• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1<?xml version="1.0" encoding="utf-8"?>
2
3<!-- Copyright (C) 2018 The Android Open Source Project
4
5     Licensed under the Apache License, Version 2.0 (the "License"" />
6     you may not use this file except in compliance with the License.
7     You may obtain a copy of the License at
8
9          http://www.apache.org/licenses/LICENSE-2.0
10
11     Unless required by applicable law or agreed to in writing, software
12     distributed under the License is distributed on an "AS IS" BASIS,
13     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14     See the License for the specific language governing permissions and
15     limitations under the License.
16-->
17
18<roles>
19
20    <permission-set name="phone">
21        <permission name="android.permission.READ_PHONE_STATE" />
22        <permission name="android.permission.CALL_PHONE" />
23        <permission name="android.permission.READ_CALL_LOG" />
24        <permission name="android.permission.WRITE_CALL_LOG" />
25        <permission name="com.android.voicemail.permission.ADD_VOICEMAIL" />
26        <permission name="com.android.voicemail.permission.READ_VOICEMAIL" minSdkVersion="31" />
27        <permission name="com.android.voicemail.permission.WRITE_VOICEMAIL" minSdkVersion="31" />
28        <permission name="android.permission.USE_SIP" />
29        <permission name="android.permission.PROCESS_OUTGOING_CALLS" />
30        <permission name="android.permission.ANSWER_PHONE_CALLS" />
31    </permission-set>
32
33    <permission-set name="contacts">
34        <permission name="android.permission.READ_CONTACTS" />
35        <permission name="android.permission.WRITE_CONTACTS" />
36        <permission name="android.permission.GET_ACCOUNTS" />
37    </permission-set>
38
39    <permission-set name="location">
40        <permission name="android.permission.ACCESS_COARSE_LOCATION" />
41        <permission name="android.permission.ACCESS_FINE_LOCATION" />
42    </permission-set>
43
44    <permission-set name="coarse_location">
45        <permission name="android.permission.ACCESS_COARSE_LOCATION" />
46    </permission-set>
47
48    <permission-set name="calendar">
49        <permission name="android.permission.READ_CALENDAR" />
50        <permission name="android.permission.WRITE_CALENDAR" />
51    </permission-set>
52
53    <permission-set name="sms">
54        <permission name="android.permission.SEND_SMS" />
55        <permission name="android.permission.RECEIVE_SMS" />
56        <permission name="android.permission.READ_SMS" />
57        <permission name="android.permission.RECEIVE_WAP_PUSH" />
58        <permission name="android.permission.RECEIVE_MMS" />
59        <permission name="android.permission.READ_CELL_BROADCASTS" />
60    </permission-set>
61
62    <permission-set name="microphone">
63        <permission name="android.permission.RECORD_AUDIO" />
64    </permission-set>
65
66    <permission-set name="camera">
67        <permission name="android.permission.CAMERA" />
68    </permission-set>
69
70    <permission-set name="sensors">
71        <permission name="android.permission.BODY_SENSORS" />
72        <permission name="android.permission.BODY_SENSORS_BACKGROUND" minSdkVersion="33" />
73    </permission-set>
74
75    <permission-set name="storage">
76        <permission name="android.permission.READ_EXTERNAL_STORAGE" />
77        <permission name="android.permission.WRITE_EXTERNAL_STORAGE" />
78        <permission name="android.permission.READ_MEDIA_AUDIO" minSdkVersion="33" />
79        <permission name="android.permission.READ_MEDIA_VIDEO" minSdkVersion="33" />
80        <permission name="android.permission.READ_MEDIA_IMAGES" minSdkVersion="33" />
81        <permission name="android.permission.READ_MEDIA_VISUAL_USER_SELECTED" minSdkVersion="34" />
82    </permission-set>
83
84    <permission-set name="nearby_devices">
85        <permission name="android.permission.BLUETOOTH_ADVERTISE" minSdkVersion="31" />
86        <permission name="android.permission.BLUETOOTH_CONNECT" minSdkVersion="31" />
87        <permission name="android.permission.BLUETOOTH_SCAN" minSdkVersion="31" />
88        <permission name="android.permission.NEARBY_WIFI_DEVICES" minSdkVersion="33" />
89    </permission-set>
90
91    <permission-set name="notifications">
92        <permission name="android.permission.POST_NOTIFICATIONS" minSdkVersion="33" />
93    </permission-set>
94
95    <permission-set name="virtual_device">
96        <permission name="android.permission.CREATE_VIRTUAL_DEVICE" minSdkVersion="33" />
97        <permission name="android.permission.ADD_TRUSTED_DISPLAY" minSdkVersion="33" />
98        <permission name="android.permission.ADD_ALWAYS_UNLOCKED_DISPLAY" minSdkVersion="33" />
99        <permission
100            name="android.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE"
101            featureFlag="android.companion.virtualdevice.flags.Flags.activityControlApi" />
102    </permission-set>
103
104    <role
105        name="android.app.role.ASSISTANT"
106        behavior="AssistantRoleBehavior"
107        defaultHolders="config_defaultAssistant"
108        description="@string/role_assistant_description"
109        exclusive="true"
110        exclusivity="user"
111        fallBackToDefaultHolder="true"
112        showNone="true"
113        label="@string/role_assistant_label"
114        overrideUserWhenGranting="true"
115        requestable="false"
116        shortLabel="@string/role_assistant_short_label"
117        uiBehavior="AssistantRoleUiBehavior">
118        <required-components>
119            <!-- Qualified components are determined int AssistantRoleBehavior. This comment here is
120                 ignored and represents just a rough description
121
122            <any-of>
123                <service permission="android.permission.BIND_VOICE_INTERACTION"
124                         supportsAssist="true">
125                    <intent-filter>
126                        <action name="android.service.voice.VoiceInteractionService" />
127                    </intent-filter>
128                    <meta-data name="android.voice_interaction"
129                               optional="false">
130                        required tag in metadata xml: sessionService
131                        required tag in metadata xml: recognitionService
132                        required tag in metadata xml: supportsAssist = true
133                    </meta-data>
134                </service>
135                <activity>
136                    <intent-filter>
137                        <action name="android.intent.action.ASSIST" />
138                    </intent-filter>
139                </activity>
140            </ any-of>
141
142            -->
143        </required-components>
144        <permissions>
145            <permission-set name="sms" />
146            <permission name="android.permission.READ_CALL_LOG" />
147            <permission name="android.permission.ACCESS_BLOBS_ACROSS_USERS" minSdkVersion="31" />
148            <permission name="android.permission.READ_ASSISTANT_APP_SEARCH_DATA"
149                minSdkVersion="33"/>
150            <permission name="android.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE"
151                minSdkVersion="33" />
152            <permission name="android.permission.EXECUTE_APP_ACTION"
153                minSdkVersion="34" />
154            <permission name="android.permission.MANAGE_CONTENT_SUGGESTIONS"
155                minSdkVersion="35" optionalMinSdkVersion="34" />
156            <permission name="android.permission.EMBED_ANY_APP_IN_UNTRUSTED_MODE"
157                minSdkVersion="35" />
158        </permissions>
159        <app-op-permissions>
160            <app-op-permission name="android.permission.SYSTEM_ALERT_WINDOW" />
161        </app-op-permissions>
162    </role>
163
164    <!---
165      ~ @see com.android.settings.applications.defaultapps.DefaultBrowserPreferenceController
166      ~ @see com.android.settings.applications.defaultapps.DefaultBrowserPicker
167      ~ @see com.android.server.pm.PackageManagerService.resolveAllBrowserApps(int)
168      ~ @see com.android.server.pm.PackageManagerService.setDefaultBrowserPackageName(String, int)
169      ~ @see com.android.server.pm.permission.DefaultPermissionGrantPolicy.grantDefaultPermissionsToDefaultBrowser(String, int)
170      -->
171    <role
172        name="android.app.role.BROWSER"
173        behavior="BrowserRoleBehavior"
174        defaultHolders="config_defaultBrowser"
175        description="@string/role_browser_description"
176        exclusive="true"
177        exclusivity="user"
178        label="@string/role_browser_label"
179        overrideUserWhenGranting="true"
180        requestDescription="@string/role_browser_request_description"
181        requestTitle="@string/role_browser_request_title"
182        shortLabel="@string/role_browser_short_label">
183        <!--
184          ~ Required components matching is handled in BrowserRoleBehavior because it needs the
185          ~ PackageManager.MATCH_ALL flag and other manual filtering, which cannot fit in our
186          ~ current mechanism easily.
187          -->
188        <!--
189        <required-components>
190            <activity>
191                <intent-filter>
192                    <action name="android.intent.action.VIEW" />
193                    <category name="android.intent.category.BROWSABLE" />
194                    <data scheme="http" />
195                </intent-filter>
196            </activity>
197        </required-components>
198        -->
199        <!--
200          ~ Not need to set preferred activity because PackageManager handles browser intents
201          ~ specially.
