1<?xml version="1.0" encoding="utf-8"?> 2 3<!-- Copyright (C) 2018 The Android Open Source Project 4 5 Licensed under the Apache License, Version 2.0 (the "License"" /> 6 you may not use this file except in compliance with the License. 7 You may obtain a copy of the License at 8 9 http://www.apache.org/licenses/LICENSE-2.0 10 11 Unless required by applicable law or agreed to in writing, software 12 distributed under the License is distributed on an "AS IS" BASIS, 13 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 See the License for the specific language governing permissions and 15 limitations under the License. 16--> 17 18<roles> 19 20 <permission-set name="phone"> 21 <permission name="android.permission.READ_PHONE_STATE" /> 22 <permission name="android.permission.CALL_PHONE" /> 23 <permission name="android.permission.READ_CALL_LOG" /> 24 <permission name="android.permission.WRITE_CALL_LOG" /> 25 <permission name="com.android.voicemail.permission.ADD_VOICEMAIL" /> 26 <permission name="com.android.voicemail.permission.READ_VOICEMAIL" minSdkVersion="31" /> 27 <permission name="com.android.voicemail.permission.WRITE_VOICEMAIL" minSdkVersion="31" /> 28 <permission name="android.permission.USE_SIP" /> 29 <permission name="android.permission.PROCESS_OUTGOING_CALLS" /> 30 <permission name="android.permission.ANSWER_PHONE_CALLS" /> 31 </permission-set> 32 33 <permission-set name="contacts"> 34 <permission name="android.permission.READ_CONTACTS" /> 35 <permission name="android.permission.WRITE_CONTACTS" /> 36 <permission name="android.permission.GET_ACCOUNTS" /> 37 </permission-set> 38 39 <permission-set name="location"> 40 <permission name="android.permission.ACCESS_COARSE_LOCATION" /> 41 <permission name="android.permission.ACCESS_FINE_LOCATION" /> 42 </permission-set> 43 44 <permission-set name="coarse_location"> 45 <permission name="android.permission.ACCESS_COARSE_LOCATION" /> 46 </permission-set> 47 48 <permission-set name="calendar"> 49 <permission name="android.permission.READ_CALENDAR" /> 50 <permission name="android.permission.WRITE_CALENDAR" /> 51 </permission-set> 52 53 <permission-set name="sms"> 54 <permission name="android.permission.SEND_SMS" /> 55 <permission name="android.permission.RECEIVE_SMS" /> 56 <permission name="android.permission.READ_SMS" /> 57 <permission name="android.permission.RECEIVE_WAP_PUSH" /> 58 <permission name="android.permission.RECEIVE_MMS" /> 59 <permission name="android.permission.READ_CELL_BROADCASTS" /> 60 </permission-set> 61 62 <permission-set name="microphone"> 63 <permission name="android.permission.RECORD_AUDIO" /> 64 </permission-set> 65 66 <permission-set name="camera"> 67 <permission name="android.permission.CAMERA" /> 68 </permission-set> 69 70 <permission-set name="sensors"> 71 <permission name="android.permission.BODY_SENSORS" /> 72 <permission name="android.permission.BODY_SENSORS_BACKGROUND" minSdkVersion="33" /> 73 </permission-set> 74 75 <permission-set name="storage"> 76 <permission name="android.permission.READ_EXTERNAL_STORAGE" /> 77 <permission name="android.permission.WRITE_EXTERNAL_STORAGE" /> 78 <permission name="android.permission.READ_MEDIA_AUDIO" minSdkVersion="33" /> 79 <permission name="android.permission.READ_MEDIA_VIDEO" minSdkVersion="33" /> 80 <permission name="android.permission.READ_MEDIA_IMAGES" minSdkVersion="33" /> 81 <permission name="android.permission.READ_MEDIA_VISUAL_USER_SELECTED" minSdkVersion="34" /> 82 </permission-set> 83 84 <permission-set name="nearby_devices"> 85 <permission name="android.permission.BLUETOOTH_ADVERTISE" minSdkVersion="31" /> 86 <permission name="android.permission.BLUETOOTH_CONNECT" minSdkVersion="31" /> 87 <permission name="android.permission.BLUETOOTH_SCAN" minSdkVersion="31" /> 88 <permission name="android.permission.NEARBY_WIFI_DEVICES" minSdkVersion="33" /> 89 </permission-set> 90 91 <permission-set name="notifications"> 92 <permission name="android.permission.POST_NOTIFICATIONS" minSdkVersion="33" /> 93 </permission-set> 94 95 <permission-set name="virtual_device"> 96 <permission name="android.permission.CREATE_VIRTUAL_DEVICE" minSdkVersion="33" /> 97 <permission name="android.permission.ADD_TRUSTED_DISPLAY" minSdkVersion="33" /> 98 <permission name="android.permission.ADD_ALWAYS_UNLOCKED_DISPLAY" minSdkVersion="33" /> 99 <permission 100 name="android.