1<?xml version="1.0" encoding="utf-8"?> 2 3<!-- Copyright (C) 2018 The Android Open Source Project 4 5 Licensed under the Apache License, Version 2.0 (the "License"" /> 6 you may not use this file except in compliance with the License. 7 You may obtain a copy of the License at 8 9 http://www.apache.org/licenses/LICENSE-2.0 10 11 Unless required by applicable law or agreed to in writing, software 12 distributed under the License is distributed on an "AS IS" BASIS, 13 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 See the License for the specific language governing permissions and 15 limitations under the License. 16--> 17 18<roles> 19 20 <permission-set name="phone"> 21 <permission name="android.permission.READ_PHONE_STATE" /> 22 <permission name="android.permission.CALL_PHONE" /> 23 <permission name="android.permission.READ_CALL_LOG" /> 24 <permission name="android.permission.WRITE_CALL_LOG" /> 25 <permission name="com.android.voicemail.permission.ADD_VOICEMAIL" /> 26 <permission name="com.android.voicemail.permission.READ_VOICEMAIL" minSdkVersion="31" /> 27 <permission name="com.android.voicemail.permission.WRITE_VOICEMAIL" minSdkVersion="31" /> 28 <permission name="android.permission.USE_SIP" /> 29 <permission name="android.permission.PROCESS_OUTGOING_CALLS" /> 30 <permission name="android.permission.ANSWER_PHONE_CALLS" /> 31 </permission-set> 32 33 <permission-set name="contacts"> 34 <permission name="android.permission.READ_CONTACTS" /> 35 <permission name="android.permission.WRITE_CONTACTS" /> 36 <permission name="android.permission.GET_ACCOUNTS" /> 37 </permission-set> 38 39 <permission-set name="location"> 40 <permission name="android.permission.ACCESS_COARSE_LOCATION" /> 41 <permission name="android.permission.ACCESS_FINE_LOCATION" /> 42 </permission-set> 43 44 <permission-set name="coarse_location"> 45 <permission name="android.permission.ACCESS_COARSE_LOCATION" /> 46 </permission-set> 47 48 <permission-set name="calendar"> 49 <permission name="android.permission.READ_CALENDAR" /> 50 <permission name="android.permission.WRITE_CALENDAR" /> 51 </permission-set> 52 53 <permission-set name="sms"> 54 <permission name="android.permission.SEND_SMS" /> 55 <permission name="android.permission.RECEIVE_SMS" /> 56 <permission name="android.permission.READ_SMS" /> 57 <permission name="android.permission.RECEIVE_WAP_PUSH" /> 58 <permission name="android.permission.RECEIVE_MMS" /> 59 <permission name="android.permission.READ_CELL_BROADCASTS" /> 60 </permission-set> 61 62 <permission-set name="microphone"> 63 <permission name="android.permission.RECORD_AUDIO" /> 64 </permission-set> 65 66 <permission-set name="camera"> 67 <permission name="android.permission.CAMERA" /> 68 </permission-set> 69 70 <permission-set name="sensors"> 71 <permission name="android.permission.BODY_SENSORS" /> 72 <permission name="android.permission.BODY_SENSORS_BACKGROUND" minSdkVersion="33" /> 73 </permission-set> 74 75 <permission-set name="storage"> 76 <permission name="android.permission.READ_EXTERNAL_STORAGE" /> 77 <permission name="android.permission.WRITE_EXTERNAL_STORAGE" /> 78 <permission name="android.permission.READ_MEDIA_AUDIO" minSdkVersion="33" /> 79 <permission name="android.permission.READ_MEDIA_VIDEO" minSdkVersion="33" /> 80 <permission name="android.permission.READ_MEDIA_IMAGES" minSdkVersion="33" /> 81 <permission name="android.permission.READ_MEDIA_VISUAL_USER_SELECTED" minSdkVersion="34" /> 82 </permission-set> 83 84 <permission-set name="nearby_devices"> 85 <permission name="android.permission.BLUETOOTH_ADVERTISE" minSdkVersion="31" /> 86 <permission name="android.permission.BLUETOOTH_CONNECT" minSdkVersion="31" /> 87 <permission name="android.permission.BLUETOOTH_SCAN" minSdkVersion="31" /> 88 <permission name="android.permission.NEARBY_WIFI_DEVICES" minSdkVersion="33" /> 89 </permission-set> 90 91 <permission-set name="notifications"> 92 <permission name="android.permission.POST_NOTIFICATIONS" minSdkVersion="33" /> 93 </permission-set> 94 95 <permission-set name="virtual_device"> 96 <permission name="android.permission.CREATE_VIRTUAL_DEVICE" minSdkVersion="33" /> 97 <permission name="android.permission.ADD_TRUSTED_DISPLAY" minSdkVersion="33" /> 98 <permission name="android.permission.ADD_ALWAYS_UNLOCKED_DISPLAY" minSdkVersion="33" /> 99 <permission 100 name="android.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE" 101 featureFlag="android.companion.virtualdevice.flags.Flags.activityControlApi" /> 102 </permission-set> 103 104 <role 105 name="android.app.role.ASSISTANT" 106 behavior="AssistantRoleBehavior" 107 defaultHolders="config_defaultAssistant" 108 description="@string/role_assistant_description" 109 exclusive="true" 110 exclusivity="user" 111 fallBackToDefaultHolder="true" 112 showNone="true" 113 label="@string/role_assistant_label" 114 overrideUserWhenGranting="true" 115 requestable="false" 116 shortLabel="@string/role_assistant_short_label" 117 uiBehavior="AssistantRoleUiBehavior"> 118 <required-components> 119 <!-- Qualified components are determined int AssistantRoleBehavior. This comment here is 120 ignored and represents just a rough description 121 122 <any-of> 123 <service permission="android.permission.BIND_VOICE_INTERACTION" 124 supportsAssist="true"> 125 <intent-filter> 126 <action name="android.service.voice.VoiceInteractionService" /> 127 </intent-filter> 128 <meta-data name="android.voice_interaction" 129 optional="false"> 130 required tag in metadata xml: sessionService 131 required tag in metadata xml: recognitionService 132 required tag in metadata xml: supportsAssist = true 133 </meta-data> 134 </service> 135 <activity> 136 <intent-filter> 137 <action name="android.intent.action.ASSIST" /> 138 </intent-filter> 139 </activity> 140 </ any-of> 141 142 --> 143 </required-components> 144 <permissions> 145 <permission-set name="sms" /> 146 <permission name="android.permission.READ_CALL_LOG" /> 147 <permission name="android.permission.ACCESS_BLOBS_ACROSS_USERS" minSdkVersion="31" /> 148 <permission name="android.permission.READ_ASSISTANT_APP_SEARCH_DATA" 149 minSdkVersion="33"/> 150 <permission name="android.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE" 151 minSdkVersion="33" /> 152 <permission name="android.permission.EXECUTE_APP_ACTION" 153 minSdkVersion="34" /> 154 <permission name="android.permission.MANAGE_CONTENT_SUGGESTIONS" 155 minSdkVersion="35" optionalMinSdkVersion="34" /> 156 <permission name="android.permission.EMBED_ANY_APP_IN_UNTRUSTED_MODE" 157 minSdkVersion="35" /> 158 </permissions> 159 <app-op-permissions> 160 <app-op-permission name="android.permission.SYSTEM_ALERT_WINDOW" /> 161 </app-op-permissions> 162 </role> 163 164 <!--- 165 ~ @see com.android.settings.applications.defaultapps.DefaultBrowserPreferenceController 166 ~ @see com.android.settings.applications.defaultapps.DefaultBrowserPicker 167 ~ @see com.android.server.pm.PackageManagerService.resolveAllBrowserApps(int) 168 ~ @see com.android.server.pm.PackageManagerService.setDefaultBrowserPackageName(String, int) 169 ~ @see com.android.server.pm.permission.DefaultPermissionGrantPolicy.grantDefaultPermissionsToDefaultBrowser(String, int) 170 --> 171 <role 172 name="android.app.role.BROWSER" 173 behavior="BrowserRoleBehavior" 174 defaultHolders="config_defaultBrowser" 175 description="@string/role_browser_description" 176 exclusive="true" 177 exclusivity="user" 178 label="@string/role_browser_label" 179 overrideUserWhenGranting="true" 180 requestDescription="@string/role_browser_request_description" 181 requestTitle="@string/role_browser_request_title" 182 shortLabel="@string/role_browser_short_label"> 183 <!-- 184 ~ Required components matching is handled in BrowserRoleBehavior because it needs the 185 ~ PackageManager.MATCH_ALL flag and other manual filtering, which cannot fit in our 186 ~ current mechanism easily. 187 --> 188 <!-- 189 <required-components> 190 <activity> 191 <intent-filter> 192 <action name="android.intent.action.VIEW" /> 193 <category name="android.intent.category.BROWSABLE" /> 194 <data scheme="http" /> 195 </intent-filter> 196 </activity> 197 </required-components> 198 --> 199 <!-- 200 ~ Not need to set preferred activity because PackageManager handles browser intents 201 ~ specially. 202 --> 203 <permissions> 204 <permission name="android.permission.PROVIDE_OWN_AUTOFILL_SUGGESTIONS" minSdkVersion="34" /> 205 </permissions> 206 </role> 207 208 <!-- 209 ~ @see com.android.settings.applications.defaultapps.DefaultPhonePreferenceController 210 ~ @see com.android.settings.applications.defaultapps.DefaultPhonePicker 211 ~ @see android.telecom.DefaultDialerManager 212 ~ @see com.android.server.pm.permission.DefaultPermissionGrantPolicy.grantDefaultPermissionsToDefaultDialerApp(String, int) 213 ~ @see com.android.server.pm.Settings.setDefaultDialerPackageNameLPw(String, int) 214 --> 215 <role 216 name="android.app.role.DIALER" 217 behavior="DialerRoleBehavior" 218 defaultHolders="config_defaultDialer" 219 description="@string/role_dialer_description" 220 exclusive="true" 221 exclusivity="user" 222 fallBackToDefaultHolder="true" 223 label="@string/role_dialer_label" 224 overrideUserWhenGranting="true" 225 requestDescription="@string/role_dialer_request_description" 226 requestTitle="@string/role_dialer_request_title" 227 searchKeywords="@string/role_dialer_search_keywords" 228 shortLabel="@string/role_dialer_short_label" 229 uiBehavior="DialerRoleUiBehavior"> 230 <required-components> 231 <activity> 232 <intent-filter> 233 <action name="android.intent.action.DIAL" /> 234 </intent-filter> 235 </activity> 236 <activity> 237 <intent-filter> 238 <action name="android.intent.action.DIAL" /> 239 <data scheme="tel" /> 240 </intent-filter> 241 </activity> 242 <service minTargetSdkVersion="33" permission="android.permission.BIND_INCALL_SERVICE"> 243 <meta-data name="android.telecom.IN_CALL_SERVICE_UI" value="true" /> 244 <meta-data 245 name="android.telecom.IN_CALL_SERVICE_CAR_MODE_UI" 246 value="true" 247 prohibited="true" /> 248 <intent-filter> 249 <action name="android.telecom.InCallService" /> 250 </intent-filter> 251 </service> 252 </required-components> 253 <permissions> 254 <permission-set name="phone" /> 255 <permission-set name="contacts" /> 256 <permission-set name="sms" /> 257 <permission-set name="microphone" /> 258 <permission-set name="camera" /> 259 <permission-set name="notifications" /> 260 </permissions> 261 <app-op-permissions> 262 <app-op-permission name="android.permission.SYSTEM_ALERT_WINDOW" /> 263 </app-op-permissions> 264 <app-ops> 265 <!