202          -->
203        <permissions>
204            <permission name="android.permission.PROVIDE_OWN_AUTOFILL_SUGGESTIONS" minSdkVersion="34" />
205        </permissions>
206    </role>
207
208    <!--
209      ~ @see com.android.settings.applications.defaultapps.DefaultPhonePreferenceController
210      ~ @see com.android.settings.applications.defaultapps.DefaultPhonePicker
211      ~ @see android.telecom.DefaultDialerManager
212      ~ @see com.android.server.pm.permission.DefaultPermissionGrantPolicy.grantDefaultPermissionsToDefaultDialerApp(String, int)
213      ~ @see com.android.server.pm.Settings.setDefaultDialerPackageNameLPw(String, int)
214      -->
215    <role
216        name="android.app.role.DIALER"
217        behavior="DialerRoleBehavior"
218        defaultHolders="config_defaultDialer"
219        description="@string/role_dialer_description"
220        exclusive="true"
221        exclusivity="user"
222        fallBackToDefaultHolder="true"
223        label="@string/role_dialer_label"
224        overrideUserWhenGranting="true"
225        requestDescription="@string/role_dialer_request_description"
226        requestTitle="@string/role_dialer_request_title"
227        searchKeywords="@string/role_dialer_search_keywords"
228        shortLabel="@string/role_dialer_short_label"
229        uiBehavior="DialerRoleUiBehavior">
230        <required-components>
231            <activity>
232                <intent-filter>
233                    <action name="android.intent.action.DIAL" />
234                </intent-filter>
235            </activity>
236            <activity>
237                <intent-filter>
238                    <action name="android.intent.action.DIAL" />
239                    <data scheme="tel" />
240                </intent-filter>
241            </activity>
242            <service minTargetSdkVersion="33" permission="android.permission.BIND_INCALL_SERVICE">
243                <meta-data name="android.telecom.IN_CALL_SERVICE_UI" value="true" />
244                <meta-data
245                    name="android.telecom.IN_CALL_SERVICE_CAR_MODE_UI"
246                    value="true"
247                    prohibited="true" />
248                <intent-filter>
249                    <action name="android.telecom.InCallService" />
250                </intent-filter>
251            </service>
252        </required-components>
253        <permissions>
254            <permission-set name="phone" />
255            <permission-set name="contacts" />
256            <permission-set name="sms" />
257            <permission-set name="microphone" />
258            <permission-set name="camera" />
259            <permission-set name="notifications" />
260        </permissions>
261        <app-op-permissions>
262            <app-op-permission name="android.permission.SYSTEM_ALERT_WINDOW" />
263        </app-op-permissions>
264        <app-ops>
265            <!--
266              ~ @see com.android.settings.applications.defaultapps.DefaultPhonePicker#setDefaultKey(String)
267              ~ @see com.android.settings.fuelgauge.BatteryUtils#setForceAppStandby(int, String, int)
268              -->
269            <app-op name="android:run_in_background" maxTargetSdkVersion="25" mode="allowed" />
270            <app-op name="android:run_any_in_background" mode="allowed" />
271        </app-ops>
272        <preferred-activities>
273            <preferred-activity>
274                <activity>
275                    <intent-filter>
276                        <action name="android.intent.action.DIAL" />
277                    </intent-filter>
278                </activity>
279                <intent-filter>
280                    <action name="android.intent.action.DIAL" />
281                </intent-filter>
282            </preferred-activity>
283            <preferred-activity>
284                <activity>
285                    <intent-filter>
286                        <action name="android.intent.action.DIAL" />
287                        <data scheme="tel" />
288                    </intent-filter>
289                </activity>
290                <intent-filter>
291                    <action name="android.intent.action.DIAL" />
292                    <data scheme="tel" />
293                </intent-filter>
294            </preferred-activity>
295        </preferred-activities>
296    </role>
297
298    <!--
299      ~ @see com.android.settings.applications.defaultapps.DefaultSmsPreferenceController
300      ~ @see com.android.settings.applications.defaultapps.DefaultSmsPicker
301      ~ @see com.android.internal.telephony.SmsApplication
302      ~ @see com.android.server.pm.permission.DefaultPermissionGrantPolicy.grantDefaultPermissionsToDefaultSmsApp(String, int)
303      -->
304    <role
305        name="android.app.role.SMS"
306        behavior="SmsRoleBehavior"
307        defaultHolders="config_defaultSms"
308        description="@string/role_sms_description"
309        exclusive="true"
310        exclusivity="user"
311        label="@string/role_sms_label"
312        overrideUserWhenGranting="true"
313        requestDescription="@string/role_sms_request_description"
314        requestTitle="@string/role_sms_request_title"
315        searchKeywords="@string/role_sms_search_keywords"
316        shortLabel="@string/role_sms_short_label"
317        uiBehavior="SmsRoleUiBehavior">
318        <required-components>
319            <receiver permission="android.permission.BROADCAST_SMS">
320                <intent-filter>
321                    <action name="android.provider.Telephony.SMS_DELIVER" />
322                </intent-filter>
323            </receiver>
324            <receiver permission="android.permission.BROADCAST_WAP_PUSH">
325                <intent-filter>
326                    <action name="android.provider.Telephony.WAP_PUSH_DELIVER" />
327                    <data mimeType="application/vnd.wap.mms-message" />
328                </intent-filter>
329            </receiver>
330            <service permission="android.permission.SEND_RESPOND_VIA_MESSAGE">
331                <intent-filter>
332                    <action name="android.intent.action.RESPOND_VIA_MESSAGE" />
333                    <data scheme="smsto" />
334                </intent-filter>
335            </service>
336            <activity>
337                <intent-filter>
338                    <action name="android.intent.action.SENDTO" />
339                    <data scheme="smsto" />
340                </intent-filter>
341            </activity>
342        </required-components>
343        <permissions>
344            <permission-set name="phone" />
345            <permission-set name="contacts" />
346            <permission-set name="sms" />
347            <permission-set name="storage" />
348            <permission-set name="microphone" />
349            <permission-set name="camera" />
350            <permission-set name="notifications" />
351            <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" minSdkVersion="31" />
352        </permissions>
353        <app-ops>
354            <app-op name="android:write_sms" mode="allowed" />
355            <!--
356              ~ @see com.android.settings.applications.defaultapps.DefaultSmsPicker#setDefaultKey(String)
357              ~ @see com.android.settings.fuelgauge.BatteryUtils#setForceAppStandby(int, String, int)
358              -->
359            <app-op name="android:run_in_background" maxTargetSdkVersion="25" mode="allowed" />
360            <app-op name="android:run_any_in_background" mode="allowed" />
361            <app-op name="android:read_device_identifiers" mode="allowed" />
362        </app-ops>
363        <preferred-activities>
364            <preferred-activity>
365                <activity>
366                    <intent-filter>
367                        <action name="android.intent.action.SENDTO" />
368                        <data scheme="smsto" />
369                    </intent-filter>
370                </activity>
371                <intent-filter>
372                    <action name="android.intent.action.SENDTO" />
373                    <data scheme="sms" />
374                </intent-filter>
375                <intent-filter>
376                    <action name="android.intent.action.SENDTO" />
377                    <data scheme="smsto" />
378                </intent-filter>
379                <intent-filter>
380                    <action name="android.intent.action.SENDTO" />
381                    <data scheme="mms" />
382                </intent-filter>
383                <intent-filter>
384                    <action name="android.intent.action.SENDTO" />
385                    <data scheme="mmsto" />
386                </intent-filter>
387            </preferred-activity>
388        </preferred-activities>
389    </role>
390
391    <!---
392      ~ @see com.android.settings.applications.defaultapps.DefaultEmergencyPreferenceController
393      ~ @see com.android.settings.applications.defaultapps.DefaultEmergencyPicker
394      ~ @see com.android.phone.EmergencyAssistanceHelper
395      -->
396    <role
397        name="android.app.role.EMERGENCY"
398        behavior="EmergencyRoleBehavior"
399        description="@string/role_emergency_description"
400        exclusive="true"
401        exclusivity="user"
402        label="@string/role_emergency_label"
403        overrideUserWhenGranting="true"
404        requestDescription="@string/role_emergency_request_description"
405        requestTitle="@string/role_emergency_request_title"
406        searchKeywords="@string/role_emergency_search_keywords"
407        shortLabel="@string/role_emergency_short_label"
408        systemOnly="true"
409        uiBehavior="EmergencyRoleUiBehavior">
410        <required-components>
411            <activity>
412                <intent-filter>
413                    <action name="android.telephony.action.EMERGENCY_ASSISTANCE" />
414                </intent-filter>
415            </activity>
416        </required-components>
417        <permissions>
418            <permission-set name="notifications" />
419            <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" minSdkVersion="31" />
420            <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" minSdkVersion="31" />
421        </permissions>
422    </role>
423
424    <!---
425      ~ @see com.android.settings.applications.defaultapps.DefaultHomePreferenceController
426      ~ @see com.android.settings.applications.defaultapps.DefaultHomePicker
427      ~ @see com.android.server.pm.PackageManagerService#setHomeActivity(ComponentName, int)
428      -->
429    <role
430        name="android.app.role.HOME"
431        behavior="HomeRoleBehavior"
432        description="@string/role_home_description"
433        exclusive="true"
434        exclusivity="user"
435        label="@string/role_home_label"
436        overrideUserWhenGranting="true"
437        requestDescription="@string/role_home_request_description"
438        requestTitle="@string/role_home_request_title"
439        searchKeywords="@string/role_home_search_keywords"
440        shortLabel="@string/role_home_short_label"
441        uiBehavior="HomeRoleUiBehavior">
442        <!-- Also used by HomeRoleBehavior.getFallbackHolder(). -->
443        <required-components>
444            <activity>
445                <intent-filter>
446                    <action name="android.intent.action.MAIN" />
447                    <category name="android.intent.category.HOME" />
448                </intent-filter>
449            </activity>
450        </required-components>
451        <preferred-activities>
452            <preferred-activity>
453                <activity>
454                    <intent-filter>
455                        <action name="android.intent.action.MAIN" />
456                        <category name="android.intent.category.HOME" />
457                    </intent-filter>
458                </activity>
459                <intent-filter>
460                    <action name="android.intent.action.MAIN" />
461                    <category name="android.intent.category.HOME" />
462                </intent-filter>
463            </preferred-activity>
464        </preferred-activities>
465        <permissions>
466            <permission name="android.permission.READ_HOME_APP_SEARCH_DATA" minSdkVersion="33" />
467            <permission name="android.permission.ALLOW_SLIPPERY_TOUCHES" minSdkVersion="33" optionalMinSdkVersion="30" />
468            <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35" />
469        </permissions>
470        <app-ops>
471            <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/>
472        </app-ops>
473    </role>
474
475    <!--- @see android.telecom.CallRedirectionService -->
476    <role
477        name="android.app.role.CALL_REDIRECTION"
478        defaultHolders="config_defaultCallRedirection"
479        description="@string/role_call_redirection_description"
480        exclusive="true"
481        exclusivity="user"
482        label="@string/role_call_redirection_label"
483        overrideUserWhenGranting="true"
484        requestDescription="@string/role_call_redirection_request_description"
485        requestTitle="@string/role_call_redirection_request_title"
486        shortLabel="@string/role_call_redirection_short_label"
487        showNone="true">
488        <required-components>
489            <service permission="android.permission.BIND_CALL_REDIRECTION_SERVICE">
490                <intent-filter>
491                    <action name="android.telecom.CallRedirectionService" />
492                </intent-filter>
493            </service>
494        </required-components>
495    </role>
496
497    <!--- @see android.telecom.CallScreeningService -->
498    <role
499        name="android.app.role.CALL_SCREENING"
500        defaultHolders="config_defaultCallScreening"
501        description="@string/role_call_screening_description"
502        exclusive="true"
503        exclusivity="user"
504        label="@string/role_call_screening_label"
505        overrideUserWhenGranting="true"
506        requestDescription="@string/role_call_screening_request_description"
507        requestTitle="@string/role_call_screening_request_title"
508        shortLabel="@string/role_call_screening_short_label"
509        showNone="true">
510        <required-components>
511            <service permission="android.permission.BIND_SCREENING_SERVICE">
512                <intent-filter>
513                    <action name="android.telecom.CallScreeningService" />
514                </intent-filter>
515            </service>
516        </required-components>
517        <permissions>
518            <permission-set name="notifications" />
519        </permissions>
520        <app-op-permissions>
521            <app-op-permission name="android.permission.SYSTEM_ALERT_WINDOW" />
522        </app-op-permissions>
523    </role>
524
525    <role
526        name="android.app.role.SYSTEM_GALLERY"