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE" 101 featureFlag="android.companion.virtualdevice.flags.Flags.activityControlApi" /> 102 </permission-set> 103 104 <role 105 name="android.app.role.ASSISTANT" 106 behavior="AssistantRoleBehavior" 107 defaultHolders="config_defaultAssistant" 108 description="@string/role_assistant_description" 109 exclusive="true" 110 exclusivity="user" 111 fallBackToDefaultHolder="true" 112 showNone="true" 113 label="@string/role_assistant_label" 114 overrideUserWhenGranting="true" 115 requestable="false" 116 shortLabel="@string/role_assistant_short_label" 117 uiBehavior="AssistantRoleUiBehavior"> 118 <required-components> 119 <!-- Qualified components are determined int AssistantRoleBehavior. This comment here is 120 ignored and represents just a rough description 121 122 <any-of> 123 <service permission="android.permission.BIND_VOICE_INTERACTION" 124 supportsAssist="true"> 125 <intent-filter> 126 <action name="android.service.voice.VoiceInteractionService" /> 127 </intent-filter> 128 <meta-data name="android.voice_interaction" 129 optional="false"> 130 required tag in metadata xml: sessionService 131 required tag in metadata xml: recognitionService 132 required tag in metadata xml: supportsAssist = true 133 </meta-data> 134 </service> 135 <activity> 136 <intent-filter> 137 <action name="android.intent.action.ASSIST" /> 138 </intent-filter> 139 </activity> 140 </ any-of> 141 142 --> 143 </required-components> 144 <permissions> 145 <permission-set name="sms" /> 146 <permission name="android.permission.READ_CALL_LOG" /> 147 <permission name="android.permission.ACCESS_BLOBS_ACROSS_USERS" minSdkVersion="31" /> 148 <permission name="android.permission.READ_ASSISTANT_APP_SEARCH_DATA" 149 minSdkVersion="33"/> 150 <permission name="android.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE" 151 minSdkVersion="33" /> 152 <permission name="android.permission.EXECUTE_APP_ACTION" 153 minSdkVersion="34" /> 154 <permission name="android.permission.MANAGE_CONTENT_SUGGESTIONS" 155 minSdkVersion="35" optionalMinSdkVersion="34" /> 156 <permission name="android.permission.EMBED_ANY_APP_IN_UNTRUSTED_MODE" 157 minSdkVersion="35" /> 158 </permissions> 159 <app-op-permissions> 160 <app-op-permission name="android.permission.SYSTEM_ALERT_WINDOW" /> 161 </app-op-permissions> 162 </role> 163 164 <!--- 165 ~ @see com.android.settings.applications.defaultapps.DefaultBrowserPreferenceController 166 ~ @see com.android.settings.applications.defaultapps.DefaultBrowserPicker 167 ~ @see com.android.server.pm.PackageManagerService.resolveAllBrowserApps(int) 168 ~ @see com.android.server.pm.PackageManagerService.setDefaultBrowserPackageName(String, int) 169 ~ @see com.android.server.pm.permission.DefaultPermissionGrantPolicy.grantDefaultPermissionsToDefaultBrowser(String, int) 170 --> 171 <role 172 name="android.app.role.BROWSER" 173 behavior="BrowserRoleBehavior" 174 defaultHolders="config_defaultBrowser" 175 description="@string/role_browser_description" 176 exclusive="true" 177 exclusivity="user" 178 label="@string/role_browser_label" 179 overrideUserWhenGranting="true" 180 requestDescription="@string/role_browser_request_description" 181 requestTitle="@string/role_browser_request_title" 182 shortLabel="@string/role_browser_short_label"> 183 <!