-- 266 ~ @see com.android.settings.applications.defaultapps.DefaultPhonePicker#setDefaultKey(String) 267 ~ @see com.android.settings.fuelgauge.BatteryUtils#setForceAppStandby(int, String, int) 268 --> 269 <app-op name="android:run_in_background" maxTargetSdkVersion="25" mode="allowed" /> 270 <app-op name="android:run_any_in_background" mode="allowed" /> 271 </app-ops> 272 <preferred-activities> 273 <preferred-activity> 274 <activity> 275 <intent-filter> 276 <action name="android.intent.action.DIAL" /> 277 </intent-filter> 278 </activity> 279 <intent-filter> 280 <action name="android.intent.action.DIAL" /> 281 </intent-filter> 282 </preferred-activity> 283 <preferred-activity> 284 <activity> 285 <intent-filter> 286 <action name="android.intent.action.DIAL" /> 287 <data scheme="tel" /> 288 </intent-filter> 289 </activity> 290 <intent-filter> 291 <action name="android.intent.action.DIAL" /> 292 <data scheme="tel" /> 293 </intent-filter> 294 </preferred-activity> 295 </preferred-activities> 296 </role> 297 298 <!-- 299 ~ @see com.android.settings.applications.defaultapps.DefaultSmsPreferenceController 300 ~ @see com.android.settings.applications.defaultapps.DefaultSmsPicker 301 ~ @see com.android.internal.telephony.SmsApplication 302 ~ @see com.android.server.pm.permission.DefaultPermissionGrantPolicy.grantDefaultPermissionsToDefaultSmsApp(String, int) 303 --> 304 <role 305 name="android.app.role.SMS" 306 behavior="SmsRoleBehavior" 307 defaultHolders="config_defaultSms" 308 description="@string/role_sms_description" 309 exclusive="true" 310 exclusivity="user" 311 label="@string/role_sms_label" 312 overrideUserWhenGranting="true" 313 requestDescription="@string/role_sms_request_description" 314 requestTitle="@string/role_sms_request_title" 315 searchKeywords="@string/role_sms_search_keywords" 316 shortLabel="@string/role_sms_short_label" 317 uiBehavior="SmsRoleUiBehavior"> 318 <required-components> 319 <receiver permission="android.permission.BROADCAST_SMS"> 320 <intent-filter> 321 <action name="android.provider.Telephony.SMS_DELIVER" /> 322 </intent-filter> 323 </receiver> 324 <receiver permission="android.permission.BROADCAST_WAP_PUSH"> 325 <intent-filter> 326 <action name="android.provider.Telephony.WAP_PUSH_DELIVER" /> 327 <data mimeType="application/vnd.wap.mms-message" /> 328 </intent-filter> 329 </receiver> 330 <service permission="android.permission.SEND_RESPOND_VIA_MESSAGE"> 331 <intent-filter> 332 <action name="android.intent.action.RESPOND_VIA_MESSAGE" /> 333 <data scheme="smsto" /> 334 </intent-filter> 335 </service> 336 <activity> 337 <intent-filter> 338 <action name="android.intent.action.SENDTO" /> 339 <data scheme="smsto" /> 340 </intent-filter> 341 </activity> 342 </required-components> 343 <permissions> 344 <permission-set name="phone" /> 345 <permission-set name="contacts" /> 346 <permission-set name="sms" /> 347 <permission-set name="storage" /> 348 <permission-set name="microphone" /> 349 <permission-set name="camera" /> 350 <permission-set name="notifications" /> 351 <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" minSdkVersion="31" /> 352 </permissions> 353 <app-ops> 354 <app-op name="android:write_sms" mode="allowed" /> 355 <!-- 356 ~ @see com.android.settings.applications.defaultapps.DefaultSmsPicker#setDefaultKey(String) 357 ~ @see com.android.settings.fuelgauge.BatteryUtils#setForceAppStandby(int, String, int) 358 --> 359 <app-op name="android:run_in_background" maxTargetSdkVersion="25" mode="allowed" /> 360 <app-op name="android:run_any_in_background" mode="allowed" /> 361 <app-op name="android:read_device_identifiers" mode="allowed" /> 362 </app-ops> 363 <preferred-activities> 364 <preferred-activity> 365 <activity> 366 <intent-filter> 367 <action name="android.intent.action.SENDTO" /> 368 <data scheme="smsto" /> 369 </intent-filter> 370 </activity> 371 <intent-filter> 372 <action name="android.intent.action.SENDTO" /> 373 <data scheme="sms" /> 374 </intent-filter> 375 <intent-filter> 376 <action name="android.intent.action.SENDTO" /> 377 <data scheme="smsto" /> 378 </intent-filter> 379 <intent-filter> 380 <action name="android.intent.action.SENDTO" /> 381 <data scheme="mms" /> 382 </intent-filter> 383 <intent-filter> 384 <action name="android.intent.action.SENDTO" /> 385 <data scheme="mmsto" /> 386 </intent-filter> 387 </preferred-activity> 388 </preferred-activities> 389 </role> 390 391 <!--- 392 ~ @see com.android.settings.applications.defaultapps.DefaultEmergencyPreferenceController 393 ~ @see com.android.settings.applications.defaultapps.DefaultEmergencyPicker 394 ~ @see com.android.phone.EmergencyAssistanceHelper 395 --> 396 <role 397 name="android.app.role.EMERGENCY" 398 behavior="EmergencyRoleBehavior" 399 description="@string/role_emergency_description" 400 exclusive="true" 401 exclusivity="user" 402 label="@string/role_emergency_label" 403 overrideUserWhenGranting="true" 404 requestDescription="@string/role_emergency_request_description" 405 requestTitle="@string/role_emergency_request_title" 406 searchKeywords="@string/role_emergency_search_keywords" 407 shortLabel="@string/role_emergency_short_label" 408 systemOnly="true" 409 uiBehavior="EmergencyRoleUiBehavior"> 410 <required-components> 411 <activity> 412 <intent-filter> 413 <action name="android.telephony.action.EMERGENCY_ASSISTANCE" /> 414 </intent-filter> 415 </activity> 416 </required-components> 417 <permissions> 418 <permission-set name="notifications" /> 419 <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" minSdkVersion="31" /> 420 <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" minSdkVersion="31" /> 421 </permissions> 422 </role> 423 424 <!--- 425 ~ @see com.android.settings.applications.defaultapps.DefaultHomePreferenceController 426 ~ @see com.android.settings.applications.defaultapps.DefaultHomePicker 427 ~ @see com.android.server.pm.PackageManagerService#setHomeActivity(ComponentName, int) 428 --> 429 <role 430 name="android.app.role.HOME" 431 behavior="HomeRoleBehavior" 432 description="@string/role_home_description" 433 exclusive="true" 434 exclusivity="user" 435 label="@string/role_home_label" 436 overrideUserWhenGranting="true" 437 requestDescription="@string/role_home_request_description" 438 requestTitle="@string/role_home_request_title" 439 searchKeywords="@string/role_home_search_keywords" 440 shortLabel="@string/role_home_short_label" 441 uiBehavior="HomeRoleUiBehavior"> 442 <!-- Also used by HomeRoleBehavior.getFallbackHolder(). --> 443 <required-components> 444 <activity> 445 <intent-filter> 446 <action name="android.intent.action.MAIN" /> 447 <category name="android.intent.category.HOME" /> 448 </intent-filter> 449 </activity> 450 </required-components> 451 <preferred-activities> 452 <preferred-activity> 453 <activity> 454 <intent-filter> 455 <action name="android.intent.action.MAIN" /> 456 <category name="android.intent.category.HOME" /> 457 </intent-filter> 458 </activity> 459 <intent-filter> 460 <action name="android.intent.action.MAIN" /> 461 <category name="android.intent.category.HOME" /> 462 </intent-filter> 463 </preferred-activity> 464 </preferred-activities> 465 <permissions> 466 <permission name="android.permission.READ_HOME_APP_SEARCH_DATA" minSdkVersion="33" /> 467 <permission name="android.permission.ALLOW_SLIPPERY_TOUCHES" minSdkVersion="33" optionalMinSdkVersion="30" /> 468 <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35" /> 469 </permissions> 470 <app-ops> 471 <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> 472 </app-ops> 473 </role> 474 475 <!--- @see android.telecom.CallRedirectionService --> 476 <role 477 name="android.app.role.CALL_REDIRECTION" 478 defaultHolders="config_defaultCallRedirection" 479 description="@string/role_call_redirection_description" 480 exclusive="true" 481 exclusivity="user" 482 label="@string/role_call_redirection_label" 483 overrideUserWhenGranting="true" 484 requestDescription="@string/role_call_redirection_request_description" 485 requestTitle="@string/role_call_redirection_request_title" 486 shortLabel="@string/role_call_redirection_short_label" 487 showNone="true"> 488 <required-components> 489 <service permission="android.permission.BIND_CALL_REDIRECTION_SERVICE"> 490 <intent-filter> 491 <action name="android.telecom.CallRedirectionService" /> 492 </intent-filter> 493 </service> 494 </required-components> 495 </role> 496 497 <!--- @see android.telecom.CallScreeningService --> 498 <role 499 name="android.app.role.CALL_SCREENING" 500 defaultHolders="config_defaultCallScreening" 501 description="@string/role_call_screening_description" 502 exclusive="true" 503 exclusivity="user" 504 label="@string/role_call_screening_label" 505 overrideUserWhenGranting="true" 506 requestDescription="@string/role_call_screening_request_description" 507 requestTitle="@string/role_call_screening_request_title" 508 shortLabel="@string/role_call_screening_short_label" 509 showNone="true"> 510 <required-components> 511 <service permission="android.permission.BIND_SCREENING_SERVICE"> 512 <intent-filter> 513 <action name="android.telecom.CallScreeningService" /> 514 </intent-filter> 515 </service> 516 </required-components> 517 <permissions> 518 <permission-set name="notifications" /> 519 </permissions> 520 <app-op-permissions> 521 <app-op-permission name="android.permission.SYSTEM_ALERT_WINDOW" /> 522 </app-op-permissions> 523 </role> 524 525 <role 526 name="android.app.role.SYSTEM_GALLERY" 527 defaultHolders="config_systemGallery" 528 exclusive="true" 529 exclusivity="user" 530 static="true" 531 systemOnly="true" 532 visible="false"> 533 <permissions> 534 <permission-set name="storage" /> 535 <permission name="android.permission.ACCESS_MEDIA_LOCATION" /> 536 <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" minSdkVersion="31" /> 537 </permissions> 538 <app-ops> 539 <app-op name="android:write_media_images" mode="allowed" /> 540 <app-op name="android:write_media_video" mode="allowed" /> 541 </app-ops> 542 </role> 543 544 <role 545 name="android.app.role.SYSTEM_AUTOMOTIVE_CLUSTER" 546 behavior="v31.AutomotiveRoleBehavior" 547 defaultHolders="config_systemAutomotiveCluster" 548 exclusive="true" 549 exclusivity="user" 550 minSdkVersion="31" 551 static="true" 552 systemOnly="true" 553 visible="false"> 554 <permissions> 555 <permission name="android.permission.ANSWER_PHONE_CALLS" /> 556 <permission name="android.permission.READ_CALL_LOG" /> 557 <permission name="android.permission.READ_CONTACTS" /> 558 <permission name="android.car.permission.CAR_ENERGY"/> 559 </permissions> 560 </role> 561 562 <role 563 name="android.app.role.COMPANION_DEVICE_WATCH" 564 behavior="v31.CompanionDeviceWatchRoleBehavior" 565 description="@string/role_watch_description" 566 exclusive="false" 567 exclusivity="none" 568 minSdkVersion="31" 569 systemOnly="false" 570 visible="false"> 571 <permissions> 572 <permission-set name="calendar" /> 573 <permission-set name="phone" /> 574 <permission-set name="sms" /> 575 <permission-set name="contacts" /> 576 <permission-set name="nearby_devices" /> 577 <permission-set name="notifications" minSdkVersion="35" /> 578 <!