1package: "android.permission.flags" 2container: "system" 3 4flag { 5 name: "device_aware_permission_apis_enabled" 6 is_exported: true 7 is_fixed_read_only: true 8 namespace: "permissions" 9 description: "enable device aware permission APIs" 10 bug: "274852670" 11} 12 13flag { 14 name: "voice_activation_permission_apis" 15 is_exported: true 16 namespace: "permissions" 17 description: "enable voice activation permission APIs" 18 bug: "287264308" 19} 20 21flag { 22 name: "system_server_role_controller_enabled" 23 is_exported: true 24 is_fixed_read_only: true 25 namespace: "permissions" 26 description: "enable role controller in system server" 27 bug: "302562590" 28} 29 30flag { 31 name: "set_next_attribution_source" 32 is_exported: true 33 namespace: "permissions" 34 description: "enable AttributionSource.setNextAttributionSource" 35 bug: "304478648" 36} 37 38flag { 39 name: "should_register_attribution_source" 40 is_exported: true 41 namespace: "permissions" 42 description: "enable the shouldRegisterAttributionSource API" 43 bug: "305057691" 44} 45 46flag { 47 name: "enhanced_confirmation_mode_apis_enabled" 48 is_exported: true 49 is_fixed_read_only: true 50 namespace: "permissions" 51 description: "enable enhanced confirmation mode apis" 52 bug: "310220212" 53} 54 55flag { 56 name: "enhanced_confirmation_in_call_apis_enabled" 57 is_exported: true 58 is_fixed_read_only: true 59 namespace: "permissions" 60 description: "DEPRECATED, does not gate any apis" 61 bug: "364535720" 62} 63 64flag { 65 name: "unknown_call_package_install_blocking_enabled" 66 is_exported: true 67 is_fixed_read_only: true 68 namespace: "permissions" 69 description: "enable the blocking of certain app installs during an unknown call" 70 bug: "364535720" 71} 72 73flag { 74 name: "unknown_call_setting_blocked_logging_enabled" 75 is_exported: true 76 is_fixed_read_only: true 77 namespace: "permissions" 78 description: "enable the metrics when blocking certain app installs during an unknown call" 79 bug: "364535720" 80 81 metadata { 82 purpose: PURPOSE_BUGFIX 83 } 84} 85 86flag { 87 name: "op_enable_mobile_data_by_user" 88 is_exported: true 89 namespace: "permissions" 90 description: "enables logging of the OP_ENABLE_MOBILE_DATA_BY_USER" 91 bug: "222650148" 92} 93 94flag { 95 name: "factory_reset_prep_permission_apis" 96 is_exported: true 97 namespace: "wallet_integration" 98 description: "enable Permission PREPARE_FACTORY_RESET." 99 bug: "302016478" 100} 101 102flag { 103 name: "retail_demo_role_enabled" 104 is_exported: true 105 namespace: "permissions" 106 description: "default retail demo role holder" 107 bug: "274132354" 108} 109 110flag { 111 name: "server_side_attribution_registration" 112 namespace: "permissions" 113 description: "controls whether the binder representing an AttributionSource is created in the system server, or client process" 114 bug: "310953959" 115} 116 117flag { 118 name: "wallet_role_enabled" 119 is_exported: true 120 namespace: "wallet_integration" 121 description: "This flag is used to enabled the Wallet Role for all users on the device" 122 bug: "283989236" 123} 124 125# This flag is enabled since V but not a MUST requirement in CDD yet, so it needs to stay around 126# for now and any code working with it should keep checking the flag. 127flag { 128 name: "signature_permission_allowlist_enabled" 129 is_fixed_read_only: true 130 namespace: "permissions" 131 description: "Enable signature permission allowlist" 132 bug: "308573169" 133} 134 135flag { 136 name: "sensitive_notification_app_protection" 137 is_exported: true 138 # Referenced in WM where WM starts before DeviceConfig 139 is_fixed_read_only: true 140 namespace: "permissions" 141 description: "This flag controls the sensitive notification app protections while screen sharing" 142 bug: "312784351" 143} 144 145flag { 146 name: "sensitive_content_improvements" 147 # Referenced in WM where WM starts before DeviceConfig 148 is_fixed_read_only: true 149 namespace: "permissions" 150 description: "Improvements to sensitive content/notification features, such as the Toast UX." 151 bug: "301960090" 152 153} 154 155flag { 156 name: "sensitive_content_metrics_bugfix" 157 # Referenced in WM where WM starts before DeviceConfig 158 is_fixed_read_only: true 159 namespace: "permissions" 160 description: "Enables metrics bugfixes for sensitive content/notification features" 161 bug: "312784351" 162 163 metadata { 164 purpose: PURPOSE_BUGFIX 165 } 166} 167 168flag { 169 name: "sensitive_content_recents_screenshot_bugfix" 170 # Referenced in WM where WM starts before DeviceConfig 171 is_fixed_read_only: true 172 namespace: "permissions" 173 description: "Enables recents screenshot bugfixes for sensitive content/notification features" 174 bug: "312784351" 175 metadata { 176 purpose: PURPOSE_BUGFIX 177 } 178} 179 180flag { 181 name: "device_aware_permissions_enabled" 182 is_exported: true 183 is_fixed_read_only: true 184 namespace: "permissions" 185 description: "When the flag is off no permissions can be device aware" 186 bug: "274852670" 187} 188 189flag { 190 name: "get_emergency_role_holder_api_enabled" 191 is_exported: true 192 is_fixed_read_only: true 193 namespace: "permissions" 194 description: "Enables the getEmergencyRoleHolder API." 195 bug: "323157319" 196} 197 198flag { 199 name: "ignore_process_text" 200 namespace: "permissions" 201 description: "Ignore activities that handle PROCESS_TEXT in TextView" 202 bug: "325356776" 203} 204 205flag { 206 name: "finish_running_ops_for_killed_packages" 207 namespace: "permissions" 208 description: "Finish all appops for a dead app process" 209 bug: "234630570" 210 metadata { 211 purpose: PURPOSE_BUGFIX 212 } 213} 214 215flag { 216 name: "runtime_permission_appops_mapping_enabled" 217 is_fixed_read_only: true 218 namespace: "permissions" 219 description: "Use runtime permission state to determine appop state" 220 bug: "266164193" 221} 222 223flag { 224 name: "device_id_in_op_proxy_info_enabled" 225 is_fixed_read_only: true 226 namespace: "permissions" 227 description: "Enable getDeviceId API in OpEventProxyInfo" 228 bug: "337340961" 229 is_exported: true 230} 231 232flag { 233 name: "device_aware_app_op_new_schema_enabled" 234 is_fixed_read_only: true 235 namespace: "permissions" 236 description: "Persist device attributed AppOp accesses on the disk" 237 bug: "308201969" 238} 239 240flag { 241 name: "check_op_validate_package" 242 namespace: "permissions" 243 description: "Validate package/uid match in checkOp similar to noteOp" 244 bug: "294609684" 245} 246 247flag { 248 name: "location_bypass_privacy_dashboard_enabled" 249 is_exported: true 250 namespace: "permissions" 251 description: "Show access entry of location bypass permission in the Privacy Dashboard" 252 bug: "325536053" 253} 254 255flag { 256 name: "dont_remove_existing_uid_states" 257 is_fixed_read_only: true 258 namespace: "permissions" 259 description: "Double check if the uid still exists before attempting to remove its appops state" 260 bug: "353474742" 261 metadata { 262 purpose: PURPOSE_BUGFIX 263 } 264} 265 266flag { 267 name: "sync_on_op_noted_api" 268 namespace: "permissions" 269 description: "New setOnOpNotedCallback API to allow subscribing to only sync ops." 270 bug: "372910217" 271 is_exported: true 272} 273 274flag { 275 name: "use_frozen_aware_remote_callback_list" 276 namespace: "permissions" 277 description: "Whether to use the new frozen-aware RemoteCallbackList API for op noted callbacks." 