Change-Id: I09468e3149a242a3b1e085ad220eb74f84ac6c68
2010-09-16 04:11:32 +08:00
<!-- Allows an application to use SIP service -->
<permission android:name="android.permission.USE_SIP"
android:permissionGroup="android.permission-group.NETWORK"
android:protectionLevel="dangerous"
android:description="@string/permdesc_use_sip"
android:label="@string/permlab_use_sip" />
add account manager permission checking
2009-07-16 16:36:38 -07:00
<!-- Allows applications to call into AccountAuthenticators. Only
the system can get this permission. -->
account manager api review changes
2009-10-02 17:19:31 -07:00
<permission android:name="android.permission.ACCOUNT_MANAGER"
add account manager permission checking
2009-07-16 16:36:38 -07:00
android:permissionGroup="android.permission-group.ACCOUNTS"
android:protectionLevel="signature"
android:description="@string/permdesc_accountManagerService"
android:label="@string/permlab_accountManagerService" />
Move the net transition wakelock to ConnService. When the default network goes down we lose the wake-on-incoming-data capability until the new net is brought up and apps rebuild their connections. We fixed this in Wifi, but it's a general connectivity issue, not a wifi issue so moving the mechanism to connecitivty so other networks can use it. bug:2734419 Change-Id: I39b5d825eb6b548bd9bb8f179b89254f4db53147
2010-06-15 12:19:37 -07:00
<!-- Allows an internal user to use privaledged ConnectivityManager
APIs.
@hide -->
<permission android:name="android.permission.CONNECTIVITY_INTERNAL"
android:permissionGroup="android.permission-group.NETWORK"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
Move the net transition wakelock to ConnService. When the default network goes down we lose the wake-on-incoming-data capability until the new net is brought up and apps rebuild their connections. We fixed this in Wifi, but it's a general connectivity issue, not a wifi issue so moving the mechanism to connecitivty so other networks can use it. bug:2734419 Change-Id: I39b5d825eb6b548bd9bb8f179b89254f4db53147
2010-06-15 12:19:37 -07:00
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- ================================== -->
<!-- Permissions for accessing accounts -->
<!-- ================================== -->
<eat-comment />
Automated import from //branches/master/...@142414,142414
2009-03-24 22:48:12 -07:00
fix account permission strings. this permission is used to protect more than just Google accounts.
2009-09-29 17:57:25 -07:00
<!-- Permissions for direct access to the accounts managed
by the Account Manager. -->
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<permission-group android:name="android.permission-group.ACCOUNTS"
android:label="@string/permgrouplab_accounts"
android:description="@string/permgroupdesc_accounts" />
<!-- Allows access to the list of accounts in the Accounts Service -->
<permission android:name="android.permission.GET_ACCOUNTS"
android:permissionGroup="android.permission-group.ACCOUNTS"
android:protectionLevel="normal"
android:description="@string/permdesc_getAccounts"
android:label="@string/permlab_getAccounts" />
add account manager permission checking
2009-07-16 16:36:38 -07:00
<!-- Allows an application to act as an AccountAuthenticator for
the AccountManager -->
<permission android:name="android.permission.AUTHENTICATE_ACCOUNTS"
android:permissionGroup="android.permission-group.ACCOUNTS"
android:protectionLevel="dangerous"
android:label="@string/permlab_authenticateAccounts"
android:description="@string/permdesc_authenticateAccounts" />
<!-- Allows an application to request authtokens from the AccountManager -->
<permission android:name="android.permission.USE_CREDENTIALS"
android:permissionGroup="android.permission-group.ACCOUNTS"
android:protectionLevel="dangerous"
android:label="@string/permlab_useCredentials"
android:description="@string/permdesc_useCredentials" />
<!-- Allows an application to manage the list of accounts in the AccountManager -->
<permission android:name="android.permission.MANAGE_ACCOUNTS"
android:permissionGroup="android.permission-group.ACCOUNTS"
android:protectionLevel="dangerous"
android:label="@string/permlab_manageAccounts"
android:description="@string/permdesc_manageAccounts" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- ================================== -->
<!-- Permissions for accessing hardware -->
<!-- ================================== -->
<eat-comment />
Automated import from //branches/master/...@142414,142414
2009-03-24 22:48:12 -07:00
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Used for permissions that provide direct access to the hardware on
the device. This includes audio, the camera, vibrator, etc. -->
<permission-group android:name="android.permission-group.HARDWARE_CONTROLS"
android:label="@string/permgrouplab_hardwareControls"
android:description="@string/permgroupdesc_hardwareControls" />
<!-- Allows an application to modify global audio settings -->
<permission android:name="android.permission.MODIFY_AUDIO_SETTINGS"
android:permissionGroup="android.permission-group.HARDWARE_CONTROLS"
android:protectionLevel="dangerous"
android:label="@string/permlab_modifyAudioSettings"
android:description="@string/permdesc_modifyAudioSettings" />
<!-- Allows an application to record audio -->
<permission android:name="android.permission.RECORD_AUDIO"
android:permissionGroup="android.permission-group.HARDWARE_CONTROLS"
android:protectionLevel="dangerous"
android:label="@string/permlab_recordAudio"
android:description="@string/permdesc_recordAudio" />
docs: add "required" attribute to the <uses-feature> docs and add a note to the CAMERA permission stating that it enables the <uses-feature> for camera. This is an incrimental update for the 2.0.1 docs. More changes to come for the 2.1 docs to include more features
2009-12-17 18:01:04 -08:00
<!-- Required to be able to access the camera device.
<p>This will automatically enforce the <a
href="{@docRoot}guide/topics/manifest/uses-feature-element.html">{@code
&lt;uses-feature&gt;}</a> manifest element for <em>all</em> camera features.
If you do not require all camera features or can properly operate if a camera
is not available, then you must modify your manifest as appropriate in order to
install on devices that don't support all camera features.</p> -->
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<permission android:name="android.permission.CAMERA"
android:permissionGroup="android.permission-group.HARDWARE_CONTROLS"
android:protectionLevel="dangerous"
android:label="@string/permlab_camera"
android:description="@string/permdesc_camera" />
<!-- Allows access to the vibrator -->
<permission android:name="android.permission.VIBRATE"
android:permissionGroup="android.permission-group.HARDWARE_CONTROLS"
android:protectionLevel="normal"
android:label="@string/permlab_vibrate"
android:description="@string/permdesc_vibrate" />
<!-- Allows access to the flashlight -->
<permission android:name="android.permission.FLASHLIGHT"
android:permissionGroup="android.permission-group.HARDWARE_CONTROLS"
android:protectionLevel="normal"
android:label="@string/permlab_flashlight"
android:description="@string/permdesc_flashlight" />
UsbManager: Enhancements for managing USB devices and accessories When a USB device or accessory is connected, the UsbService now asks the user which application to associate with the device or accessory. Applications interested in devices or accessories must specify the devices they work with via meta-data attached to their manifest. Permission to communicate with the device is assigned when the user chooses the activity to use for the device. The user has the option of clicking the "always use this application" checkbox to make the assignment automatic in the future. The user may later clear this preference and revoke permission for an application to have permission to communicate with the device by clicking the "Clear defaults" button for the activity in the Manage Applications panel in Settings. Added class UsbResolveActivity (a subclass or ResolveActivity for choosing an activity for a USB device or accessory) Added UsbDeviceManager, which manages the mapping between USB devices/accessories and applications, including default applications for devices and accessories, and manages application permissions. Add interface to allow Settings to clear device and accessory preferences and permissions for an application. Remove obsolete ACCESS_USB permission. Add new signatureOrSystem MANAGE_USB permission to allow administrating preferences and permissions. Moved UsbService.java to a "usb" subdirectory, along with new classes UsbResolveActivity and UsbDeviceManager. Change-Id: I92554381e9779e68ce380daaee4e1401fb875703 Signed-off-by: Mike Lockwood <lockwood@android.com>
2011-02-27 09:10:37 -08:00
<!-- Allows an application to manage preferences and permissions for USB devices
@hide -->
<permission android:name="android.permission.MANAGE_USB"
Add new permission android.permission.ACCESS_USB to allow access to USB devices Change-Id: Ib3dd573a5ef3950d20b21251fe7a3efad56b5c1f Signed-off-by: Mike Lockwood <lockwood@android.com>
2010-05-10 18:26:40 -04:00
android:permissionGroup="android.permission-group.HARDWARE_CONTROLS"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system"
UsbManager: Enhancements for managing USB devices and accessories When a USB device or accessory is connected, the UsbService now asks the user which application to associate with the device or accessory. Applications interested in devices or accessories must specify the devices they work with via meta-data attached to their manifest. Permission to communicate with the device is assigned when the user chooses the activity to use for the device. The user has the option of clicking the "always use this application" checkbox to make the assignment automatic in the future. The user may later clear this preference and revoke permission for an application to have permission to communicate with the device by clicking the "Clear defaults" button for the activity in the Manage Applications panel in Settings. Added class UsbResolveActivity (a subclass or ResolveActivity for choosing an activity for a USB device or accessory) Added UsbDeviceManager, which manages the mapping between USB devices/accessories and applications, including default applications for devices and accessories, and manages application permissions. Add interface to allow Settings to clear device and accessory preferences and permissions for an application. Remove obsolete ACCESS_USB permission. Add new signatureOrSystem MANAGE_USB permission to allow administrating preferences and permissions. Moved UsbService.java to a "usb" subdirectory, along with new classes UsbResolveActivity and UsbDeviceManager. Change-Id: I92554381e9779e68ce380daaee4e1401fb875703 Signed-off-by: Mike Lockwood <lockwood@android.com>
2011-02-27 09:10:37 -08:00
android:label="@string/permlab_manageUsb"
android:description="@string/permdesc_manageUsb" />
Add new permission android.permission.ACCESS_USB to allow access to USB devices Change-Id: Ib3dd573a5ef3950d20b21251fe7a3efad56b5c1f Signed-off-by: Mike Lockwood <lockwood@android.com>
2010-05-10 18:26:40 -04:00
Add separate permission and group for access to the MTP USB driver Since the "usb" group and ACCESS_USB permission will be used by regular apps to access USB devices in host mode, we need a separate permission for the device side MTP driver. Change-Id: Id03f7c4f3d2712c489b4b74cf17a72a182084501 Signed-off-by: Mike Lockwood <lockwood@android.com>
2011-01-10 08:24:08 -05:00
<!-- Allows an application to access the MTP USB kernel driver.
For use only by the device side MTP implementation.
@hide -->
<permission android:name="android.permission.ACCESS_MTP"
android:permissionGroup="android.permission-group.HARDWARE_CONTROLS"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system"
Add separate permission and group for access to the MTP USB driver Since the "usb" group and ACCESS_USB permission will be used by regular apps to access USB devices in host mode, we need a separate permission for the device side MTP driver. Change-Id: Id03f7c4f3d2712c489b4b74cf17a72a182084501 Signed-off-by: Mike Lockwood <lockwood@android.com>
2011-01-10 08:24:08 -05:00
android:label="@string/permlab_accessMtp"
android:description="@string/permdesc_accessMtp" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows access to hardware peripherals. Intended only for hardware testing -->
<permission android:name="android.permission.HARDWARE_TEST"
android:permissionGroup="android.permission-group.HARDWARE_CONTROLS"
android:protectionLevel="signature"
android:label="@string/permlab_hardware_test"
android:description="@string/permdesc_hardware_test" />
IMS: Provide net_admin permission so that IPSec could be configured/used. IMS configures the security database in kernel with keys generated from ISIM. Change-Id: Iae9fb85f286ff2a627369d784a127bf7d4d8f4b3
2011-03-28 09:18:31 -05:00
<!-- Allows access to configure network interfaces, configure/use IPSec, etc.
@hide -->
<permission android:name="android.permission.NET_ADMIN"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="signature" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- =========================================== -->
<!-- Permissions associated with telephony state -->
<!-- =========================================== -->
<eat-comment />
Automated import from //branches/master/...@142414,142414
2009-03-24 22:48:12 -07:00
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Used for permissions that are associated with accessing and modifyign
telephony state: intercepting outgoing calls, reading
and modifying the phone state. Note that
placing phone calls is not in this group, since that is in the
more important "takin' yer moneys" group. -->
<permission-group android:name="android.permission-group.PHONE_CALLS"
android:label="@string/permgrouplab_phoneCalls"
android:description="@string/permgroupdesc_phoneCalls" />
<!-- Allows an application to monitor, modify, or abort outgoing
calls. -->
<permission android:name="android.permission.PROCESS_OUTGOING_CALLS"
android:permissionGroup="android.permission-group.PHONE_CALLS"
android:protectionLevel="dangerous"
android:label="@string/permlab_processOutgoingCalls"
android:description="@string/permdesc_processOutgoingCalls" />
<!-- Allows modification of the telephony state - power on, mmi, etc.
Does not include placing calls. -->
<permission android:name="android.permission.MODIFY_PHONE_STATE"
android:permissionGroup="android.permission-group.PHONE_CALLS"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system"
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
android:label="@string/permlab_modifyPhoneState"
android:description="@string/permdesc_modifyPhoneState" />
<!-- Allows read only access to phone state. -->
<permission android:name="android.permission.READ_PHONE_STATE"
android:permissionGroup="android.permission-group.PHONE_CALLS"
android:protectionLevel="dangerous"
android:label="@string/permlab_readPhoneState"
android:description="@string/permdesc_readPhoneState" />
Add ISIM application support for LTE devices. - Add methods to TelephonyManager to provide access to IMS records on the ISIM application of the UICC, as well as access to the ISIM AKA authentication algorithm. - Add support for the new IMS methods to CDMALTEPhone, using the helper class ImsUiccRecords to load the IMS records from the ISIM. The same approach can be used to implement IMS support for UMTS/LTE devices. - There is a new RIL request, RIL_REQUEST_ISIM_AUTHENTICATION, which is used to perform IMS AKA authentication using the algorithm on the ISIM application of the UICC. The challenge nonce and response are both encoded as Base64 strings. Change-Id: I73367c7d9bc573d0d883d68adf09891de1319129
2011-07-21 17:55:53 -07:00
<!-- Allows read access to privileged phone state.