-- If this role holder has a NotificationListenerService, let that service receive 579 notifications with sensitive content unredacted--> 580 <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/> 581 </permissions> 582 <app-op-permissions> 583 <app-op-permission name="android.permission.MANAGE_ONGOING_CALLS" /> 584 <app-op-permission name="android.permission.USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER" /> 585 <app-op-permission name="android.permission.MEDIA_ROUTING_CONTROL" minSdkVersion="35" /> 586 </app-op-permissions> 587 <app-ops> 588 <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> 589 </app-ops> 590 </role> 591 592 <role 593 name="android.app.role.SYSTEM_AUTOMOTIVE_PROJECTION" 594 defaultHolders="config_systemAutomotiveProjection" 595 exclusive="true" 596 exclusivity="user" 597 minSdkVersion="31" 598 static="true" 599 systemOnly="true" 600 visible="false"> 601 <permissions> 602 <permission-set name="microphone" /> 603 <permission-set name="location" /> 604 <permission-set name="nearby_devices" /> 605 <permission-set name="notifications" /> 606 <permission name="android.permission.ADD_ALWAYS_UNLOCKED_DISPLAY" minSdkVersion="33" /> 607 <permission name="android.permission.CALL_PHONE" /> 608 <permission name="android.permission.CREATE_VIRTUAL_DEVICE" minSdkVersion="33" /> 609 <permission name="android.permission.READ_CALENDAR" /> 610 <permission name="android.permission.READ_CALL_LOG" /> 611 <permission name="android.permission.READ_CONTACTS" /> 612 <permission name="android.permission.READ_PHONE_STATE" /> 613 <permission name="android.permission.RECEIVE_SMS" /> 614 <permission name="android.permission.REQUEST_COMPANION_PROFILE_AUTOMOTIVE_PROJECTION" minSdkVersion="33" /> 615 <permission name="android.permission.SEND_SMS" /> 616 <permission name="android.permission.TOGGLE_AUTOMOTIVE_PROJECTION" minSdkVersion="33" /> 617 <permission name="android.permission.ADD_TRUSTED_DISPLAY" minSdkVersion="34"/> 618 <permission name="android.permission.ASSOCIATE_COMPANION_DEVICES" minSdkVersion="34"/> 619 <!-- If this role holder has a NotificationListenerService, let that service receive 620 notifications with sensitive content unredacted--> 621 <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/> 622 <permission name="android.permission.CAPTURE_SECURE_VIDEO_OUTPUT" minSdkVersion="35" /> 623 </permissions> 624 <app-ops> 625 <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> 626 </app-ops> 627 </role> 628 629 <role 630 name="android.app.role.SYSTEM_SHELL" 631 behavior="v31.SystemShellRoleBehavior" 632 defaultHolders="config_systemShell" 633 exclusive="true" 634 exclusivity="user" 635 minSdkVersion="31" 636 static="true" 637 systemOnly="true" 638 visible="false"> 639 <permissions> 640 <!-- Used for CTS testing --> 641 <permission name="android.permission.ACCESS_RCS_USER_CAPABILITY_EXCHANGE" /> 642 <permission name="android.permission.ACCESS_AMBIENT_CONTEXT_EVENT" minSdkVersion="33"/> 643 <permission name="android.permission.PERFORM_IMS_SINGLE_REGISTRATION" /> 644 <permission name="android.permission.BACKGROUND_CAMERA" /> 645 <permission name="android.permission.RECORD_BACKGROUND_AUDIO" /> 646 <permission name="android.permission.BYPASS_ROLE_QUALIFICATION" /> 647 <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" /> 648 <permission name="android.permission.MANAGE_SENSOR_PRIVACY" /> 649 <permission name="android.permission.READ_GLOBAL_APP_SEARCH_DATA" /> 650 <permission name="android.permission.TOGGLE_AUTOMOTIVE_PROJECTION" minSdkVersion="33" /> 651 <permission name="android.permission.SET_DEFAULT_ACCOUNT_FOR_CONTACTS" 652 minSdkVersion="33" /> 653 <permission name="android.permission.REQUEST_COMPANION_PROFILE_AUTOMOTIVE_PROJECTION" 654 minSdkVersion="33" /> 655 <permission name="android.permission.MANAGE_SAFETY_CENTER" 656 minSdkVersion="33" /> 657 <permission name="android.permission.ASSOCIATE_COMPANION_DEVICES" minSdkVersion="36" /> 658 <permission name="android.permission.CREATE_VIRTUAL_DEVICE" minSdkVersion="33" /> 659 <permission name="android.permission.ADD_TRUSTED_DISPLAY" minSdkVersion="33" /> 660 <permission name="android.permission.ADD_ALWAYS_UNLOCKED_DISPLAY" minSdkVersion="33" /> 661 <permission name="android.permission.ADD_MIRROR_DISPLAY" 662 featureFlag="android.companion.virtualdevice.flags.Flags.enableLimitedVdmRole" /> 663 <permission name="android.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE" 664 minSdkVersion="33" /> 665 <permission name="android.permission.MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT" 666 minSdkVersion="34" /> 667 <permission name="android.permission.MANAGE_DEVICE_POLICY_AIRPLANE_MODE" 668 minSdkVersion="34" /> 669 <permission name="android.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL" 670 minSdkVersion="34" /> 671 <permission name="android.permission.MANAGE_DEVICE_POLICY_APP_EXEMPTIONS" 672 minSdkVersion="34" /> 673 <permission name="android.permission.MANAGE_DEVICE_POLICY_APP_RESTRICTIONS" 674 minSdkVersion="34" /> 675 <permission name="android.permission.MANAGE_DEVICE_POLICY_BLUETOOTH" 676 minSdkVersion="34" /> 677 <permission name="android.permission.MANAGE_DEVICE_POLICY_CALLS" minSdkVersion="34" /> 678 <permission name="android.permission.MANAGE_DEVICE_POLICY_CAMERA" 679 minSdkVersion="34" /> 680 <permission name="android.permission.MANAGE_DEVICE_POLICY_CONTENT_PROTECTION" 681 minSdkVersion="35" /> 682 <permission name="android.permission.MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES" 683 minSdkVersion="34" /> 684 <permission name="android.permission.MANAGE_DEVICE_POLICY_FACTORY_RESET" 685 minSdkVersion="34" /> 686 <permission name="android.permission.MANAGE_DEVICE_POLICY_FUN" minSdkVersion="34" /> 687 <permission name="android.permission.MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES" 688 minSdkVersion="34" /> 689 <permission name="android.permission.MANAGE_DEVICE_POLICY_KEYGUARD" 690 minSdkVersion="34" /> 691 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK" minSdkVersion="34" /> 692 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK_TASK" 693 minSdkVersion="34" /> 694 <permission name="android.permission.MANAGE_DEVICE_POLICY_MOBILE_NETWORK" 695 minSdkVersion="34" /> 696 <permission name="android.permission.MANAGE_DEVICE_POLICY_MODIFY_USERS" 697 minSdkVersion="34" /> 698 <permission name="android.permission.MANAGE_DEVICE_POLICY_PACKAGE_STATE" 699 minSdkVersion="34" /> 700 <permission name="android.permission.MANAGE_DEVICE_POLICY_PHYSICAL_MEDIA" 701 minSdkVersion="34" /> 702 <permission name="android.permission.MANAGE_DEVICE_POLICY_RESET_PASSWORD" 703 minSdkVersion="34" /> 704 <permission name="android.permission.MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS" 705 minSdkVersion="34" /> 706 <permission name="android.permission.MANAGE_DEVICE_POLICY_SAFE_BOOT" 707 minSdkVersion="34" /> 708 <permission name="android.permission.MANAGE_DEVICE_POLICY_SMS" minSdkVersion="34" /> 709 <permission name="android.permission.MANAGE_DEVICE_POLICY_STATUS_BAR" 710 minSdkVersion="34" /> 711 <permission name="android.permission.MANAGE_DEVICE_POLICY_TIME" minSdkVersion="34" /> 712 <permission name="android.permission.MANAGE_DEVICE_POLICY_USB_FILE_TRANSFER" 713 minSdkVersion="34" /> 714 <permission name="android.permission.MANAGE_DEVICE_POLICY_WINDOWS" minSdkVersion="34" /> 715 <permission name="android.permission.MANAGE_DEVICE_POLICY_WIPE_DATA" 716 minSdkVersion="34" /> 717 <permission name="android.permission.SET_TIME" minSdkVersion="34" /> 718 <permission name="android.permission.SET_TIME_ZONE" minSdkVersion="34" /> 719 <permission name="android.permission.SATELLITE_COMMUNICATION" minSdkVersion="34" /> 720 <permission name="android.permission.ALWAYS_UPDATE_WALLPAPER" minSdkVersion="35" /> 721 <permission name="android.permission.EMBED_ANY_APP_IN_UNTRUSTED_MODE" 722 minSdkVersion="35" /> 723 <permission name="android.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING" 724 minSdkVersion="35" /> 725 <permission name="android.permission.MANAGE_DEVICE_POLICY_MTE" 726 minSdkVersion="36" /> 727 </permissions> 728 <!