package: "android.permission.flags" container: "system" flag { name: "device_aware_permission_apis_enabled" is_exported: true is_fixed_read_only: true namespace: "permissions" description: "enable device aware permission APIs" bug: "274852670" } flag { name: "voice_activation_permission_apis" is_exported: true namespace: "permissions" description: "enable voice activation permission APIs" bug: "287264308" } flag { name: "system_server_role_controller_enabled" is_exported: true is_fixed_read_only: true namespace: "permissions" description: "enable role controller in system server" bug: "302562590" } flag { name: "set_next_attribution_source" is_exported: true namespace: "permissions" description: "enable AttributionSource.setNextAttributionSource" bug: "304478648" } flag { name: "should_register_attribution_source" is_exported: true namespace: "permissions" description: "enable the shouldRegisterAttributionSource API" bug: "305057691" } flag { name: "enhanced_confirmation_mode_apis_enabled" is_exported: true is_fixed_read_only: true namespace: "permissions" description: "enable enhanced confirmation mode apis" bug: "310220212" } flag { name: "enhanced_confirmation_in_call_apis_enabled" is_exported: true is_fixed_read_only: true namespace: "permissions" description: "DEPRECATED, does not gate any apis" bug: "364535720" } flag { name: "unknown_call_package_install_blocking_enabled" is_exported: true is_fixed_read_only: true namespace: "permissions" description: "enable the blocking of certain app installs during an unknown call" bug: "364535720" } flag { name: "unknown_call_setting_blocked_logging_enabled" is_exported: true is_fixed_read_only: true namespace: "permissions" description: "enable the metrics when blocking certain app installs during an unknown call" bug: "364535720" metadata { purpose: PURPOSE_BUGFIX } } flag { name: "op_enable_mobile_data_by_user" is_exported: true namespace: "permissions" description: "enables logging of the OP_ENABLE_MOBILE_DATA_BY_USER" bug: "222650148" } flag { name: "factory_reset_prep_permission_apis" is_exported: true namespace: "wallet_integration" description: "enable Permission PREPARE_FACTORY_RESET." bug: "302016478" } flag { name: "retail_demo_role_enabled" is_exported: true namespace: "permissions" description: "default retail demo role holder" bug: "274132354" } flag { name: "server_side_attribution_registration" namespace: "permissions" description: "controls whether the binder representing an AttributionSource is created in the system server, or client process" bug: "310953959" } flag { name: "wallet_role_enabled" is_exported: true namespace: "wallet_integration" description: "This flag is used to enabled the Wallet Role for all users on the device" bug: "283989236" } # This flag is enabled since V but not a MUST requirement in CDD yet, so it needs to stay around # for now and any code working with it should keep checking the flag. flag { name: "signature_permission_allowlist_enabled" is_fixed_read_only: true namespace: "permissions" description: "Enable signature permission allowlist" bug: "308573169" } flag { name: "sensitive_notification_app_protection" is_exported: true # Referenced in WM where WM starts before DeviceConfig is_fixed_read_only: true namespace: "permissions" description: "This flag controls the sensitive notification app protections while screen sharing" bug: "312784351" } flag { name: "sensitive_content_improvements" # Referenced in WM where WM starts before DeviceConfig is_fixed_read_only: true namespace: "permissions" description: "Improvements to sensitive content/notification features, such as the Toast UX." bug: "301960090" } flag { name: "sensitive_content_metrics_bugfix" # Referenced in WM where WM starts before DeviceConfig is_fixed_read_only: true namespace: "permissions" description: "Enables metrics bugfixes for sensitive content/notification features" bug: "312784351" metadata { purpose: PURPOSE_BUGFIX } } flag { name: "sensitive_content_recents_screenshot_bugfix" # Referenced in WM where WM starts before DeviceConfig is_fixed_read_only: true namespace: "permissions" description: "Enables recents screenshot bugfixes for sensitive content/notification features" bug: "312784351" metadata { purpose: PURPOSE_BUGFIX } } flag { name: "device_aware_permissions_enabled" is_exported: true is_fixed_read_only: true namespace: "permissions" description: "When the flag is off no permissions can be device aware" bug: "274852670" } flag { name: "get_emergency_role_holder_api_enabled" is_exported: true is_fixed_read_only: true namespace: "permissions" description: "Enables the getEmergencyRoleHolder API." bug: "323157319" } flag { name: "ignore_process_text" namespace: "permissions" description: "Ignore activities that handle PROCESS_TEXT in TextView" bug: "325356776" } flag { name: "finish_running_ops_for_killed_packages" namespace: "permissions" description: "Finish all appops for a dead app process" bug: "234630570" metadata { purpose: PURPOSE_BUGFIX } } flag { name: "runtime_permission_appops_mapping_enabled" is_fixed_read_only: true namespace: "permissions" description: "Use runtime permission state to determine appop state" bug: "266164193" } flag { name: "device_id_in_op_proxy_info_enabled" is_fixed_read_only: true namespace: "permissions" description: "Enable getDeviceId API in OpEventProxyInfo" bug: "337340961" is_exported: true } flag { name: "device_aware_app_op_new_schema_enabled" is_fixed_read_only: true namespace: "permissions" description: "Persist device attributed AppOp accesses on the disk" bug: "308201969" } flag { name: "check_op_validate_package" namespace: "permissions" description: "Validate package/uid match in checkOp similar to noteOp" bug: "294609684" } flag { name: "location_bypass_privacy_dashboard_enabled" is_exported: true namespace: "permissions" description: "Show access entry of location bypass permission in the Privacy Dashboard" bug: "325536053" } flag { name: "dont_remove_existing_uid_states" is_fixed_read_only: true namespace: "permissions" description: "Double check if the uid still exists before attempting to remove its appops state" bug: "353474742" metadata { purpose: PURPOSE_BUGFIX } } flag { name: "sync_on_op_noted_api" namespace: "permissions" description: "New setOnOpNotedCallback API to allow subscribing to only sync ops." bug: "372910217" is_exported: true } flag { name: "use_frozen_aware_remote_callback_list" namespace: "permissions" description: "Whether to use the new frozen-aware RemoteCallbackList API for op noted callbacks." bug: "361157077" } flag { name: "wallet_role_icon_property_enabled" is_exported: true namespace: "wallet_integration" description: "This flag is used to enabled the Wallet Role s icon fetching from manifest property" bug: "349942654" } flag { name: "appop_access_tracking_logging_enabled" is_fixed_read_only: true namespace: "permissions" description: "Enables logging of the AppOp access tracking" bug: "365584286" } flag { name: "replace_body_sensor_permission_enabled" is_fixed_read_only: true is_exported: true namespace: "android_health_services" description: "Enables replacement of BODY_SENSORS/BODY_SENSORS_BACKGROUND permissions with granular health permissions READ_HEART_RATE, READ_SKIN_TEMPERATURE, READ_OXYGEN_SATURATION, and READ_HEALTH_DATA_IN_BACKGROUND" bug: "364638912" } flag { name: "delay_uid_state_changes_from_capability_updates" is_fixed_read_only: true namespace: "permissions" description: "If proc state is decreasing over the restriction threshold and capability is changed, delay if no new capabilities are added" bug: "347891382" metadata { purpose: PURPOSE_BUGFIX } } flag { name: "allow_host_permission_dialogs_on_virtual_devices" is_exported: true namespace: "permissions" description: "Allow host device permission dialogs (i.e., dialogs for non device-aware permissions) to be shown on virtual devices" bug: "371173672" } flag { name: "appop_mode_caching_enabled" is_fixed_read_only: true namespace: "permissions" description: "Enable AppOp mode caching in AppOpsManager" bug: "366013082" } flag { name: "permission_tree_apis_deprecated" is_fixed_read_only: true is_exported: true namespace: "permissions" description: "This flag is used to deprecate permission tree related APIs" bug: "376535612" } flag { name: "enable_otp_in_text_classifiers" is_fixed_read_only: true is_exported: true namespace: "permissions" description: "Enables ExtServices to leverage TextClassifier for OTP detection" bug: "351976749" } flag { name: "health_connect_backup_restore_permission_enabled" is_fixed_read_only: true namespace: "health_fitness_aconfig" description: "This flag protects the permission that is required to call Health Connect backup and restore apis" bug: "324019102" # android_fr bug is_exported: true } flag { name: "enable_aiai_proxied_text_classifiers" is_fixed_read_only: true is_exported: true namespace: "permissions" description: "Enables the AiAi to utilize the default OTP text classifier that is also used by ExtServices" bug: "377229653" } flag { name: "enable_sqlite_appops_accesses" is_fixed_read_only: true is_exported: true namespace: "permissions" description: "Enables SQlite for recording individual/discrete AppOp accesses" bug: "377584611" } flag { name: "enable_all_sqlite_appops_accesses" is_fixed_read_only: true is_exported: true namespace: "permissions" description: "Enables SQlite for storing aggregated & individual/discrete AppOp accesses" bug: "377584611" } flag { name: "record_all_runtime_appops_sqlite" is_fixed_read_only: true is_exported: true namespace: "permissions" description: "Enables recording of all runtime app ops into SQlite" bug: "377584611" } flag { name: "ranging_permission_enabled" is_fixed_read_only: true is_exported: true namespace: "uwb" description: "This fixed read-only flag is used to enable new ranging permission for all ranging use cases." bug: "370977414" } flag { name: "system_selection_toolbar_enabled" namespace: "permissions" description: "Enables the system selection toolbar feature." bug: "363318732" } flag { name: "use_system_selection_toolbar_in_sysui" namespace: "permissions" description: "Uses the SysUi process to host the SelectionToolbarRenderService." bug: "363318732" } flag { name: "note_op_batching_enabled" is_fixed_read_only: true is_exported: true namespace: "permissions" description: "Batch noteOperations on the client to reduce binder call volume" bug: "366013082" } flag { name: "supervision_role_permission_update_enabled" is_fixed_read_only: true is_exported: true namespace: "supervision" description: "This flag is used to enable all the remaining permissions required to the supervision role" bug: "367333883" } flag { name: "permission_request_short_circuit_enabled" is_fixed_read_only: true is_exported: true namespace: "permissions" description: "This flag is used to short circuit the request for permananently denied permissions" bug: "378923900" } flag { name: "check_op_overload_api_enabled" is_exported: true is_fixed_read_only: true namespace: "permissions" description: "Add new checkOp APIs that accept attributionTag" bug: "240617242" } flag { name: "device_policy_management_role_split_create_managed_profile_enabled" is_fixed_read_only: true is_exported: true namespace: "enterprise" description: "Gives the device policy management role the ability to create a managed profile using new APIs" bug: "375382324" } flag { name: "use_profile_labels_for_default_app_section_titles" is_exported: true is_fixed_read_only: true namespace: "profile_experiences" description: "Use profile labels from UserManager for default app section titles to allow partner customization" bug: "358369931" } flag { name: "wallet_role_cross_user_enabled" is_exported: true is_fixed_read_only: true namespace: "wallet_integration" description: "Enable the Wallet role within profiles" bug: "356107987" } flag { name: "text_classifier_choice_api_enabled" is_fixed_read_only: true is_exported: true namespace: "permissions" description: "API change to enable getTextClassifier by type" bug: "377229653" } flag { name: "updatable_text_classifier_for_otp_detection_enabled" is_fixed_read_only: true is_exported: true namespace: "permissions" description: "Enables text classifier for OTP detection that is updatable from mainline module" bug: "377229653" } flag { name: "rate_limit_batched_note_op_async_callbacks_enabled" is_fixed_read_only: true is_exported: true namespace: "permissions" description: "Rate limit async noteOp callbacks for batched noteOperation binder call" bug: "366013082" } flag { name: "system_vendor_intelligence_role_enabled" is_exported: true is_fixed_read_only: true namespace: "permissions" description: "This flag is used to enable the role system_vendor_intelligence" bug: "377553620" } flag { name: "fine_power_monitor_permission" is_fixed_read_only: true is_exported: true namespace: "permissions" description: "Add support for fine-grained PowerMonitor readings" bug: "341941666" } flag { name: "sqlite_discrete_op_event_logging_enabled" namespace: "permissions" description: "Collect sqlite performance metrics for discrete ops." bug: "377584611" } flag { name: "app_ops_service_handler_fix" is_fixed_read_only: true namespace: "permissions" description: "Use IoThread handler for AppOpsService background/IO work." bug: "394380603" } flag { name: "enforce_default_device_id_in_my_attribution_source" namespace: "permissions" description: "Force AttributionSource.myAttributionSource() to return a default device id" bug: "343121936" } flag { name: "grant_read_blocked_numbers_to_system_ui_intelligence" is_exported: true is_fixed_read_only: true namespace: "permissions" description: "This flag is used to add role protection to READ_BLOCKED_NUMBERS for SYSTEM_UI_INTELLIGENCE" bug: "354758615" } flag { name: "enable_system_supervision_role_behavior" is_fixed_read_only: true is_exported: true namespace: "supervision" description: "This flag is used to enable the role behavior for the system supervision role" bug: "378102594" }