mirror of
https://github.com/AetherDroid/vendor_samsung_universal7570-common.git
synced 2025-09-09 17:02:47 -04:00
364 lines
15 KiB
XML
364 lines
15 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!-- Copyright (C) 2008 The Android Open Source Project
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
-->
|
|
|
|
<!-- This file is used to define the mappings between lower-level system
|
|
user and group IDs and the higher-level permission names managed
|
|
by the platform.
|
|
|
|
Be VERY careful when editing this file! Mistakes made here can open
|
|
big security holes.
|
|
-->
|
|
<permissions>
|
|
|
|
<!-- ================================================================== -->
|
|
<!-- ================================================================== -->
|
|
<!-- ================================================================== -->
|
|
|
|
<!-- The following tags are associating low-level group IDs with
|
|
permission names. By specifying such a mapping, you are saying
|
|
that any application process granted the given permission will
|
|
also be running with the given group ID attached to its process,
|
|
so it can perform any filesystem (read, write, execute) operations
|
|
allowed for that group. -->
|
|
|
|
<permission name="android.permission.BLUETOOTH_ADMIN" >
|
|
<group gid="net_bt_admin" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.BLUETOOTH" >
|
|
<group gid="net_bt" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.BLUETOOTH_STACK" >
|
|
<group gid="bluetooth" />
|
|
<group gid="wakelock" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.NET_TUNNELING" >
|
|
<group gid="vpn" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.INTERNET" >
|
|
<group gid="inet" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.READ_LOGS" >
|
|
<group gid="log" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.WRITE_MEDIA_STORAGE" >
|
|
<group gid="media_rw" />
|
|
<group gid="sdcard_rw" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.ACCESS_MTP" >
|
|
<group gid="mtp" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.NET_ADMIN" >
|
|
<group gid="net_admin" />
|
|
</permission>
|
|
|
|
<!-- The group that /cache belongs to, linked to the permission
|
|
set on the applications that can access /cache -->
|
|
<permission name="android.permission.ACCESS_CACHE_FILESYSTEM" >
|
|
<group gid="cache" />
|
|
</permission>
|
|
|
|
<!-- RW permissions to any system resources owned by group 'diag'.
|
|
This is for carrier and manufacture diagnostics tools that must be
|
|
installable from the framework. Be careful. -->
|
|
<permission name="android.permission.DIAGNOSTIC" >
|
|
<group gid="input" />
|
|
<group gid="diag" />
|
|
</permission>
|
|
|
|
<!-- Group that can read detailed network usage statistics -->
|
|
<permission name="android.permission.READ_NETWORK_USAGE_HISTORY">
|
|
<group gid="net_bw_stats" />
|
|
</permission>
|
|
|
|
<!-- Group that can modify how network statistics are accounted -->
|
|
<permission name="android.permission.MODIFY_NETWORK_ACCOUNTING">
|
|
<group gid="net_bw_acct" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.LOOP_RADIO" >
|
|
<group gid="loop_radio" />
|
|
</permission>
|
|
|
|
<!-- Hotword training apps sometimes need a GID to talk with low-level
|
|
hardware; give them audio for now until full HAL support is added. -->
|
|
<permission name="android.permission.MANAGE_VOICE_KEYPHRASES">
|
|
<group gid="audio" />
|
|
</permission>
|
|
|
|
<!--add Scloud permission -->
|
|
<permission name="com.samsung.android.permission.MEDIA_CLOUD_CONTENTS">
|
|
<group gid="scloud" />
|
|
</permission>
|
|
|
|
<permission name="android.permission.ACCESS_FM_RADIO" >
|
|
<!-- /dev/fm is gid media, not audio -->
|
|
<group gid="media" />