-- App ops needed to allow background access to audio APIs for CTS --> 729 <app-ops> 730 <app-op name="android:control_audio" mode="allowed" minSdkVersion="36"/> 731 <app-op name="android:control_audio_partial" mode="allowed" minSdkVersion="36"/> 732 </app-ops> 733 </role> 734 735 <role 736 name="android.app.role.SYSTEM_CONTACTS" 737 defaultHolders="config_systemContacts" 738 exclusive="true" 739 exclusivity="user" 740 minSdkVersion="31" 741 static="true" 742 systemOnly="true" 743 visible="false"> 744 <permissions> 745 <permission name="android.permission.ACCESS_RCS_USER_CAPABILITY_EXCHANGE" /> 746 <permission name="android.permission.SET_DEFAULT_ACCOUNT_FOR_CONTACTS" 747 minSdkVersion="33" /> 748 </permissions> 749 </role> 750 751 <role 752 name="android.app.role.SYSTEM_SPEECH_RECOGNIZER" 753 allowBypassingQualification="true" 754 defaultHolders="config_systemSpeechRecognizer" 755 exclusive="true" 756 exclusivity="user" 757 minSdkVersion="31" 758 static="true" 759 systemOnly="true" 760 visible="false"> 761 <permissions> 762 <permission name="android.permission.RECORD_AUDIO" /> 763 <permission name="android.permission.UPDATE_APP_OPS_STATS" /> 764 </permissions> 765 <required-components> 766 <service> 767 <intent-filter> 768 <action name="android.speech.RecognitionService" /> 769 </intent-filter> 770 </service> 771 </required-components> 772 </role> 773 774 <role 775 name="android.app.role.SYSTEM_WIFI_COEX_MANAGER" 776 defaultHolders="config_systemWifiCoexManager" 777 exclusive="true" 778 exclusivity="user" 779 minSdkVersion="31" 780 static="true" 781 systemOnly="true" 782 visible="false"> 783 <permissions> 784 <permission name="android.permission.WIFI_ACCESS_COEX_UNSAFE_CHANNELS" /> 785 <permission name="android.permission.WIFI_UPDATE_COEX_UNSAFE_CHANNELS" /> 786 </permissions> 787 </role> 788 789 <role 790 name="android.app.role.SYSTEM_WELLBEING" 791 defaultHolders="config_systemWellbeing" 792 exclusive="true" 793 exclusivity="user" 794 minSdkVersion="31" 795 static="true" 796 systemOnly="true" 797 visible="false" > 798 <permissions> 799 <permission-set name="notifications" /> 800 <permission name="android.permission.ACCESS_AMBIENT_CONTEXT_EVENT" minSdkVersion="33"/> 801 <permission name="android.permission.ACCESS_INSTANT_APPS"/> 802 <permission name="android.permission.START_CROSS_PROFILE_ACTIVITIES" minSdkVersion="33"/> 803 <permission name="android.permission.SUSPEND_APPS"/> 804 <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY"/> 805 </permissions> 806 <app-op-permissions> 807 <app-op-permission name="android.permission.SCHEDULE_EXACT_ALARM" minSdkVersion="34"/> 808 </app-op-permissions> 809 </role> 810 811 <!--- 812 ~ A role for the notification handler on TV devices. 813 ~ Note: on TV devices that have the Dashboard screen, the holder for this role is responsible 814 ~ for it, which is why it needs OBSERVE_SENSOR_PRIVACY permission (the Dashboard displays 815 ~ the state of the privacy sensors). 816 --> 817 <role 818 name="android.app.role.SYSTEM_TELEVISION_NOTIFICATION_HANDLER" 819 behavior="v31.TelevisionRoleBehavior" 820 defaultHolders="config_systemTelevisionNotificationHandler" 821 exclusive="true" 822 exclusivity="user" 823 minSdkVersion="31" 824 static="true" 825 systemOnly="true" 826 visible="false"> 827 <permissions> 828 <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY" /> 829 <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" /> 830 </permissions> 831 </role> 832 833 <!--- 834 A role for the system package that is allowed to create CompanionDeviceManager associations 835 based on user consent to allow the associated app to manage the associated device. 836 --> 837 <role 838 name="android.app.role.SYSTEM_COMPANION_DEVICE_PROVIDER" 839 defaultHolders="config_systemCompanionDeviceProvider" 840 exclusive="true" 841 exclusivity="user" 842 minSdkVersion="31" 843 static="true" 844 systemOnly="true" 845 visible="false" > 846 <permissions> 847 <permission name="android.permission.ASSOCIATE_COMPANION_DEVICES"/> 848 </permissions> 849 </role> 850 851 <!--- 852 ~ A role for the system package that provides privacy-preserving intelligent processor for 853 ~ system UI features. 854 ~ 855 ~ A package holding this role MUST comply with requirements outlined in the Android CDD 856 ~ section "9.8.6 Content Capture". 857 ~ Example link for Android 11: 858 ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture 859 ~ 860 ~ In addition, packages MUST NOT: 861 ~ - Request INTERNET permission. Instead packages MUST access the internet through 862 ~ well-defined APIs in an open source project. 863 ~ - Perform direct binds to other applications, except the following system packages or 864 ~ other preloaded packages conforming with the requirements here: 865 ~ - Bluetooth 866 ~ - Contacts 867 ~ - Media 868 ~ - Telephony 869 ~ - System UI 870 ~ - Component providing internet APIs (see above) 871 ~ To achieve this packages MUST set up explicit <allow-association> configuration in the 872 ~ system config. 873 --> 874 <role 875 name="android.app.role.SYSTEM_UI_INTELLIGENCE" 876 defaultHolders="config_systemUiIntelligence" 877 exclusive="true" 878 exclusivity="user" 879 minSdkVersion="31" 880 static="true" 881 systemOnly="true" 882 visible="false"> 883 <permissions> 884 <permission-set name="notifications" /> 885 <permission name="android.permission.ACCESS_SHORTCUTS" /> 886 <permission name="android.permission.ACCESS_BACKGROUND_LOCATION" minSdkVersion="33" /> 887 <permission name="android.permission.ACCESS_COARSE_LOCATION" minSdkVersion="33" /> 888 <permission name="android.permission.ACCESS_FINE_LOCATION" minSdkVersion="33" /> 889 <permission name="android.permission.BLUETOOTH_CONNECT" /> 890 <permission name="android.permission.BLUETOOTH_SCAN" /> 891 <permission name="android.permission.MANAGE_APP_PREDICTIONS" /> 892 <permission name="android.permission.UNLIMITED_SHORTCUTS_API_CALLS" /> 893 <permission name="android.permission.MANAGE_SEARCH_UI" /> 894 <permission name="android.permission.READ_CALL_LOG" minSdkVersion="33" /> 895 <permission name="android.permission.READ_CONTACTS" minSdkVersion="33" /> 896 <permission name="android.permission.READ_EXTERNAL_STORAGE" /> 897 <permission name="android.permission.READ_MEDIA_AUDIO" minSdkVersion="33" /> 898 <permission name="android.permission.READ_MEDIA_IMAGES" minSdkVersion="33" /> 899 <permission name="android.permission.READ_MEDIA_VIDEO" minSdkVersion="33" /> 900 <permission name="android.permission.READ_SMS" minSdkVersion="33" /> 901 <permission name="android.permission.READ_PEOPLE_DATA" /> 902 <permission name="android.permission.READ_GLOBAL_APP_SEARCH_DATA" /> 903 <permission name="android.permission.READ_BLOCKED_NUMBERS" 904 featureFlag="android.permission.flags.Flags.grantReadBlockedNumbersToSystemUiIntelligence" /> 905 </permissions> 906 </role> 907 908 <!--- 909 ~ A role for the system package that provides on-device intelligent processor for ambient 910 ~ audio. 911 ~ 912 ~ A package holding this role MUST comply with requirements outlined in the Android CDD 913 ~ section "9.8.6 Content Capture". 914 ~ Example link for Android 11: 915 ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture 916 ~ 917 ~ In addition, packages MUST NOT: 918 ~ - Request INTERNET permission. Instead packages MUST access the internet through 919 ~ well-defined APIs in an open source project. 920 ~ - Perform direct binds to other applications, except the following system packages: 921 ~ - Bluetooth 922 ~ - Contacts 923 ~ - Media 924 ~ - Telephony 925 ~ - System UI 926 ~ - Component providing internet APIs (see above) 927 ~ To achieve this packages MUST set up explicit <allow-association> configuration in the 928 ~ system config. 929 --> 930 <role 931 name="android.app.role.SYSTEM_AMBIENT_AUDIO_INTELLIGENCE" 932 defaultHolders="config_systemAmbientAudioIntelligence" 933 exclusive="true" 934 exclusivity="user" 935 minSdkVersion="31" 936 static="true" 937 systemOnly="true" 938 visible="false"> 939 <permissions> 940 <permission-set name="notifications" /> 941 <permission name="android.permission.CAPTURE_AUDIO_OUTPUT" /> 942 <permission name="android.permission.CAPTURE_MEDIA_OUTPUT" /> 943 <permission name="android.permission.CAPTURE_VOICE_COMMUNICATION_OUTPUT" /> 944 <permission name="android.permission.MODIFY_AUDIO_ROUTING" /> 945 <permission name="android.permission.RECORD_AUDIO" /> 946 <permission name="android.permission.CAPTURE_AUDIO_HOTWORD" /> 947 <permission name="android.permission.EXEMPT_FROM_AUDIO_RECORD_RESTRICTIONS" /> 948 <permission name="android.permission.MANAGE_SOUND_TRIGGER" /> 949 <permission name="android.permission.LOCATION_HARDWARE" /> 950 <permission name="android.permission.MANAGE_MUSIC_RECOGNITION" /> 951 <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" /> 952 <permission name="android.permission.READ_PHONE_STATE" minSdkVersion="33" /> 953 </permissions> 954 </role> 955 956 <!--- 957 ~ A role for the system package that provides on-device intelligent processor for audio. 958 ~ 959 ~ A package holding this role MUST comply with requirements outlined in the Android CDD 960 ~ section "9.8.6 Content Capture". 961 ~ Example link for Android 11: 962 ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture 963 ~ 964 ~ In addition, packages MUST NOT: 965 ~ - Request INTERNET permission. Instead packages MUST access the internet through 966 ~ well-defined APIs in an open source project. 967 ~ - Perform direct binds to other applications, except the following system packages: 968 ~ - Bluetooth 969 ~ - Contacts 970 ~ - Media 971 ~ - Telephony 972 ~ - System UI 973 ~ - Component providing internet APIs (see above) 974 ~ To achieve this packages MUST set up explicit <allow-association> configuration in the 975 ~ system config. 976 --> 977 <role 978 name="android.app.role.SYSTEM_AUDIO_INTELLIGENCE" 979 defaultHolders="config_systemAudioIntelligence" 980 exclusive="true" 981 exclusivity="user" 982 minSdkVersion="31" 983 static="true" 984 systemOnly="true" 985 visible="false"> 986 <permissions> 987 <permission-set name="notifications" /> 988 <permission name="android.permission.CAPTURE_AUDIO_OUTPUT" /> 989 <permission name="android.permission.CAPTURE_MEDIA_OUTPUT" /> 990 <permission name="android.permission.CAPTURE_VOICE_COMMUNICATION_OUTPUT" /> 991 <permission name="android.permission.CONTROL_INCALL_EXPERIENCE" /> 992 <permission name="android.permission.MODIFY_AUDIO_ROUTING" /> 993 <permission name="android.permission.MODIFY_PHONE_STATE" /> 994 <permission name="android.permission.READ_CALL_LOG" minSdkVersion="33" /> 995 <permission name="android.permission.READ_PHONE_STATE" minSdkVersion="33" /> 996 <permission name="android.permission.RECORD_AUDIO" /> 997 <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY" /> 998 <permission name="android.permission.SET_SYSTEM_AUDIO_CAPTION" minSdkVersion="33" /> 999 </permissions> 1000 </role> 1001 1002 <!