527        defaultHolders="config_systemGallery"
528        exclusive="true"
529        exclusivity="user"
530        static="true"
531        systemOnly="true"
532        visible="false">
533        <permissions>
534            <permission-set name="storage" />
535            <permission name="android.permission.ACCESS_MEDIA_LOCATION" />
536            <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" minSdkVersion="31" />
537        </permissions>
538        <app-ops>
539            <app-op name="android:write_media_images" mode="allowed" />
540            <app-op name="android:write_media_video" mode="allowed" />
541        </app-ops>
542    </role>
543
544    <role
545        name="android.app.role.SYSTEM_AUTOMOTIVE_CLUSTER"
546        behavior="v31.AutomotiveRoleBehavior"
547        defaultHolders="config_systemAutomotiveCluster"
548        exclusive="true"
549        exclusivity="user"
550        minSdkVersion="31"
551        static="true"
552        systemOnly="true"
553        visible="false">
554        <permissions>
555            <permission name="android.permission.ANSWER_PHONE_CALLS" />
556            <permission name="android.permission.READ_CALL_LOG" />
557            <permission name="android.permission.READ_CONTACTS" />
558            <permission name="android.car.permission.CAR_ENERGY"/>
559        </permissions>
560    </role>
561
562    <role
563        name="android.app.role.COMPANION_DEVICE_WATCH"
564        behavior="v31.CompanionDeviceWatchRoleBehavior"
565        description="@string/role_watch_description"
566        exclusive="false"
567        exclusivity="none"
568        minSdkVersion="31"
569        systemOnly="false"
570        visible="false">
571        <permissions>
572            <permission-set name="calendar" />
573            <permission-set name="phone" />
574            <permission-set name="sms" />
575            <permission-set name="contacts" />
576            <permission-set name="nearby_devices" />
577            <permission-set name="notifications" minSdkVersion="35" />
578            <!-- If this role holder has a NotificationListenerService, let that service receive
579                 notifications with sensitive content unredacted-->
580            <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/>
581        </permissions>
582        <app-op-permissions>
583            <app-op-permission name="android.permission.MANAGE_ONGOING_CALLS" />
584            <app-op-permission name="android.permission.USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER" />
585            <app-op-permission name="android.permission.MEDIA_ROUTING_CONTROL" minSdkVersion="35" />
586        </app-op-permissions>
587        <app-ops>
588            <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/>
589        </app-ops>
590    </role>
591
592    <role
593        name="android.app.role.SYSTEM_AUTOMOTIVE_PROJECTION"
594        defaultHolders="config_systemAutomotiveProjection"
595        exclusive="true"
596        exclusivity="user"
597        minSdkVersion="31"
598        static="true"
599        systemOnly="true"
600        visible="false">
601        <permissions>
602            <permission-set name="microphone" />
603            <permission-set name="location" />
604            <permission-set name="nearby_devices" />
605            <permission-set name="notifications" />
606            <permission name="android.permission.ADD_ALWAYS_UNLOCKED_DISPLAY" minSdkVersion="33" />
607            <permission name="android.permission.CALL_PHONE" />
608            <permission name="android.permission.CREATE_VIRTUAL_DEVICE" minSdkVersion="33" />
609            <permission name="android.permission.READ_CALENDAR" />
610            <permission name="android.permission.READ_CALL_LOG" />
611            <permission name="android.permission.READ_CONTACTS" />
612            <permission name="android.permission.READ_PHONE_STATE" />
613            <permission name="android.permission.RECEIVE_SMS" />
614            <permission name="android.permission.REQUEST_COMPANION_PROFILE_AUTOMOTIVE_PROJECTION" minSdkVersion="33" />
615            <permission name="android.permission.SEND_SMS" />
616            <permission name="android.permission.TOGGLE_AUTOMOTIVE_PROJECTION" minSdkVersion="33" />
617            <permission name="android.permission.ADD_TRUSTED_DISPLAY" minSdkVersion="34"/>
618            <permission name="android.permission.ASSOCIATE_COMPANION_DEVICES" minSdkVersion="34"/>
619            <!-- If this role holder has a NotificationListenerService, let that service receive
620                 notifications with sensitive content unredacted-->
621            <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/>
622            <permission name="android.permission.CAPTURE_SECURE_VIDEO_OUTPUT" minSdkVersion="35" />
623        </permissions>
624        <app-ops>
625            <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/>
626        </app-ops>
627    </role>
628
629    <role
630        name="android.app.role.SYSTEM_SHELL"
631        behavior="v31.SystemShellRoleBehavior"
632        defaultHolders="config_systemShell"
633        exclusive="true"
634        exclusivity="user"
635        minSdkVersion="31"
636        static="true"
637        systemOnly="true"
638        visible="false">
639        <permissions>
640            <!-- Used for CTS testing -->
641            <permission name="android.permission.ACCESS_RCS_USER_CAPABILITY_EXCHANGE" />
642            <permission name="android.permission.ACCESS_AMBIENT_CONTEXT_EVENT" minSdkVersion="33"/>
643            <permission name="android.permission.PERFORM_IMS_SINGLE_REGISTRATION" />
644            <permission name="android.permission.BACKGROUND_CAMERA" />
645            <permission name="android.permission.RECORD_BACKGROUND_AUDIO" />
646            <permission name="android.permission.BYPASS_ROLE_QUALIFICATION" />
647            <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" />
648            <permission name="android.permission.MANAGE_SENSOR_PRIVACY" />
649            <permission name="android.permission.READ_GLOBAL_APP_SEARCH_DATA" />
650            <permission name="android.permission.TOGGLE_AUTOMOTIVE_PROJECTION" minSdkVersion="33" />
651            <permission name="android.permission.SET_DEFAULT_ACCOUNT_FOR_CONTACTS"
652                minSdkVersion="33" />
653            <permission name="android.permission.REQUEST_COMPANION_PROFILE_AUTOMOTIVE_PROJECTION"
654                minSdkVersion="33" />
655            <permission name="android.permission.MANAGE_SAFETY_CENTER"
656                minSdkVersion="33" />
657            <permission name="android.permission.ASSOCIATE_COMPANION_DEVICES" minSdkVersion="36" />
658            <permission name="android.permission.CREATE_VIRTUAL_DEVICE" minSdkVersion="33" />
659            <permission name="android.permission.ADD_TRUSTED_DISPLAY" minSdkVersion="33" />
660            <permission name="android.permission.ADD_ALWAYS_UNLOCKED_DISPLAY" minSdkVersion="33" />
661            <permission name="android.permission.ADD_MIRROR_DISPLAY"
662                featureFlag="android.companion.virtualdevice.flags.Flags.enableLimitedVdmRole" />
663            <permission name="android.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE"
664                minSdkVersion="33" />
665            <permission name="android.permission.MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT"
666                minSdkVersion="34" />
667            <permission name="android.permission.MANAGE_DEVICE_POLICY_AIRPLANE_MODE"
668                minSdkVersion="34" />
669            <permission name="android.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL"
670                minSdkVersion="34" />
671            <permission name="android.permission.MANAGE_DEVICE_POLICY_APP_EXEMPTIONS"
672                minSdkVersion="34" />
673            <permission name="android.permission.MANAGE_DEVICE_POLICY_APP_RESTRICTIONS"
674                minSdkVersion="34" />
675            <permission name="android.permission.MANAGE_DEVICE_POLICY_BLUETOOTH"
676                minSdkVersion="34" />
677            <permission name="android.permission.MANAGE_DEVICE_POLICY_CALLS" minSdkVersion="34" />
678            <permission name="android.permission.MANAGE_DEVICE_POLICY_CAMERA"
679                minSdkVersion="34" />
680            <permission name="android.permission.MANAGE_DEVICE_POLICY_CONTENT_PROTECTION"
681                minSdkVersion="35" />
682            <permission name="android.permission.MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES"
683                minSdkVersion="34" />
684            <permission name="android.permission.MANAGE_DEVICE_POLICY_FACTORY_RESET"
685                minSdkVersion="34" />
686            <permission name="android.permission.MANAGE_DEVICE_POLICY_FUN" minSdkVersion="34" />
687            <permission name="android.permission.MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES"
688                minSdkVersion="34" />
689            <permission name="android.permission.MANAGE_DEVICE_POLICY_KEYGUARD"
690                minSdkVersion="34" />
691            <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK" minSdkVersion="34" />
692            <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK_TASK"
693                minSdkVersion="34" />
694            <permission name="android.permission.MANAGE_DEVICE_POLICY_MOBILE_NETWORK"
695                minSdkVersion="34" />
696            <permission name="android.permission.MANAGE_DEVICE_POLICY_MODIFY_USERS"
697                minSdkVersion="34" />
698            <permission name="android.permission.MANAGE_DEVICE_POLICY_PACKAGE_STATE"
699                minSdkVersion="34" />
700            <permission name="android.permission.MANAGE_DEVICE_POLICY_PHYSICAL_MEDIA"
701                minSdkVersion="34" />
702            <permission name="android.permission.MANAGE_DEVICE_POLICY_RESET_PASSWORD"
703                minSdkVersion="34" />
704            <permission name="android.permission.MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS"
705                minSdkVersion="34" />
706            <permission name="android.permission.MANAGE_DEVICE_POLICY_SAFE_BOOT"
707                minSdkVersion="34" />
708            <permission name="android.permission.MANAGE_DEVICE_POLICY_SMS" minSdkVersion="34" />
709            <permission name="android.permission.MANAGE_DEVICE_POLICY_STATUS_BAR"
710                minSdkVersion="34" />
711            <permission name="android.permission.MANAGE_DEVICE_POLICY_TIME" minSdkVersion="34" />
712            <permission name="android.permission.MANAGE_DEVICE_POLICY_USB_FILE_TRANSFER"
713                minSdkVersion="34" />
714            <permission name="android.permission.MANAGE_DEVICE_POLICY_WINDOWS" minSdkVersion="34" />
715            <permission name="android.permission.MANAGE_DEVICE_POLICY_WIPE_DATA"
716                minSdkVersion="34" />
717            <permission name="android.permission.SET_TIME" minSdkVersion="34" />
718            <permission name="android.permission.SET_TIME_ZONE" minSdkVersion="34" />
719            <permission name="android.permission.SATELLITE_COMMUNICATION" minSdkVersion="34" />
720            <permission name="android.permission.ALWAYS_UPDATE_WALLPAPER" minSdkVersion="35" />
721            <permission name="android.permission.EMBED_ANY_APP_IN_UNTRUSTED_MODE"
722                minSdkVersion="35" />
723            <permission name="android.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING"
724                minSdkVersion="35" />
725            <permission name="android.permission.MANAGE_DEVICE_POLICY_MTE"
726                minSdkVersion="36" />
727        </permissions>
728        <!-- App ops needed to allow background access to audio APIs for CTS -->
729        <app-ops>
730            <app-op name="android:control_audio" mode="allowed" minSdkVersion="36"/>
731            <app-op name="android:control_audio_partial" mode="allowed" minSdkVersion="36"/>
732        </app-ops>
733    </role>
734
735    <role
736        name="android.app.role.SYSTEM_CONTACTS"
737        defaultHolders="config_systemContacts"
738        exclusive="true"
739        exclusivity="user"
740        minSdkVersion="31"
741        static="true"
742        systemOnly="true"
743        visible="false">
744        <permissions>
745            <permission name="android.permission.ACCESS_RCS_USER_CAPABILITY_EXCHANGE" />
746            <permission name="android.permission.SET_DEFAULT_ACCOUNT_FOR_CONTACTS"
747                minSdkVersion="33" />
748        </permissions>
749    </role>
750
751    <role
752        name="android.app.role.SYSTEM_SPEECH_RECOGNIZER"
753        allowBypassingQualification="true"
754        defaultHolders="config_systemSpeechRecognizer"
755        exclusive="true"
756        exclusivity="user"
757        minSdkVersion="31"
758        static="true"
759        systemOnly="true"
760        visible="false">
761        <permissions>
762            <permission name="android.permission.RECORD_AUDIO" />
763            <permission name="android.permission.UPDATE_APP_OPS_STATS" />
764        </permissions>
765        <required-components>
766            <service>
767                <intent-filter>
768                    <action name="android.speech.RecognitionService" />
769                </intent-filter>
770            </service>
771        </required-components>
772    </role>
773
774    <role
775        name="android.app.role.SYSTEM_WIFI_COEX_MANAGER"
776        defaultHolders="config_systemWifiCoexManager"
777        exclusive="true"
778        exclusivity="user"
779        minSdkVersion="31"
780        static="true"
781        systemOnly="true"
782        visible="false">
783        <permissions>
784            <permission name="android.permission.WIFI_ACCESS_COEX_UNSAFE_CHANNELS" />
785            <permission name="android.permission.WIFI_UPDATE_COEX_UNSAFE_CHANNELS" />
786        </permissions>
787    </role>
788
789    <role
790        name="android.app.role.SYSTEM_WELLBEING"
791        defaultHolders="config_systemWellbeing"
792        exclusive="true"
793        exclusivity="user"
794        minSdkVersion="31"
795        static="true"
796        systemOnly="true"
797        visible="false" >
798        <permissions>
799            <permission-set name="notifications" />
800            <permission name="android.permission.ACCESS_AMBIENT_CONTEXT_EVENT" minSdkVersion="33"/>
801            <permission name="android.permission.ACCESS_INSTANT_APPS"/>
802            <permission name="android.permission.START_CROSS_PROFILE_ACTIVITIES" minSdkVersion="33"/>
803            <permission name="android.permission.SUSPEND_APPS"/>
804            <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY"/>
805        </permissions>
806        <app-op-permissions>
807            <app-op-permission name="android.permission.SCHEDULE_EXACT_ALARM" minSdkVersion="34"/>
808        </app-op-permissions>
809    </role>
810
811    <!---
812      ~ A role for the notification handler on TV devices.