@hide Used internally. -->
<permission android:name="android.permission.READ_PRIVILEGED_PHONE_STATE"
android:permissionGroup="android.permission-group.PHONE_CALLS"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
Add ISIM application support for LTE devices. - Add methods to TelephonyManager to provide access to IMS records on the ISIM application of the UICC, as well as access to the ISIM AKA authentication algorithm. - Add support for the new IMS methods to CDMALTEPhone, using the helper class ImsUiccRecords to load the IMS records from the ISIM. The same approach can be used to implement IMS support for UMTS/LTE devices. - There is a new RIL request, RIL_REQUEST_ISIM_AUTHENTICATION, which is used to perform IMS AKA authentication using the algorithm on the ISIM application of the UICC. The challenge nonce and response are both encoded as Base64 strings. Change-Id: I73367c7d9bc573d0d883d68adf09891de1319129
2011-07-21 17:55:53 -07:00
API_CHANGE: external_storage: Add SDCARD_WRITE permission with associated strings Signed-off-by: San Mehat <san@google.com>
2009-04-23 09:18:32 -07:00
<!-- ================================== -->
<!-- Permissions for sdcard interaction -->
<!-- ================================== -->
<eat-comment />
<!-- Group of permissions that are related to SD card access. -->
<permission-group android:name="android.permission-group.STORAGE"
android:label="@string/permgrouplab_storage"
android:description="@string/permgroupdesc_storage" />
Add new READ_EXTERNAL_STORAGE permission. Also adds some initial compatibility code for dealing with it. Change-Id: I104bff11798349e4aaa6da9b7be787b257daa1bb
2012-03-12 10:51:26 -07:00
<!-- Allows an application to read from external storage -->
<permission android:name="android.permission.READ_EXTERNAL_STORAGE"
android:permissionGroup="android.permission-group.STORAGE"
android:label="@string/permlab_sdcardRead"
android:description="@string/permdesc_sdcardRead"
android:protectionLevel="dangerous" />
base: Rename WRITE_SDCARD -> WRITE_EXTERNAL_STORAGE Signed-off-by: San Mehat <san@google.com>
2009-06-01 09:25:28 -07:00
<!-- Allows an application to write to external storage -->
<permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"
API_CHANGE: external_storage: Add SDCARD_WRITE permission with associated strings Signed-off-by: San Mehat <san@google.com>
2009-04-23 09:18:32 -07:00
android:permissionGroup="android.permission-group.STORAGE"
android:label="@string/permlab_sdcardWrite"
android:description="@string/permdesc_sdcardWrite"
Implement compatibility support for WRITE_SDCARD permission. Now old applications will automatically be granted it. Also renamed it from SDCARD_WRITE to WRITE_SDCARD to be consistent with our other permissions, and re-arranged how we do targetSdkVersion to actually be usuable for this kind of stuff. Note that right now this results in basically all apps being given the WRITE_SDCARD permission, because their targetSdkVersion is not set. I will be dealing with that in a future change.
2009-05-13 15:06:13 -07:00
android:protectionLevel="dangerous" />
API_CHANGE: external_storage: Add SDCARD_WRITE permission with associated strings Signed-off-by: San Mehat <san@google.com>
2009-04-23 09:18:32 -07:00
Revert "Remove permission android.permission.WRITE_MEDIA_STORAGE" We need this to allow MTP to access secondary external storage devices This reverts commit 35a2ea2fbf156a503d1b0bc6ca7784e51e2462f4. Conflicts: data/etc/platform.xml Change-Id: I9faf54526182a786a1c0ca1fd01a09baabca186d Signed-off-by: Mike Lockwood <lockwood@android.com>
2011-04-22 07:05:21 -07:00
<!-- Allows an application to write to internal media storage
@hide -->
<permission android:name="android.permission.WRITE_MEDIA_STORAGE"
android:permissionGroup="android.permission-group.STORAGE"
android:label="@string/permlab_mediaStorageWrite"
android:description="@string/permdesc_mediaStorageWrite"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
Revert "Remove permission android.permission.WRITE_MEDIA_STORAGE" We need this to allow MTP to access secondary external storage devices This reverts commit 35a2ea2fbf156a503d1b0bc6ca7784e51e2462f4. Conflicts: data/etc/platform.xml Change-Id: I9faf54526182a786a1c0ca1fd01a09baabca186d Signed-off-by: Mike Lockwood <lockwood@android.com>
2011-04-22 07:05:21 -07:00
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- ============================================ -->
<!-- Permissions for low-level system interaction -->
<!-- ============================================ -->
<eat-comment />
Automated import from //branches/master/...@142414,142414
2009-03-24 22:48:12 -07:00
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Group of permissions that are related to system APIs. Many
of these are not permissions the user will be expected to understand,
and such permissions should generally be marked as "normal" protection
level so they don't get displayed. This can also, however, be used
for miscellaneous features that provide access to the operating system,
such as writing the global system settings. -->
<permission-group android:name="android.permission-group.SYSTEM_TOOLS"
android:label="@string/permgrouplab_systemTools"
android:description="@string/permgroupdesc_systemTools" />
<!-- Allows an application to read or write the system settings. -->
<permission android:name="android.permission.WRITE_SETTINGS"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="dangerous"
android:label="@string/permlab_writeSettings"
android:description="@string/permdesc_writeSettings" />
<!-- Allows an application to modify the Google service map. -->
<permission android:name="android.permission.WRITE_GSERVICES"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system"
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
android:label="@string/permlab_writeGservices"
android:description="@string/permdesc_writeGservices" />
<!-- Allows an application to expand or collapse the status bar. -->
<permission android:name="android.permission.EXPAND_STATUS_BAR"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="normal"
android:label="@string/permlab_expandStatusBar"
android:description="@string/permdesc_expandStatusBar" />
<!-- Allows an application to get information about the currently
or recently running tasks: a thumbnail representation of the tasks,
what activities are running in it, etc. -->
<permission android:name="android.permission.GET_TASKS"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="dangerous"
android:label="@string/permlab_getTasks"
android:description="@string/permdesc_getTasks" />
<!-- Allows an application to change the Z-order of tasks -->
<permission android:name="android.permission.REORDER_TASKS"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="dangerous"
android:label="@string/permlab_reorderTasks"
android:description="@string/permdesc_reorderTasks" />
Hide permissions that are not available to apps. Change-Id: I5f3bc72114b780fffe218a5600bfd011ede029d3
2011-07-29 15:52:05 -07:00
<!-- @hide Allows an application to change to remove/kill tasks -->
Add APIs to remove tasks. You can remove sub-tasks inside of a task, or an entire task. When removing an entire task, you can have its process killed as well. When the process is killed, any running services will get an onTaskRemoved() callback for them to do cleanup before their process is killed (and the service possibly restarted). Or they can set a new android:stopWithTask attribute to just have the service automatically (cleanly) stopped at this point. Change-Id: I1891bc2da006fa53b99c52f9040f1145650e6808
2011-04-12 18:16:08 -07:00
<permission android:name="android.permission.REMOVE_TASKS"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="signature"
android:label="@string/permlab_removeTasks"
android:description="@string/permdesc_removeTasks" />
Move SystemUI out of system UID. Add permissions for various things it pokes. Create new permission to control launching non-exported activities from recents. Hidden API to relax WallpaperService checks. Change-Id: I547fdcd7c213dd153ae101533ce7c56cd8f86a0d
2012-04-18 19:16:15 -07:00
<!-- Allows an application to start any activity, regardless of permission
protection or exported state. @hide -->
<permission android:name="android.permission.START_ANY_ACTIVITY"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="signature"
android:label="@string/permlab_startAnyActivity"
android:description="@string/permdesc_startAnyActivity" />
Some hardening of isolated processes by restricting access to services. Services now must explicitly opt in to being accessed by isolated processes. Currently only the activity manager and surface flinger allow this. Activity manager is needed so that we can actually bring up the process; SurfaceFlinger is needed to be able to get the display information for creating the Configuration. The SurfaceFlinger should be safe because the app doesn't have access to the window manager so can't actually get a surface to do anything with. The activity manager now protects most of its entry points against isolated processes. Change-Id: I0dad8cb2c873575c4c7659c3c2a7eda8e98f46b0
2012-02-09 16:12:18 -08:00
<!-- @hide Change the screen compatibility mode of applications -->
<permission android:name="android.permission.SET_SCREEN_COMPATIBILITY"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="signature"
android:label="@string/permlab_setScreenCompatibility"
android:description="@string/permdesc_setScreenCompatibility" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows an application to modify the current configuration, such
as locale. -->
<permission android:name="android.permission.CHANGE_CONFIGURATION"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="dangerous"
android:label="@string/permlab_changeConfiguration"
android:description="@string/permdesc_changeConfiguration" />
Kill the task killers. The ActivityManager.restartPackage() API is now deprecated, and no longer allows applications to mess up the state of other applications. This was being abused by task killers, causing users to think their other applications had bugs. A new API is introduced for task killers, ActivityManager.killBackgroundProcesses(), which allows these applications to kill processes but only the same amount that the out of memory killer does, thus causing no permanent damage. The old restartPackage() API is now a wrapper for calling this new API. There is also a new private forceStopPackage() API that is used for the system's force stop UI which does what the old restartPackage() API did.
2010-01-04 18:43:19 -08:00
<!-- @deprecated The {@link android.app.ActivityManager#restartPackage}
API is no longer supported. -->
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<permission android:name="android.permission.RESTART_PACKAGES"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
Kill the task killers. The ActivityManager.restartPackage() API is now deprecated, and no longer allows applications to mess up the state of other applications. This was being abused by task killers, causing users to think their other applications had bugs. A new API is introduced for task killers, ActivityManager.killBackgroundProcesses(), which allows these applications to kill processes but only the same amount that the out of memory killer does, thus causing no permanent damage. The old restartPackage() API is now a wrapper for calling this new API. There is also a new private forceStopPackage() API that is used for the system's force stop UI which does what the old restartPackage() API did.
2010-01-04 18:43:19 -08:00
android:protectionLevel="normal"
android:label="@string/permlab_killBackgroundProcesses"
android:description="@string/permdesc_killBackgroundProcesses" />
<!-- Allows an application to call
{@link android.app.ActivityManager#killBackgroundProcesses}. -->
<permission android:name="android.permission.KILL_BACKGROUND_PROCESSES"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="normal"
android:label="@string/permlab_killBackgroundProcesses"
android:description="@string/permdesc_killBackgroundProcesses" />
<!-- Allows an application to call
{@link android.app.ActivityManager#forceStopPackage}.
@hide -->
<permission android:name="android.permission.FORCE_STOP_PACKAGES"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="signature"
android:label="@string/permlab_forceStopPackages"
android:description="@string/permdesc_forceStopPackages" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
Hide permissions that are not available to apps. Change-Id: I5f3bc72114b780fffe218a5600bfd011ede029d3
2011-07-29 15:52:05 -07:00
<!-- @hide Allows an application to retrieve the content of the active window
Interrogation of the view hierarchy from an AccessibilityService. 1. Views are represented as AccessibilityNodeInfos to AccessibilityServices. 2. An accessibility service receives AccessibilityEvents and can ask for its source and gets an AccessibilityNodeInfo which can be used to get its parent and children infos and so on. 3. AccessibilityNodeInfo contains some attributes and actions that can be performed on the source. 4. AccessibilityService can request the system to preform an action on the source of an AccessibilityNodeInfo. 5. ViewAncestor provides an interaction connection to the AccessibiltyManagerService and an accessibility service uses its connection to the latter to interact with screen content. 6. AccessibilityService can interact ONLY with the focused window and all calls are routed through the AccessibilityManagerService which imposes security. 7. Hidden APIs on AccessibilityService can find AccessibilityNodeInfos based on some criteria. These API go through the AccessibilityManagerServcie for security check. 8. Some actions are hidden and are exposes only to eng builds for UI testing. Change-Id: Ie34fa4219f350eb3f4f6f9f45b24f709bd98783c
2011-04-20 12:12:33 -07:00
An active window is the window that has fired an accessibility event. -->
<permission android:name="android.permission.RETRIEVE_WINDOW_CONTENT"
android:permissionGroup="android.permission-group.PERSONAL_INFO"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system"
Interrogation of the view hierarchy from an AccessibilityService. 1. Views are represented as AccessibilityNodeInfos to AccessibilityServices. 2. An accessibility service receives AccessibilityEvents and can ask for its source and gets an AccessibilityNodeInfo which can be used to get its parent and children infos and so on. 3. AccessibilityNodeInfo contains some attributes and actions that can be performed on the source. 4. AccessibilityService can request the system to preform an action on the source of an AccessibilityNodeInfo. 5. ViewAncestor provides an interaction connection to the AccessibiltyManagerService and an accessibility service uses its connection to the latter to interact with screen content. 6. AccessibilityService can interact ONLY with the focused window and all calls are routed through the AccessibilityManagerService which imposes security. 7. Hidden APIs on AccessibilityService can find AccessibilityNodeInfos based on some criteria. These API go through the AccessibilityManagerServcie for security check. 8. Some actions are hidden and are exposes only to eng builds for UI testing. Change-Id: Ie34fa4219f350eb3f4f6f9f45b24f709bd98783c
2011-04-20 12:12:33 -07:00
android:label="@string/permlab_retrieve_window_content"
android:description="@string/permdesc_retrieve_window_content" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows an application to open windows using the type
{@link android.view.WindowManager.LayoutParams#TYPE_SYSTEM_ALERT},
shown on top of all other applications. Very few applications
should use this permission; these windows are intended for
system-level interaction with the user. -->
<permission android:name="android.permission.SYSTEM_ALERT_WINDOW"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="dangerous"
android:label="@string/permlab_systemAlertWindow"
android:description="@string/permdesc_systemAlertWindow" />
<!-- Modify the global animation scaling factor. -->
<permission android:name="android.permission.SET_ANIMATION_SCALE"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="dangerous"
android:label="@string/permlab_setAnimationScale"
android:description="@string/permdesc_setAnimationScale" />
Clean up some permissions. Note that WRITE_OWNER_DATA and READ_OWNER_DATA don't actually appear to be associated with anything or used by anyone, so they are just deleted. Also deprecate the activity API to go in the foreground. I didn't realize that was released in the SDK. It needs to go away. Change-Id: I96f53702c2c79e4999b6b2c498abb770bd27e03a
2010-09-01 17:34:12 -07:00
<!-- @deprecated This functionality will be removed in the future; please do
not use.