--- 1003 ~ A role for the system package that provides on-device intelligent processor for 1004 ~ notifications. 1005 ~ 1006 ~ A package holding this role MUST comply with requirements outlined in the Android CDD 1007 ~ section "9.8.6 Content Capture". 1008 ~ Example link for Android 11: 1009 ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture 1010 ~ 1011 ~ In addition, packages MUST NOT: 1012 ~ - Request INTERNET permission. Instead packages MUST access the internet through 1013 ~ well-defined APIs in an open source project. 1014 ~ - Perform direct binds to other applications, except the following system packages: 1015 ~ - Bluetooth 1016 ~ - Contacts 1017 ~ - Media 1018 ~ - Telephony 1019 ~ - System UI 1020 ~ - Component providing internet APIs (see above) 1021 ~ To achieve this packages MUST set up explicit <allow-association> configuration in the 1022 ~ system config. 1023 --> 1024 <role 1025 name="android.app.role.SYSTEM_NOTIFICATION_INTELLIGENCE" 1026 defaultHolders="config_systemNotificationIntelligence" 1027 exclusive="true" 1028 exclusivity="user" 1029 minSdkVersion="31" 1030 static="true" 1031 systemOnly="true" 1032 visible="false"> 1033 <permissions> 1034 <permission-set name="notifications" /> 1035 <permission name="android.permission.REQUEST_NOTIFICATION_ASSISTANT_SERVICE" /> 1036 <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY" /> 1037 <!-- If this role holder has a NotificationListenerService, let that service receive 1038 notifications with sensitive content unredacted--> 1039 <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/> 1040 <permission name="android.permission.ACCESS_TEXT_CLASSIFIER_BY_TYPE" minSdkVersion="36" 1041 featureFlag="android.permission.flags.Flags.textClassifierChoiceApiEnabled"/> 1042 </permissions> 1043 <app-ops> 1044 <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> 1045 </app-ops> 1046 </role> 1047 1048 <!--- 1049 ~ A role for the system package that provides on-device intelligent processor for text. 1050 ~ 1051 ~ A package holding this role MUST comply with requirements outlined in the Android CDD 1052 ~ section "9.8.6 Content Capture". 1053 ~ Example link for Android 11: 1054 ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture 1055 ~ 1056 ~ In addition, packages MUST NOT: 1057 ~ - Request INTERNET permission. Instead packages MUST access the internet through 1058 ~ well-defined APIs in an open source project. 1059 ~ - Perform direct binds to other applications, except the following system packages: 1060 ~ - Bluetooth 1061 ~ - Contacts 1062 ~ - Media 1063 ~ - Telephony 1064 ~ - System UI 1065 ~ - Component providing internet APIs (see above) 1066 ~ To achieve this packages MUST set up explicit <allow-association> configuration in the 1067 ~ system config. 1068 --> 1069 <role 1070 name="android.app.role.SYSTEM_TEXT_INTELLIGENCE" 1071 defaultHolders="config_systemTextIntelligence" 1072 exclusive="true" 1073 exclusivity="user" 1074 minSdkVersion="31" 1075 static="true" 1076 systemOnly="true" 1077 visible="false"> 1078 <permissions> 1079 <permission-set name="notifications" /> 1080 <permission name="android.permission.ACCESS_BACKGROUND_LOCATION" minSdkVersion="33" /> 1081 <permission name="android.permission.ACCESS_COARSE_LOCATION" minSdkVersion="33" /> 1082 <permission name="android.permission.MANAGE_UI_TRANSLATION" /> 1083 <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY" /> 1084 <permission name="android.permission.READ_CLIPBOARD_IN_BACKGROUND" minSdkVersion="33" /> 1085 </permissions> 1086 </role> 1087 1088 <!--- 1089 ~ A role for the system package that provides on-device intelligent processor for visual 1090 ~ features. 1091 ~ 1092 ~ A package holding this role MUST comply with requirements outlined in the Android CDD 1093 ~ section "9.8.6 Content Capture". 1094 ~ Example link for Android 11: 1095 ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture 1096 ~ 1097 ~ In addition, packages MUST NOT: 1098 ~ - Request INTERNET permission. Instead packages MUST access the internet through 1099 ~ well-defined APIs in an open source project. 1100 ~ - Perform direct binds to other applications, except the following system packages: 1101 ~ - Bluetooth 1102 ~ - Contacts 1103 ~ - Media 1104 ~ - Telephony 1105 ~ - System UI 1106 ~ - Component providing internet APIs (see above) 1107 ~ To achieve this packages MUST set up explicit <allow-association> configuration in the 1108 ~ system config. 1109 --> 1110 <role 1111 name="android.app.role.SYSTEM_VISUAL_INTELLIGENCE" 1112 defaultHolders="config_systemVisualIntelligence" 1113 exclusive="true" 1114 exclusivity="user" 1115 minSdkVersion="31" 1116 static="true" 1117 systemOnly="true" 1118 visible="false"> 1119 <permissions> 1120 <permission-set name="notifications" /> 1121 <permission name="android.permission.CAMERA" /> 1122 <permission name="android.permission.SYSTEM_CAMERA" /> 1123 <permission name="android.permission.UPDATE_DEVICE_STATS" /> 1124 <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" /> 1125 </permissions> 1126 </role> 1127 1128 <!--- 1129 ~ A role for the system package that is allowed to manage documents (e.g., attach files etc.) 1130 ~ on the device. 1131 ~ A package holding this role must comply with the requirements outlined in the Android CDD 1132 ~ section "2.2.3. Software" under heading "3.2.3.1/H-0-1". 1133 ~ Example link for Android 11: 1134 ~ https://source.android.com/compatibility/11/android-11-cdd#2_2_3_software 1135 --> 1136 <role 1137 name="android.app.role.SYSTEM_DOCUMENT_MANAGER" 1138 behavior="v33.DocumentManagerRoleBehavior" 1139 exclusive="true" 1140 exclusivity="user" 1141 minSdkVersion="33" 1142 static="true" 1143 systemOnly="true" 1144 visible="false"> 1145 <required-components> 1146 <!--- Flag value is MATCH_DISABLED_COMPONENTS--> 1147 <activity queryFlags="0x00000200"> 1148 <intent-filter> 1149 <action name="android.intent.action.OPEN_DOCUMENT" /> 1150 <category name="android.intent.category.OPENABLE" /> 1151 <data mimeType="*/*" /> 1152 </intent-filter> 1153 </activity> 1154 </required-components> 1155 <permissions> 1156 <permission-set name="notifications" /> 1157 <permission name="android.permission.MANAGE_DOCUMENTS" /> 1158 <permission name="android.permission.CACHE_CONTENT" /> 1159 <permission name="android.permission.REMOVE_TASKS" /> 1160 </permissions> 1161 </role> 1162 1163 <!--- 1164 ~ A role for the system package that serves as the activity recognizer on the device. 1165 ~ This is the application that provides the data behind the activity recognition 1166 ~ runtime permission. 1167 --> 1168 <role 1169 name="android.app.role.SYSTEM_ACTIVITY_RECOGNIZER" 1170 allowBypassingQualification="true" 1171 defaultHolders="config_systemActivityRecognizer" 1172 exclusive="false" 1173 exclusivity="none" 1174 static="true" 1175 systemOnly="true" 1176 visible="false"> 1177 <required-components> 1178 <service> 1179 <intent-filter> 1180 <action name="android.intent.action.ACTIVITY_RECOGNIZER" /> 1181 </intent-filter> 1182 </service> 1183 </required-components> 1184 </role> 1185 1186 <!--- 1187 ~ A role for the system UI package. 1188 --> 1189 <role 1190 name="android.app.role.SYSTEM_UI" 1191 defaultHolders="config_systemUi" 1192 exclusive="true" 1193 exclusivity="user" 1194 minSdkVersion="31" 1195 static="true" 1196 systemOnly="true" 1197 visible="false"> 1198 <permissions> 1199 <permission-set name="notifications" /> 1200 <permission name="android.permission.MANAGE_SENSOR_PRIVACY" /> 1201 <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" /> 1202 <permission name="android.permission.ACCESS_AMBIENT_CONTEXT_EVENT" minSdkVersion="33"/> 1203 <!-- If this role holder has a NotificationListenerService, let that service receive 1204 notifications with sensitive content unredacted--> 1205 <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/> 1206 </permissions> 1207 <app-ops> 1208 <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> 1209 </app-ops> 1210 </role> 1211 1212 <!--- 1213 ~ A role for the package responsible for interacting with a TV remote. 1214 --> 1215 <role 1216 name="android.app.role.SYSTEM_TELEVISION_REMOTE_SERVICE" 1217 behavior="v31.TelevisionRoleBehavior" 1218 defaultHolders="config_systemTelevisionRemoteService" 1219 exclusive="true" 1220 exclusivity="user" 1221 minSdkVersion="31" 1222 static="true" 1223 systemOnly="true" 1224 visible="false"> 1225 <permissions> 1226 <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" /> 1227 </permissions> 1228 </role> 1229 1230 <!--- 1231 ~ A role for the companion device package that create and manage connections to connected 1232 ~ devices and perform app streaming to the devices. 1233 --> 1234 <role 1235 name="android.app.role.COMPANION_DEVICE_APP_STREAMING" 1236 behavior="v33.CompanionDeviceAppStreamingRoleBehavior" 1237 description="@string/role_app_streaming_description" 1238 exclusive="false" 1239 exclusivity="none" 1240 minSdkVersion="33" 1241 systemOnly="true" 1242 visible="false"> 1243 <permissions> 1244 <permission-set name="notifications" /> 1245 <permission-set name="virtual_device" /> 1246 <!-- For capturing audio from the app on the device. --> 1247 <permission name="android.permission.RECORD_AUDIO" /> 1248 <permission 1249 name="android.permission.ADD_MIRROR_DISPLAY" 1250 featureFlag="android.companion.virtualdevice.flags.Flags.enableLimitedVdmRole" /> 1251 <!--TODO(b/201605314) For calling Telecom framework API for audio streaming--> 1252 <!--<permission name="android.permission.PROVIDE_CALL_ENDPOINTS" />--> 1253 </permissions> 1254 </role> 1255 1256 <!--- 1257 ~ A role for the companion device package that allows connected computers to mirror 1258 ~ notifications and access photos and media from the phone. 1259 --> 1260 <role 1261 name="android.app.role.COMPANION_DEVICE_COMPUTER" 1262 allowBypassingQualification="true" 1263 behavior="v33.CompanionDeviceComputerRoleBehavior" 1264 description="@string/role_companion_device_computer_description" 1265 exclusive="false" 1266 exclusivity="none" 1267 minSdkVersion="33" 1268 systemOnly="true" 1269 visible="false"> 1270 <permissions> 1271 <permission-set name="notifications" /> 1272 <permission-set name="storage" /> 1273 <!