|
|
</permission>
|
|
|
|
<!-- MNO CIQ : ATT_IQI_START -->
|
|
<!-- Group that can perform I/O operations on the bridge device node. -->
|
|
<permission name="com.att.iqi.permission.ACCESS_BRIDGE">
|
|
<group gid="bridge_rw" />
|
|
</permission>
|
|
|
|
<!-- proc fs access -->
|
|
<permission name="com.att.iqi.permission.READPROC" >
|
|
<group gid="readproc" />
|
|
</permission>
|
|
<!-- MNO CIQ : ATT_IQI_END -->
|
|
|
|
<!-- These are permissions that were mapped to gids but we need
|
|
to keep them here until an upgrade from L to the current
|
|
version is to be supported. These permissions are built-in
|
|
and in L were not stored in packages.xml as a result if they
|
|
are not defined here while parsing packages.xml we would
|
|
ignore these permissions being granted to apps and not
|
|
propagate the granted state. From N we are storing the
|
|
built-in permissions in packages.xml as the saved storage
|
|
is negligible (one tag with the permission) compared to
|
|
the fragility as one can remove a built-in permission which
|
|
no longer needs to be mapped to gids and break grant propagation. -->
|
|
<permission name="android.permission.READ_EXTERNAL_STORAGE" />
|
|
<permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
|
|
|
|
<!-- Except for SysScope, DO NOT USE this permission. -->
|
|
|
|
<permission name="com.sec.android.app.sysscope.permission.ACCESS_SYSTEM_INFO_SYSSCOPE_ONLY" >
|
|
<group gid="radio" />
|
|
<group gid="readproc" />
|
|
</permission>
|
|
|
|
<!-- ================================================================== -->
|
|
<!-- ================================================================== -->
|
|
<!-- ================================================================== -->
|
|
|
|
<!-- The following tags are assigning high-level permissions to specific
|
|
user IDs. These are used to allow specific core system users to
|
|
perform the given operations with the higher-level framework. For
|
|
example, we give a wide variety of permissions to the shell user
|
|
since that is the user the adb shell runs under and developers and
|
|
others should have a fairly open environment in which to
|
|
interact with the system. -->
|
|
|
|
<assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="media" />
|
|
<assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="media" />
|
|
<assign-permission name="android.permission.WAKE_LOCK" uid="media" />
|
|
<assign-permission name="android.permission.UPDATE_DEVICE_STATS" uid="media" />
|
|
<assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="media" />
|
|
<assign-permission name="android.permission.GET_PROCESS_STATE_AND_OOM_SCORE" uid="media" />
|
|
|
|
<assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="audioserver" />
|
|
<assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="audioserver" />
|
|
<assign-permission name="android.permission.WAKE_LOCK" uid="audioserver" />
|
|
<assign-permission name="android.permission.UPDATE_DEVICE_STATS" uid="audioserver" />
|
|
<assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="audioserver" />
|
|
|
|
<assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="cameraserver" />
|
|
<assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="cameraserver" />
|
|
<assign-permission name="android.permission.WAKE_LOCK" uid="cameraserver" />
|
|
<assign-permission name="android.permission.UPDATE_DEVICE_STATS" uid="cameraserver" />
|
|
<assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="cameraserver" />
|
|
<assign-permission name="android.permission.GET_PROCESS_STATE_AND_OOM_SCORE" uid="cameraserver" />
|
|
<assign-permission name="com.samsung.permission.HRM_EXT" uid="cameraserver" />
|
|
<assign-permission name="com.samsung.permission.SSENSOR" uid="cameraserver" />