813      ~ Note: on TV devices that have the Dashboard screen, the holder for this role is responsible
814      ~ for it, which is why it needs OBSERVE_SENSOR_PRIVACY permission (the Dashboard displays
815      ~ the state of the privacy sensors).
816      -->
817    <role
818        name="android.app.role.SYSTEM_TELEVISION_NOTIFICATION_HANDLER"
819        behavior="v31.TelevisionRoleBehavior"
820        defaultHolders="config_systemTelevisionNotificationHandler"
821        exclusive="true"
822        exclusivity="user"
823        minSdkVersion="31"
824        static="true"
825        systemOnly="true"
826        visible="false">
827        <permissions>
828            <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY" />
829            <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" />
830        </permissions>
831    </role>
832
833    <!---
834        A role for the system package that is allowed to create CompanionDeviceManager associations
835        based on user consent to allow the associated app to manage the associated device.
836    -->
837    <role
838        name="android.app.role.SYSTEM_COMPANION_DEVICE_PROVIDER"
839        defaultHolders="config_systemCompanionDeviceProvider"
840        exclusive="true"
841        exclusivity="user"
842        minSdkVersion="31"
843        static="true"
844        systemOnly="true"
845        visible="false" >
846        <permissions>
847            <permission name="android.permission.ASSOCIATE_COMPANION_DEVICES"/>
848        </permissions>
849    </role>
850
851    <!---
852      ~ A role for the system package that provides privacy-preserving intelligent processor for
853      ~ system UI features.
854      ~
855      ~ A package holding this role MUST comply with requirements outlined in the Android CDD
856      ~ section "9.8.6 Content Capture".
857      ~ Example link for Android 11:
858      ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture
859      ~
860      ~ In addition, packages MUST NOT:
861      ~ - Request INTERNET permission. Instead packages MUST access the internet through
862      ~   well-defined APIs in an open source project.
863      ~ - Perform direct binds to other applications, except the following system packages or
864      ~   other preloaded packages conforming with the requirements here:
865      ~   - Bluetooth
866      ~   - Contacts
867      ~   - Media
868      ~   - Telephony
869      ~   - System UI
870      ~   - Component providing internet APIs (see above)
871      ~   To achieve this packages MUST set up explicit <allow-association> configuration in the
872      ~   system config.
873      -->
874    <role
875        name="android.app.role.SYSTEM_UI_INTELLIGENCE"
876        defaultHolders="config_systemUiIntelligence"
877        exclusive="true"
878        exclusivity="user"
879        minSdkVersion="31"
880        static="true"
881        systemOnly="true"
882        visible="false">
883        <permissions>
884            <permission-set name="notifications" />
885            <permission name="android.permission.ACCESS_SHORTCUTS" />
886            <permission name="android.permission.ACCESS_BACKGROUND_LOCATION" minSdkVersion="33" />
887            <permission name="android.permission.ACCESS_COARSE_LOCATION" minSdkVersion="33" />
888            <permission name="android.permission.ACCESS_FINE_LOCATION" minSdkVersion="33" />
889            <permission name="android.permission.BLUETOOTH_CONNECT" />
890            <permission name="android.permission.BLUETOOTH_SCAN" />
891            <permission name="android.permission.MANAGE_APP_PREDICTIONS" />
892            <permission name="android.permission.UNLIMITED_SHORTCUTS_API_CALLS" />
893            <permission name="android.permission.MANAGE_SEARCH_UI" />
894            <permission name="android.permission.READ_CALL_LOG" minSdkVersion="33" />
895            <permission name="android.permission.READ_CONTACTS" minSdkVersion="33" />
896            <permission name="android.permission.READ_EXTERNAL_STORAGE" />
897            <permission name="android.permission.READ_MEDIA_AUDIO" minSdkVersion="33" />
898            <permission name="android.permission.READ_MEDIA_IMAGES" minSdkVersion="33" />
899            <permission name="android.permission.READ_MEDIA_VIDEO" minSdkVersion="33" />
900            <permission name="android.permission.READ_SMS" minSdkVersion="33" />
901            <permission name="android.permission.READ_PEOPLE_DATA" />
902            <permission name="android.permission.READ_GLOBAL_APP_SEARCH_DATA" />
903            <permission name="android.permission.READ_BLOCKED_NUMBERS"
904                featureFlag="android.permission.flags.Flags.grantReadBlockedNumbersToSystemUiIntelligence" />
905        </permissions>
906    </role>
907
908    <!---
909      ~ A role for the system package that provides on-device intelligent processor for ambient
910      ~ audio.
911      ~
912      ~ A package holding this role MUST comply with requirements outlined in the Android CDD
913      ~ section "9.8.6 Content Capture".
914      ~ Example link for Android 11:
915      ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture
916      ~
917      ~ In addition, packages MUST NOT:
918      ~ - Request INTERNET permission. Instead packages MUST access the internet through
919      ~   well-defined APIs in an open source project.
920      ~ - Perform direct binds to other applications, except the following system packages:
921      ~   - Bluetooth
922      ~   - Contacts
923      ~   - Media
924      ~   - Telephony
925      ~   - System UI
926      ~   - Component providing internet APIs (see above)
927      ~   To achieve this packages MUST set up explicit <allow-association> configuration in the
928      ~   system config.
929      -->
930    <role
931        name="android.app.role.SYSTEM_AMBIENT_AUDIO_INTELLIGENCE"
932        defaultHolders="config_systemAmbientAudioIntelligence"
933        exclusive="true"
934        exclusivity="user"
935        minSdkVersion="31"
936        static="true"
937        systemOnly="true"
938        visible="false">
939        <permissions>
940            <permission-set name="notifications" />
941            <permission name="android.permission.CAPTURE_AUDIO_OUTPUT" />
942            <permission name="android.permission.CAPTURE_MEDIA_OUTPUT" />
943            <permission name="android.permission.CAPTURE_VOICE_COMMUNICATION_OUTPUT" />
944            <permission name="android.permission.MODIFY_AUDIO_ROUTING" />
945            <permission name="android.permission.RECORD_AUDIO" />
946            <permission name="android.permission.CAPTURE_AUDIO_HOTWORD" />
947            <permission name="android.permission.EXEMPT_FROM_AUDIO_RECORD_RESTRICTIONS" />
948            <permission name="android.permission.MANAGE_SOUND_TRIGGER" />
949            <permission name="android.permission.LOCATION_HARDWARE" />
950            <permission name="android.permission.MANAGE_MUSIC_RECOGNITION" />
951            <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" />
952            <permission name="android.permission.READ_PHONE_STATE" minSdkVersion="33" />
953        </permissions>
954    </role>
955
956    <!---
957      ~ A role for the system package that provides on-device intelligent processor for audio.
958      ~
959      ~ A package holding this role MUST comply with requirements outlined in the Android CDD
960      ~ section "9.8.6 Content Capture".
961      ~ Example link for Android 11:
962      ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture
963      ~
964      ~ In addition, packages MUST NOT:
965      ~ - Request INTERNET permission. Instead packages MUST access the internet through
966      ~   well-defined APIs in an open source project.
967      ~ - Perform direct binds to other applications, except the following system packages:
968      ~   - Bluetooth
969      ~   - Contacts
970      ~   - Media
971      ~   - Telephony
972      ~   - System UI
973      ~   - Component providing internet APIs (see above)
974      ~   To achieve this packages MUST set up explicit <allow-association> configuration in the
975      ~   system config.
976      -->
977    <role
978        name="android.app.role.SYSTEM_AUDIO_INTELLIGENCE"
979        defaultHolders="config_systemAudioIntelligence"
980        exclusive="true"
981        exclusivity="user"
982        minSdkVersion="31"
983        static="true"
984        systemOnly="true"
985        visible="false">
986        <permissions>
987            <permission-set name="notifications" />
988            <permission name="android.permission.CAPTURE_AUDIO_OUTPUT" />
989            <permission name="android.permission.CAPTURE_MEDIA_OUTPUT" />
990            <permission name="android.permission.CAPTURE_VOICE_COMMUNICATION_OUTPUT" />
991            <permission name="android.permission.CONTROL_INCALL_EXPERIENCE" />
992            <permission name="android.permission.MODIFY_AUDIO_ROUTING" />
993            <permission name="android.permission.MODIFY_PHONE_STATE" />
994            <permission name="android.permission.READ_CALL_LOG" minSdkVersion="33" />
995            <permission name="android.permission.READ_PHONE_STATE" minSdkVersion="33" />
996            <permission name="android.permission.RECORD_AUDIO" />
997            <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY" />
998            <permission name="android.permission.SET_SYSTEM_AUDIO_CAPTION" minSdkVersion="33" />
999        </permissions>
1000    </role>
1001
1002    <!---
1003      ~ A role for the system package that provides on-device intelligent processor for
1004      ~ notifications.