-- If this role holder has a NotificationListenerService, let that service receive 1274 notifications with sensitive content unredacted--> 1275 <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/> 1276 </permissions> 1277 <app-ops> 1278 <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> 1279 </app-ops> 1280 </role> 1281 1282 <role 1283 name="android.app.role.COMPANION_DEVICE_GLASSES" 1284 behavior="v34.CompanionDeviceGlassesRoleBehavior" 1285 exclusive="false" 1286 exclusivity="none" 1287 minSdkVersion="34" 1288 systemOnly="false" 1289 visible="false"> 1290 <permissions> 1291 <permission-set name="contacts" /> 1292 <permission-set name="microphone" /> 1293 <permission-set name="nearby_devices" /> 1294 <permission-set name="notifications" /> 1295 <permission-set name="phone" /> 1296 <permission-set name="sms" /> 1297 <!-- If this role holder has a NotificationListenerService, let that service receive 1298 notifications with sensitive content unredacted--> 1299 <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/> 1300 </permissions> 1301 <app-op-permissions> 1302 <app-op-permission name="android.permission.MANAGE_ONGOING_CALLS" /> 1303 </app-op-permissions> 1304 <app-ops> 1305 <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> 1306 </app-ops> 1307 </role> 1308 1309 <role 1310 name="android.app.role.COMPANION_DEVICE_NEARBY_DEVICE_STREAMING" 1311 behavior="v34.CompanionDeviceNearbyDeviceStreamingRoleBehavior" 1312 exclusive="false" 1313 exclusivity="none" 1314 minSdkVersion="34" 1315 systemOnly="true" 1316 visible="false"> 1317 <permissions> 1318 <permission-set name="nearby_devices" /> 1319 <permission-set name="virtual_device" /> 1320 <permission-set name="notifications" 1321 featureFlag="android.companion.virtualdevice.flags.Flags.notificationsForDeviceStreaming" /> 1322 </permissions> 1323 </role> 1324 1325 <role 1326 name="android.app.role.SYSTEM_SUPERVISION" 1327 behavior="v33.SystemSupervisionRoleBehavior" 1328 defaultHolders="config_systemSupervision" 1329 exclusive="true" 1330 exclusivity="user" 1331 minSdkVersion="33" 1332 static="true" 1333 systemOnly="true" 1334 visible="false" > 1335 <permissions> 1336 <permission name="android.permission.ACCESS_INSTANT_APPS"/> 1337 <permission name="android.permission.KILL_UID" minSdkVersion="34"/> 1338 <permission name="android.permission.MANAGE_DEFAULT_APPLICATIONS" minSdkVersion="34"/> 1339 <permission name="android.permission.SUSPEND_APPS"/> 1340 <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY"/> 1341 <permission name="android.permission.MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT" 1342 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1343 <permission name="android.permission.MANAGE_DEVICE_POLICY_APP_RESTRICTIONS" 1344 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1345 <permission name="android.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL" 1346 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1347 <permission name="android.permission.MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES" 1348 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1349 <permission name="android.permission.MANAGE_DEVICE_POLICY_DISPLAY" 1350 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1351 <permission name="android.permission.MANAGE_DEVICE_POLICY_FACTORY_RESET" 1352 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1353 <permission name="android.permission.MANAGE_DEVICE_POLICY_FUN" 1354 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1355 <permission name="android.permission.MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES" 1356 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1357 <permission name="android.permission.MANAGE_DEVICE_POLICY_KEYGUARD" 1358 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1359 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCATION" 1360 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1361 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK" 1362 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1363 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK_CREDENTIALS" 1364 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1365 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK_TASK" 1366 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1367 <permission name="android.permission.MANAGE_DEVICE_POLICY_MODIFY_USERS" 1368 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1369 <permission name="android.permission.MANAGE_DEVICE_POLICY_PACKAGE_STATE" 1370 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1371 <permission name="android.permission.MANAGE_DEVICE_POLICY_RESET_PASSWORD" 1372 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1373 <permission name="android.permission.MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS" 1374 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1375 <permission name="android.permission.MANAGE_DEVICE_POLICY_SAFE_BOOT" 1376 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1377 <permission name="android.permission.MANAGE_DEVICE_POLICY_TIME" 1378 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1379 <permission name="android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS" 1380 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1381 </permissions> 1382 </role> 1383 1384 <!--- 1385 ~ A role for the package responsible for constructing managed device experiences, 1386 ~ including during provisioning. 1387 --> 1388 <role 1389 name="android.app.role.DEVICE_POLICY_MANAGEMENT" 1390 behavior="v33.DevicePolicyManagementRoleBehavior" 1391 defaultHolders="config_devicePolicyManagement" 1392 exclusive="true" 1393 exclusivity="user" 1394 minSdkVersion="33" 1395 static="true" 1396 systemOnly="false" 1397 visible="false"> 1398 <required-components> 1399 <activity permission="android.permission.LAUNCH_DEVICE_MANAGER_SETUP"> 1400 <intent-filter> 1401 <action name="android.app.action.ROLE_HOLDER_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE" /> 1402 </intent-filter> 1403 </activity> 1404 <activity permission="android.permission.LAUNCH_DEVICE_MANAGER_SETUP"> 1405 <intent-filter> 1406 <action name="android.app.action.ROLE_HOLDER_PROVISION_MANAGED_PROFILE" /> 1407 </intent-filter> 1408 </activity> 1409 <activity permission="android.permission.LAUNCH_DEVICE_MANAGER_SETUP"> 1410 <intent-filter> 1411 <action name="android.app.action.ROLE_HOLDER_PROVISION_FINALIZATION" /> 1412 </intent-filter> 1413 </activity> 1414 </required-components> 1415 <permissions> 1416 <permission-set name="notifications" /> 1417 <permission name="android.permission.BIND_DEVICE_ADMIN" /> 1418 <permission name="android.permission.MANAGE_DEVICE_ADMINS" /> 1419 <permission name="android.permission.NETWORK_MANAGED_PROVISIONING" /> 1420 <permission name="android.permission.PEERS_MAC_ADDRESS" /> 1421 <permission name="android.permission.USE_COLORIZED_NOTIFICATIONS" /> 1422 <permission name="android.permission.MASTER_CLEAR" /> 1423 <permission name="android.permission.WRITE_SECURE_SETTINGS" /> 1424 <permission name="android.permission.READ_PRIVILEGED_PHONE_STATE" /> 1425 <permission name="android.permission.START_ACTIVITIES_FROM_BACKGROUND" /> 1426 <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" /> 1427 <permission name="android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS" /> 1428 <permission name="android.permission.INTERACT_ACROSS_USERS" /> 1429 <permission name="android.permission.INTERACT_ACROSS_USERS_FULL" /> 1430 <permission name="com.android.permission.INSTALL_EXISTING_PACKAGES" /> 1431 <permission name="android.permission.DELETE_PACKAGES" /> 1432 <permission name="android.permission.ACCESS_PDB_STATE" /> 1433 <permission name="android.permission.MARK_DEVICE_ORGANIZATION_OWNED" /> 1434 <permission name="android.permission.CHANGE_COMPONENT_ENABLED_STATE" /> 1435 <permission name="android.permission.SET_TIME" /> 1436 <permission name="android.permission.SET_TIME_ZONE" /> 1437 <permission name="android.permission.CRYPT_KEEPER" /> 1438 <permission name="android.permission.SHUTDOWN" /> 1439 <permission name="android.permission.PERFORM_CDMA_PROVISIONING" /> 1440 <permission name="android.permission.CONFIGURE_INTERACT_ACROSS_PROFILES" /> 1441 <permission name="android.permission.WRITE_SETTINGS" /> 1442 <permission name="android.permission.CHANGE_CONFIGURATION" /> 1443 <permission name="android.permission.LAUNCH_DEVICE_MANAGER_SETUP" /> 1444 <permission name="android.permission.INSTALL_DPC_PACKAGES" /> 1445 <permission name="android.permission.QUERY_USERS" /> 1446 <permission name="android.permission.UPDATE_DEVICE_MANAGEMENT_RESOURCES" /> 1447 <permission name="android.permission.QUERY_ADMIN_POLICY" /> 1448 <permission name="android.permission.TRIGGER_LOST_MODE" /> 1449 <permission name="android.permission.MANAGE_DEVICE_POLICY_APP_EXEMPTIONS" minSdkVersion="34" /> 1450 <permission name="android.permission.MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT" minSdkVersion="34" /> 1451 <permission name="android.permission.MANAGE_DEVICE_POLICY_AIRPLANE_MODE" minSdkVersion="34" /> 1452 <permission name="android.permission.MANAGE_DEVICE_POLICY_CAMERA" minSdkVersion="34" /> 1453 <permission name="android.permission.MANAGE_DEVICE_POLICY_CERTIFICATES" minSdkVersion="34" /> 1454 <permission name="android.permission.MANAGE_DEVICE_POLICY_COMMON_CRITERIA_MODE" minSdkVersion="34" /> 1455 <permission name="android.permission.MANAGE_DEVICE_POLICY_DEFAULT_SMS" minSdkVersion="34" /> 1456 <permission name="android.permission.MANAGE_DEVICE_POLICY_FACTORY_RESET" minSdkVersion="34" /> 1457 <permission name="android.permission.MANAGE_DEVICE_POLICY_INPUT_METHODS" minSdkVersion="34" /> 1458 <permission name="android.permission.MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES" minSdkVersion="34" /> 1459 <permission name="android.permission.MANAGE_DEVICE_POLICY_KEYGUARD" minSdkVersion="34" /> 1460 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK" minSdkVersion="34" /> 1461 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK_CREDENTIALS" minSdkVersion="34" /> 1462 <permission name="android.permission.MANAGE_DEVICE_POLICY_MOBILE_NETWORK" minSdkVersion="34" /> 1463 <permission name="android.permission.MANAGE_DEVICE_POLICY_MTE" minSdkVersion="34" /> 