|
|
|
|
<assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="graphics" />
|
|
|
|
<assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="oem_5386" />
|
|
<assign-permission name="android.permission.CAPTURE_AUDIO_OUTPUT" uid="oem_5386" />
|
|
<assign-permission name="android.permission.RECORD_AUDIO" uid="oem_5386" />
|
|
|
|
<assign-permission name="android.permission.RECORD_AUDIO" uid="cameraserver" />
|
|
|
|
<!-- This is a list of all the libraries available for application
|
|
code to link against. -->
|
|
|
|
<library name="android.test.runner"
|
|
file="/system/framework/android.test.runner.jar" />
|
|
<library name="javax.obex"
|
|
file="/system/framework/javax.obex.jar" />
|
|
<library name="org.apache.http.legacy"
|
|
file="/system/framework/org.apache.http.legacy.jar" />
|
|
|
|
<!-- These are the standard packages that are white-listed to always have internet
|
|
access while in power save mode, even if they aren't in the foreground. -->
|
|
<allow-in-power-save package="com.android.providers.downloads" />
|
|
|
|
<!-- These are the standard packages that are white-listed to always have internet
|
|
access while in data mode, even if they aren't in the foreground. -->
|
|
<allow-in-data-usage-save package="com.android.providers.downloads" />
|
|
|
|
<!-- This is a core platform component that needs to freely run in the background -->
|
|
<allow-in-power-save package="com.android.cellbroadcastreceiver" />
|
|
<allow-in-power-save package="com.android.shell" />
|
|
|
|
<!-- SecProductFeature_KNOX.SEC_PRODUCT_FEATURE_KNOX_SUPPORT_MDM { -->
|
|
<!-- Knox Service -->
|
|
<allow-in-power-save package="com.samsung.klmsagent" />
|
|
<allow-in-data-usage-save package="com.samsung.klmsagent" />
|
|
<allow-in-power-save package="com.sec.enterprise.knox.cloudmdm.smdms" />
|
|
<allow-in-data-usage-save package="com.sec.enterprise.knox.cloudmdm.smdms" />
|
|
<!-- } SecProductFeature_KNOX.SEC_PRODUCT_FEATURE_KNOX_SUPPORT_MDM -->
|
|
|
|
<!-- These are the packages that are white-listed to be able to run as system user -->
|
|
<system-user-whitelisted-app package="com.android.settings" />
|
|
|
|
<!-- These are the packages that shouldn't run as system user -->
|
|
<system-user-blacklisted-app package="com.android.wallpaper.livepicker" />
|
|
|
|
<!-- Weather Daemon -->
|
|
<allow-in-power-save-except-idle package="com.sec.android.daemonapp" />
|
|
<allow-in-power-save package="com.sec.android.daemonapp" />
|
|
<allow-in-data-usage-save package="com.sec.android.daemonapp" />
|
|
|
|
<!-- Weather Forecast -->
|
|
<allow-in-power-save-except-idle package="com.samsung.android.weather" />
|
|
<allow-in-power-save package="com.samsung.android.weather" />
|
|
|
|
<!-- SamsungPay -->
|
|
<allow-in-power-save package="com.samsung.android.spay" />
|
|
<allow-in-data-usage-save package="com.samsung.android.spay" />
|
|
|
|
<!-- FaceBook -->
|
|
<allow-in-power-save package="com.facebook.services"/>
|
|
|
|
<!-- Game Service -->
|
|
<allow-in-power-save package="com.samsung.android.game.gametools"/>
|
|
<allow-in-power-save package="com.samsung.android.game.gamehome"/>
|
|
<allow-in-power-save package="com.enhance.gameservice" />
|
|
|
|
<!-- GalaxyApps -->
|
|
<allow-in-power-save package="com.sec.android.app.samsungapps"/>
|
|
|
|
<!-- Always On Display -->
|
|
<allow-in-power-save package="com.samsung.android.app.aodservice" />
|
|
|
|
<!-- Edge -->
|
|
<allow-in-power-save package="com.samsung.android.app.cocktailbarservice" />
|
|
|
|
<!-- AirCommand -->
|
|
<allow-in-power-save package="com.samsung.android.service.aircommand" />
|
|
|
|
<!-- Send Help Message -->
|
|
<allow-in-power-save package="com.sec.android.app.safetyassurance"/>
|
|
|
|