-- 184 ~ Required components matching is handled in BrowserRoleBehavior because it needs the 185 ~ PackageManager.MATCH_ALL flag and other manual filtering, which cannot fit in our 186 ~ current mechanism easily. 187 --> 188 <!-- 189 <required-components> 190 <activity> 191 <intent-filter> 192 <action name="android.intent.action.VIEW" /> 193 <category name="android.intent.category.BROWSABLE" /> 194 <data scheme="http" /> 195 </intent-filter> 196 </activity> 197 </required-components> 198 --> 199 <!-- 200 ~ Not need to set preferred activity because PackageManager handles browser intents 201 ~ specially. 202 --> 203 <permissions> 204 <permission name="android.permission.PROVIDE_OWN_AUTOFILL_SUGGESTIONS" minSdkVersion="34" /> 205 </permissions> 206 </role> 207 208 <!-- 209 ~ @see com.android.settings.applications.defaultapps.DefaultPhonePreferenceController 210 ~ @see com.android.settings.applications.defaultapps.DefaultPhonePicker 211 ~ @see android.telecom.DefaultDialerManager 212 ~ @see com.android.server.pm.permission.DefaultPermissionGrantPolicy.grantDefaultPermissionsToDefaultDialerApp(String, int) 213 ~ @see com.android.server.pm.Settings.setDefaultDialerPackageNameLPw(String, int) 214 --> 215 <role 216 name="android.app.role.DIALER" 217 behavior="DialerRoleBehavior" 218 defaultHolders="config_defaultDialer" 219 description="@string/role_dialer_description" 220 exclusive="true" 221 exclusivity="user" 222 fallBackToDefaultHolder="true" 223 label="@string/role_dialer_label" 224 overrideUserWhenGranting="true" 225 requestDescription="@string/role_dialer_request_description" 226 requestTitle="@string/role_dialer_request_title" 227 searchKeywords="@string/role_dialer_search_keywords" 228 shortLabel="@string/role_dialer_short_label" 229 uiBehavior="DialerRoleUiBehavior"> 230 <required-components> 231 <activity> 232 <intent-filter> 233 <action name="android.intent.action.DIAL" /> 234 </intent-filter> 235 </activity> 236 <activity> 237 <intent-filter> 238 <action name="android.intent.action.DIAL" /> 239 <data scheme="tel" /> 240 </intent-filter> 241 </activity> 242 <service minTargetSdkVersion="33" permission="android.permission.BIND_INCALL_SERVICE"> 243 <meta-data name="android.telecom.IN_CALL_SERVICE_UI" value="true" /> 244 <meta-data 245 name="android.telecom.IN_CALL_SERVICE_CAR_MODE_UI" 246 value="true" 247 prohibited="true" /> 248 <intent-filter> 249 <action name="android.telecom.InCallService" /> 250 </intent-filter> 251 </service> 252 </required-components> 253 <permissions> 254 <permission-set name="phone" /> 255 <permission-set name="contacts" /> 256 <permission-set name="sms" /> 257 <permission-set name="microphone" /> 258 <permission-set name="camera" /> 259 <permission-set name="notifications" /> 260 </permissions> 261 <app-op-permissions> 262 <app-op-permission name="android.permission.SYSTEM_ALERT_WINDOW" /> 263 </app-op-permissions> 264 <app-ops> 265 <!-- 266 ~ @see com.android.settings.applications.defaultapps.DefaultPhonePicker#setDefaultKey(String) 267 ~ @see com.android.settings.fuelgauge.BatteryUtils#setForceAppStandby(int, String, int) 268 --> 269 <app-op name="android:run_in_background" maxTargetSdkVersion="25" mode="allowed" /> 270 <app-op name="android:run_any_in_background" mode="allowed" /> 271 </app-ops> 272 <preferred-activities> 273 <preferred-activity> 274 <activity> 275 <intent-filter> 276 <action name="android.intent.action.DIAL" /> 277 </intent-filter> 278 </activity> 279 <intent-filter> 280 <action name="android.intent.action.DIAL" /> 281 </intent-filter> 282 </preferred-activity> 283 <preferred-activity> 284 <activity> 285 <intent-filter> 286 <action name="android.intent.action.DIAL" /> 287 <data scheme="tel" /> 288 </intent-filter> 289 </activity> 290 <intent-filter> 291 <action name="android.intent.action.DIAL" /> 292 <data scheme="tel" /> 293 </intent-filter> 294 </preferred-activity> 295 </preferred-activities> 296 </role> 297 298 <!