1464 <permission name="android.permission.MANAGE_DEVICE_POLICY_PACKAGE_STATE" minSdkVersion="34" /> 1465 <permission name="android.permission.MANAGE_DEVICE_POLICY_PROFILES" minSdkVersion="34" /> 1466 <permission name="android.permission.MANAGE_DEVICE_POLICY_RESTRICT_PRIVATE_DNS" minSdkVersion="34" /> 1467 <permission name="android.permission.MANAGE_DEVICE_POLICY_SCREEN_CAPTURE" minSdkVersion="34" /> 1468 <permission name="android.permission.MANAGE_DEVICE_POLICY_SECURITY_LOGGING" minSdkVersion="34" /> 1469 <permission name="android.permission.MANAGE_DEVICE_POLICY_SUSPEND_PERSONAL_APPS" minSdkVersion="34" /> 1470 <permission name="android.permission.MANAGE_DEVICE_POLICY_SYSTEM_UPDATES" minSdkVersion="34" /> 1471 <permission name="android.permission.MANAGE_DEVICE_POLICY_TIME" minSdkVersion="34" /> 1472 <permission name="android.permission.MANAGE_DEVICE_POLICY_USB_DATA_SIGNALLING" minSdkVersion="34" /> 1473 <permission name="android.permission.MANAGE_DEVICE_POLICY_WIFI" minSdkVersion="34" /> 1474 <permission name="android.permission.MANAGE_DEVICE_POLICY_WIPE_DATA" minSdkVersion="34" /> 1475 <permission name="android.permission.SET_TIME" minSdkVersion="34" /> 1476 <permission name="android.permission.SET_TIME_ZONE" minSdkVersion="34" /> 1477 <permission name="android.permission.MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES" minSdkVersion="34" /> 1478 <permission name="android.permission.MANAGE_DEVICE_POLICY_MODIFY_USERS" minSdkVersion="34" /> 1479 <permission name="android.permission.MANAGE_DEVICE_POLICY_SAFE_BOOT" minSdkVersion="34" /> 1480 <permission name="android.permission.MANAGE_DEVICE_POLICY_MICROPHONE" minSdkVersion="34" /> 1481 <permission name="android.permission.MANAGE_DEVICE_POLICY_USB_FILE_TRANSFER" minSdkVersion="34" /> 1482 <permission name="android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL" minSdkVersion="34" /> 1483 <permission name="android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS" minSdkVersion="34" /> 1484 <permission name="android.permission.MANAGE_DEVICE_POLICY_CONTENT_PROTECTION" minSdkVersion="35" /> 1485 <permission name="android.permission.MANAGE_DEVICE_POLICY_QUERY_SYSTEM_UPDATES" minSdkVersion="35" /> 1486 <permission name="android.permission.MANAGE_DEVICE_POLICY_BLOCK_UNINSTALL" minSdkVersion="35" /> 1487 <permission name="android.permission.MANAGE_DEVICE_POLICY_CAMERA_TOGGLE" minSdkVersion="35" /> 1488 <permission name="android.permission.MANAGE_DEVICE_POLICY_MICROPHONE_TOGGLE" minSdkVersion="35" /> 1489 <permission name="android.permission.QUERY_DEVICE_STOLEN_STATE" minSdkVersion="35" /> 1490 <permission name="android.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING" minSdkVersion="35" /> 1491 <permission name="android.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL" minSdkVersion="35" /> 1492 <permission name="android.permission.MANAGE_DEVICE_POLICY_WALLPAPER" minSdkVersion="35" /> 1493 <permission name="android.permission.MANAGE_DEVICE_POLICY_VPN" minSdkVersion="35" /> 1494 <permission name="android.permission.MANAGE_DEVICE_POLICY_AUTOFILL" minSdkVersion="35" /> 1495 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCATION" minSdkVersion="35" /> 1496 <permission name="android.permission.MANAGE_DEVICE_POLICY_DISPLAY" minSdkVersion="35" /> 1497 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCALE" minSdkVersion="35" /> 1498 <permission name="android.permission.MANAGE_DEVICE_POLICY_SMS" minSdkVersion="35" /> 1499 <permission name="android.permission.MANAGE_DEVICE_POLICY_APP_FUNCTIONS" 1500 featureFlag="android.app.appfunctions.flags.Flags.enableAppFunctionManager" /> 1501 <permission name="android.permission.MANAGE_DEFAULT_APPLICATIONS" minSdkVersion="36" 1502 featureFlag="com.android.permission.flags.Flags.crossUserRoleEnabled" /> 1503 </permissions> 1504 </role> 1505 1506 <role 1507 name="android.app.role.SYSTEM_APP_PROTECTION_SERVICE" 1508 defaultHolders="config_systemAppProtectionService" 1509 exclusive="true" 1510 exclusivity="user" 1511 minSdkVersion="33" 1512 static="true" 1513 systemOnly="true" 1514 visible="false"> 1515 <permissions> 1516 <permission-set name="notifications" /> 1517 <permission name="android.permission.GET_HISTORICAL_APP_OPS_STATS" /> 1518 <permission name="android.permission.READ_SMS" /> 1519 <permission name="android.permission.RECEIVE_SMS" /> 1520 <permission name="android.permission.GET_BACKGROUND_INSTALLED_PACKAGES" minSdkVersion="35" /> 1521 <permission name="android.permission.START_ACTIVITIES_FROM_BACKGROUND" /> 1522 <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" /> 1523 <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY" /> 1524 </permissions> 1525 <app-op-permissions> 1526 <app-op-permission name="android.permission.SYSTEM_ALERT_WINDOW" /> 1527 </app-op-permissions> 1528 </role> 1529 1530 <!--- 1531 ~ A role for the system package that handles syncing calendar from another device on 1532 ~ Automotive. 1533 --> 1534 <role 1535 name="android.app.role.SYSTEM_AUTOMOTIVE_CALENDAR_SYNC_MANAGER" 1536 behavior="v31.AutomotiveRoleBehavior" 1537 defaultHolders="config_systemAutomotiveCalendarSyncManager" 1538 exclusive="true" 1539 exclusivity="user" 1540 minSdkVersion="33" 1541 static="true" 1542 systemOnly="true" 1543 visible="false"> 1544 <permissions> 1545 <permission name="android.permission.READ_CALENDAR" /> 1546 <permission name="android.permission.WRITE_CALENDAR" /> 1547 </permissions> 1548 </role> 1549 1550 <!--- 1551 ~ A role for the package that handles navigation on the Automotive. 1552 ~ This is the application that provides point-of-interest search and 1553 ~ turn-by-turn navigation guidance. 1554 --> 1555 <role 1556 name="android.app.role.AUTOMOTIVE_NAVIGATION" 1557 behavior="v31.AutomotiveRoleBehavior" 1558 defaultHolders="config_defaultAutomotiveNavigation" 1559 description="@string/role_automotive_navigation_description" 1560 exclusive="true" 1561 exclusivity="user" 1562 label="@string/role_automotive_navigation_label" 1563 minSdkVersion="33" 1564 overrideUserWhenGranting="true" 1565 requestDescription="@string/role_automotive_navigation_request_description" 1566 requestTitle="@string/role_automotive_navigation_request_title" 1567 shortLabel="@string/role_automotive_navigation_short_label"> 1568 <required-components> 1569 <activity> 1570 <intent-filter> 1571 <action name="android.intent.action.MAIN" /> 1572 <category name="android.intent.category.APP_MAPS" /> 1573 </intent-filter> 1574 </activity> 1575 <activity> 1576 <intent-filter> 1577 <action name="android.intent.action.NAVIGATE" /> 1578 <data scheme="geo" /> 1579 </intent-filter> 1580 </activity> 1581 <activity> 1582 <intent-filter> 1583 <action name="android.intent.action.MAIN" /> 1584 <category name="android.car.cluster.NAVIGATION" /> 1585 </intent-filter> 1586 </activity> 1587 </required-components> 1588 <preferred-activities> 1589 <preferred-activity> 1590 <activity> 1591 <intent-filter> 1592 <action name="android.intent.action.MAIN" /> 1593 <category name="android.intent.category.APP_MAPS" /> 1594 </intent-filter> 1595 </activity> 1596 <intent-filter> 1597 <action name="android.intent.action.MAIN" /> 1598 <category name="android.intent.category.APP_MAPS" /> 1599 </intent-filter> 1600 </preferred-activity> 1601 <preferred-activity> 1602 <activity> 1603 <intent-filter> 1604 <action name="android.intent.action.NAVIGATE" /> 1605 <data scheme="geo" /> 1606 </intent-filter> 1607 </activity> 1608 <intent-filter> 1609 <action name="android.intent.action.NAVIGATE" /> 1610 <data scheme="geo" /> 1611 </intent-filter> 1612 </preferred-activity> 1613 <preferred-activity> 1614 <activity> 1615 <intent-filter> 1616 <action name="android.intent.action.MAIN" /> 1617 <category name="android.car.cluster.NAVIGATION" /> 1618 </intent-filter> 1619 </activity> 1620 <intent-filter> 1621 <action name="android.intent.action.MAIN" /> 1622 <category name="android.car.cluster.NAVIGATION" /> 1623 </intent-filter> 1624 </preferred-activity> 1625 </preferred-activities> 1626 </role> 1627 1628 <!--- 1629 ~ A role for the package that handles AI features for the settings app 1630 --> 1631 <role 1632 name="android.app.role.SYSTEM_SETTINGS_INTELLIGENCE" 1633 defaultHolders="config_systemSettingsIntelligence" 1634 exclusive="true" 1635 exclusivity="user" 1636 minSdkVersion="33" 1637 static="true" 1638 systemOnly="true" 1639 visible="false"> 1640 <permissions> 1641 <permission-set name="notifications" /> 1642 <permission name="android.permission.INTERACT_ACROSS_USERS_FULL" minSdkVersion="34" /> 1643 </permissions> 1644 </role> 1645 1646 <!--- 1647 ~ A role for the package that handles Bluetooth for the device 1648 --> 1649 <role 1650 name="android.app.role.SYSTEM_BLUETOOTH_STACK" 1651 defaultHolders="config_systemBluetoothStack" 1652 exclusive="true" 1653 exclusivity="user" 1654 minSdkVersion="33" 1655 static="true" 1656 systemOnly="true" 1657 visible="false"> 1658 <permissions> 1659 <permission name="android.permission.NETWORK_FACTORY" /> 1660 <permission name="android.permission.BLUETOOTH_MAP" /> 1661 <permission name="android.permission.BLUETOOTH_STACK" /> 1662 <permission name="android.permission.NET_ADMIN" /> 1663 <permission name="android.permission.LISTEN_ALWAYS_REPORTED_SIGNAL_STRENGTH" /> 1664 <permission name="android.permission.MANAGE_APP_OPS_MODES" /> 1665 <permission name="android.permission.MANAGE_COMPANION_DEVICES" /> 1666 <permission name="android.permission.QUERY_AUDIO_STATE" /> 1667 <permission name="android.permission.DEVICE_POWER" /> 1668 <permission name="android.permission.NET_TUNNELING" /> 1669 </permissions> 1670 </role> 1671 1672 <!-- 1673 ~ A role assigned to the financing kiosk app 1674 --> 1675 <role 1676 name="android.app.role.FINANCED_DEVICE_KIOSK" 1677 exclusive="true" 1678 exclusivity="user" 1679 minSdkVersion="34" 1680 visible="false"> 1681 <permissions> 1682 <permission-set name="notifications" /> 1683 <permission name="android.permission.MANAGE_DEVICE_LOCK_STATE" /> 1684 </permissions> 1685 </role> 1686 1687 <!