278 bug: "361157077" 279} 280 281flag { 282 name: "wallet_role_icon_property_enabled" 283 is_exported: true 284 namespace: "wallet_integration" 285 description: "This flag is used to enabled the Wallet Role s icon fetching from manifest property" 286 bug: "349942654" 287} 288 289flag { 290 name: "appop_access_tracking_logging_enabled" 291 is_fixed_read_only: true 292 namespace: "permissions" 293 description: "Enables logging of the AppOp access tracking" 294 bug: "365584286" 295} 296 297flag { 298 name: "replace_body_sensor_permission_enabled" 299 is_fixed_read_only: true 300 is_exported: true 301 namespace: "android_health_services" 302 description: "Enables replacement of BODY_SENSORS/BODY_SENSORS_BACKGROUND permissions with granular health permissions READ_HEART_RATE, READ_SKIN_TEMPERATURE, READ_OXYGEN_SATURATION, and READ_HEALTH_DATA_IN_BACKGROUND" 303 bug: "364638912" 304} 305 306flag { 307 name: "delay_uid_state_changes_from_capability_updates" 308 is_fixed_read_only: true 309 namespace: "permissions" 310 description: "If proc state is decreasing over the restriction threshold and capability is changed, delay if no new capabilities are added" 311 bug: "347891382" 312 metadata { 313 purpose: PURPOSE_BUGFIX 314 } 315} 316 317flag { 318 name: "allow_host_permission_dialogs_on_virtual_devices" 319 is_exported: true 320 namespace: "permissions" 321 description: "Allow host device permission dialogs (i.e., dialogs for non device-aware permissions) to be shown on virtual devices" 322 bug: "371173672" 323} 324 325flag { 326 name: "appop_mode_caching_enabled" 327 is_fixed_read_only: true 328 namespace: "permissions" 329 description: "Enable AppOp mode caching in AppOpsManager" 330 bug: "366013082" 331} 332 333flag { 334 name: "permission_tree_apis_deprecated" 335 is_fixed_read_only: true 336 is_exported: true 337 namespace: "permissions" 338 description: "This flag is used to deprecate permission tree related APIs" 339 bug: "376535612" 340} 341 342flag { 343 name: "enable_otp_in_text_classifiers" 344 is_fixed_read_only: true 345 is_exported: true 346 namespace: "permissions" 347 description: "Enables ExtServices to leverage TextClassifier for OTP detection" 348 bug: "351976749" 349} 350 351flag { 352 name: "health_connect_backup_restore_permission_enabled" 353 is_fixed_read_only: true 354 namespace: "health_fitness_aconfig" 355 description: "This flag protects the permission that is required to call Health Connect backup and restore apis" 356 bug: "324019102" # android_fr bug 357 is_exported: true 358} 359 360flag { 361 name: "enable_aiai_proxied_text_classifiers" 362 is_fixed_read_only: true 363 is_exported: true 364 namespace: "permissions" 365 description: "Enables the AiAi to utilize the default OTP text classifier that is also used by ExtServices" 366 bug: "377229653" 367} 368 369flag { 370 name: "enable_sqlite_appops_accesses" 371 is_fixed_read_only: true 372 is_exported: true 373 namespace: "permissions" 374 description: "Enables SQlite for recording individual/discrete AppOp accesses" 375 bug: "377584611" 376} 377 378flag { 379 name: "enable_all_sqlite_appops_accesses" 380 is_fixed_read_only: true 381 is_exported: true 382 namespace: "permissions" 383 description: "Enables SQlite for storing aggregated & individual/discrete AppOp accesses" 384 bug: "377584611" 385} 386 387flag { 388 name: "record_all_runtime_appops_sqlite" 389 is_fixed_read_only: true 390 is_exported: true 391 namespace: "permissions" 392 description: "Enables recording of all runtime app ops into SQlite" 393 bug: "377584611" 394} 395 396flag { 397 name: "ranging_permission_enabled" 398 is_fixed_read_only: true 399 is_exported: true 400 namespace: "uwb" 401 description: "This fixed read-only flag is used to enable new ranging permission for all ranging use cases." 402 bug: "370977414" 403} 404 405flag { 406 name: "system_selection_toolbar_enabled" 407 namespace: "permissions" 408 description: "Enables the system selection toolbar feature." 409 bug: "363318732" 410} 411 412flag { 413 name: "use_system_selection_toolbar_in_sysui" 414 namespace: "permissions" 415 description: "Uses the SysUi process to host the SelectionToolbarRenderService." 