b8dd91a6b2
This gid is not needed by camera-using apps, since all camera access is mediated by the camera service, which does not depend on gid for permission checks. Bug: 9904186 Change-Id: I859e6cabc905af9d98e2b09f5bbad086b5eb2b26
138 lines
5.3 KiB
XML
138 lines
5.3 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!-- Copyright (C) 2008 The Android Open Source Project
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
-->
|
|
|
|
<!-- This file is used to define the mappings between lower-level system
|
|
user and group IDs and the higher-level permission names managed
|
|
by the platform.
|
|
|
|
Be VERY careful when editing this file! Mistakes made here can open
|
|
big security holes.
|
|
-->
|
|
<permissions>
|
|
|
|
<!-- ================================================================== -->
|
|
<!-- ================================================================== -->
|
|
<!-- ================================================================== -->
|
|
|
|
<!-- The following tags are associating low-level group IDs with
|
|
permission names. By specifying such a mapping, you are saying
|
|
that any application process granted the given permission will
|
|
also be running with the given group ID attached to its process,
|
|
so it can perform any filesystem (read, write, execute) operations
|
|
allowed for that group. -->
|
|
|
|
<permission name="android.permission.BLUETOOTH_ADMIN" >
|
|
<group gid="net_bt_admin" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.BLUETOOTH" >
|
|
<group gid="net_bt" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.BLUETOOTH_STACK" >
|
|
<group gid="net_bt_stack" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.NET_TUNNELING" >
|
|
<group gid="vpn" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.INTERNET" >
|
|
<group gid="inet" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.READ_LOGS" >
|
|
<group gid="log" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.READ_EXTERNAL_STORAGE" >
|
|
<group gid="sdcard_r" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.WRITE_EXTERNAL_STORAGE" >
|
|
<group gid="sdcard_rw" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.WRITE_MEDIA_STORAGE" >
|
|
<group gid="media_rw" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.ACCESS_MTP" >
|
|
<group gid="mtp" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.NET_ADMIN" >
|
|
<group gid="net_admin" />
|
|
</permission>
|
|
|
|
<!-- The group that /cache belongs to, linked to the permission
|
|
set on the applications that can access /cache -->
|
|
<permission name="android.permission.ACCESS_CACHE_FILESYSTEM" >
|
|
<group gid="cache" />
|
|
</permission>
|
|
|
|
<!-- RW permissions to any system resources owned by group 'diag'.
|
|
This is for carrier and manufacture diagnostics tools that must be
|
|
installable from the framework. Be careful. -->
|
|
<permission name="android.permission.DIAGNOSTIC" >
|
|
<group gid="input" />
|
|
<group gid="diag" />
|
|
</permission>
|
|
|
|
<!-- Group that can read detailed network usage statistics -->
|
|
<permission name="android.permission.READ_NETWORK_USAGE_HISTORY">
|
|
<group gid="net_bw_stats" />
|
|
</permission>
|
|
|
|
<!-- Group that can modify how network statistics are accounted -->
|
|
<permission name="android.permission.MODIFY_NETWORK_ACCOUNTING">
|
|
<group gid="net_bw_acct" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.LOOP_RADIO" >
|
|
<group gid="loop_radio" />
|
|
</permission>
|
|
|
|
<!-- ================================================================== -->
|
|
<!-- ================================================================== -->
|
|
<!-- ================================================================== -->
|
|
|
|
<!-- The following tags are assigning high-level permissions to specific
|
|
user IDs. These are used to allow specific core system users to
|
|
perform the given operations with the higher-level framework. For
|
|
example, we give a wide variety of permissions to the shell user
|
|
since that is the user the adb shell runs under and developers and
|
|
others should have a fairly open environment in which to
|
|
interact with the system. -->
|
|
|
|
<assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="media" />
|
|
<assign-permission name="android.permission.ACCESS_DRM" uid="media" />
|
|
<assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="media" />
|
|
<assign-permission name="android.permission.WAKE_LOCK" uid="media" />
|
|
<assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="media" />
|
|
|
|
<assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="graphics" />
|
|
|
|
<!-- This is a list of all the libraries available for application
|
|
code to link against. -->
|
|
|
|
<library name="android.test.runner"
|
|
file="/system/framework/android.test.runner.jar" />
|
|
<library name="javax.obex"
|
|
file="/system/framework/javax.obex.jar"/>
|
|
|
|
</permissions>
|