-- 299 ~ @see com.android.settings.applications.defaultapps.DefaultSmsPreferenceController 300 ~ @see com.android.settings.applications.defaultapps.DefaultSmsPicker 301 ~ @see com.android.internal.telephony.SmsApplication 302 ~ @see com.android.server.pm.permission.DefaultPermissionGrantPolicy.grantDefaultPermissionsToDefaultSmsApp(String, int) 303 --> 304 <role 305 name="android.app.role.SMS" 306 behavior="SmsRoleBehavior" 307 defaultHolders="config_defaultSms" 308 description="@string/role_sms_description" 309 exclusive="true" 310 exclusivity="user" 311 label="@string/role_sms_label" 312 overrideUserWhenGranting="true" 313 requestDescription="@string/role_sms_request_description" 314 requestTitle="@string/role_sms_request_title" 315 searchKeywords="@string/role_sms_search_keywords" 316 shortLabel="@string/role_sms_short_label" 317 uiBehavior="SmsRoleUiBehavior"> 318 <required-components> 319 <receiver permission="android.permission.BROADCAST_SMS"> 320 <intent-filter> 321 <action name="android.provider.Telephony.SMS_DELIVER" /> 322 </intent-filter> 323 </receiver> 324 <receiver permission="android.permission.BROADCAST_WAP_PUSH"> 325 <intent-filter> 326 <action name="android.provider.Telephony.WAP_PUSH_DELIVER" /> 327 <data mimeType="application/vnd.wap.mms-message" /> 328 </intent-filter> 329 </receiver> 330 <service permission="android.permission.SEND_RESPOND_VIA_MESSAGE"> 331 <intent-filter> 332 <action name="android.intent.action.RESPOND_VIA_MESSAGE" /> 333 <data scheme="smsto" /> 334 </intent-filter> 335 </service> 336 <activity> 337 <intent-filter> 338 <action name="android.intent.action.SENDTO" /> 339 <data scheme="smsto" /> 340 </intent-filter> 341 </activity> 342 </required-components> 343 <permissions> 344 <permission-set name="phone" /> 345 <permission-set name="contacts" /> 346 <permission-set name="sms" /> 347 <permission-set name="storage" /> 348 <permission-set name="microphone" /> 349 <permission-set name="camera" /> 350 <permission-set name="notifications" /> 351 <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" minSdkVersion="31" /> 352 </permissions> 353 <app-ops> 354 <app-op name="android:write_sms" mode="allowed" /> 355 <!-- 356 ~ @see com.android.settings.applications.defaultapps.DefaultSmsPicker#setDefaultKey(String) 357 ~ @see com.android.settings.fuelgauge.BatteryUtils#setForceAppStandby(int, String, int) 358 --> 359 <app-op name="android:run_in_background" maxTargetSdkVersion="25" mode="allowed" /> 360 <app-op name="android:run_any_in_background" mode="allowed" /> 361 <app-op name="android:read_device_identifiers" mode="allowed" /> 362 </app-ops> 363 <preferred-activities> 364 <preferred-activity> 365 <activity> 366 <intent-filter> 367 <action name="android.intent.action.SENDTO" /> 368 <data scheme="smsto" /> 369 </intent-filter> 370 </activity> 371 <intent-filter> 372 <action name="android.intent.action.SENDTO" /> 373 <data scheme="sms" /> 374 </intent-filter> 375 <intent-filter> 376 <action name="android.intent.action.SENDTO" /> 377 <data scheme="smsto" /> 378 </intent-filter> 379 <intent-filter> 380 <action name="android.intent.action.SENDTO" /> 381 <data scheme="mms" /> 382 </intent-filter> 383 <intent-filter> 384 <action name="android.intent.action.SENDTO" /> 385 <data scheme="mmsto" /> 386 </intent-filter> 387 </preferred-activity> 388 </preferred-activities> 389 </role> 390 391 <!