1005      ~
1006      ~ A package holding this role MUST comply with requirements outlined in the Android CDD
1007      ~ section "9.8.6 Content Capture".
1008      ~ Example link for Android 11:
1009      ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture
1010      ~
1011      ~ In addition, packages MUST NOT:
1012      ~ - Request INTERNET permission. Instead packages MUST access the internet through
1013      ~   well-defined APIs in an open source project.
1014      ~ - Perform direct binds to other applications, except the following system packages:
1015      ~   - Bluetooth
1016      ~   - Contacts
1017      ~   - Media
1018      ~   - Telephony
1019      ~   - System UI
1020      ~   - Component providing internet APIs (see above)
1021      ~   To achieve this packages MUST set up explicit <allow-association> configuration in the
1022      ~   system config.
1023      -->
1024    <role
1025        name="android.app.role.SYSTEM_NOTIFICATION_INTELLIGENCE"
1026        defaultHolders="config_systemNotificationIntelligence"
1027        exclusive="true"
1028        exclusivity="user"
1029        minSdkVersion="31"
1030        static="true"
1031        systemOnly="true"
1032        visible="false">
1033        <permissions>
1034            <permission-set name="notifications" />
1035            <permission name="android.permission.REQUEST_NOTIFICATION_ASSISTANT_SERVICE" />
1036            <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY" />
1037            <!-- If this role holder has a NotificationListenerService, let that service receive
1038                 notifications with sensitive content unredacted-->
1039            <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/>
1040            <permission name="android.permission.ACCESS_TEXT_CLASSIFIER_BY_TYPE" minSdkVersion="36"
1041                featureFlag="android.permission.flags.Flags.textClassifierChoiceApiEnabled"/>
1042        </permissions>
1043        <app-ops>
1044            <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/>
1045        </app-ops>
1046    </role>
1047
1048    <!---
1049      ~ A role for the system package that provides on-device intelligent processor for text.
1050      ~
1051      ~ A package holding this role MUST comply with requirements outlined in the Android CDD
1052      ~ section "9.8.6 Content Capture".
1053      ~ Example link for Android 11:
1054      ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture
1055      ~
1056      ~ In addition, packages MUST NOT:
1057      ~ - Request INTERNET permission. Instead packages MUST access the internet through
1058      ~   well-defined APIs in an open source project.
1059      ~ - Perform direct binds to other applications, except the following system packages:
1060      ~   - Bluetooth
1061      ~   - Contacts
1062      ~   - Media
1063      ~   - Telephony
1064      ~   - System UI
1065      ~   - Component providing internet APIs (see above)
1066      ~   To achieve this packages MUST set up explicit <allow-association> configuration in the
1067      ~   system config.
1068      -->
1069    <role
1070        name="android.app.role.SYSTEM_TEXT_INTELLIGENCE"
1071        defaultHolders="config_systemTextIntelligence"
1072        exclusive="true"
1073        exclusivity="user"
1074        minSdkVersion="31"
1075        static="true"
1076        systemOnly="true"
1077        visible="false">
1078        <permissions>
1079            <permission-set name="notifications" />
1080            <permission name="android.permission.ACCESS_BACKGROUND_LOCATION" minSdkVersion="33" />
1081            <permission name="android.permission.ACCESS_COARSE_LOCATION" minSdkVersion="33" />
1082            <permission name="android.permission.MANAGE_UI_TRANSLATION" />
1083            <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY" />
1084            <permission name="android.permission.READ_CLIPBOARD_IN_BACKGROUND" minSdkVersion="33" />
1085        </permissions>
1086    </role>
1087
1088    <!---
1089      ~ A role for the system package that provides on-device intelligent processor for visual
1090      ~ features.
1091      ~
1092      ~ A package holding this role MUST comply with requirements outlined in the Android CDD
1093      ~ section "9.8.6 Content Capture".
1094      ~ Example link for Android 11:
1095      ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture
1096      ~
1097      ~ In addition, packages MUST NOT:
1098      ~ - Request INTERNET permission. Instead packages MUST access the internet through
1099      ~   well-defined APIs in an open source project.
1100      ~ - Perform direct binds to other applications, except the following system packages:
1101      ~   - Bluetooth
1102      ~   - Contacts
1103      ~   - Media
1104      ~   - Telephony
1105      ~   - System UI
1106      ~   - Component providing internet APIs (see above)
1107      ~   To achieve this packages MUST set up explicit <allow-association> configuration in the
1108      ~   system config.
1109      -->
1110    <role
1111        name="android.app.role.SYSTEM_VISUAL_INTELLIGENCE"
1112        defaultHolders="config_systemVisualIntelligence"
1113        exclusive="true"
1114        exclusivity="user"
1115        minSdkVersion="31"
1116        static="true"
1117        systemOnly="true"
1118        visible="false">
1119        <permissions>
1120            <permission-set name="notifications" />
1121            <permission name="android.permission.CAMERA" />
1122            <permission name="android.permission.SYSTEM_CAMERA" />
1123            <permission name="android.permission.UPDATE_DEVICE_STATS" />
1124            <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" />
1125        </permissions>
1126    </role>
1127
1128    <!---
1129      ~ A role for the system package that is allowed to manage documents (e.g., attach files etc.)
1130      ~ on the device.
1131      ~ A package holding this role must comply with the requirements outlined in the Android CDD
1132      ~ section "2.2.3. Software" under heading "3.2.3.1/H-0-1".
1133      ~ Example link for Android 11:
1134      ~ https://source.android.com/compatibility/11/android-11-cdd#2_2_3_software
1135    -->
1136    <role
1137        name="android.app.role.SYSTEM_DOCUMENT_MANAGER"
1138        behavior="v33.DocumentManagerRoleBehavior"
1139        exclusive="true"
1140        exclusivity="user"
1141        minSdkVersion="33"
1142        static="true"
1143        systemOnly="true"
1144        visible="false">
1145        <required-components>
1146            <!--- Flag value is MATCH_DISABLED_COMPONENTS-->
1147            <activity queryFlags="0x00000200">
1148                <intent-filter>
1149                    <action name="android.intent.action.OPEN_DOCUMENT" />
1150                    <category name="android.intent.category.OPENABLE" />
1151                    <data mimeType="*/*" />
1152                </intent-filter>
1153            </activity>
1154        </required-components>
1155        <permissions>
1156            <permission-set name="notifications" />
1157            <permission name="android.permission.MANAGE_DOCUMENTS" />
1158            <permission name="android.permission.CACHE_CONTENT" />
1159            <permission name="android.permission.REMOVE_TASKS" />
1160        </permissions>
1161    </role>
1162
1163    <!---
1164      ~ A role for the system package that serves as the activity recognizer on the device.
1165      ~ This is the application that provides the data behind the activity recognition
1166      ~ runtime permission.
1167      -->
1168    <role
1169        name="android.app.role.SYSTEM_ACTIVITY_RECOGNIZER"
1170        allowBypassingQualification="true"
1171        defaultHolders="config_systemActivityRecognizer"
1172        exclusive="false"
1173        exclusivity="none"
1174        static="true"
1175        systemOnly="true"
1176        visible="false">
1177        <required-components>
1178            <service>
1179                <intent-filter>
1180                    <action name="android.intent.action.ACTIVITY_RECOGNIZER" />
1181                </intent-filter>
1182            </service>
1183        </required-components>
1184    </role>
1185
1186    <!---
1187      ~ A role for the system UI package.
1188      -->
1189    <role
1190        name="android.app.role.SYSTEM_UI"
1191        defaultHolders="config_systemUi"
1192        exclusive="true"
1193        exclusivity="user"
1194        minSdkVersion="31"
1195        static="true"
1196        systemOnly="true"
1197        visible="false">
1198        <permissions>
1199            <permission-set name="notifications" />
1200            <permission name="android.permission.MANAGE_SENSOR_PRIVACY" />
1201            <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" />
1202            <permission name="android.permission.ACCESS_AMBIENT_CONTEXT_EVENT" minSdkVersion="33"/>
1203            <!-- If this role holder has a NotificationListenerService, let that service receive
1204                 notifications with sensitive content unredacted-->
1205            <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/>
1206        </permissions>
1207        <app-ops>
1208            <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/>
1209        </app-ops>
1210    </role>
1211
1212    <!---
1213      ~ A role for the package responsible for interacting with a TV remote.
1214      -->
1215    <role
1216        name="android.app.role.SYSTEM_TELEVISION_REMOTE_SERVICE"
1217        behavior="v31.TelevisionRoleBehavior"
1218        defaultHolders="config_systemTelevisionRemoteService"
1219        exclusive="true"
1220        exclusivity="user"
1221        minSdkVersion="31"
1222        static="true"
1223        systemOnly="true"
1224        visible="false">
1225        <permissions>
1226            <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" />
1227        </permissions>
1228    </role>
1229
1230    <!---
1231      ~ A role for the companion device package that create and manage connections to connected
1232      ~ devices and perform app streaming to the devices.
1233      -->
1234    <role
1235        name="android.app.role.COMPANION_DEVICE_APP_STREAMING"
1236        behavior="v33.CompanionDeviceAppStreamingRoleBehavior"
1237        description="@string/role_app_streaming_description"
1238        exclusive="false"
1239        exclusivity="none"
1240        minSdkVersion="33"
1241        systemOnly="true"
1242        visible="false">
1243        <permissions>
1244            <permission-set name="notifications" />
1245            <permission-set name="virtual_device" />
1246            <!-- For capturing audio from the app on the device. -->
1247            <permission name="android.permission.RECORD_AUDIO" />
1248            <permission
1249                name="android.permission.ADD_MIRROR_DISPLAY"
1250                featureFlag="android.companion.virtualdevice.flags.Flags.enableLimitedVdmRole" />
1251            <!--TODO(b/201605314) For calling Telecom framework API for audio streaming-->
1252            <!--<permission name="android.permission.PROVIDE_CALL_ENDPOINTS" />-->
1253       </permissions>
1254    </role>
1255
1256    <!---
1257      ~ A role for the companion device package that allows connected computers to mirror
1258      ~ notifications and access photos and media from the phone.