Allow an application to make its activities persistent. -->
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<permission android:name="android.permission.PERSISTENT_ACTIVITY"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="dangerous"
android:label="@string/permlab_persistentActivity"
android:description="@string/permdesc_persistentActivity" />
<!-- Allows an application to find out the space used by any package. -->
<permission android:name="android.permission.GET_PACKAGE_SIZE"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="normal"
android:label="@string/permlab_getPackageSize"
android:description="@string/permdesc_getPackageSize" />
Fix issue #2296457: PackageManager.addPackageToPreferred needs to a no-op Change-Id: I0d8f75938226e1bb49cf7b1154445631b0bb0bc9
2009-12-01 14:31:55 -08:00
<!-- @deprecated No longer useful, see
{@link android.content.pm.PackageManager#addPackageToPreferred}
for details. -->
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<permission android:name="android.permission.SET_PREFERRED_APPLICATIONS"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
Applications should -not- be able to set preferred activities. I can't believe I let this slip through. And in the SDK no less. :( The APIs for setting preferred activities will now throw a security exception when used. This may break some apps, we'll see how it goes. If it is too bad we can just make these log and not throw anything, but I would much prefer they throw an exception. Change-Id: I3aed434750eef8b202aa9d5bd774a0121be521c6
2010-03-10 18:27:09 -08:00
android:protectionLevel="signature"
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
android:label="@string/permlab_setPreferredApplications"
android:description="@string/permdesc_setPreferredApplications" />
<!-- Allows an application to receive the
{@link android.content.Intent#ACTION_BOOT_COMPLETED} that is
broadcast after the system finishes booting. If you don't
request this permission, you will not receive the broadcast at
that time. Though holding this permission does not have any
security implications, it can have a negative impact on the
user experience by increasing the amount of time it takes the
system to start and allowing applications to have themselves
running without the user being aware of them. As such, you must
explicitly declare your use of this facility to make that visible
to the user. -->
<permission android:name="android.permission.RECEIVE_BOOT_COMPLETED"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="normal"
android:label="@string/permlab_receiveBootCompleted"
android:description="@string/permdesc_receiveBootCompleted" />
<!-- Allows an application to broadcast sticky intents. These are
broadcasts whose data is held by the system after being finished,
so that clients can quickly retrieve that data without having
to wait for the next broadcast. -->
<permission android:name="android.permission.BROADCAST_STICKY"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="normal"
android:label="@string/permlab_broadcastSticky"
android:description="@string/permdesc_broadcastSticky" />
<!-- Allows using PowerManager WakeLocks to keep processor from sleeping or screen
from dimming -->
<permission android:name="android.permission.WAKE_LOCK"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="dangerous"
android:label="@string/permlab_wakeLock"
android:description="@string/permdesc_wakeLock" />
<!-- Allows applications to set the wallpaper -->
<permission android:name="android.permission.SET_WALLPAPER"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="normal"
android:label="@string/permlab_setWallpaper"
android:description="@string/permdesc_setWallpaper" />
<!-- Allows applications to set the wallpaper hints -->
<permission android:name="android.permission.SET_WALLPAPER_HINTS"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="normal"
android:label="@string/permlab_setWallpaperHints"
android:description="@string/permdesc_setWallpaperHints" />
Add an AlarmManager API to set the system time (with the proper permissions).
2010-02-04 20:27:47 -08:00
<!-- Allows applications to set the system time -->
<permission android:name="android.permission.SET_TIME"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system"
Add an AlarmManager API to set the system time (with the proper permissions).
2010-02-04 20:27:47 -08:00
android:label="@string/permlab_setTime"
android:description="@string/permdesc_setTime" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows applications to set the system time zone -->
<permission android:name="android.permission.SET_TIME_ZONE"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="dangerous"
android:label="@string/permlab_setTimeZone"
android:description="@string/permdesc_setTimeZone" />
<!-- Allows mounting and unmounting file systems for removable storage. -->
<permission android:name="android.permission.MOUNT_UNMOUNT_FILESYSTEMS"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="dangerous"
android:label="@string/permlab_mount_unmount_filesystems"
android:description="@string/permdesc_mount_unmount_filesystems" />
<!-- Allows formatting file systems for removable storage. -->
<permission android:name="android.permission.MOUNT_FORMAT_FILESYSTEMS"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="dangerous"
android:label="@string/permlab_mount_format_filesystems"
android:description="@string/permdesc_mount_format_filesystems" />
MountService: Introduce new @hide permissions to protect secure containers. Signed-off-by: San Mehat <san@google.com>
2010-01-26 15:18:08 -08:00
<!-- Allows access to ASEC non-destructive API calls
@hide -->
<permission android:name="android.permission.ASEC_ACCESS"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
Permissions: Change ASEC permissions from 'dangerous' -> 'signature' Change-Id: I5e495332c45f718178486f2e07d37031e6fa5afc Signed-off-by: San Mehat <san@google.com>
2010-03-22 10:30:13 -07:00
android:protectionLevel="signature"
MountService: Introduce new @hide permissions to protect secure containers. Signed-off-by: San Mehat <san@google.com>
2010-01-26 15:18:08 -08:00
android:label="@string/permlab_asec_access"
android:description="@string/permdesc_asec_access" />
<!-- Allows creation of ASEC volumes
@hide -->
<permission android:name="android.permission.ASEC_CREATE"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
Permissions: Change ASEC permissions from 'dangerous' -> 'signature' Change-Id: I5e495332c45f718178486f2e07d37031e6fa5afc Signed-off-by: San Mehat <san@google.com>
2010-03-22 10:30:13 -07:00
android:protectionLevel="signature"
MountService: Introduce new @hide permissions to protect secure containers. Signed-off-by: San Mehat <san@google.com>
2010-01-26 15:18:08 -08:00
android:label="@string/permlab_asec_create"
android:description="@string/permdesc_asec_create" />
<!-- Allows destruction of ASEC volumes
@hide -->
<permission android:name="android.permission.ASEC_DESTROY"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
Permissions: Change ASEC permissions from 'dangerous' -> 'signature' Change-Id: I5e495332c45f718178486f2e07d37031e6fa5afc Signed-off-by: San Mehat <san@google.com>
2010-03-22 10:30:13 -07:00
android:protectionLevel="signature"
MountService: Introduce new @hide permissions to protect secure containers. Signed-off-by: San Mehat <san@google.com>
2010-01-26 15:18:08 -08:00
android:label="@string/permlab_asec_destroy"
android:description="@string/permdesc_asec_destroy" />
<!-- Allows mount / unmount of ASEC volumes
@hide -->
<permission android:name="android.permission.ASEC_MOUNT_UNMOUNT"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
Permissions: Change ASEC permissions from 'dangerous' -> 'signature' Change-Id: I5e495332c45f718178486f2e07d37031e6fa5afc Signed-off-by: San Mehat <san@google.com>
2010-03-22 10:30:13 -07:00
android:protectionLevel="signature"
MountService: Introduce new @hide permissions to protect secure containers. Signed-off-by: San Mehat <san@google.com>
2010-01-26 15:18:08 -08:00
android:label="@string/permlab_asec_mount_unmount"
android:description="@string/permdesc_asec_mount_unmount" />
<!-- Allows rename of ASEC volumes
@hide -->
<permission android:name="android.permission.ASEC_RENAME"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
Permissions: Change ASEC permissions from 'dangerous' -> 'signature' Change-Id: I5e495332c45f718178486f2e07d37031e6fa5afc Signed-off-by: San Mehat <san@google.com>
2010-03-22 10:30:13 -07:00
android:protectionLevel="signature"
MountService: Introduce new @hide permissions to protect secure containers. Signed-off-by: San Mehat <san@google.com>
2010-01-26 15:18:08 -08:00
android:label="@string/permlab_asec_rename"
android:description="@string/permdesc_asec_rename" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows applications to disable the keyguard -->
<permission android:name="android.permission.DISABLE_KEYGUARD"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
Clean up some permissions. Note that WRITE_OWNER_DATA and READ_OWNER_DATA don't actually appear to be associated with anything or used by anyone, so they are just deleted. Also deprecate the activity API to go in the foreground. I didn't realize that was released in the SDK. It needs to go away. Change-Id: I96f53702c2c79e4999b6b2c498abb770bd27e03a
2010-09-01 17:34:12 -07:00
android:protectionLevel="dangerous"
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
android:description="@string/permdesc_disableKeyguard"
android:label="@string/permlab_disableKeyguard" />
<!-- Allows applications to read the sync settings -->
<permission android:name="android.permission.READ_SYNC_SETTINGS"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="normal"
android:description="@string/permdesc_readSyncSettings"
android:label="@string/permlab_readSyncSettings" />
<!-- Allows applications to write the sync settings -->
<permission android:name="android.permission.WRITE_SYNC_SETTINGS"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="dangerous"
android:description="@string/permdesc_writeSyncSettings"
android:label="@string/permlab_writeSyncSettings" />
<!-- Allows applications to read the sync stats -->
<permission android:name="android.permission.READ_SYNC_STATS"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="normal"
android:description="@string/permdesc_readSyncStats"
android:label="@string/permlab_readSyncStats" />
<!-- Allows applications to write the apn settings -->
<permission android:name="android.permission.WRITE_APN_SETTINGS"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system"
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
android:description="@string/permdesc_writeApnSettings"
android:label="@string/permlab_writeApnSettings" />
Automated import from //branches/master/...@142414,142414
2009-03-24 22:48:12 -07:00
<!-- Allows an application to allow access the subscribed feeds
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
ContentProvider. -->
<permission android:name="android.permission.SUBSCRIBED_FEEDS_READ"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:label="@string/permlab_subscribedFeedsRead"
android:description="@string/permdesc_subscribedFeedsRead"
android:protectionLevel="normal" />
<permission android:name="android.permission.SUBSCRIBED_FEEDS_WRITE"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:label="@string/permlab_subscribedFeedsWrite"
android:description="@string/permdesc_subscribedFeedsWrite"
android:protectionLevel="dangerous" />
Automated import from //branches/master/...@142414,142414
2009-03-24 22:48:12 -07:00
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows applications to change network connectivity state -->
<permission android:name="android.permission.CHANGE_NETWORK_STATE"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="dangerous"
android:description="@string/permdesc_changeNetworkState"
android:label="@string/permlab_changeNetworkState" />
<!-- Allows applications to change Wi-Fi connectivity state -->
<permission android:name="android.permission.CHANGE_WIFI_STATE"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="dangerous"
android:description="@string/permdesc_changeWifiState"
android:label="@string/permlab_changeWifiState" />
Fix build. Missed a commit that fixed some issues. bug:5237167 Change-Id: I61e44831e2c3f1cf613ca1387aa95d712b7d2ded
2011-11-08 10:12:25 -08:00
<!-- @hide -->
Wimax : wimax framework related open source. Integrate wimax network related changes into Android Framework. - In Connectivity service, start wimax service. - 4G icon display in StatusBarPolicy. - DHCP renew add. - Add radio for wiamx Change-Id: I2d9012247edfdf49d71ca7e1414afd0006f330ca Signed-off-by: tk.mun <tk.mun@samsung.com> bug:5237167
2011-10-13 22:51:57 +09:00
<permission android:name="android.permission.CHANGE_WIMAX_STATE"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="dangerous"
android:description="@string/permdesc_changeWimaxState"
android:label="@string/permlab_changeWimaxState" />
Fix wifi multicast API for public use. Applying API review comments and taking it public.
2009-05-22 15:09:51 -07:00
<!-- Allows applications to enter Wi-Fi Multicast mode -->
<permission android:name="android.permission.CHANGE_WIFI_MULTICAST_STATE"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="dangerous"
android:description="@string/permdesc_changeWifiMulticastState"
android:label="@string/permlab_changeWifiMulticastState" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows applications to discover and pair bluetooth devices -->
<permission android:name="android.permission.BLUETOOTH_ADMIN"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="dangerous"
android:description="@string/permdesc_bluetoothAdmin"
android:label="@string/permlab_bluetoothAdmin" />
<!-- Allows an application to clear the caches of all installed
applications on the device. -->
<permission android:name="android.permission.CLEAR_APP_CACHE"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="dangerous"
android:label="@string/permlab_clearAppCache"
android:description="@string/permdesc_clearAppCache" />
Bug 5585323 New system permission for media decode Add a system permission to enable the use of any installed media decoder when decoding for playback (as opposed to transcode). Change-Id: Ifb10a5fa8d5663a78ccbb5fa8266ad6535c234f2
2011-11-07 14:35:20 -08:00
<!-- Allows an application to use any media decoder when decoding for playback
@hide -->
<permission android:name="android.permission.ALLOW_ANY_CODEC_FOR_PLAYBACK"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system"
Bug 5585323 New system permission for media decode Add a system permission to enable the use of any installed media decoder when decoding for playback (as opposed to transcode). Change-Id: Ifb10a5fa8d5663a78ccbb5fa8266ad6535c234f2
2011-11-07 14:35:20 -08:00
android:label="@string/permlab_anyCodecForPlayback"
android:description="@string/permdesc_anyCodecForPlayback" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- ========================================= -->
<!-- Permissions for special development tools -->
<!-- ========================================= -->
<eat-comment />
Automated import from //branches/master/...@142414,142414
2009-03-24 22:48:12 -07:00
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Group of permissions that are related to development features. These
are not permissions that should appear in normal applications; they
protect APIs that are intended only to be used for development
purposes. -->
<permission-group android:name="android.permission-group.DEVELOPMENT_TOOLS"
android:label="@string/permgrouplab_developmentTools"
android:description="@string/permgroupdesc_developmentTools" />
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
<!-- Allows an application to read or write the secure system settings. -->
<permission android:name="android.permission.WRITE_SECURE_SETTINGS"
android:permissionGroup="android.permission-group.DEVELOPMENT_TOOLS"
android:protectionLevel="signature|system|development"
android:label="@string/permlab_writeSecureSettings"
android:description="@string/permdesc_writeSecureSettings" />
<!-- Allows an application to retrieve state dump information from system
services. -->
<permission android:name="android.permission.DUMP"
android:permissionGroup="android.permission-group.DEVELOPMENT_TOOLS"
android:protectionLevel="signature|system|development"
android:label="@string/permlab_dump"
android:description="@string/permdesc_dump" />
Make READ_LOGS signature|system|development Change-Id: I387d53ac4b7fd3d65891145985e4cd272dffddcf
2012-03-23 10:06:06 -07:00
<!-- Allows an application to read the low-level system log files.