-- 1688 ~ A role assigned to the device lock controller 1689 --> 1690 <role 1691 name="android.app.role.SYSTEM_FINANCED_DEVICE_CONTROLLER" 1692 defaultHolders="config_systemFinancedDeviceController" 1693 exclusive="true" 1694 exclusivity="user" 1695 minSdkVersion="34" 1696 static="true" 1697 systemOnly="true" 1698 visible="false"> 1699 <permissions> 1700 <permission-set name="notifications" /> 1701 <permission name="android.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL" /> 1702 <permission name="android.permission.MANAGE_DEVICE_POLICY_CALLS" /> 1703 <permission name="android.permission.MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES" /> 1704 <permission name="android.permission.MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES" /> 1705 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK_TASK" /> 1706 <permission name="android.permission.MANAGE_DEVICE_POLICY_SAFE_BOOT" /> 1707 <permission name="android.permission.MANAGE_DEVICE_POLICY_TIME" /> 1708 <permission name="android.permission.MASTER_CLEAR" /> 1709 <permission name="android.permission.INTERACT_ACROSS_USERS" /> 1710 <permission name="android.permission.READ_PRIVILEGED_PHONE_STATE" /> 1711 </permissions> 1712 </role> 1713 1714 <!--- 1715 ~ A role for the wear health service that handles health/fitness tracking features. 1716 --> 1717 <role 1718 name="android.app.role.SYSTEM_WEAR_HEALTH_SERVICE" 1719 behavior="v33.SystemWearHealthServiceRoleBehavior" 1720 defaultHolders="config_systemWearHealthService" 1721 exclusive="true" 1722 exclusivity="user" 1723 minSdkVersion="33" 1724 static="true" 1725 systemOnly="true" 1726 visible="false"> 1727 <permissions> 1728 <permission-set name="sensors" /> 1729 <permission-set name="location" /> 1730 <permission name="android.permission.ACCESS_BACKGROUND_LOCATION" /> 1731 <permission name="android.permission.ACTIVITY_RECOGNITION" /> 1732 <permission 1733 name="android.permission.health.READ_HEART_RATE" 1734 featureFlag="android.permission.flags.Flags.replaceBodySensorPermissionEnabled" /> 1735 <permission 1736 name="android.permission.health.READ_HEALTH_DATA_IN_BACKGROUND" 1737 featureFlag="android.permission.flags.Flags.replaceBodySensorPermissionEnabled" /> 1738 </permissions> 1739 </role> 1740 1741 <!--- 1742 ~ A role for the package that responds to system notes actions. 1743 --> 1744 <role 1745 name="android.app.role.NOTES" 1746 behavior="v34.NotesRoleBehavior" 1747 defaultHolders="config_defaultNotes" 1748 description="@string/role_notes_description" 1749 exclusive="true" 1750 exclusivity="user" 1751 label="@string/role_notes_label" 1752 minSdkVersion="34" 1753 overrideUserWhenGranting="true" 1754 requestable="false" 1755 searchKeywords="@string/role_notes_search_keywords" 1756 shortLabel="@string/role_notes_short_label" 1757 showNone="true"> 1758 <required-components> 1759 <!-- Flag value is FLAG_SHOW_WHEN_LOCKED | FLAG_TURN_SCREEN_ON --> 1760 <activity flags="0x1800000"> 1761 <intent-filter> 1762 <action name="android.intent.action.CREATE_NOTE" /> 1763 </intent-filter> 1764 </activity> 1765 </required-components> 1766 <preferred-activities> 1767 <preferred-activity> 1768 <!-- Flag value is FLAG_SHOW_WHEN_LOCKED | FLAG_TURN_SCREEN_ON --> 1769 <activity flags="0x1800000"> 1770 <intent-filter> 1771 <action name="android.intent.action.CREATE_NOTE" /> 1772 </intent-filter> 1773 </activity> 1774 <intent-filter> 1775 <action name="android.intent.action.CREATE_NOTE" /> 1776 </intent-filter> 1777 </preferred-activity> 1778 </preferred-activities> 1779 <permissions> 1780 <permission name="android.permission.LAUNCH_CAPTURE_CONTENT_ACTIVITY_FOR_NOTE" minSdkVersion="34"/> 1781 </permissions> 1782 </role> 1783 1784 <!--- 1785 ~ A role for the package that streams calls to other devices. 1786 --> 1787 <role 1788 name="android.app.role.SYSTEM_CALL_STREAMING" 1789 allowBypassingQualification="true" 1790 defaultHolders="config_systemCallStreaming" 1791 exclusive="true" 1792 exclusivity="user" 1793 minSdkVersion="34" 1794 static="true" 1795 systemOnly="true" 1796 visible="false"> 1797 <permissions> 1798 <permission name="android.permission.CALL_AUDIO_INTERCEPTION" /> 1799 <permission name="android.permission.RECORD_AUDIO" /> 1800 </permissions> 1801 <required-components> 1802 <service permission="android.permission.BIND_CALL_STREAMING_SERVICE"> 1803 <intent-filter> 1804 <action name="android.telecom.CallStreamingService" /> 1805 </intent-filter> 1806 </service> 1807 </required-components> 1808 </role> 1809 1810 <role 1811 name="android.app.role.RETAIL_DEMO" 1812 behavior="v35.RetailDemoRoleBehavior" 1813 defaultHolders="config_defaultRetailDemo" 1814 exclusive="true" 1815 exclusivity="user" 1816 minSdkVersion="35" 1817 static="true" 1818 visible="false"> 1819 <permissions> 1820 <permission name="android.permission.ACCESS_BLOBS_ACROSS_USERS" /> 1821 <permission name="android.permission.CHANGE_CONFIGURATION" /> 1822 <permission name="android.permission.MODIFY_DAY_NIGHT_MODE" /> 1823 <permission name="android.permission.MODIFY_PHONE_STATE" /> 1824 <permission name="android.permission.OBSERVE_APP_USAGE" /> 1825 <permission name="android.permission.QUERY_USERS" /> 1826 <permission name="android.permission.READ_PRIVILEGED_PHONE_STATE" /> 1827 <permission name="android.permission.START_ACTIVITIES_FROM_BACKGROUND" /> 1828 <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" /> 1829 <permission name="android.permission.WRITE_SETTINGS" /> 1830 </permissions> 1831 <app-op-permissions> 1832 <app-op-permission name="android.permission.PACKAGE_USAGE_STATS" /> 1833 </app-op-permissions> 1834 </role> 1835 1836 <role 1837 name="android.app.role.WALLET" 1838 behavior="v35.WalletRoleBehavior" 1839 defaultHolders="config_defaultWallet" 1840 description="@string/role_wallet_description" 1841 exclusive="true" 1842 exclusivity="profileGroup" 1843 label="@string/role_wallet_label" 1844 minSdkVersion="35" 1845 overrideUserWhenGranting="true" 1846 requestable="true" 1847 requestDescription="@string/role_wallet_request_description" 1848 requestTitle="@string/role_wallet_request_title" 1849 showNone="true" 1850 shortLabel="@string/role_wallet_short_label" 1851 uiBehavior="v35.WalletRoleUiBehavior"/> 1852 1853 <role 1854 name="android.app.role.SYSTEM_DEPENDENCY_INSTALLER" 1855 allowBypassingQualification="true" 1856 defaultHolders="config_systemDependencyInstaller" 1857 exclusive="true" 1858 exclusivity="user" 1859 featureFlag="android.content.pm.Flags.sdkDependencyInstaller" 1860 static="true" 1861 systemOnly="true" 1862 visible="false"> 1863 <required-components> 1864 <service permission="android.permission.BIND_DEPENDENCY_INSTALLER"> 1865 <intent-filter> 1866 <action name="android.content.pm.action.INSTALL_DEPENDENCY" /> 1867 </intent-filter> 1868 </service> 1869 </required-components> 1870 <permissions> 1871 <permission name="android.permission.ACCESS_SHARED_LIBRARIES" /> 1872 <permission name="android.permission.INSTALL_DEPENDENCY_SHARED_LIBRARIES" /> 1873 </permissions> 1874 </role> 1875 1876 <!--- 1877 ~ A role for testing cross-user roles (exclusivity="profileGroup"). This should never be used 1878 ~ to gate any actual functionality. 1879 --> 1880 <role 1881 name="android.app.role.RESERVED_FOR_TESTING_PROFILE_GROUP_EXCLUSIVITY" 1882 behavior="v36.ReservedForTestingProfileGroupExclusivityRoleBehavior" 1883 description="@string/role_for_testing_profile_group_exclusivity_description" 1884 exclusive="true" 1885 exclusivity="profileGroup" 1886 fallBackToDefaultHolder="true" 1887 featureFlag="com.android.permission.flags.Flags.crossUserRoleEnabled" 1888 label="@string/role_for_testing_profile_group_exclusivity_label" 1889 minSdkVersion="36" 1890 requestable="true" 1891 requestDescription="@string/role_for_testing_profile_group_exclusivity_request_description" 1892 requestTitle="@string/role_for_testing_profile_group_exclusivity_request_title" 1893 shortLabel="@string/role_for_testing_profile_group_exclusivity_short_label" 1894 showNone="true" 1895 uiBehavior="v36.ReservedForTestingProfileGroupExclusivityRoleUiBehavior" 1896 visible="false"/> 1897 1898 <!--- 1899 ~ A role for the vendor package that provides privacy-preserving intelligent processor for 1900 ~ vendor specific features. 1901 ~ 1902 ~ A package holding this role MUST comply with requirements outlined in the Android CDD 1903 ~ section "9.8.6 Content Capture". 1904 ~ Example link for Android 15: 1905 ~ https://source.android.com/docs/compatibility/15/android-15-cdd#986_os-level_and_ambient_data 1906 ~ 1907 ~ In addition, packages MUST NOT: 1908 ~ - Request INTERNET permission. Instead packages MUST access the internet through 1909 ~ well-defined APIs in an open source project. 1910 ~ - Perform direct binds to other applications, except the following system packages or 1911 ~ other preloaded packages conforming with the requirements here: 1912 ~ - Bluetooth 1913 ~ - Contacts 1914 ~ - Media 1915 ~ - Telephony 1916 ~ - System UI 1917 ~ - Component providing internet APIs (see above) 1918 ~ To achieve this packages MUST set up explicit <allow-association> configuration in the 1919 ~ system config. 1920 --> 1921 <role 1922 name="android.app.role.SYSTEM_VENDOR_INTELLIGENCE" 1923 defaultHolders="config_systemVendorIntelligence" 1924 exclusive="true" 1925 exclusivity="user" 1926 featureFlag="android.permission.flags.Flags.systemVendorIntelligenceRoleEnabled" 1927 static="true" 1928 systemOnly="true" 1929 visible="false"> 1930 <permissions> 1931 <permission name="android.permission.ACCESS_BACKGROUND_LOCATION" /> 1932 <permission name="android.permission.ACCESS_COARSE_LOCATION" /> 1933 <permission name="android.permission.ACCESS_FINE_LOCATION" /> 1934 <permission name="android.permission.READ_MEDIA_IMAGES" /> 1935 <permission name="android.permission.READ_MEDIA_VIDEO" /> 1936 </permissions> 1937 </role> 1938 1939 <role 1940 name="android.app.role.COMPANION_DEVICE_VIRTUAL_DEVICE" 1941 allowBypassingQualification="true" 1942 exclusive="false" 1943 exclusivity="none" 1944 featureFlag="android.companion.virtualdevice.flags.Flags.enableLimitedVdmRole" 1945 systemOnly="true" 1946 visible="false"> 1947 <permissions> 1948 <permission-set name="nearby_devices" /> 1949 <permission-set name="notifications" /> 1950 <permission name="android.permission.CREATE_VIRTUAL_DEVICE"/> 1951 </permissions> 1952 </role> 1953 1954</roles> 1955