--- 392 ~ @see com.android.settings.applications.defaultapps.DefaultEmergencyPreferenceController 393 ~ @see com.android.settings.applications.defaultapps.DefaultEmergencyPicker 394 ~ @see com.android.phone.EmergencyAssistanceHelper 395 --> 396 <role 397 name="android.app.role.EMERGENCY" 398 behavior="EmergencyRoleBehavior" 399 description="@string/role_emergency_description" 400 exclusive="true" 401 exclusivity="user" 402 label="@string/role_emergency_label" 403 overrideUserWhenGranting="true" 404 requestDescription="@string/role_emergency_request_description" 405 requestTitle="@string/role_emergency_request_title" 406 searchKeywords="@string/role_emergency_search_keywords" 407 shortLabel="@string/role_emergency_short_label" 408 systemOnly="true" 409 uiBehavior="EmergencyRoleUiBehavior"> 410 <required-components> 411 <activity> 412 <intent-filter> 413 <action name="android.telephony.action.EMERGENCY_ASSISTANCE" /> 414 </intent-filter> 415 </activity> 416 </required-components> 417 <permissions> 418 <permission-set name="notifications" /> 419 <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" minSdkVersion="31" /> 420 <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" minSdkVersion="31" /> 421 </permissions> 422 </role> 423 424 <!--- 425 ~ @see com.android.settings.applications.defaultapps.DefaultHomePreferenceController 426 ~ @see com.android.settings.applications.defaultapps.DefaultHomePicker 427 ~ @see com.android.server.pm.PackageManagerService#setHomeActivity(ComponentName, int) 428 --> 429 <role 430 name="android.app.role.HOME" 431 behavior="HomeRoleBehavior" 432 description="@string/role_home_description" 433 exclusive="true" 434 exclusivity="user" 435 label="@string/role_home_label" 436 overrideUserWhenGranting="true" 437 requestDescription="@string/role_home_request_description" 438 requestTitle="@string/role_home_request_title" 439 searchKeywords="@string/role_home_search_keywords" 440 shortLabel="@string/role_home_short_label" 441 uiBehavior="HomeRoleUiBehavior"> 442 <!-- Also used by HomeRoleBehavior.getFallbackHolder(). --> 443 <required-components> 444 <activity> 445 <intent-filter> 446 <action name="android.intent.action.MAIN" /> 447 <category name="android.intent.category.HOME" /> 448 </intent-filter> 449 </activity> 450 </required-components> 451 <preferred-activities> 452 <preferred-activity> 453 <activity> 454 <intent-filter> 455 <action name="android.intent.action.MAIN" /> 456 <category name="android.intent.category.HOME" /> 457 </intent-filter> 458 </activity> 459 <intent-filter> 460 <action name="android.intent.action.MAIN" /> 461 <category name="android.intent.category.HOME" /> 462 </intent-filter> 463 </preferred-activity> 464 </preferred-activities> 465 <permissions> 466 <permission name="android.permission.READ_HOME_APP_SEARCH_DATA" minSdkVersion="33" /> 467 <permission name="android.permission.ALLOW_SLIPPERY_TOUCHES" minSdkVersion="33" optionalMinSdkVersion="30" /> 468 <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35" /> 469 </permissions> 470 <app-ops> 471 <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> 472 </app-ops> 473 </role> 474 475 <!--- @see android.telecom.CallRedirectionService --> 476 <role 477 name="android.app.role.CALL_REDIRECTION" 478 defaultHolders="config_defaultCallRedirection" 479 description="@string/role_call_redirection_description" 480 exclusive="true" 481 exclusivity="user" 482 label="@string/role_call_redirection_label" 483 overrideUserWhenGranting="true" 484 requestDescription="@string/role_call_redirection_request_description" 485 requestTitle="@string/role_call_redirection_request_title" 486 shortLabel="@string/role_call_redirection_short_label" 487 showNone="true"> 488 <required-components> 489 <service permission="android.permission.BIND_CALL_REDIRECTION_SERVICE"> 490 <intent-filter> 491 <action name="android.telecom.CallRedirectionService" /> 492 </intent-filter> 493 </service> 494 </required-components> 495 </role> 496 497 <!