1259      -->
1260    <role
1261        name="android.app.role.COMPANION_DEVICE_COMPUTER"
1262        allowBypassingQualification="true"
1263        behavior="v33.CompanionDeviceComputerRoleBehavior"
1264        description="@string/role_companion_device_computer_description"
1265        exclusive="false"
1266        exclusivity="none"
1267        minSdkVersion="33"
1268        systemOnly="true"
1269        visible="false">
1270        <permissions>
1271            <permission-set name="notifications" />
1272            <permission-set name="storage" />
1273            <!-- If this role holder has a NotificationListenerService, let that service receive
1274                 notifications with sensitive content unredacted-->
1275            <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/>
1276       </permissions>
1277        <app-ops>
1278            <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/>
1279        </app-ops>
1280    </role>
1281
1282    <role
1283        name="android.app.role.COMPANION_DEVICE_GLASSES"
1284        behavior="v34.CompanionDeviceGlassesRoleBehavior"
1285        exclusive="false"
1286        exclusivity="none"
1287        minSdkVersion="34"
1288        systemOnly="false"
1289        visible="false">
1290        <permissions>
1291            <permission-set name="contacts" />
1292            <permission-set name="microphone" />
1293            <permission-set name="nearby_devices" />
1294            <permission-set name="notifications" />
1295            <permission-set name="phone" />
1296            <permission-set name="sms" />
1297            <!-- If this role holder has a NotificationListenerService, let that service receive
1298                 notifications with sensitive content unredacted-->
1299            <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/>
1300       </permissions>
1301       <app-op-permissions>
1302           <app-op-permission name="android.permission.MANAGE_ONGOING_CALLS" />
1303       </app-op-permissions>
1304        <app-ops>
1305            <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/>
1306        </app-ops>
1307    </role>
1308
1309    <role
1310        name="android.app.role.COMPANION_DEVICE_NEARBY_DEVICE_STREAMING"
1311        behavior="v34.CompanionDeviceNearbyDeviceStreamingRoleBehavior"
1312        exclusive="false"
1313        exclusivity="none"
1314        minSdkVersion="34"
1315        systemOnly="true"
1316        visible="false">
1317        <permissions>
1318            <permission-set name="nearby_devices" />
1319            <permission-set name="virtual_device" />
1320            <permission-set name="notifications"
1321                featureFlag="android.companion.virtualdevice.flags.Flags.notificationsForDeviceStreaming" />
1322        </permissions>
1323    </role>
1324
1325     <role
1326        name="android.app.role.SYSTEM_SUPERVISION"
1327        behavior="v33.SystemSupervisionRoleBehavior"
1328        defaultHolders="config_systemSupervision"
1329        exclusive="true"
1330        exclusivity="user"
1331        minSdkVersion="33"
1332        static="true"
1333        systemOnly="true"
1334        visible="false" >
1335        <permissions>
1336            <permission name="android.permission.ACCESS_INSTANT_APPS"/>
1337            <permission name="android.permission.KILL_UID" minSdkVersion="34"/>
1338            <permission name="android.permission.MANAGE_DEFAULT_APPLICATIONS" minSdkVersion="34"/>
1339            <permission name="android.permission.SUSPEND_APPS"/>
1340            <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY"/>
1341            <permission name="android.permission.MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT"
1342                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1343            <permission name="android.permission.MANAGE_DEVICE_POLICY_APP_RESTRICTIONS"
1344                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1345            <permission name="android.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL"
1346                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1347            <permission name="android.permission.MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES"
1348                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1349            <permission name="android.permission.MANAGE_DEVICE_POLICY_DISPLAY"
1350                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1351            <permission name="android.permission.MANAGE_DEVICE_POLICY_FACTORY_RESET"
1352                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1353            <permission name="android.permission.MANAGE_DEVICE_POLICY_FUN"
1354                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1355            <permission name="android.permission.MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES"
1356                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1357            <permission name="android.permission.MANAGE_DEVICE_POLICY_KEYGUARD"
1358                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1359            <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCATION"
1360                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1361            <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK"
1362                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1363            <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK_CREDENTIALS"
1364                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1365            <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK_TASK"
1366                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1367            <permission name="android.permission.MANAGE_DEVICE_POLICY_MODIFY_USERS"
1368                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1369            <permission name="android.permission.MANAGE_DEVICE_POLICY_PACKAGE_STATE"
1370                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1371            <permission name="android.permission.MANAGE_DEVICE_POLICY_RESET_PASSWORD"
1372                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1373            <permission name="android.permission.MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS"
1374                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1375            <permission name="android.permission.MANAGE_DEVICE_POLICY_SAFE_BOOT"
1376                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1377            <permission name="android.permission.MANAGE_DEVICE_POLICY_TIME"
1378                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1379            <permission name="android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS"
1380                featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/>
1381        </permissions>
1382    </role>
1383
1384    <!---
1385      ~ A role for the package responsible for constructing managed device experiences,
1386      ~ including during provisioning.
1387      -->
1388    <role
1389        name="android.app.role.DEVICE_POLICY_MANAGEMENT"
1390        behavior="v33.DevicePolicyManagementRoleBehavior"
1391        defaultHolders="config_devicePolicyManagement"
1392        exclusive="true"
1393        exclusivity="user"
1394        minSdkVersion="33"
1395        static="true"
1396        systemOnly="false"
1397        visible="false">
1398        <required-components>
1399            <activity permission="android.permission.LAUNCH_DEVICE_MANAGER_SETUP">
1400                <intent-filter>
1401                    <action name="android.app.action.ROLE_HOLDER_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE" />
1402                </intent-filter>
1403            </activity>
1404            <activity permission="android.permission.LAUNCH_DEVICE_MANAGER_SETUP">
1405                <intent-filter>
1406                    <action name="android.app.action.ROLE_HOLDER_PROVISION_MANAGED_PROFILE" />
1407                </intent-filter>
1408            </activity>
1409            <activity permission="android.permission.LAUNCH_DEVICE_MANAGER_SETUP">
1410                <intent-filter>
1411                    <action name="android.app.action.ROLE_HOLDER_PROVISION_FINALIZATION" />
1412                </intent-filter>
1413            </activity>
1414        </required-components>
1415        <permissions>
1416            <permission-set name="notifications" />
1417            <permission name="android.permission.BIND_DEVICE_ADMIN" />
1418            <permission name="android.permission.MANAGE_DEVICE_ADMINS" />
1419            <permission name="android.permission.NETWORK_MANAGED_PROVISIONING" />
1420            <permission name="android.permission.PEERS_MAC_ADDRESS" />
1421            <permission name="android.permission.USE_COLORIZED_NOTIFICATIONS" />
1422            <permission name="android.permission.MASTER_CLEAR" />
1423            <permission name="android.permission.WRITE_SECURE_SETTINGS" />
1424            <permission name="android.permission.READ_PRIVILEGED_PHONE_STATE" />
1425            <permission name="android.permission.START_ACTIVITIES_FROM_BACKGROUND" />
1426            <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" />
1427            <permission name="android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS" />
1428            <permission name="android.permission.INTERACT_ACROSS_USERS" />
1429            <permission name="android.permission.INTERACT_ACROSS_USERS_FULL" />
1430            <permission name="com.android.permission.INSTALL_EXISTING_PACKAGES" />
1431            <permission name="android.permission.DELETE_PACKAGES" />
1432            <permission name="android.permission.ACCESS_PDB_STATE" />
1433            <permission name="android.permission.MARK_DEVICE_ORGANIZATION_OWNED" />
1434            <permission name="android.permission.CHANGE_COMPONENT_ENABLED_STATE" />
1435            <permission name="android.permission.SET_TIME" />
1436            <permission name="android.permission.SET_TIME_ZONE" />
1437            <permission name="android.permission.CRYPT_KEEPER" />
1438            <permission name="android.permission.SHUTDOWN" />
1439            <permission name="android.permission.PERFORM_CDMA_PROVISIONING" />
1440            <permission name="android.permission.CONFIGURE_INTERACT_ACROSS_PROFILES" />
1441            <permission name="android.permission.WRITE_SETTINGS" />
1442            <permission name="android.permission.CHANGE_CONFIGURATION" />
1443            <permission name="android.permission.LAUNCH_DEVICE_MANAGER_SETUP" />
1444            <permission name="android.permission.INSTALL_DPC_PACKAGES" />
1445            <permission name="android.permission.QUERY_USERS" />
1446            <permission name="android.permission.UPDATE_DEVICE_MANAGEMENT_RESOURCES" />
1447            <permission name="android.permission.QUERY_ADMIN_POLICY" />
1448            <permission name="android.permission.TRIGGER_LOST_MODE" />
1449            <permission name="android.permission.MANAGE_DEVICE_POLICY_APP_EXEMPTIONS" minSdkVersion="34" />
1450            <permission name="android.permission.MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT" minSdkVersion="34" />
1451            <permission name="android.permission.MANAGE_DEVICE_POLICY_AIRPLANE_MODE" minSdkVersion="34" />
1452            <permission name="android.permission.MANAGE_DEVICE_POLICY_CAMERA" minSdkVersion="34" />
1453            <permission name="android.permission.MANAGE_DEVICE_POLICY_CERTIFICATES" minSdkVersion="34" />
1454            <permission name="android.permission.MANAGE_DEVICE_POLICY_COMMON_CRITERIA_MODE" minSdkVersion="34" />
1455            <permission name="android.permission.MANAGE_DEVICE_POLICY_DEFAULT_SMS" minSdkVersion="34" />
1456            <permission name="android.permission.MANAGE_DEVICE_POLICY_FACTORY_RESET" minSdkVersion="34" />
1457            <permission name="android.permission.MANAGE_DEVICE_POLICY_INPUT_METHODS" minSdkVersion="34" />
1458            <permission name="android.permission.MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES" minSdkVersion="34" />
1459            <permission name="android.permission.MANAGE_DEVICE_POLICY_KEYGUARD" minSdkVersion="34" />
1460            <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK" minSdkVersion="34" />
1461            <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK_CREDENTIALS" minSdkVersion="34" />
1462            <permission name="android.permission.MANAGE_DEVICE_POLICY_MOBILE_NETWORK" minSdkVersion="34" />
1463            <permission name="android.permission.MANAGE_DEVICE_POLICY_MTE" minSdkVersion="34" />
1464            <permission name="android.permission.MANAGE_DEVICE_POLICY_PACKAGE_STATE" minSdkVersion="34" />
1465            <permission name="android.permission.MANAGE_DEVICE_POLICY_PROFILES" minSdkVersion="34" />
1466            <permission name="android.permission.MANAGE_DEVICE_POLICY_RESTRICT_PRIVATE_DNS" minSdkVersion="34" />
1467            <permission name="android.permission.MANAGE_DEVICE_POLICY_SCREEN_CAPTURE" minSdkVersion="34" />