<!-- CSC application -->
|
|
<allow-in-power-save package="com.samsung.sec.android.application.csc"/>
|
|
|
|
<!-- Contacts application -->
|
|
<allow-in-power-save package="com.samsung.android.contacts"/>
|
|
|
|
<!-- KT114 Provider -->
|
|
<allow-in-data-usage-save package="com.samsung.kt114provider" />
|
|
<allow-in-power-save package="com.samsung.kt114provider" />
|
|
|
|
<!-- Peoplestripe -->
|
|
<allow-in-power-save package="com.samsung.android.service.peoplestripe" />
|
|
|
|
<!-- AppLock -->
|
|
<allow-in-power-save package="com.samsung.android.applock"/>
|
|
|
|
<!-- HongbaoAssistant -->
|
|
<allow-in-power-save package="com.samsung.hongbaoassistant" />
|
|
|
|
<!-- Blue light filter Service -->
|
|
<allow-in-power-save package="com.samsung.android.bluelightfilter"/>
|
|
|
|
<!-- AppLinker -->
|
|
<allow-in-power-save package="com.sec.android.app.applinker" />
|
|
|
|
<!-- Bixby Home -->
|
|
<allow-in-power-save package="com.samsung.android.app.spage"/>
|
|
|
|
<!-- Messging UI -->
|
|
<allow-in-power-save package="com.samsung.android.messaging"/>
|
|
|
|
<!-- Message CommuicationService -->
|
|
<allow-in-power-save package="com.samsung.android.communicationservice"/>
|
|
|
|
<!-- HandwritingService -->
|
|
<allow-in-power-save package="com.samsung.android.sdk.handwriting" />
|
|
|
|
<!-- CustomizationService -->
|
|
<allow-in-power-save package="com.samsung.android.rubin.app" />
|
|
|
|
<!-- Secure Wi-Fi -->
|
|
<allow-in-power-save package="com.samsung.android.fast" />
|
|
<allow-in-data-usage-save package="com.samsung.android.fast" />
|
|
|
|
<!-- Device Search -->
|
|
<allow-in-power-save package="com.samsung.android.app.galaxyfinder" />
|
|
|
|
<!-- Sound Quality andEffects -->
|
|
<allow-in-power-save package="com.sec.android.app.soundalive" />
|
|
|
|
<!-- Knox container -->
|
|
<allow-in-power-save package="com.samsung.android.knox.containercore" />
|
|
<allow-in-power-save package="com.samsung.android.knox.containeragent" />
|
|
<allow-in-power-save package="com.samsung.knox.securefolder" />
|
|
|
|
<!-- GalaxyBetaServicePlugin -->
|
|
<allow-in-power-save package="com.samsung.android.galaxybetaserviceplugin" />
|
|
|
|
<!-- Samsung capture -->
|
|
<allow-in-power-save package="com.samsung.android.app.smartcapture" />
|
|
|
|
<!-- Samsung Clipboard -->
|
|
<allow-in-power-save package="com.samsung.clipboardsaveservice" />
|
|
<allow-in-power-save package="com.samsung.android.clipboarduiservice" />
|
|
|
|
<!-- Samsung VideoPlayer -->
|
|
<allow-in-power-save package="com.samsung.android.video" />
|
|
|
|
<!-- Samsung Message -->
|
|
<allow-in-data-usage-save package="com.samsung.android.messaging"/>
|
|
|
|
<!-- Smart View -->
|
|
<allow-in-power-save package="com.samsung.android.smartmirroring" />
|
|
|
|
<!-- IMS -->
|
|
<allow-in-power-save package="com.sec.imsservice" />
|
|
<allow-in-data-usage-save package="com.sec.imsservice" />
|
|
|
|
<!-- NSDS -->
|
|
<allow-in-power-save package="com.sec.vsimservice" />
|
|
<allow-in-data-usage-save package="com.sec.vsimservice" />
|
|
|
|
<!-- Network Location Provider -->
|
|
<allow-in-power-save-except-idle package="com.baidu.map.location" />
|
|
<allow-in-power-save-except-idle package="com.amap.android.location" />
|
|
<allow-in-power-save package="com.baidu.map.location" />
|
|
<allow-in-power-save package="com.amap.android.location" />
|
|
|
|
<!-- SysScope -->
|
|
<allow-in-power-save package="com.sec.android.app.sysscope" />
|
|
|
|
<!-- SPenKeeper -->
|
|
<allow-in-power-save package="com.sec.android.app.SPenKeeper" />
|
|
|
|
<!-- Knox Guard -->
|
|
<allow-in-power-save package="com.samsung.android.kgclient"/>
|
|
<allow-in-data-usage-save package="com.samsung.android.kgclient"/>
|
|
|
|
</permissions>
|