Log entries can contain the user's private information,
which is why this permission is not available to normal apps. -->
<permission android:name="android.permission.READ_LOGS"
android:permissionGroup="android.permission-group.DEVELOPMENT_TOOLS"
android:protectionLevel="signature|system|development"
android:label="@string/permlab_readLogs"
android:description="@string/permdesc_readLogs" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Configure an application for debugging. -->
<permission android:name="android.permission.SET_DEBUG_APP"
android:permissionGroup="android.permission-group.DEVELOPMENT_TOOLS"
Hide the optional permission stuff, not making it in to JB. Also lock down the rest of the development tools permissions to be development permissions that must be granted through an explicit shell command. Change-Id: I1ba216fffe1aab4bb9f83fcef108efc504f892f4
2012-04-06 13:39:09 -07:00
android:protectionLevel="signature|system|development"
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
android:label="@string/permlab_setDebugApp"
android:description="@string/permdesc_setDebugApp" />
<!-- Allows an application to set the maximum number of (not needed)
application processes that can be running. -->
<permission android:name="android.permission.SET_PROCESS_LIMIT"
android:permissionGroup="android.permission-group.DEVELOPMENT_TOOLS"
Hide the optional permission stuff, not making it in to JB. Also lock down the rest of the development tools permissions to be development permissions that must be granted through an explicit shell command. Change-Id: I1ba216fffe1aab4bb9f83fcef108efc504f892f4
2012-04-06 13:39:09 -07:00
android:protectionLevel="signature|system|development"
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
android:label="@string/permlab_setProcessLimit"
android:description="@string/permdesc_setProcessLimit" />
<!-- Allows an application to control whether activities are immediately
finished when put in the background. -->
<permission android:name="android.permission.SET_ALWAYS_FINISH"
android:permissionGroup="android.permission-group.DEVELOPMENT_TOOLS"
Hide the optional permission stuff, not making it in to JB. Also lock down the rest of the development tools permissions to be development permissions that must be granted through an explicit shell command. Change-Id: I1ba216fffe1aab4bb9f83fcef108efc504f892f4
2012-04-06 13:39:09 -07:00
android:protectionLevel="signature|system|development"
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
android:label="@string/permlab_setAlwaysFinish"
android:description="@string/permdesc_setAlwaysFinish" />
<!-- Allow an application to request that a signal be sent to all persistent processes -->
<permission android:name="android.permission.SIGNAL_PERSISTENT_PROCESSES"
android:permissionGroup="android.permission-group.DEVELOPMENT_TOOLS"
Hide the optional permission stuff, not making it in to JB. Also lock down the rest of the development tools permissions to be development permissions that must be granted through an explicit shell command. Change-Id: I1ba216fffe1aab4bb9f83fcef108efc504f892f4
2012-04-06 13:39:09 -07:00
android:protectionLevel="signature|system|development"
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
android:label="@string/permlab_signalPersistentProcesses"
android:description="@string/permdesc_signalPersistentProcesses" />
<!-- ==================================== -->
<!-- Private (signature-only) permissions -->
<!-- ==================================== -->
<eat-comment />
<!-- Allows applications to RW to diagnostic resources. -->
<permission android:name="android.permission.DIAGNOSTIC"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="signature"
android:description="@string/permdesc_diagnostic"
android:label="@string/permlab_diagnostic" />
<!-- Allows an application to open, close, or disable the status bar
and its icons. -->
<permission android:name="android.permission.STATUS_BAR"
android:label="@string/permlab_statusBar"
android:description="@string/permdesc_statusBar"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
Require the STATUS_BAR_SERVICE permission for something to be the status bar. Change-Id: I57b2d296e0d0cef0d256ae6697fffc47188d14df
2010-06-04 16:21:12 -04:00
<!-- Allows an application to be the status bar. Currently used only by SystemUI.apk
@hide -->
<permission android:name="android.permission.STATUS_BAR_SERVICE"
android:label="@string/permlab_statusBarService"
android:description="@string/permdesc_statusBarService"
android:protectionLevel="signature" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows an application to force a BACK operation on whatever is the
top activity. -->
<permission android:name="android.permission.FORCE_BACK"
android:label="@string/permlab_forceBack"
android:description="@string/permdesc_forceBack"
android:protectionLevel="signature" />
<!-- Allows an application to update device statistics. Not for
use by third party apps. -->
<permission android:name="android.permission.UPDATE_DEVICE_STATS"
android:label="@string/permlab_batteryStats"
android:description="@string/permdesc_batteryStats"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows an application to open windows that are for use by parts
of the system user interface. Not for use by third party apps. -->
<permission android:name="android.permission.INTERNAL_SYSTEM_WINDOW"
android:label="@string/permlab_internalSystemWindow"
android:description="@string/permdesc_internalSystemWindow"
android:protectionLevel="signature" />
<!-- Allows an application to manage (create, destroy,
Z-order) application tokens in the window manager. This is only
for use by the system. -->
<permission android:name="android.permission.MANAGE_APP_TOKENS"
android:label="@string/permlab_manageAppTokens"
android:description="@string/permdesc_manageAppTokens"
android:protectionLevel="signature" />
<!-- Allows an application to inject user events (keys, touch, trackball)
into the event stream and deliver them to ANY window. Without this
permission, you can only deliver events to windows in your own process.
Very few applications should need to use this permission. -->
<permission android:name="android.permission.INJECT_EVENTS"
android:label="@string/permlab_injectEvents"
android:description="@string/permdesc_injectEvents"
android:protectionLevel="signature" />
<!-- Allows an application to watch and control how activities are
started globally in the system. Only for is in debugging
(usually the monkey command). -->
<permission android:name="android.permission.SET_ACTIVITY_WATCHER"
android:label="@string/permlab_runSetActivityWatcher"
android:description="@string/permdesc_runSetActivityWatcher"
android:protectionLevel="signature" />
Fix issue where apps could prevent the user from going home. Now we have a 5-second time after home is pressed, during which only the home app (and the status bar) can switch to another app. After that time, any start activity requests that occurred will be executed, to allow things like alarms to be displayed. Also if during that time the user launches another app, the pending starts will be executed without resuming their activities and the one they started placed at the top and executed.
2009-05-19 18:37:45 -07:00
<!-- Allows an application to call the activity manager shutdown() API
Updates from API review. * AccessibilityService -- document onBind() to not be implemented. * GestureLibrary.getLearner() -- needs to be hidden. * IntentSender -- remove protected constructors, document that it is retrieved from a PendingIntent. * Hide permissions: SHUTDOWN, STOP_APP_SWITCHES. * Context -- hide BACKUP_SERVICE. * ContextWrapper -- hide getSharedPrefs bla h blah * Intent.parseUri() -- fix docs. * ApplicationInfo.FLAG_TEST_ONLY?!? * Hide MockContext.getSharedPrefs blah blah
2009-07-28 00:13:47 -07:00
to put the higher-level system there into a shutdown state.
@hide -->
Improve shutdown process to send broadcast for applications. This introduces a new class in the base platform for performing a clean shutdown (which was copied from the classes in the policies). It includes new features to send a shutdown broadcast for applications to do cleanup, and ot have the activity manager pause the current activity before proceeding with the shutdown. These facilities are also use to write at the most recent stat files for sync, battery and user activity.
2009-05-07 15:53:46 -07:00
<permission android:name="android.permission.SHUTDOWN"
android:label="@string/permlab_shutdown"
android:description="@string/permdesc_shutdown"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
Improve shutdown process to send broadcast for applications. This introduces a new class in the base platform for performing a clean shutdown (which was copied from the classes in the policies). It includes new features to send a shutdown broadcast for applications to do cleanup, and ot have the activity manager pause the current activity before proceeding with the shutdown. These facilities are also use to write at the most recent stat files for sync, battery and user activity.
2009-05-07 15:53:46 -07:00
Fix issue where apps could prevent the user from going home. Now we have a 5-second time after home is pressed, during which only the home app (and the status bar) can switch to another app. After that time, any start activity requests that occurred will be executed, to allow things like alarms to be displayed. Also if during that time the user launches another app, the pending starts will be executed without resuming their activities and the one they started placed at the top and executed.
2009-05-19 18:37:45 -07:00
<!-- Allows an application to tell the activity manager to temporarily
stop application switches, putting it into a special mode that
prevents applications from immediately switching away from some
Updates from API review. * AccessibilityService -- document onBind() to not be implemented. * GestureLibrary.getLearner() -- needs to be hidden. * IntentSender -- remove protected constructors, document that it is retrieved from a PendingIntent. * Hide permissions: SHUTDOWN, STOP_APP_SWITCHES. * Context -- hide BACKUP_SERVICE. * ContextWrapper -- hide getSharedPrefs bla h blah * Intent.parseUri() -- fix docs. * ApplicationInfo.FLAG_TEST_ONLY?!? * Hide MockContext.getSharedPrefs blah blah
2009-07-28 00:13:47 -07:00
critical UI such as the home screen.
@hide -->
Fix issue where apps could prevent the user from going home. Now we have a 5-second time after home is pressed, during which only the home app (and the status bar) can switch to another app. After that time, any start activity requests that occurred will be executed, to allow things like alarms to be displayed. Also if during that time the user launches another app, the pending starts will be executed without resuming their activities and the one they started placed at the top and executed.
2009-05-19 18:37:45 -07:00
<permission android:name="android.permission.STOP_APP_SWITCHES"
android:label="@string/permlab_stopAppSwitches"
android:description="@string/permdesc_stopAppSwitches"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
Fix issue where apps could prevent the user from going home. Now we have a 5-second time after home is pressed, during which only the home app (and the status bar) can switch to another app. After that time, any start activity requests that occurred will be executed, to allow things like alarms to be displayed. Also if during that time the user launches another app, the pending starts will be executed without resuming their activities and the one they started placed at the top and executed.
2009-05-19 18:37:45 -07:00
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows an application to retrieve the current state of keys and
Move some APIs from window manager to input manager. Simplified input injection API down to just one call. Removed all input state reading API. It was only used by the window manager policy and required a permission that applications could not obtain. READ_INPUT_STATE is now unused and deprecated. Change-Id: I41278141586ddee9468cae0fb59ff0dced6cbc00
2012-04-05 18:57:33 -07:00
switches. This is only for use by the system.
@deprecated The API that used this permission has been removed. -->
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<permission android:name="android.permission.READ_INPUT_STATE"
android:label="@string/permlab_readInputState"
android:description="@string/permdesc_readInputState"
android:protectionLevel="signature" />
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
<!-- Must be required by an {@link android.inputmethodservice.InputMethodService},
to ensure that only the system can bind to it. -->
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<permission android:name="android.permission.BIND_INPUT_METHOD"
android:label="@string/permlab_bindInputMethod"
android:description="@string/permdesc_bindInputMethod"
android:protectionLevel="signature" />
Create TextServiceManager and SpellCheckerService Bug: 4176026 This CL inherits https://android-git.corp.google.com/g/112600 Spec of TextServiceManager - Chooses the most applicable TextService(e.g. SpellCheckerService, WordBreakIteratorService..) for each locale Spec of SpellCheckerService - Returns whether the given string is a correct word or not - Returns Suggestions for the given string Change-Id: Iaa425c7915fe70767ad0b17bf6c6fbcd2a1200b2
2011-06-22 16:38:13 +09:00
<!-- Must be required by a TextService (e.g. SpellCheckerService)
to ensure that only the system can bind to it. -->
<permission android:name="android.permission.BIND_TEXT_SERVICE"
android:label="@string/permlab_bindTextService"
android:description="@string/permdesc_bindTextService"
android:protectionLevel="signature" />
VPN: introduce VpnService as the base class for user space VPN. Change-Id: I4793a6eb51b33f669fc6d39e1a16cf5eb9e3d851
2011-08-03 17:38:49 -07:00
<!-- Must be required by an {@link android.net.VpnService},
Unhide APIs for user space VPN. Change-Id: I6f9ddb3fffe9e10cc2d34dda3ae8700b1af7e470
2011-08-08 18:26:28 -07:00
to ensure that only the system can bind to it. -->
VPN: introduce VpnService as the base class for user space VPN. Change-Id: I4793a6eb51b33f669fc6d39e1a16cf5eb9e3d851
2011-08-03 17:38:49 -07:00
<permission android:name="android.permission.BIND_VPN_SERVICE"
android:label="@string/permlab_bindVpnService"
android:description="@string/permdesc_bindVpnService"
android:protectionLevel="signature" />
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
<!-- Must be required by a {@link android.service.wallpaper.WallpaperService},
to ensure that only the system can bind to it. -->
Very primitive wallpapers in a surface. This is all of the basic pieces: - The WallpaperService now creates a surface with the window manager for its contents. - There is a simple service that displays a bitmap. - The wallpaper manager takes care of starting and stopping the service. - The window manager knows about wallpaper windows and how to layer them with the windows that want to be shown on top of wallpaper. Lots and lots of issues remain, but at this point you can actually write a wallpaper service, select it in the UI, and see it behind an activity.
2009-08-08 20:40:27 -07:00
<permission android:name="android.permission.BIND_WALLPAPER"
android:label="@string/permlab_bindWallpaper"
android:description="@string/permdesc_bindWallpaper"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
Very primitive wallpapers in a surface. This is all of the basic pieces: - The WallpaperService now creates a surface with the window manager for its contents. - There is a simple service that displays a bitmap. - The wallpaper manager takes care of starting and stopping the service. - The window manager knows about wallpaper windows and how to layer them with the windows that want to be shown on top of wallpaper. Lots and lots of issues remain, but at this point you can actually write a wallpaper service, select it in the UI, and see it behind an activity.