1468            <permission name="android.permission.MANAGE_DEVICE_POLICY_SECURITY_LOGGING" minSdkVersion="34" />
1469            <permission name="android.permission.MANAGE_DEVICE_POLICY_SUSPEND_PERSONAL_APPS" minSdkVersion="34" />
1470            <permission name="android.permission.MANAGE_DEVICE_POLICY_SYSTEM_UPDATES" minSdkVersion="34" />
1471            <permission name="android.permission.MANAGE_DEVICE_POLICY_TIME" minSdkVersion="34" />
1472            <permission name="android.permission.MANAGE_DEVICE_POLICY_USB_DATA_SIGNALLING" minSdkVersion="34" />
1473            <permission name="android.permission.MANAGE_DEVICE_POLICY_WIFI" minSdkVersion="34" />
1474            <permission name="android.permission.MANAGE_DEVICE_POLICY_WIPE_DATA" minSdkVersion="34" />
1475            <permission name="android.permission.SET_TIME" minSdkVersion="34" />
1476            <permission name="android.permission.SET_TIME_ZONE" minSdkVersion="34" />
1477            <permission name="android.permission.MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES" minSdkVersion="34" />
1478            <permission name="android.permission.MANAGE_DEVICE_POLICY_MODIFY_USERS" minSdkVersion="34" />
1479            <permission name="android.permission.MANAGE_DEVICE_POLICY_SAFE_BOOT" minSdkVersion="34" />
1480            <permission name="android.permission.MANAGE_DEVICE_POLICY_MICROPHONE" minSdkVersion="34" />
1481            <permission name="android.permission.MANAGE_DEVICE_POLICY_USB_FILE_TRANSFER" minSdkVersion="34" />
1482            <permission name="android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL" minSdkVersion="34" />
1483            <permission name="android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS" minSdkVersion="34" />
1484            <permission name="android.permission.MANAGE_DEVICE_POLICY_CONTENT_PROTECTION" minSdkVersion="35" />
1485            <permission name="android.permission.MANAGE_DEVICE_POLICY_QUERY_SYSTEM_UPDATES" minSdkVersion="35" />
1486            <permission name="android.permission.MANAGE_DEVICE_POLICY_BLOCK_UNINSTALL" minSdkVersion="35" />
1487            <permission name="android.permission.MANAGE_DEVICE_POLICY_CAMERA_TOGGLE" minSdkVersion="35" />
1488            <permission name="android.permission.MANAGE_DEVICE_POLICY_MICROPHONE_TOGGLE" minSdkVersion="35" />
1489            <permission name="android.permission.QUERY_DEVICE_STOLEN_STATE" minSdkVersion="35" />
1490            <permission name="android.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING" minSdkVersion="35" />
1491            <permission name="android.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL" minSdkVersion="35" />
1492            <permission name="android.permission.MANAGE_DEVICE_POLICY_WALLPAPER" minSdkVersion="35" />
1493            <permission name="android.permission.MANAGE_DEVICE_POLICY_VPN" minSdkVersion="35" />
1494            <permission name="android.permission.MANAGE_DEVICE_POLICY_AUTOFILL" minSdkVersion="35" />
1495            <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCATION" minSdkVersion="35" />
1496            <permission name="android.permission.MANAGE_DEVICE_POLICY_DISPLAY" minSdkVersion="35" />
1497            <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCALE" minSdkVersion="35" />
1498            <permission name="android.permission.MANAGE_DEVICE_POLICY_SMS" minSdkVersion="35" />
1499            <permission name="android.permission.MANAGE_DEVICE_POLICY_APP_FUNCTIONS"
1500                featureFlag="android.app.appfunctions.flags.Flags.enableAppFunctionManager" />
1501            <permission name="android.permission.MANAGE_DEFAULT_APPLICATIONS" minSdkVersion="36"
1502                featureFlag="com.android.permission.flags.Flags.crossUserRoleEnabled" />
1503        </permissions>
1504    </role>
1505
1506    <role
1507        name="android.app.role.SYSTEM_APP_PROTECTION_SERVICE"
1508        defaultHolders="config_systemAppProtectionService"
1509        exclusive="true"
1510        exclusivity="user"
1511        minSdkVersion="33"
1512        static="true"
1513        systemOnly="true"
1514        visible="false">
1515        <permissions>
1516            <permission-set name="notifications" />
1517            <permission name="android.permission.GET_HISTORICAL_APP_OPS_STATS" />
1518            <permission name="android.permission.READ_SMS" />
1519            <permission name="android.permission.RECEIVE_SMS" />
1520            <permission name="android.permission.GET_BACKGROUND_INSTALLED_PACKAGES" minSdkVersion="35" />
1521            <permission name="android.permission.START_ACTIVITIES_FROM_BACKGROUND" />
1522            <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" />
1523            <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY" />
1524        </permissions>
1525        <app-op-permissions>
1526            <app-op-permission name="android.permission.SYSTEM_ALERT_WINDOW" />
1527        </app-op-permissions>
1528    </role>
1529
1530    <!---
1531      ~ A role for the system package that handles syncing calendar from another device on
1532      ~ Automotive.
1533      -->
1534    <role
1535        name="android.app.role.SYSTEM_AUTOMOTIVE_CALENDAR_SYNC_MANAGER"
1536        behavior="v31.AutomotiveRoleBehavior"
1537        defaultHolders="config_systemAutomotiveCalendarSyncManager"
1538        exclusive="true"
1539        exclusivity="user"
1540        minSdkVersion="33"
1541        static="true"
1542        systemOnly="true"
1543        visible="false">
1544        <permissions>
1545            <permission name="android.permission.READ_CALENDAR" />
1546            <permission name="android.permission.WRITE_CALENDAR" />
1547        </permissions>
1548    </role>
1549
1550    <!---
1551      ~ A role for the package that handles navigation on the Automotive.
1552      ~ This is the application that provides point-of-interest search and
1553      ~ turn-by-turn navigation guidance.
1554      -->
1555    <role
1556        name="android.app.role.AUTOMOTIVE_NAVIGATION"
1557        behavior="v31.AutomotiveRoleBehavior"
1558        defaultHolders="config_defaultAutomotiveNavigation"
1559        description="@string/role_automotive_navigation_description"
1560        exclusive="true"
1561        exclusivity="user"
1562        label="@string/role_automotive_navigation_label"
1563        minSdkVersion="33"
1564        overrideUserWhenGranting="true"
1565        requestDescription="@string/role_automotive_navigation_request_description"
1566        requestTitle="@string/role_automotive_navigation_request_title"
1567        shortLabel="@string/role_automotive_navigation_short_label">
1568        <required-components>
1569            <activity>
1570                <intent-filter>
1571                    <action name="android.intent.action.MAIN" />
1572                    <category name="android.intent.category.APP_MAPS" />
1573                </intent-filter>
1574            </activity>
1575            <activity>
1576                <intent-filter>
1577                    <action name="android.intent.action.NAVIGATE" />
1578                    <data scheme="geo" />
1579                </intent-filter>
1580            </activity>
1581            <activity>
1582                <intent-filter>
1583                    <action name="android.intent.action.MAIN" />
1584                    <category name="android.car.cluster.NAVIGATION" />
1585                </intent-filter>
1586            </activity>
1587        </required-components>
1588        <preferred-activities>
1589            <preferred-activity>
1590                <activity>
1591                    <intent-filter>
1592                        <action name="android.intent.action.MAIN" />
1593                        <category name="android.intent.category.APP_MAPS" />
1594                    </intent-filter>
1595                </activity>
1596                <intent-filter>
1597                    <action name="android.intent.action.MAIN" />
1598                    <category name="android.intent.category.APP_MAPS" />
1599                </intent-filter>
1600            </preferred-activity>
1601            <preferred-activity>
1602                <activity>
1603                    <intent-filter>
1604                        <action name="android.intent.action.NAVIGATE" />
1605                        <data scheme="geo" />
1606                    </intent-filter>
1607                </activity>
1608                <intent-filter>
1609                    <action name="android.intent.action.NAVIGATE" />
1610                    <data scheme="geo" />
1611                </intent-filter>
1612            </preferred-activity>
1613            <preferred-activity>
1614                <activity>
1615                    <intent-filter>
1616                        <action name="android.intent.action.MAIN" />
1617                        <category name="android.car.cluster.NAVIGATION" />
1618                    </intent-filter>
1619                </activity>
1620                <intent-filter>
1621                    <action name="android.intent.action.MAIN" />
1622                    <category name="android.car.cluster.NAVIGATION" />
1623                </intent-filter>
1624            </preferred-activity>
1625        </preferred-activities>
1626    </role>
1627
1628    <!---
1629      ~ A role for the package that handles AI features for the settings app
1630      -->
1631    <role
1632        name="android.app.role.SYSTEM_SETTINGS_INTELLIGENCE"
1633        defaultHolders="config_systemSettingsIntelligence"
1634        exclusive="true"
1635        exclusivity="user"
1636        minSdkVersion="33"
1637        static="true"
1638        systemOnly="true"
1639        visible="false">
1640        <permissions>
1641            <permission-set name="notifications" />
1642            <permission name="android.permission.INTERACT_ACROSS_USERS_FULL" minSdkVersion="34" />
1643        </permissions>
1644    </role>
1645
1646    <!---
1647      ~ A role for the package that handles Bluetooth for the device
1648      -->
1649    <role
1650        name="android.app.role.SYSTEM_BLUETOOTH_STACK"
1651        defaultHolders="config_systemBluetoothStack"
1652        exclusive="true"
1653        exclusivity="user"
1654        minSdkVersion="33"
1655        static="true"
1656        systemOnly="true"
1657        visible="false">
1658        <permissions>
1659            <permission name="android.permission.NETWORK_FACTORY" />
1660            <permission name="android.permission.BLUETOOTH_MAP" />
1661            <permission name="android.permission.BLUETOOTH_STACK" />
1662            <permission name="android.permission.NET_ADMIN" />
1663            <permission name="android.permission.LISTEN_ALWAYS_REPORTED_SIGNAL_STRENGTH" />
1664            <permission name="android.permission.MANAGE_APP_OPS_MODES" />
1665            <permission name="android.permission.MANAGE_COMPANION_DEVICES" />
1666            <permission name="android.permission.QUERY_AUDIO_STATE" />
1667            <permission name="android.permission.DEVICE_POWER" />
1668            <permission name="android.permission.NET_TUNNELING" />
1669        </permissions>
1670    </role>
1671
1672    <!--
1673     ~ A role assigned to the financing kiosk app
1674    -->
1675    <role
1676        name="android.app.role.FINANCED_DEVICE_KIOSK"
1677        exclusive="true"
1678        exclusivity="user"
1679        minSdkVersion="34"
1680        visible="false">
1681        <permissions>
1682            <permission-set name="notifications" />
1683            <permission name="android.permission.MANAGE_DEVICE_LOCK_STATE" />
1684        </permissions>
1685    </role>
1686
1687    <!--
1688     ~ A role assigned to the device lock controller
1689    -->
1690    <role
1691        name="android.app.role.SYSTEM_FINANCED_DEVICE_CONTROLLER"
1692        defaultHolders="config_systemFinancedDeviceController"
1693        exclusive="true"
1694        exclusivity="user"
1695        minSdkVersion="34"
1696        static="true"
1697        systemOnly="true"
1698        visible="false">
1699        <permissions>
1700            <permission-set name="notifications" />
1701            <permission name="android.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL" />
1702            <permission name="android.permission.MANAGE_DEVICE_POLICY_CALLS" />
1703            <permission name="android.permission.MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES" />
1704            <permission name="android.permission.MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES" />
1705            <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK_TASK" />
1706            <permission name="android.permission.MANAGE_DEVICE_POLICY_SAFE_BOOT" />
1707            <permission name="android.permission.MANAGE_DEVICE_POLICY_TIME" />
1708            <permission name="android.permission.MASTER_CLEAR" />
1709            <permission name="android.permission.INTERACT_ACROSS_USERS" />
1710            <permission name="android.permission.READ_PRIVILEGED_PHONE_STATE" />
1711        </permissions>
1712    </role>
1713
1714    <!---
1715      ~ A role for the wear health service that handles health/fitness tracking features.