416 bug: "363318732" 417} 418 419flag { 420 name: "note_op_batching_enabled" 421 is_fixed_read_only: true 422 is_exported: true 423 namespace: "permissions" 424 description: "Batch noteOperations on the client to reduce binder call volume" 425 bug: "366013082" 426} 427 428flag { 429 name: "supervision_role_permission_update_enabled" 430 is_fixed_read_only: true 431 is_exported: true 432 namespace: "supervision" 433 description: "This flag is used to enable all the remaining permissions required to the supervision role" 434 bug: "367333883" 435} 436 437flag { 438 name: "permission_request_short_circuit_enabled" 439 is_fixed_read_only: true 440 is_exported: true 441 namespace: "permissions" 442 description: "This flag is used to short circuit the request for permananently denied permissions" 443 bug: "378923900" 444} 445 446flag { 447 name: "check_op_overload_api_enabled" 448 is_exported: true 449 is_fixed_read_only: true 450 namespace: "permissions" 451 description: "Add new checkOp APIs that accept attributionTag" 452 bug: "240617242" 453} 454 455flag { 456 name: "device_policy_management_role_split_create_managed_profile_enabled" 457 is_fixed_read_only: true 458 is_exported: true 459 namespace: "enterprise" 460 description: "Gives the device policy management role the ability to create a managed profile using new APIs" 461 bug: "375382324" 462} 463 464flag { 465 name: "use_profile_labels_for_default_app_section_titles" 466 is_exported: true 467 is_fixed_read_only: true 468 namespace: "profile_experiences" 469 description: "Use profile labels from UserManager for default app section titles to allow partner customization" 470 bug: "358369931" 471} 472 473flag { 474 name: "wallet_role_cross_user_enabled" 475 is_exported: true 476 is_fixed_read_only: true 477 namespace: "wallet_integration" 478 description: "Enable the Wallet role within profiles" 479 bug: "356107987" 480} 481 482flag { 483 name: "text_classifier_choice_api_enabled" 484 is_fixed_read_only: true 485 is_exported: true 486 namespace: "permissions" 487 description: "API change to enable getTextClassifier by type" 488 bug: "377229653" 489} 490 491flag { 492 name: "updatable_text_classifier_for_otp_detection_enabled" 493 is_fixed_read_only: true 494 is_exported: true 495 namespace: "permissions" 496 description: "Enables text classifier for OTP detection that is updatable from mainline module" 497 bug: "377229653" 498} 499 500flag { 501 name: "rate_limit_batched_note_op_async_callbacks_enabled" 502 is_fixed_read_only: true 503 is_exported: true 504 namespace: "permissions" 505 description: "Rate limit async noteOp callbacks for batched noteOperation binder call" 506 bug: "366013082" 507} 508 509flag { 510 name: "system_vendor_intelligence_role_enabled" 511 is_exported: true 512 is_fixed_read_only: true 513 namespace: "permissions" 514 description: "This flag is used to enable the role system_vendor_intelligence" 515 bug: "377553620" 516} 517 518flag { 519 name: "fine_power_monitor_permission" 520 is_fixed_read_only: true 521 is_exported: true 522 namespace: "permissions" 523 description: "Add support for fine-grained PowerMonitor readings" 524 bug: "341941666" 525} 526 527flag { 528 name: "sqlite_discrete_op_event_logging_enabled" 529 namespace: "permissions" 530 description: "Collect sqlite performance metrics for discrete ops." 531 bug: "377584611" 532} 533 534flag { 535 name: "app_ops_service_handler_fix" 536 is_fixed_read_only: true 537 namespace: "permissions" 538 description: "Use IoThread handler for AppOpsService background/IO work." 539 bug: "394380603" 540} 541 542flag { 543 name: "enforce_default_device_id_in_my_attribution_source" 544 namespace: "permissions" 545 description: "Force AttributionSource.myAttributionSource() to return a default device id" 546 bug: "343121936" 547} 548 549flag { 550 name: "grant_read_blocked_numbers_to_system_ui_intelligence" 551 is_exported: true 552 is_fixed_read_only: true 553 namespace: "permissions" 554 description: "This flag is used to add role protection to READ_BLOCKED_NUMBERS for SYSTEM_UI_INTELLIGENCE" 555 bug: "354758615" 556} 557 558flag { 559 name: "enable_system_supervision_role_behavior" 560 is_fixed_read_only: true 561 is_exported: true 562 namespace: "supervision" 563 description: "This flag is used to enable the role behavior for the system supervision role" 564 bug: "378102594" 565} 566