2009-08-08 20:40:27 -07:00
First pass at new device policy and administration APIs. This adds new DevicAdmin, DevicePolicyManager, and DeviceAdminInfo classes. See the java docs for each on documentation on them. Basically: a DeviceAdmin is what you derive from to administer a device; DevicePolicyManager is what you use to apply and check your policy requirements and perform other administration tasks.
2010-01-12 18:14:19 -08:00
<!-- Must be required by device administration receiver, to ensure that only the
system can interact with it. -->
<permission android:name="android.permission.BIND_DEVICE_ADMIN"
android:label="@string/permlab_bindDeviceAdmin"
android:description="@string/permdesc_bindDeviceAdmin"
android:protectionLevel="signature" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows low-level access to setting the orientation (actually
rotation) of the screen. Not for use by normal applications. -->
<permission android:name="android.permission.SET_ORIENTATION"
android:label="@string/permlab_setOrientation"
android:description="@string/permdesc_setOrientation"
android:protectionLevel="signature" />
Add a preference panel for mouse speed. Bug: 4124987 Change-Id: I3ce175d268a1d043cf5878481261b1049a15a149
2011-06-02 01:26:32 -07:00
<!-- Allows low-level access to setting the pointer speed.
Not for use by normal applications. -->
<permission android:name="android.permission.SET_POINTER_SPEED"
android:label="@string/permlab_setPointerSpeed"
android:description="@string/permdesc_setPointerSpeed"
android:protectionLevel="signature" />
Request key maps from input manager service. Instead of each application loading the KeyCharacterMap from the file system, get them from the input manager service as part of the InputDevice object. Refactored InputManager to be a proper singleton instead of having a bunch of static methods. InputManager now maintains a cache of all InputDevice objects that it has loaded. Currently we never invalidate the cache which can cause InputDevice to return stale motion ranges if the device is reconfigured. This will be fixed in a future change. Added a fake InputDevice with ID -1 to represent the virtual keyboard. Change-Id: If7a695839ad0972317a5aab89e9d1e42ace28eb7
2012-04-10 14:30:49 -07:00
<!-- Allows low-level access to setting the keyboard layout.
Not for use by normal applications. -->
<permission android:name="android.permission.SET_KEYBOARD_LAYOUT"
android:label="@string/permlab_setKeyboardLayout"
android:description="@string/permdesc_setKeyboardLayout"
android:protectionLevel="signature" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows an application to install packages. -->
<permission android:name="android.permission.INSTALL_PACKAGES"
android:label="@string/permlab_installPackages"
android:description="@string/permdesc_installPackages"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows an application to clear user data -->
<permission android:name="android.permission.CLEAR_APP_USER_DATA"
android:label="@string/permlab_clearAppUserData"
android:description="@string/permdesc_clearAppUserData"
android:protectionLevel="signature" />
<!-- Allows an application to delete cache files. -->
<permission android:name="android.permission.DELETE_CACHE_FILES"
android:label="@string/permlab_deleteCacheFiles"
android:description="@string/permdesc_deleteCacheFiles"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows an application to delete packages. -->
<permission android:name="android.permission.DELETE_PACKAGES"
android:label="@string/permlab_deletePackages"
android:description="@string/permdesc_deletePackages"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
@hide ACCESS_CACHE_FILESYSTEM and MOVE_PACKAGE Bug: b/2553489 Change-Id: I681b3f9a243777b931298cc93c9d34c8d7eae0f2
2010-03-30 23:37:25 -07:00
<!-- Allows an application to move location of installed package.
@hide -->
Move package from internal to external and vice versa.
2010-02-19 09:19:34 -08:00
<permission android:name="android.permission.MOVE_PACKAGE"
android:label="@string/permlab_movePackage"
android:description="@string/permdesc_movePackage"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
Move package from internal to external and vice versa.
2010-02-19 09:19:34 -08:00
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows an application to change whether an application component (other than its own) is
enabled or not. -->
<permission android:name="android.permission.CHANGE_COMPONENT_ENABLED_STATE"
android:label="@string/permlab_changeComponentState"
android:description="@string/permdesc_changeComponentState"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
<!-- @hide Allows an application to grant or revoke specific permissions. -->
<permission android:name="android.permission.GRANT_REVOKE_PERMISSIONS"
android:label="@string/permlab_grantRevokePermissions"
android:description="@string/permdesc_grantRevokePermissions"
android:protectionLevel="signature" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows an application to use SurfaceFlinger's low level features -->
<permission android:name="android.permission.ACCESS_SURFACE_FLINGER"
android:label="@string/permlab_accessSurfaceFlinger"
android:description="@string/permdesc_accessSurfaceFlinger"
android:protectionLevel="signature" />
<!-- Allows an application to take screen shots and more generally
get access to the frame buffer data -->
<permission android:name="android.permission.READ_FRAME_BUFFER"
android:label="@string/permlab_readFrameBuffer"
android:description="@string/permdesc_readFrameBuffer"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Required to be able to disable the device (very dangerous!). -->
<permission android:name="android.permission.BRICK"
android:label="@string/permlab_brick"
android:description="@string/permdesc_brick"
android:protectionLevel="signature" />
<!-- Required to be able to reboot the device. -->
<permission android:name="android.permission.REBOOT"
android:label="@string/permlab_reboot"
android:description="@string/permdesc_reboot"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows low-level access to power management -->
<permission android:name="android.permission.DEVICE_POWER"
android:label="@string/permlab_devicePower"
android:description="@string/permdesc_devicePower"
android:protectionLevel="signature" />
<!-- Run as a manufacturer test application, running as the root user.
Only available when the device is running in manufacturer test mode. -->
<permission android:name="android.permission.FACTORY_TEST"
android:label="@string/permlab_factoryTest"
android:description="@string/permdesc_factoryTest"
android:protectionLevel="signature" />
<!-- Allows an application to broadcast a notification that an application
package has been removed. -->
<permission android:name="android.permission.BROADCAST_PACKAGE_REMOVED"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:label="@string/permlab_broadcastPackageRemoved"
android:description="@string/permdesc_broadcastPackageRemoved"
android:protectionLevel="signature" />
<!-- Allows an application to broadcast an SMS receipt notification -->
<permission android:name="android.permission.BROADCAST_SMS"
android:permissionGroup="android.permission-group.MESSAGES"
android:label="@string/permlab_broadcastSmsReceived"
android:description="@string/permdesc_broadcastSmsReceived"
android:protectionLevel="signature" />
<!-- Allows an application to broadcast a WAP PUSH receipt notification -->
<permission android:name="android.permission.BROADCAST_WAP_PUSH"
android:permissionGroup="android.permission-group.MESSAGES"
android:label="@string/permlab_broadcastWapPush"
android:description="@string/permdesc_broadcastWapPush"
android:protectionLevel="signature" />
<permission android:name="android.permission.MASTER_CLEAR"
android:label="@string/permlab_masterClear"
android:description="@string/permdesc_masterClear"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows an application to call any phone number, including emergency
numbers, without going through the Dialer user interface for the user
to confirm the call being placed. -->
<permission android:name="android.permission.CALL_PRIVILEGED"
android:label="@string/permlab_callPrivileged"
android:description="@string/permdesc_callPrivileged"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
Integrate CDMA provisioning into SetupWizard
2009-08-25 19:33:57 -07:00
<!-- Allows an application to perform CDMA OTA provisioning @hide -->
<permission android:name="android.permission.PERFORM_CDMA_PROVISIONING"
android:label="@string/permlab_performCdmaProvisioning"
android:description="@string/permdesc_performCdmaProvisioning"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
Integrate CDMA provisioning into SetupWizard
2009-08-25 19:33:57 -07:00
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows enabling/disabling location update notifications from
the radio. Not for use by normal applications. -->
<permission android:name="android.permission.CONTROL_LOCATION_UPDATES"
android:label="@string/permlab_locationUpdates"
android:description="@string/permdesc_locationUpdates"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows read/write access to the "properties" table in the checkin
database, to change values that get uploaded. -->
<permission android:name="android.permission.ACCESS_CHECKIN_PROPERTIES"
android:label="@string/permlab_checkinProperties"
android:description="@string/permdesc_checkinProperties"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows an application to collect component usage
Automated import from //branches/master/...@142576,142576
2009-03-25 15:09:04 -07:00
statistics @hide -->
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<permission android:name="android.permission.PACKAGE_USAGE_STATS"
android:label="@string/permlab_pkgUsageStats"
android:description="@string/permdesc_pkgUsageStats"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows an application to collect battery statistics -->
<permission android:name="android.permission.BATTERY_STATS"
android:label="@string/permlab_batteryStats"
android:description="@string/permdesc_batteryStats"
android:protectionLevel="normal" />
Retool the backup process to use a new 'BackupAgent' class Backups will be handled by launching the application in a special mode under which no activities or services will be started, only the BackupAgent subclass named in the app's android:backupAgent manifest property. This takes the place of the BackupService class used earlier during development. In the cases of *full* backup or restore, an application that does not supply its own BackupAgent will be launched in a restricted manner; in particular, it will be using the default Application class rather than any manifest-declared one. This ensures that the app is not running any code that may try to manipulate its data while the backup system reads/writes its data set.
2009-05-14 11:12:14 -07:00
<!-- Allows an application to control the backup and restore process
@hide pending API council -->
<permission android:name="android.permission.BACKUP"
android:label="@string/permlab_backup"
android:description="@string/permdesc_backup"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
Retool the backup process to use a new 'BackupAgent' class Backups will be handled by launching the application in a special mode under which no activities or services will be started, only the BackupAgent subclass named in the app's android:backupAgent manifest property. This takes the place of the BackupService class used earlier during development. In the cases of *full* backup or restore, an application that does not supply its own BackupAgent will be launched in a restricted manner; in particular, it will be using the default Application class rather than any manifest-declared one. This ensures that the app is not running any code that may try to manipulate its data while the backup system reads/writes its data set.
2009-05-14 11:12:14 -07:00
Full local backup infrastructure This is the basic infrastructure for pulling a full(*) backup of the device's data over an adb(**) connection to the local device. The basic process consists of these interacting pieces: 1. The framework's BackupManagerService, which coordinates the collection of app data and routing to the destination. 2. A new framework-provided BackupAgent implementation called FullBackupAgent, which is instantiated in the target applications' processes in turn, and knows how to emit a datastream that contains all of the app's saved data files. 3. A new shell-level program called "bu" that is used to bridge from adb to the framework's Backup Manager. 4. adb itself, which now knows how to use 'bu' to kick off a backup operation and pull the resulting data stream to the desktop host. 5. A system-provided application that verifies with the user that an attempted backup/restore operation is in fact expected and to be allowed. The full agent implementation is not used during normal operation of the delta-based app-customized remote backup process. Instead it's used during user-confirmed *full* backup of applications and all their data to a local destination, e.g. via the adb connection. The output format is 'tar'. This makes it very easy for the end user to examine the resulting dataset, e.g. for purpose of extracting files for debug purposes; as well as making it easy to contemplate adding things like a direct gzip stage to the data pipeline during backup/restore. It also makes it convenient to construct and maintain synthetic backup datasets for testing purposes. Within the tar format, certain artificial conventions are used. All files are stored within top-level directories according to their semantic origin: apps/pkgname/a/ : Application .apk file itself apps/pkgname/obb/: The application's associated .obb containers apps/pkgname/f/ : The subtree rooted at the getFilesDir() location apps/pkgname/db/ : The subtree rooted at the getDatabasePath() parent apps/pkgname/sp/ : The subtree rooted at the getSharedPrefsFile() parent apps/pkgname/r/ : Files stored relative to the root of the app's file tree apps/pkgname/c/ : Reserved for the app's getCacheDir() tree; not stored. For each package, the first entry in the tar stream is a file called "_manifest", nominally rooted at apps/pkgname. This file contains some metadata about the package whose data is stored in the archive. The contents of shared storage can optionally be included in the tar stream. It is placed in the synthetic location: shared/... uid/gid are ignored; app uids are assigned at install time, and the app's data is handled from within its own execution environment, so will automatically have the app's correct uid. Forward-locked .apk files are never backed up. System-partition .apk files are not backed up unless they have been overridden by a post-factory upgrade, in which case the current .apk *is* backed up -- i.e. the .apk that matches the on-disk data. The manifest preceding each application's portion of the tar stream provides version numbers and signature blocks for version checking, as well as an indication of whether the restore logic should expect to install the .apk before extracting the data. System packages can designate their own full backup agents. This is to manage things like the settings provider which (a) cannot be shut down on the fly in order to do a clean snapshot of their file trees, and (b) manage data that is not only irrelevant but actively hostile to non-identical devices -- CDMA telephony settings would seriously mess up a GSM device if emplaced there blind, for example. When a full backup or restore is initiated from adb, the system will present a confirmation UI that the user must explicitly respond to within a short [~ 30 seconds] timeout. This is to avoid the possibility of malicious desktop-side software secretly grabbing a copy of all the user's data for nefarious purposes. (*) The backup is not strictly a full mirror. In particular, the settings database is not cloned; it is handled the same way that it is in cloud backup/restore. This is because some settings are actively destructive if cloned onto a different (or especially a different-model) device: telephony settings and AndroidID are good examples of this. (**) On the framework side it doesn't care that it's adb; it just sends the tar stream to a file descriptor. This can easily be retargeted around whatever transport we might decide to use in the future. KNOWN ISSUES: * the security UI is desperately ugly; no proper designs have yet been done for it * restore is not yet implemented * shared storage backup is not yet implemented * symlinks aren't yet handled, though some infrastructure for dealing with them has been put in place. Change-Id: Ia8347611e23b398af36ea22c36dff0a276b1ce91
2011-04-01 14:43:32 -07:00
<!-- Allows a package to launch the secure full-backup confirmation UI.
ONLY the system process may hold this permission.