1716    -->
1717    <role
1718        name="android.app.role.SYSTEM_WEAR_HEALTH_SERVICE"
1719        behavior="v33.SystemWearHealthServiceRoleBehavior"
1720        defaultHolders="config_systemWearHealthService"
1721        exclusive="true"
1722        exclusivity="user"
1723        minSdkVersion="33"
1724        static="true"
1725        systemOnly="true"
1726        visible="false">
1727        <permissions>
1728            <permission-set name="sensors" />
1729            <permission-set name="location" />
1730            <permission name="android.permission.ACCESS_BACKGROUND_LOCATION" />
1731            <permission name="android.permission.ACTIVITY_RECOGNITION" />
1732            <permission
1733                name="android.permission.health.READ_HEART_RATE"
1734                featureFlag="android.permission.flags.Flags.replaceBodySensorPermissionEnabled" />
1735            <permission
1736                name="android.permission.health.READ_HEALTH_DATA_IN_BACKGROUND"
1737                featureFlag="android.permission.flags.Flags.replaceBodySensorPermissionEnabled"  />
1738        </permissions>
1739    </role>
1740
1741    <!---
1742      ~ A role for the package that responds to system notes actions.
1743    -->
1744    <role
1745        name="android.app.role.NOTES"
1746        behavior="v34.NotesRoleBehavior"
1747        defaultHolders="config_defaultNotes"
1748        description="@string/role_notes_description"
1749        exclusive="true"
1750        exclusivity="user"
1751        label="@string/role_notes_label"
1752        minSdkVersion="34"
1753        overrideUserWhenGranting="true"
1754        requestable="false"
1755        searchKeywords="@string/role_notes_search_keywords"
1756        shortLabel="@string/role_notes_short_label"
1757        showNone="true">
1758        <required-components>
1759            <!-- Flag value is FLAG_SHOW_WHEN_LOCKED | FLAG_TURN_SCREEN_ON -->
1760            <activity flags="0x1800000">
1761                <intent-filter>
1762                    <action name="android.intent.action.CREATE_NOTE" />
1763                </intent-filter>
1764            </activity>
1765        </required-components>
1766        <preferred-activities>
1767            <preferred-activity>
1768                <!-- Flag value is FLAG_SHOW_WHEN_LOCKED | FLAG_TURN_SCREEN_ON -->
1769                <activity flags="0x1800000">
1770                    <intent-filter>
1771                        <action name="android.intent.action.CREATE_NOTE" />
1772                    </intent-filter>
1773                </activity>
1774                <intent-filter>
1775                    <action name="android.intent.action.CREATE_NOTE" />
1776                </intent-filter>
1777            </preferred-activity>
1778        </preferred-activities>
1779        <permissions>
1780            <permission name="android.permission.LAUNCH_CAPTURE_CONTENT_ACTIVITY_FOR_NOTE" minSdkVersion="34"/>
1781        </permissions>
1782    </role>
1783
1784    <!---
1785      ~ A role for the package that streams calls to other devices.
1786    -->
1787    <role
1788        name="android.app.role.SYSTEM_CALL_STREAMING"
1789        allowBypassingQualification="true"
1790        defaultHolders="config_systemCallStreaming"
1791        exclusive="true"
1792        exclusivity="user"
1793        minSdkVersion="34"
1794        static="true"
1795        systemOnly="true"
1796        visible="false">
1797        <permissions>
1798            <permission name="android.permission.CALL_AUDIO_INTERCEPTION" />
1799            <permission name="android.permission.RECORD_AUDIO" />
1800        </permissions>
1801        <required-components>
1802            <service permission="android.permission.BIND_CALL_STREAMING_SERVICE">
1803                <intent-filter>
1804                    <action name="android.telecom.CallStreamingService" />
1805                </intent-filter>
1806            </service>
1807        </required-components>
1808    </role>
1809
1810    <role
1811        name="android.app.role.RETAIL_DEMO"
1812        behavior="v35.RetailDemoRoleBehavior"
1813        defaultHolders="config_defaultRetailDemo"
1814        exclusive="true"
1815        exclusivity="user"
1816        minSdkVersion="35"
1817        static="true"
1818        visible="false">
1819        <permissions>
1820            <permission name="android.permission.ACCESS_BLOBS_ACROSS_USERS" />
1821            <permission name="android.permission.CHANGE_CONFIGURATION" />
1822            <permission name="android.permission.MODIFY_DAY_NIGHT_MODE" />
1823            <permission name="android.permission.MODIFY_PHONE_STATE" />
1824            <permission name="android.permission.OBSERVE_APP_USAGE" />
1825            <permission name="android.permission.QUERY_USERS" />
1826            <permission name="android.permission.READ_PRIVILEGED_PHONE_STATE" />
1827            <permission name="android.permission.START_ACTIVITIES_FROM_BACKGROUND" />
1828            <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" />
1829            <permission name="android.permission.WRITE_SETTINGS" />
1830        </permissions>
1831        <app-op-permissions>
1832            <app-op-permission name="android.permission.PACKAGE_USAGE_STATS" />
1833        </app-op-permissions>
1834    </role>
1835
1836    <role
1837        name="android.app.role.WALLET"
1838        behavior="v35.WalletRoleBehavior"
1839        defaultHolders="config_defaultWallet"
1840        description="@string/role_wallet_description"
1841        exclusive="true"
1842        exclusivity="profileGroup"
1843        label="@string/role_wallet_label"
1844        minSdkVersion="35"
1845        overrideUserWhenGranting="true"
1846        requestable="true"
1847        requestDescription="@string/role_wallet_request_description"
1848        requestTitle="@string/role_wallet_request_title"
1849        showNone="true"
1850        shortLabel="@string/role_wallet_short_label"
1851        uiBehavior="v35.WalletRoleUiBehavior"/>
1852
1853    <role
1854        name="android.app.role.SYSTEM_DEPENDENCY_INSTALLER"
1855        allowBypassingQualification="true"
1856        defaultHolders="config_systemDependencyInstaller"
1857        exclusive="true"
1858        exclusivity="user"
1859        featureFlag="android.content.pm.Flags.sdkDependencyInstaller"
1860        static="true"
1861        systemOnly="true"
1862        visible="false">
1863        <required-components>
1864            <service permission="android.permission.BIND_DEPENDENCY_INSTALLER">
1865                <intent-filter>
1866                    <action name="android.content.pm.action.INSTALL_DEPENDENCY" />
1867                </intent-filter>
1868            </service>
1869        </required-components>
1870        <permissions>
1871            <permission name="android.permission.ACCESS_SHARED_LIBRARIES" />
1872            <permission name="android.permission.INSTALL_DEPENDENCY_SHARED_LIBRARIES" />
1873        </permissions>
1874    </role>
1875
1876    <!---
1877      ~ A role for testing cross-user roles (exclusivity="profileGroup"). This should never be used
1878      ~ to gate any actual functionality.
1879      -->
1880    <role
1881        name="android.app.role.RESERVED_FOR_TESTING_PROFILE_GROUP_EXCLUSIVITY"
1882        behavior="v36.ReservedForTestingProfileGroupExclusivityRoleBehavior"
1883        description="@string/role_for_testing_profile_group_exclusivity_description"
1884        exclusive="true"
1885        exclusivity="profileGroup"
1886        fallBackToDefaultHolder="true"
1887        featureFlag="com.android.permission.flags.Flags.crossUserRoleEnabled"
1888        label="@string/role_for_testing_profile_group_exclusivity_label"
1889        minSdkVersion="36"
1890        requestable="true"
1891        requestDescription="@string/role_for_testing_profile_group_exclusivity_request_description"
1892        requestTitle="@string/role_for_testing_profile_group_exclusivity_request_title"
1893        shortLabel="@string/role_for_testing_profile_group_exclusivity_short_label"
1894        showNone="true"
1895        uiBehavior="v36.ReservedForTestingProfileGroupExclusivityRoleUiBehavior"
1896        visible="false"/>
1897
1898    <!---
1899      ~ A role for the vendor package that provides privacy-preserving intelligent processor for
1900      ~ vendor specific features.
1901      ~
1902      ~ A package holding this role MUST comply with requirements outlined in the Android CDD
1903      ~ section "9.8.6 Content Capture".
1904      ~ Example link for Android 15:
1905      ~ https://source.android.com/docs/compatibility/15/android-15-cdd#986_os-level_and_ambient_data
1906      ~
1907      ~ In addition, packages MUST NOT:
1908      ~ - Request INTERNET permission. Instead packages MUST access the internet through
1909      ~   well-defined APIs in an open source project.
1910      ~ - Perform direct binds to other applications, except the following system packages or
1911      ~   other preloaded packages conforming with the requirements here:
1912      ~   - Bluetooth
1913      ~   - Contacts
1914      ~   - Media
1915      ~   - Telephony
1916      ~   - System UI
1917      ~   - Component providing internet APIs (see above)
1918      ~   To achieve this packages MUST set up explicit <allow-association> configuration in the
1919      ~   system config.
1920      -->
1921    <role
1922        name="android.app.role.SYSTEM_VENDOR_INTELLIGENCE"
1923        defaultHolders="config_systemVendorIntelligence"
1924        exclusive="true"
1925        exclusivity="user"
1926        featureFlag="android.permission.flags.Flags.systemVendorIntelligenceRoleEnabled"
1927        static="true"
1928        systemOnly="true"
1929        visible="false">
1930        <permissions>
1931            <permission name="android.permission.ACCESS_BACKGROUND_LOCATION" />
1932            <permission name="android.permission.ACCESS_COARSE_LOCATION" />
1933            <permission name="android.permission.ACCESS_FINE_LOCATION" />
1934            <permission name="android.permission.READ_MEDIA_IMAGES" />
1935            <permission name="android.permission.READ_MEDIA_VIDEO" />
1936        </permissions>
1937    </role>
1938
1939    <role
1940        name="android.app.role.COMPANION_DEVICE_VIRTUAL_DEVICE"
1941        allowBypassingQualification="true"
1942        exclusive="false"
1943        exclusivity="none"
1944        featureFlag="android.companion.virtualdevice.flags.Flags.enableLimitedVdmRole"
1945        systemOnly="true"
1946        visible="false">
1947        <permissions>
1948            <permission-set name="nearby_devices" />
1949            <permission-set name="notifications" />
1950            <permission name="android.permission.CREATE_VIRTUAL_DEVICE"/>
1951        </permissions>
1952    </role>
1953
1954</roles>
1955