--- @see android.telecom.CallScreeningService --> 498 <role 499 name="android.app.role.CALL_SCREENING" 500 defaultHolders="config_defaultCallScreening" 501 description="@string/role_call_screening_description" 502 exclusive="true" 503 exclusivity="user" 504 label="@string/role_call_screening_label" 505 overrideUserWhenGranting="true" 506 requestDescription="@string/role_call_screening_request_description" 507 requestTitle="@string/role_call_screening_request_title" 508 shortLabel="@string/role_call_screening_short_label" 509 showNone="true"> 510 <required-components> 511 <service permission="android.permission.BIND_SCREENING_SERVICE"> 512 <intent-filter> 513 <action name="android.telecom.CallScreeningService" /> 514 </intent-filter> 515 </service> 516 </required-components> 517 <permissions> 518 <permission-set name="notifications" /> 519 </permissions> 520 <app-op-permissions> 521 <app-op-permission name="android.permission.SYSTEM_ALERT_WINDOW" /> 522 </app-op-permissions> 523 </role> 524 525 <role 526 name="android.app.role.SYSTEM_GALLERY" 527 defaultHolders="config_systemGallery" 528 exclusive="true" 529 exclusivity="user" 530 static="true" 531 systemOnly="true" 532 visible="false"> 533 <permissions> 534 <permission-set name="storage" /> 535 <permission name="android.permission.ACCESS_MEDIA_LOCATION" /> 536 <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" minSdkVersion="31" /> 537 </permissions> 538 <app-ops> 539 <app-op name="android:write_media_images" mode="allowed" /> 540 <app-op name="android:write_media_video" mode="allowed" /> 541 </app-ops> 542 </role> 543 544 <role 545 name="android.app.role.SYSTEM_AUTOMOTIVE_CLUSTER" 546 behavior="v31.AutomotiveRoleBehavior" 547 defaultHolders="config_systemAutomotiveCluster" 548 exclusive="true" 549 exclusivity="user" 550 minSdkVersion="31" 551 static="true" 552 systemOnly="true" 553 visible="false"> 554 <permissions> 555 <permission name="android.permission.ANSWER_PHONE_CALLS" /> 556 <permission name="android.permission.READ_CALL_LOG" /> 557 <permission name="android.permission.READ_CONTACTS" /> 558 <permission name="android.car.permission.CAR_ENERGY"/> 559 </permissions> 560 </role> 561 562 <role 563 name="android.app.role.COMPANION_DEVICE_WATCH" 564 behavior="v31.CompanionDeviceWatchRoleBehavior" 565 description="@string/role_watch_description" 566 exclusive="false" 567 exclusivity="none" 568 minSdkVersion="31" 569 systemOnly="false" 570 visible="false"> 571 <permissions> 572 <permission-set name="calendar" /> 573 <permission-set name="phone" /> 574 <permission-set name="sms" /> 575 <permission-set name="contacts" /> 576 <permission-set name="nearby_devices" /> 577 <permission-set name="notifications" minSdkVersion="35" /> 578 <!-- If this role holder has a NotificationListenerService, let that service receive 579 notifications with sensitive content unredacted--> 580 <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/> 581 </permissions> 582 <app-op-permissions> 583 <app-op-permission name="android.permission.MANAGE_ONGOING_CALLS" /> 584 <app-op-permission name="android.permission.USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER" /> 585 <app-op-permission name="android.permission.MEDIA_ROUTING_CONTROL" minSdkVersion="35" /> 586 </app-op-permissions> 587 <app-ops> 588 <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> 589 </app-ops> 590 </role> 591 592 <role 593 name="android.app.role.SYSTEM_AUTOMOTIVE_PROJECTION" 594 defaultHolders="config_systemAutomotiveProjection" 595 exclusive="true" 596 exclusivity="user" 597 minSdkVersion="31" 598 static="true" 599 systemOnly="true" 600 visible="false"> 601 <permissions> 602 <permission-set name="microphone" /> 603 <permission-set name="location" /> 604 <permission-set name="nearby_devices" /> 605 <permission-set name="notifications" /> 606 <permission name="android.permission.ADD_ALWAYS_UNLOCKED_DISPLAY" minSdkVersion="33" /> 607 <permission name="android.permission.CALL_PHONE" /> 608 <permission name="android.permission.CREATE_VIRTUAL_DEVICE" minSdkVersion="33" /> 