@hide -->
<permission android:name="android.permission.CONFIRM_FULL_BACKUP"
android:label="@string/permlab_confirm_full_backup"
android:description="@string/permdesc_confirm_full_backup"
android:protectionLevel="signature" />
Refactoring app widgets to address security/performance issues. - Moving the service binding to AppWidgetService to prevent arbitrary apps from binding to widget services - Requiring RemoteViewsServices to require android.permission.BIND_REMOTEVIEWS permission Change-Id: Id135bafba998299eb278067712b8a5d8487cfd04
2011-01-11 18:05:01 -08:00
<!-- Must be required by a {@link android.widget.RemoteViewsService},
to ensure that only the system can bind to it. -->
<permission android:name="android.permission.BIND_REMOTEVIEWS"
android:label="@string/permlab_bindRemoteViews"
android:description="@string/permdesc_bindRemoteViews"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
Refactoring app widgets to address security/performance issues. - Moving the service binding to AppWidgetService to prevent arbitrary apps from binding to widget services - Requiring RemoteViewsServices to require android.permission.BIND_REMOTEVIEWS permission Change-Id: Id135bafba998299eb278067712b8a5d8487cfd04
2011-01-11 18:05:01 -08:00
auto import from //branches/cupcake/...@137873
2009-03-11 12:11:56 -07:00
<!-- Allows an application to tell the AppWidget service which application
can access AppWidget's data. The normal user flow is that a user
picks an AppWidget to go into a particular host, thereby giving that
host application access to the private data from the AppWidget app.
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
An application that has this permission should honor that contract.
Very few applications should need to use this permission. -->
auto import from //branches/cupcake/...@137873
2009-03-11 12:11:56 -07:00
<permission android:name="android.permission.BIND_APPWIDGET"
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
android:permissionGroup="android.permission-group.PERSONAL_INFO"
android:label="@string/permlab_bindGadget"
android:description="@string/permdesc_bindGadget"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<!-- Allows applications to change the background data setting
@hide pending API council -->
<permission android:name="android.permission.CHANGE_BACKGROUND_DATA_SETTING"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="signature"
android:description="@string/permdesc_changeBackgroundDataSetting"
android:label="@string/permlab_changeBackgroundDataSetting" />
Add new <path-permission tag for use by global search. This adds a new <path-permission> tag you can use inside of a <provide> to define additional path-based permissions that broaden the global read and write permissions. The initial use for this will be global search, so that a content provider that is protected by permissions can make a part of itself available to global search under another permission. This addresses the issue with global search not being able to request permissions it would need of providers it doesn't know about at build time.
2009-07-08 14:56:37 -07:00
<!-- This permission can be used on content providers to allow the global
search system to access their data. Typically it used when the
provider has some permissions protecting it (which global search
would not be expected to hold), and added as a read-only permission
to the path in the provider where global search queries are
performed. This permission can not be held by regular applications;
it is used by applications to protect themselves from everyone else
besides global search. -->
<permission android:name="android.permission.GLOBAL_SEARCH"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
Add new <path-permission tag for use by global search. This adds a new <path-permission> tag you can use inside of a <provide> to define additional path-based permissions that broaden the global read and write permissions. The initial use for this will be global search, so that a content provider that is protected by permissions can make a part of itself available to global search under another permission. This addresses the issue with global search not being able to request permissions it would need of providers it doesn't know about at build time.
2009-07-08 14:56:37 -07:00
<!-- Internal permission protecting access to the global search
system: ensures that only the system can access the provider
to perform queries (since this otherwise provides unrestricted
access to a variety of content providers), and to write the
search statistics (to keep applications from gaming the source
ranking).
@hide -->
<permission android:name="android.permission.GLOBAL_SEARCH_CONTROL"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
android:protectionLevel="signature" />
Very primitive wallpapers in a surface. This is all of the basic pieces: - The WallpaperService now creates a surface with the window manager for its contents. - There is a simple service that displays a bitmap. - The wallpaper manager takes care of starting and stopping the service. - The window manager knows about wallpaper windows and how to layer them with the windows that want to be shown on top of wallpaper. Lots and lots of issues remain, but at this point you can actually write a wallpaper service, select it in the UI, and see it behind an activity.
2009-08-08 20:40:27 -07:00
<!-- Allows applications to set a live wallpaper.
Allow wallpaper picker to work. Change-Id: I379f25e0e8e372d72c0a89e71ccd584a5dbb3648
2009-09-27 17:05:46 -07:00
@hide XXX Change to signature once the picker is moved to its
own apk as Ghod Intended. -->
Very primitive wallpapers in a surface. This is all of the basic pieces: - The WallpaperService now creates a surface with the window manager for its contents. - There is a simple service that displays a bitmap. - The wallpaper manager takes care of starting and stopping the service. - The window manager knows about wallpaper windows and how to layer them with the windows that want to be shown on top of wallpaper. Lots and lots of issues remain, but at this point you can actually write a wallpaper service, select it in the UI, and see it behind an activity.
2009-08-08 20:40:27 -07:00
<permission android:name="android.permission.SET_WALLPAPER_COMPONENT"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
Very primitive wallpapers in a surface. This is all of the basic pieces: - The WallpaperService now creates a surface with the window manager for its contents. - There is a simple service that displays a bitmap. - The wallpaper manager takes care of starting and stopping the service. - The window manager knows about wallpaper windows and how to layer them with the windows that want to be shown on top of wallpaper. Lots and lots of issues remain, but at this point you can actually write a wallpaper service, select it in the UI, and see it behind an activity.
2009-08-08 20:40:27 -07:00
@hide ACCESS_CACHE_FILESYSTEM and MOVE_PACKAGE Bug: b/2553489 Change-Id: I681b3f9a243777b931298cc93c9d34c8d7eae0f2
2010-03-30 23:37:25 -07:00
<!-- Allow an application to read and write the cache partition.
@hide -->
add ACCESS_CACHE_FILESYSTEM permission to core manifest All of the permissions in data/etc/platform.xml are defined in core/res/AndroidManifest.xml, except for ACCESS_CACHE_FILESYSTEM. Add it. Change-Id: If7906bc0007484cc21196fb1c0593b967fd79920
2010-01-06 15:02:52 -08:00
<permission android:name="android.permission.ACCESS_CACHE_FILESYSTEM"
android:label="@string/permlab_cache_filesystem"
android:description="@string/permdesc_cache_filesystem"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
add ACCESS_CACHE_FILESYSTEM permission to core manifest All of the permissions in data/etc/platform.xml are defined in core/res/AndroidManifest.xml, except for ACCESS_CACHE_FILESYSTEM. Add it. Change-Id: If7906bc0007484cc21196fb1c0593b967fd79920
2010-01-06 15:02:52 -08:00
AppsOnSd feature - Add default container Add new remote interface to do temporary copies. The new remote stub handling is done on mHandler thread and doesn't need locking for now. Add new InstallArgs class and subclasses to isolate cases for installation. Move resource deletion for failed installs/upgrades to later on in installation cycle. Fix code path for forward locked apps when using scanPackageLI TODO's Fix installation paths to completely use InstallArgs based design later on. Get rid of using flags in various install/uninstall code paths. Ideally InstallArgs should be created using these flags and used in the rest of the code. Function renames. Revisit mount api's.
2010-01-25 12:19:12 -08:00
<!-- Must be required by default container service so that only
the system can bind to it and use it to copy
protected data to secure containers or files
accessible to the system.
@hide -->
<permission android:name="android.permission.COPY_PROTECTED_DATA"
android:label="@string/permlab_copyProtectedData"
android:description="@string/permlab_copyProtectedData"
android:protectionLevel="signature" />
Add and enforce the permission for encrypting/decrypting. Change-Id: Ia292d8a5981266c2703743beb79fd786d77b375d
2011-01-20 22:46:41 -06:00
<!-- Internal permission protecting access to the encryption methods
@hide
-->
<permission android:name="android.permission.CRYPT_KEEPER"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
Add and enforce the permission for encrypting/decrypting. Change-Id: Ia292d8a5981266c2703743beb79fd786d77b375d
2011-01-20 22:46:41 -06:00
Interface-level network policy, persist policies. Define NetworkPolicy as cycle-reset day and warning/limit values, and set/get through NetworkPolicyManager. Watch ConnectivityManager for network connection events, and apply quota rules based on matching interfaces. Policy service matches based on strong identity to support IMSI-specific policy values. Calculates remaining quota based on current stats recorded since the last reset cycle day. Tests to verify edge cases around February. Persist network and UID policies in XML, and restore on boot. Change-Id: Id40ba7d6eed6094fbd5e18e6331286c606880d80
2011-06-07 12:26:43 -07:00
<!-- Allows an application to read historical network usage for
specific networks and applications. @hide -->
<permission android:name="android.permission.READ_NETWORK_USAGE_HISTORY"
android:label="@string/permlab_readNetworkUsageHistory"
android:description="@string/permdesc_readNetworkUsageHistory"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
Interface-level network policy, persist policies. Define NetworkPolicy as cycle-reset day and warning/limit values, and set/get through NetworkPolicyManager. Watch ConnectivityManager for network connection events, and apply quota rules based on matching interfaces. Policy service matches based on strong identity to support IMSI-specific policy values. Calculates remaining quota based on current stats recorded since the last reset cycle day. Tests to verify edge cases around February. Persist network and UID policies in XML, and restore on boot. Change-Id: Id40ba7d6eed6094fbd5e18e6331286c606880d80
2011-06-07 12:26:43 -07:00
<!-- Allows an application to manage network policies (such as warning and disable
limits) and to define application-specific rules. @hide -->
<permission android:name="android.permission.MANAGE_NETWORK_POLICY"
android:label="@string/permlab_manageNetworkPolicy"
android:description="@string/permdesc_manageNetworkPolicy"
android:protectionLevel="signature" />
Add and enforce the permission for encrypting/decrypting. Change-Id: Ia292d8a5981266c2703743beb79fd786d77b375d
2011-01-20 22:46:41 -06:00
Permissions to protect bandwidth statistics. Introduces new "net_bw_stats" group which will protect reading detailed bandwidth statistics from the kernel. Also introduce "net_bw_acct" group which will enable specific applications to request that their network traffic be counted against other UIDs. This change associates manifest permissions with the low-level GIDs. Change-Id: If3fc28053afda201ff305d798a8878ff1f35b997
2011-05-02 17:51:29 -07:00
<!-- Allows an application to account its network traffic against other UIDs. Used
by system services like download manager and media server. Not for use by
third party apps. @hide -->
<permission android:name="android.permission.MODIFY_NETWORK_ACCOUNTING"
android:label="@string/permlab_modifyNetworkAccounting"
android:description="@string/permdesc_modifyNetworkAccounting"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
Permissions to protect bandwidth statistics. Introduces new "net_bw_stats" group which will protect reading detailed bandwidth statistics from the kernel. Also introduce "net_bw_acct" group which will enable specific applications to request that their network traffic be counted against other UIDs. This change associates manifest permissions with the low-level GIDs. Change-Id: If3fc28053afda201ff305d798a8878ff1f35b997
2011-05-02 17:51:29 -07:00
Add private permission for sending SMS via Messaging app When the phone dialer sends an sms, it will use the Messaging app. That way the sent messages will end up in the messaging provider db and sending will be more reliable. Currently, the phone dialer uses the SmsManager directly. For now, the feature is only available to system apps and the permission is private. Bug 4563486 Change-Id: I10f7e1042683164ee61d01a2aaf738d19084da72
2011-08-11 14:27:25 -07:00
<!-- C2DM permission.
Switch from REMOTE_INTENT to the new push messaging, add the required permission.
2010-02-04 16:52:34 -08:00
@hide Used internally.
-->
Bug 2680071: Rename the Cloud to Device Change-Id: I12ab32de393e44a499e3f9e3a0b38f4682156ff5
2010-05-12 16:04:10 -07:00
<permission android:name="android.intent.category.MASTER_CLEAR.permission.C2D_MESSAGE"
Switch from REMOTE_INTENT to the new push messaging, add the required permission.
2010-02-04 16:52:34 -08:00
android:protectionLevel="signature" />
Bug 2680071: Rename the Cloud to Device Change-Id: I12ab32de393e44a499e3f9e3a0b38f4682156ff5
2010-05-12 16:04:10 -07:00
<uses-permission android:name="android.intent.category.MASTER_CLEAR.permission.C2D_MESSAGE"/>
Switch from REMOTE_INTENT to the new push messaging, add the required permission.
2010-02-04 16:52:34 -08:00
Infrastructure to support package verifier Allow a package verifier to approve or disapprove of a package being installed. Change-Id: Ibfea0f2b1aaa4ab1589a4e59f96144702b9bf94b
2011-07-27 11:11:19 -07:00
<!-- Package verifier needs to have this permission before the PackageManager will
trust it to verify packages.
@hide
-->
<permission android:name="android.permission.PACKAGE_VERIFICATION_AGENT"
android:label="@string/permlab_packageVerificationAgent"
android:description="@string/permdesc_packageVerificationAgent"
New development permissions. These are permissions that an application can request, but won't normally be granted. To have the permission granted, the user must explicitly do so through a new "adb shell pm grant" command. I put these permissions in the "development tools" permission group. Looking at the stuff there, I think all of the permissions we already had in that group should be turned to development permissions; I don't think any of them are protecting public APIs, and they are really not things normal applications should use. The support this, the protectionLevel of a permission has been modified to consist of a base protection type with additional flags. The signatureOrSystem permission has thus been converted to a signature base type with a new "system" flag; you can use "system" and/or "dangerous" flags with signature permissions as desired. The permissions UI has been updated to understand these new types of permissions and know when to display them. Along with doing that, it also now shows you which permissions are new when updating an existing application. This also starts laying the ground-work for "optional" permissions (which development permissions are a certain specialized form of). Completing that work requires some more features in the package manager to understand generic optional permissions (having a facility to not apply them when installing), along with the appropriate UI for the app and user to manage those permissions. Change-Id: I6571785c6bb5f6b291862b7a9be584885f88f3a5
2012-02-21 15:11:13 -08:00
android:protectionLevel="signature|system" />
Infrastructure to support package verifier Allow a package verifier to approve or disapprove of a package being installed. Change-Id: Ibfea0f2b1aaa4ab1589a4e59f96144702b9bf94b
2011-07-27 11:11:19 -07:00
<!-- Must be required by package verifier receiver, to ensure that only the
system can interact with it.
@hide
-->
<permission android:name="android.permission.BIND_PACKAGE_VERIFIER"
android:label="@string/permlab_bindPackageVerifier"
android:description="@string/permdesc_bindPackageVerifier"
android:protectionLevel="signature" />
New Serial Manager API: SerialManager: provides access to serial ports SerialPort: for reading and writing data to and from serial ports IO with both array based and direct ByteBuffers is supported. Accessing serial ports requires android.permission.SERIAL_PORT permission Each platform must configure list of supported serial ports in the config_serialPorts resource overlay (this is needed to prevent apps from accidentally accessing the bluetooth or other system UARTs). In addition, the platform uevent.rc file must set the owner to the /dev/tty* files to "system" so the framework can access the port. Signed-off-by: Mike Lockwood <lockwood@android.com>
2011-08-29 20:11:07 -04:00
<!-- Allows applications to access serial ports via the SerialManager.
@hide -->
<permission android:name="android.permission.SERIAL_PORT"
android:label="@string/permlab_serialPort"
android:description="@string/permdesc_serialPort"
android:protectionLevel="normal" />
Adding shell commands for modifying content. 1. Added methods to the ActivityManagerService remote interface that allow accessing content providers outside of an application. These methods are guarded by an internal signature protected permission which is given to the shell user. This enables a shell program to access content providers. 2. Implemented a shell command that takes as input as standart fagls with values and manipulates content via the content provider mechanism. Change-Id: I2943f8b59fbab33eb623458fa01ea61a077b9845
2012-02-03 19:19:09 -08:00
<!-- Allows the holder to access content providers from outside an ApplicationThread.
This permission is enforced by the ActivityManagerService on the corresponding APIs,
in particular ActivityManagerService#getContentProviderExternal(String) and
ActivityManagerService#removeContentProviderExternal(String).
@hide
-->
<permission android:name="android.permission.ACCESS_CONTENT_PROVIDERS_EXTERNALLY"
android:label="@string/permlab_accessContentProvidersExternally"
android:description="@string/permdesc_accessContentProvidersExternally"
android:protectionLevel="signature" />
Merge: Introduce UpdateLocks An "UpdateLock" works similarly to a wake lock in API: the caller is providing a hint to the OS that now is not a good time to interrupt the user/device in order to do intrusive work like applying OTAs. This is particularly important for headless or kiosk-like products where ordinarily the update process will be automatically scheduled and proceed without user or administrator intervention. UpdateLocks require that the caller hold the new signatureOrSystem permission android.permission.UPDATE_LOCK. acquire() and release() will throw security exceptions if this is not the case. The "is now convenient?" state is expressed to interested parties by way of a sticky broadcast sent only to registered listeners. The broadcast is protected; only the system can send it, so listeners can trust it to be accurate. The broadcast intent also includes a timestamp (System.currentTimeMillis()) to help inform listeners that wish to implement scheduling policies based on when the device became idle. The API change here is a tiny one: a dump(PrintWriter) method has been added to the TokenWatcher class to facilitate getting information out of it for dumpsys purposes. UpdateLock itself is still @hide. Bug 5543442 Change-Id: I3709c831fc1883d7cb753cd2d3ee8e10a61e7e48
2012-02-23 14:59:36 -08:00
<!-- Allows an application to hold an UpdateLock, recommending that a headless
OTA reboot *not* occur while the lock is held.
@hide -->
<permission android:name="android.permission.UPDATE_LOCK"
android:label="@string/permlab_updateLock"
android:description="@string/permdesc_updateLock"
android:protectionLevel="signatureOrSystem" />
Adding shell commands for modifying content. 1. Added methods to the ActivityManagerService remote interface that allow accessing content providers outside of an application. These methods are guarded by an internal signature protected permission which is given to the shell user. This enables a shell program to access content providers. 2. Implemented a shell command that takes as input as standart fagls with values and manipulates content via the content provider mechanism. Change-Id: I2943f8b59fbab33eb623458fa01ea61a077b9845
2012-02-03 19:19:09 -08:00
Full local backup infrastructure This is the basic infrastructure for pulling a full(*) backup of the device's data over an adb(**) connection to the local device. The basic process consists of these interacting pieces: 1. The framework's BackupManagerService, which coordinates the collection of app data and routing to the destination. 2. A new framework-provided BackupAgent implementation called FullBackupAgent, which is instantiated in the target applications' processes in turn, and knows how to emit a datastream that contains all of the app's saved data files. 3. A new shell-level program called "bu" that is used to bridge from adb to the framework's Backup Manager. 4. adb itself, which now knows how to use 'bu' to kick off a backup operation and pull the resulting data stream to the desktop host. 5. A system-provided application that verifies with the user that an attempted backup/restore operation is in fact expected and to be allowed. The full agent implementation is not used during normal operation of the delta-based app-customized remote backup process. Instead it's used during user-confirmed *full* backup of applications and all their data to a local destination, e.g. via the adb connection. The output format is 'tar'. This makes it very easy for the end user to examine the resulting dataset, e.g. for purpose of extracting files for debug purposes; as well as making it easy to contemplate adding things like a direct gzip stage to the data pipeline during backup/restore. It also makes it convenient to construct and maintain synthetic backup datasets for testing purposes. Within the tar format, certain artificial conventions are used. All files are stored within top-level directories according to their semantic origin: apps/pkgname/a/ : Application .apk file itself apps/pkgname/obb/: The application's associated .obb containers apps/pkgname/f/ : The subtree rooted at the getFilesDir() location apps/pkgname/db/ : The subtree rooted at the getDatabasePath() parent apps/pkgname/sp/ : The subtree rooted at the getSharedPrefsFile() parent apps/pkgname/r/ : Files stored relative to the root of the app's file tree apps/pkgname/c/ : Reserved for the app's getCacheDir() tree; not stored. For each package, the first entry in the tar stream is a file called "_manifest", nominally rooted at apps/pkgname. This file contains some metadata about the package whose data is stored in the archive. The contents of shared storage can optionally be included in the tar stream. It is placed in the synthetic location: shared/... uid/gid are ignored; app uids are assigned at install time, and the app's data is handled from within its own execution environment, so will automatically have the app's correct uid. Forward-locked .apk files are never backed up. System-partition .apk files are not backed up unless they have been overridden by a post-factory upgrade, in which case the current .apk *is* backed up -- i.e. the .apk that matches the on-disk data. The manifest preceding each application's portion of the tar stream provides version numbers and signature blocks for version checking, as well as an indication of whether the restore logic should expect to install the .apk before extracting the data. System packages can designate their own full backup agents. This is to manage things like the settings provider which (a) cannot be shut down on the fly in order to do a clean snapshot of their file trees, and (b) manage data that is not only irrelevant but actively hostile to non-identical devices -- CDMA telephony settings would seriously mess up a GSM device if emplaced there blind, for example. When a full backup or restore is initiated from adb, the system will present a confirmation UI that the user must explicitly respond to within a short [~ 30 seconds] timeout. This is to avoid the possibility of malicious desktop-side software secretly grabbing a copy of all the user's data for nefarious purposes. (*) The backup is not strictly a full mirror. In particular, the settings database is not cloned; it is handled the same way that it is in cloud backup/restore. This is because some settings are actively destructive if cloned onto a different (or especially a different-model) device: telephony settings and AndroidID are good examples of this. (**) On the framework side it doesn't care that it's adb; it just sends the tar stream to a file descriptor. This can easily be retargeted around whatever transport we might decide to use in the future. KNOWN ISSUES: * the security UI is desperately ugly; no proper designs have yet been done for it * restore is not yet implemented * shared storage backup is not yet implemented * symlinks aren't yet handled, though some infrastructure for dealing with them has been put in place. Change-Id: Ia8347611e23b398af36ea22c36dff0a276b1ce91
2011-04-01 14:43:32 -07:00
<!-- The system process is explicitly the only one allowed to launch the
confirmation UI for full backup/restore -->
<uses-permission android:name="android.permission.CONFIRM_FULL_BACKUP"/>
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<application android:process="system"
android:persistent="true"
android:hasCode="false"
android:label="@string/android_system_label"
android:allowClearUserData="false"
Only restore the bits for wallpapers that aren't built in.
2009-07-28 18:24:51 -07:00
android:backupAgent="com.android.server.SystemBackupAgent"
Expand apps' control over the settings restore process Applications can now specify two more aspects of the restore process: whether they need to run with their own custom Application subclass rather than being launched in the usual restricted mode during restore, and whether it's okay for the backup manager to kill the app process once restore has completed. The new manifest attributes for these are, respectively, android:restoreNeedsApplication and android:killAfterRestore. If unspecified in the manifest, restoreNeedsApplication is false, and killAfterRestore is true. In order to support kill-after-restore cleanly, this change also adds a new system-process-only interface to the Activity Manager, which will schedule a "commit suicide" event on the target app's main thread looper. The framework backup agents have been given the appropriate new backup attributes as well.
2009-09-01 20:32:49 -07:00
android:killAfterRestore="false"
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
android:icon="@drawable/ic_launcher_android">
<activity android:name="com.android.internal.app.ChooserActivity"
Make all the activities in the framework use the holo theme. Change-Id: I18b669923fcd52e3bbb82b63e491d46cdb4bf4be
2010-11-08 11:05:25 -08:00
android:theme="@style/Theme.Holo.Dialog.Alert"
Fix issue #2133206: dialogs/menus should auto-dismiss when screen turns off Lot of infrastructure for more things to go away when "clear system dialogs" happens, and now do this when we turn on the lock screen. Change-Id: I567130296fe47ce82df065ed58ef21b37416ceaf
2009-09-23 22:20:11 -07:00
android:finishOnCloseSystemDialogs="true"
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
android:excludeFromRecents="true"
android:multiprocess="true">
<intent-filter>
<action android:name="android.intent.action.CHOOSER" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
</activity>
Add support for heavy-weight applications. Only one can be running at a time, their process can not be killed, and a notification is posted while it is running. Change-Id: I843015723947e0c934ae63a1aeee139327c0bc01
2010-06-03 18:47:52 -07:00
<activity android:name="com.android.internal.app.HeavyWeightSwitcherActivity"
Make all the activities in the framework use the holo theme. Change-Id: I18b669923fcd52e3bbb82b63e491d46cdb4bf4be
2010-11-08 11:05:25 -08:00
android:theme="@style/Theme.Holo.Dialog"
Add support for heavy-weight applications. Only one can be running at a time, their process can not be killed, and a notification is posted while it is running. Change-Id: I843015723947e0c934ae63a1aeee139327c0bc01
2010-06-03 18:47:52 -07:00
android:label="@string/heavy_weight_switcher_title"
android:finishOnCloseSystemDialogs="true"
Fix issue #5263361: Browser instance not created in application picker The resolver activity was hiding the following activity from recents. Also some other fixes: a little better memory use debugging, removed some unneeded code from window manager, moved some system activities into their own process, added some more running process information for manage apps. Change-Id: I66687d16989ff965d524b92dc360f37c19199717
2011-09-07 18:31:28 -07:00
android:excludeFromRecents="true"
android:process=":ui">
Add support for heavy-weight applications. Only one can be running at a time, their process can not be killed, and a notification is posted while it is running. Change-Id: I843015723947e0c934ae63a1aeee139327c0bc01
2010-06-03 18:47:52 -07:00
</activity>
More native work. Implement save/restore of state, and add native APIs for configuration information. Change-Id: I2a3ddc2ba605db58d7c8b2b31b9215fb323f90b5
2010-08-04 11:12:40 -07:00
<activity android:name="com.android.internal.app.PlatLogoActivity"
Fix issue #5263361: Browser instance not created in application picker The resolver activity was hiding the following activity from recents. Also some other fixes: a little better memory use debugging, removed some unneeded code from window manager, moved some system activities into their own process, added some more running process information for manage apps. Change-Id: I66687d16989ff965d524b92dc360f37c19199717
2011-09-07 18:31:28 -07:00
android:theme="@style/Theme.Wallpaper.NoTitleBar.Fullscreen"
android:process=":ui">
More native work. Implement save/restore of state, and add native APIs for configuration information. Change-Id: I2a3ddc2ba605db58d7c8b2b31b9215fb323f90b5
2010-08-04 11:12:40 -07:00
</activity>
Show car mode notification in status bar. The notification is an ongoing event and can be used to get out of car mode.
2010-02-17 11:56:39 -08:00
<activity android:name="com.android.internal.app.DisableCarModeActivity"
android:theme="@style/Theme.NoDisplay"
Fix issue #5263361: Browser instance not created in application picker The resolver activity was hiding the following activity from recents. Also some other fixes: a little better memory use debugging, removed some unneeded code from window manager, moved some system activities into their own process, added some more running process information for manage apps. Change-Id: I66687d16989ff965d524b92dc360f37c19199717
2011-09-07 18:31:28 -07:00
android:excludeFromRecents="true"
android:process=":ui">
Show car mode notification in status bar. The notification is an ongoing event and can be used to get out of car mode.