609 <permission name="android.permission.READ_CALENDAR" /> 610 <permission name="android.permission.READ_CALL_LOG" /> 611 <permission name="android.permission.READ_CONTACTS" /> 612 <permission name="android.permission.READ_PHONE_STATE" /> 613 <permission name="android.permission.RECEIVE_SMS" /> 614 <permission name="android.permission.REQUEST_COMPANION_PROFILE_AUTOMOTIVE_PROJECTION" minSdkVersion="33" /> 615 <permission name="android.permission.SEND_SMS" /> 616 <permission name="android.permission.TOGGLE_AUTOMOTIVE_PROJECTION" minSdkVersion="33" /> 617 <permission name="android.permission.ADD_TRUSTED_DISPLAY" minSdkVersion="34"/> 618 <permission name="android.permission.ASSOCIATE_COMPANION_DEVICES" minSdkVersion="34"/> 619 <!-- If this role holder has a NotificationListenerService, let that service receive 620 notifications with sensitive content unredacted--> 621 <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/> 622 <permission name="android.permission.CAPTURE_SECURE_VIDEO_OUTPUT" minSdkVersion="35" /> 623 </permissions> 624 <app-ops> 625 <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> 626 </app-ops> 627 </role> 628 629 <role 630 name="android.app.role.SYSTEM_SHELL" 631 behavior="v31.SystemShellRoleBehavior" 632 defaultHolders="config_systemShell" 633 exclusive="true" 634 exclusivity="user" 635 minSdkVersion="31" 636 static="true" 637 systemOnly="true" 638 visible="false"> 639 <permissions> 640 <!-- Used for CTS testing --> 641 <permission name="android.permission.ACCESS_RCS_USER_CAPABILITY_EXCHANGE" /> 642 <permission name="android.permission.ACCESS_AMBIENT_CONTEXT_EVENT" minSdkVersion="33"/> 643 <permission name="android.permission.PERFORM_IMS_SINGLE_REGISTRATION" /> 644 <permission name="android.permission.BACKGROUND_CAMERA" /> 645 <permission name="android.permission.RECORD_BACKGROUND_AUDIO" /> 646 <permission name="android.permission.BYPASS_ROLE_QUALIFICATION" /> 647 <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" /> 648 <permission name="android.permission.MANAGE_SENSOR_PRIVACY" /> 649 <permission name="android.permission.READ_GLOBAL_APP_SEARCH_DATA" /> 650 <permission name="android.permission.TOGGLE_AUTOMOTIVE_PROJECTION" minSdkVersion="33" /> 651 <permission name="android.permission.SET_DEFAULT_ACCOUNT_FOR_CONTACTS" 652 minSdkVersion="33" /> 653 <permission name="android.permission.REQUEST_COMPANION_PROFILE_AUTOMOTIVE_PROJECTION" 654 minSdkVersion="33" /> 655 <permission name="android.permission.MANAGE_SAFETY_CENTER" 656 minSdkVersion="33" /> 657 <permission name="android.permission.SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE" 658 minSdkVersion="33" /> 659 <permission name="android.permission.MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT" 660 minSdkVersion="34" /> 661 <permission name="android.permission.MANAGE_DEVICE_POLICY_AIRPLANE_MODE" 662 minSdkVersion="34" /> 663 <permission name="android.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL" 664 minSdkVersion="34" /> 665 <permission name="android.permission.MANAGE_DEVICE_POLICY_APP_EXEMPTIONS" 666 minSdkVersion="34" /> 667 <permission name="android.permission.MANAGE_DEVICE_POLICY_APP_RESTRICTIONS" 668 minSdkVersion="34" /> 669 <permission name="android.permission.MANAGE_DEVICE_POLICY_BLUETOOTH" 670 minSdkVersion="34" /> 671 <permission name="android.permission.MANAGE_DEVICE_POLICY_CALLS" minSdkVersion="34" /> 672 <permission name="android.permission.MANAGE_DEVICE_POLICY_CAMERA" 673 minSdkVersion="34" /> 674 <permission name="android.permission.MANAGE_DEVICE_POLICY_CONTENT_PROTECTION" 675 minSdkVersion="35" /> 676 <permission name="android.permission.MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES" 677 minSdkVersion="34" /> 678 <permission name="android.permission.MANAGE_DEVICE_POLICY_FACTORY_RESET" 679 minSdkVersion="34" /> 680 <permission