2010-02-17 11:56:39 -08:00
</activity>
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<activity android:name="com.android.internal.app.RingtonePickerActivity"
Use Holo theme for Ringtone picker. Bug: 3148863
2010-11-02 14:02:17 -07:00
android:theme="@style/Theme.Holo.Dialog.Alert"
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
android:excludeFromRecents="true"
Fix issue #5263361: Browser instance not created in application picker The resolver activity was hiding the following activity from recents. Also some other fixes: a little better memory use debugging, removed some unneeded code from window manager, moved some system activities into their own process, added some more running process information for manage apps. Change-Id: I66687d16989ff965d524b92dc360f37c19199717
2011-09-07 18:31:28 -07:00
android:multiprocess="true"
android:process=":ui">
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<intent-filter>
<action android:name="android.intent.action.RINGTONE_PICKER" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
</activity>
adding concept of features to accounts
2009-04-20 16:05:10 -07:00
<activity android:name="android.accounts.ChooseAccountActivity"
android:excludeFromRecents="true"
Fix bug #3338957 (Account Picker and Account type picker need love) - update UI to match design requirements Change-Id: Idb5dbea876eb7170a8c1f077a99cfe168d41f1e1
2011-01-20 16:12:36 -08:00
android:exported="true"
android:theme="@android:style/Theme.Holo.Dialog"
Fix issue #5263361: Browser instance not created in application picker The resolver activity was hiding the following activity from recents. Also some other fixes: a little better memory use debugging, removed some unneeded code from window manager, moved some system activities into their own process, added some more running process information for manage apps. Change-Id: I66687d16989ff965d524b92dc360f37c19199717
2011-09-07 18:31:28 -07:00
android:label="@string/choose_account_label"
android:process=":ui">
adding concept of features to accounts
2009-04-20 16:05:10 -07:00
</activity>
Add a generic account chooser/add account flow for apps. The activity is launched as follows: Account account1 = new Account("account1@gmail.com", "com.google") Account account2 = new Account("account2@gmail.com", "com.google") ArrayList<Account> accounts = new ArrayList<Account>(); accounts.add(account1); accounts.add(account2); String[] accountTypes = new String[]{"com.google", "com.android.exchange"}; Bundle addAccountOptions = null; Intent intent = AccountManager.newChooseAccountIntent(account1, accounts, accountTypes, addAccountOptions); startActivityForResult(intent, 0); Change-Id: I05a467bdc3552a2e39397b0182879351f4324389
2011-09-14 23:19:35 -07:00
<activity android:name="android.accounts.ChooseTypeAndAccountActivity"
android:excludeFromRecents="true"
android:exported="true"
Continuation of the unified account chooser flow. - made the UI match the spec - added ability to force the account chooser to appear - added ability to pass in a description that will override the stock one - added ability to pass in requiredFeatures for addAccount - added ability to pass in an authTokenType for addAccount Bug: 5293377 Change-Id: I243c0fd6598c943b1f65753e1f5d3c86629f64f5
2011-09-16 21:17:21 -07:00
android:theme="@android:style/Theme.Holo.DialogWhenLarge.NoActionBar"
Add a generic account chooser/add account flow for apps. The activity is launched as follows: Account account1 = new Account("account1@gmail.com", "com.google") Account account2 = new Account("account2@gmail.com", "com.google") ArrayList<Account> accounts = new ArrayList<Account>(); accounts.add(account1); accounts.add(account2); String[] accountTypes = new String[]{"com.google", "com.android.exchange"}; Bundle addAccountOptions = null; Intent intent = AccountManager.newChooseAccountIntent(account1, accounts, accountTypes, addAccountOptions); startActivityForResult(intent, 0); Change-Id: I05a467bdc3552a2e39397b0182879351f4324389
2011-09-14 23:19:35 -07:00
android:label="@string/choose_account_label"
android:process=":ui">
</activity>
<activity android:name="android.accounts.ChooseAccountTypeActivity"
android:excludeFromRecents="true"
Continuation of the unified account chooser flow. - made the UI match the spec - added ability to force the account chooser to appear - added ability to pass in a description that will override the stock one - added ability to pass in requiredFeatures for addAccount - added ability to pass in an authTokenType for addAccount Bug: 5293377 Change-Id: I243c0fd6598c943b1f65753e1f5d3c86629f64f5
2011-09-16 21:17:21 -07:00
android:theme="@android:style/Theme.Holo.DialogWhenLarge.NoActionBar"
Add a generic account chooser/add account flow for apps. The activity is launched as follows: Account account1 = new Account("account1@gmail.com", "com.google") Account account2 = new Account("account2@gmail.com", "com.google") ArrayList<Account> accounts = new ArrayList<Account>(); accounts.add(account1); accounts.add(account2); String[] accountTypes = new String[]{"com.google", "com.android.exchange"}; Bundle addAccountOptions = null; Intent intent = AccountManager.newChooseAccountIntent(account1, accounts, accountTypes, addAccountOptions); startActivityForResult(intent, 0); Change-Id: I05a467bdc3552a2e39397b0182879351f4324389
2011-09-14 23:19:35 -07:00
android:label="@string/choose_account_label"
android:process=":ui">
</activity>
add account manager permission checking
2009-07-16 16:36:38 -07:00
<activity android:name="android.accounts.GrantCredentialsPermissionActivity"
android:excludeFromRecents="true"
Fix bug 3378333 - Holo-style layout for granting permissions Change-Id: Ie1bb925db3ddd8343c9756e220a0d821f4d31c6d
2011-01-22 14:34:13 -08:00
android:exported="true"
Fix issue #5263361: Browser instance not created in application picker The resolver activity was hiding the following activity from recents. Also some other fixes: a little better memory use debugging, removed some unneeded code from window manager, moved some system activities into their own process, added some more running process information for manage apps. Change-Id: I66687d16989ff965d524b92dc360f37c19199717
2011-09-07 18:31:28 -07:00
android:theme="@android:style/Theme.Holo.DialogWhenLarge"
android:process=":ui">
add account manager permission checking
2009-07-16 16:36:38 -07:00
</activity>
fix the TooManyDeletes to show up again It was moved so it was no longer in the location that SyncManager expected. I fixed it by (a) moving it to the SyncManager directory and by (b) changing the SyncManager to refer to it by class rather than by class name, which means it will now check for it at compile time, not run time. Bug: 3289922 Change-Id: I24f8bac371a16c62c2a38ed1024702c6d0913b93
2010-12-16 13:54:43 -08:00
<activity android:name="android.content.SyncActivityTooManyDeletes"
android:theme="@android:style/Theme.Holo.Dialog"
Fix issue #5263361: Browser instance not created in application picker The resolver activity was hiding the following activity from recents. Also some other fixes: a little better memory use debugging, removed some unneeded code from window manager, moved some system activities into their own process, added some more running process information for manage apps. Change-Id: I66687d16989ff965d524b92dc360f37c19199717
2011-09-07 18:31:28 -07:00
android:label="@string/sync_too_many_deletes"
android:process=":ui">
fix the TooManyDeletes to show up again It was moved so it was no longer in the location that SyncManager expected. I fixed it by (a) moving it to the SyncManager directory and by (b) changing the SyncManager to refer to it by class rather than by class name, which means it will now check for it at compile time, not run time. Bug: 3289922 Change-Id: I24f8bac371a16c62c2a38ed1024702c6d0913b93
2010-12-16 13:54:43 -08:00
</activity>
Add Activity Intent.ACTION_REQUEST_SHUTDOWN for requesting a system shutdown. The Intent.EXTRA_KEY_CONFIRM extra can be set to require user confirmation before shutting down. The ACTION_REQUEST_SHUTDOWN Intent is protected by android.permission.SHUTDOWN. Signed-off-by: Mike Lockwood <lockwood@android.com>
2009-07-30 01:21:08 -07:00
<activity android:name="com.android.server.ShutdownActivity"
android:permission="android.permission.SHUTDOWN"
Remove android:multiprocess from ShutdownActivity to ensure it runs in the system process. Signed-off-by: Mike Lockwood <lockwood@android.com>
2009-07-30 15:27:00 -07:00
android:excludeFromRecents="true">
Add Activity Intent.ACTION_REQUEST_SHUTDOWN for requesting a system shutdown. The Intent.EXTRA_KEY_CONFIRM extra can be set to require user confirmation before shutting down. The ACTION_REQUEST_SHUTDOWN Intent is protected by android.permission.SHUTDOWN. Signed-off-by: Mike Lockwood <lockwood@android.com>
2009-07-30 01:21:08 -07:00
<intent-filter>
<action android:name="android.intent.action.ACTION_REQUEST_SHUTDOWN" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
Fix Intent.ACTION_REBOOT Turns out this would be useful for automated testing. Change-Id: Idd5e35a8d4a354447b17a77fe0b606f78df844d0 Signed-off-by: Mike Lockwood <lockwood@android.com>
2010-09-08 07:21:07 -04:00
<intent-filter>
<action android:name="android.intent.action.REBOOT" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
Add Activity Intent.ACTION_REQUEST_SHUTDOWN for requesting a system shutdown. The Intent.EXTRA_KEY_CONFIRM extra can be set to require user confirmation before shutting down. The ACTION_REQUEST_SHUTDOWN Intent is protected by android.permission.SHUTDOWN. Signed-off-by: Mike Lockwood <lockwood@android.com>
2009-07-30 01:21:08 -07:00
</activity>
UsbManager: Enhancements for managing USB devices and accessories When a USB device or accessory is connected, the UsbService now asks the user which application to associate with the device or accessory. Applications interested in devices or accessories must specify the devices they work with via meta-data attached to their manifest. Permission to communicate with the device is assigned when the user chooses the activity to use for the device. The user has the option of clicking the "always use this application" checkbox to make the assignment automatic in the future. The user may later clear this preference and revoke permission for an application to have permission to communicate with the device by clicking the "Clear defaults" button for the activity in the Manage Applications panel in Settings. Added class UsbResolveActivity (a subclass or ResolveActivity for choosing an activity for a USB device or accessory) Added UsbDeviceManager, which manages the mapping between USB devices/accessories and applications, including default applications for devices and accessories, and manages application permissions. Add interface to allow Settings to clear device and accessory preferences and permissions for an application. Remove obsolete ACCESS_USB permission. Add new signatureOrSystem MANAGE_USB permission to allow administrating preferences and permissions. Moved UsbService.java to a "usb" subdirectory, along with new classes UsbResolveActivity and UsbDeviceManager. Change-Id: I92554381e9779e68ce380daaee4e1401fb875703 Signed-off-by: Mike Lockwood <lockwood@android.com>
2011-02-27 09:10:37 -08:00
gps: Network initiated SUPL Initial contribution from Qualcomm. Signed-off-by: Mike Lockwood <lockwood@android.com>
2009-08-18 18:28:45 -04:00
<activity android:name="com.android.internal.app.NetInitiatedActivity"
Make all the activities in the framework use the holo theme. Change-Id: I18b669923fcd52e3bbb82b63e491d46cdb4bf4be
2010-11-08 11:05:25 -08:00
android:theme="@style/Theme.Holo.Dialog.Alert"
Fix issue #5263361: Browser instance not created in application picker The resolver activity was hiding the following activity from recents. Also some other fixes: a little better memory use debugging, removed some unneeded code from window manager, moved some system activities into their own process, added some more running process information for manage apps. Change-Id: I66687d16989ff965d524b92dc360f37c19199717
2011-09-07 18:31:28 -07:00
android:excludeFromRecents="true"
android:process=":ui">
gps: Network initiated SUPL Initial contribution from Qualcomm. Signed-off-by: Mike Lockwood <lockwood@android.com>
2009-08-18 18:28:45 -04:00
</activity>
Add Activity Intent.ACTION_REQUEST_SHUTDOWN for requesting a system shutdown. The Intent.EXTRA_KEY_CONFIRM extra can be set to require user confirmation before shutting down. The ACTION_REQUEST_SHUTDOWN Intent is protected by android.permission.SHUTDOWN. Signed-off-by: Mike Lockwood <lockwood@android.com>
2009-07-30 01:21:08 -07:00
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<receiver android:name="com.android.server.BootReceiver" >
<intent-filter>
<action android:name="android.intent.action.BOOT_COMPLETED" />
</intent-filter>
</receiver>
<receiver android:name="com.android.server.MasterClearReceiver"
Implement issue #3094621 and #3094609 - wipe sd card 3094621: add "wipe sd card" option to factory data reset 3094609: collapse unmount/format into one command Also since we have decided that it is important to consider the Crespo storage as internal storage, DevicePolicyManager gets a new API to be able to wipe it. (No big deal, since all of the work for this is now done in the implementation of the new UI.) Change-Id: I32a77c410f710a87dcdcbf6586c09bd2e48a8807
2010-10-15 18:45:07 -07:00
android:permission="android.permission.MASTER_CLEAR"
android:priority="100" >
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<intent-filter>
Eliminate dependencies on Checkin, replacing checkin events with EventLog events (and in one case, a DropBox entry). Add a simple intent that triggers master-clear (and toggle EFS), given the right permissions. Bug: 2264596 Bug: 2350452 Bug: 2264596
2010-02-10 19:27:58 -08:00
<!-- For Checkin, Settings, etc.: action=MASTER_CLEAR -->
<action android:name="android.intent.action.MASTER_CLEAR" />
<!-- MCS always uses REMOTE_INTENT: category=MASTER_CLEAR -->
Bug 2680071: Rename the Cloud to Device Change-Id: I12ab32de393e44a499e3f9e3a0b38f4682156ff5
2010-05-12 16:04:10 -07:00
<action android:name="com.google.android.c2dm.intent.RECEIVE" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
<category android:name="android.intent.category.MASTER_CLEAR" />
</intent-filter>
</receiver>
Implement issue #3094621 and #3094609 - wipe sd card 3094621: add "wipe sd card" option to factory data reset 3094609: collapse unmount/format into one command Also since we have decided that it is important to consider the Crespo storage as internal storage, DevicePolicyManager gets a new API to be able to wipe it. (No big deal, since all of the work for this is now done in the implementation of the new UI.) Change-Id: I32a77c410f710a87dcdcbf6586c09bd2e48a8807
2010-10-15 18:45:07 -07:00
<service android:name="com.android.internal.os.storage.ExternalStorageFormatter"
android:permission="android.permission.MASTER_CLEAR"
android:exported="true" />
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
Implement issue #3094621 and #3094609 - wipe sd card 3094621: add "wipe sd card" option to factory data reset 3094609: collapse unmount/format into one command Also since we have decided that it is important to consider the Crespo storage as internal storage, DevicePolicyManager gets a new API to be able to wipe it. (No big deal, since all of the work for this is now done in the implementation of the new UI.) Change-Id: I32a77c410f710a87dcdcbf6586c09bd2e48a8807
2010-10-15 18:45:07 -07:00
</application>
auto import from //depot/cupcake/@135843
2009-03-03 19:31:44 -08:00
Implement issue #3094621 and #3094609 - wipe sd card 3094621: add "wipe sd card" option to factory data reset 3094609: collapse unmount/format into one command Also since we have decided that it is important to consider the Crespo storage as internal storage, DevicePolicyManager gets a new API to be able to wipe it. (No big deal, since all of the work for this is now done in the implementation of the new UI.) Change-Id: I32a77c410f710a87dcdcbf6586c09bd2e48a8807
2010-10-15 18:45:07 -07:00
</manifest>
Reference in New Issue Copy Permalink