name="android.permission.MANAGE_DEVICE_POLICY_FUN" minSdkVersion="34" /> 681 <permission name="android.permission.MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES" 682 minSdkVersion="34" /> 683 <permission name="android.permission.MANAGE_DEVICE_POLICY_KEYGUARD" 684 minSdkVersion="34" /> 685 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK" minSdkVersion="34" /> 686 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK_TASK" 687 minSdkVersion="34" /> 688 <permission name="android.permission.MANAGE_DEVICE_POLICY_MOBILE_NETWORK" 689 minSdkVersion="34" /> 690 <permission name="android.permission.MANAGE_DEVICE_POLICY_MODIFY_USERS" 691 minSdkVersion="34" /> 692 <permission name="android.permission.MANAGE_DEVICE_POLICY_PACKAGE_STATE" 693 minSdkVersion="34" /> 694 <permission name="android.permission.MANAGE_DEVICE_POLICY_PHYSICAL_MEDIA" 695 minSdkVersion="34" /> 696 <permission name="android.permission.MANAGE_DEVICE_POLICY_RESET_PASSWORD" 697 minSdkVersion="34" /> 698 <permission name="android.permission.MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS" 699 minSdkVersion="34" /> 700 <permission name="android.permission.MANAGE_DEVICE_POLICY_SAFE_BOOT" 701 minSdkVersion="34" /> 702 <permission name="android.permission.MANAGE_DEVICE_POLICY_SMS" minSdkVersion="34" /> 703 <permission name="android.permission.MANAGE_DEVICE_POLICY_STATUS_BAR" 704 minSdkVersion="34" /> 705 <permission name="android.permission.MANAGE_DEVICE_POLICY_TIME" minSdkVersion="34" /> 706 <permission name="android.permission.MANAGE_DEVICE_POLICY_USB_FILE_TRANSFER" 707 minSdkVersion="34" /> 708 <permission name="android.permission.MANAGE_DEVICE_POLICY_WINDOWS" minSdkVersion="34" /> 709 <permission name="android.permission.MANAGE_DEVICE_POLICY_WIPE_DATA" 710 minSdkVersion="34" /> 711 <permission name="android.permission.SET_TIME" minSdkVersion="34" /> 712 <permission name="android.permission.SET_TIME_ZONE" minSdkVersion="34" /> 713 <permission name="android.permission.SATELLITE_COMMUNICATION" minSdkVersion="34" /> 714 <permission name="android.permission.ALWAYS_UPDATE_WALLPAPER" minSdkVersion="35" /> 715 <permission name="android.permission.EMBED_ANY_APP_IN_UNTRUSTED_MODE" 716 minSdkVersion="35" /> 717 <permission name="android.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING" 718 minSdkVersion="35" /> 719 <permission name="android.permission.EXECUTE_APP_FUNCTIONS" 720 featureFlag="android.app.appfunctions.flags.Flags.enableAppFunctionManager" /> 721 <permission name="android.permission.EXECUTE_APP_FUNCTIONS_TRUSTED" 722 featureFlag="android.app.appfunctions.flags.Flags.enableAppFunctionManager" /> 723 <permission name="android.permission.COPY_ACCOUNTS" 724 featureFlag="android.app.admin.flags.Flags.splitCreateManagedProfileEnabled" /> 725 <permission name="android.permission.REMOVE_ACCOUNTS" 726 featureFlag="android.app.admin.flags.Flags.splitCreateManagedProfileEnabled" /> 727 </permissions> 728 </role> 729 730 <role 731 name="android.app.role.SYSTEM_CONTACTS" 732 defaultHolders="config_systemContacts" 733 exclusive="true" 734 exclusivity="user" 735 minSdkVersion="31" 736 static="true" 737 systemOnly="true" 738 visible="false"> 739 <permissions> 740 <permission name="android.permission.ACCESS_RCS_USER_CAPABILITY_EXCHANGE" /> 741 <permission name="android.permission.SET_DEFAULT_ACCOUNT_FOR_CONTACTS" 742 minSdkVersion="33" /> 743 </permissions> 744 </role> 745 746 <role 747 name="android.app.role.SYSTEM_SPEECH_RECOGNIZER" 748 allowBypassingQualification="true" 749 defaultHolders="config_systemSpeechRecognizer" 750 exclusive="true" 751 exclusivity="user" 752 minSdkVersion="31" 753 static="true" 754 systemOnly="true" 755 visible="false"> 756 <permissions> 757 <permission name="android.permission.RECORD_AUDIO" /> 758 <permission name="android.permission.UPDATE_APP_OPS_STATS" /> 759 </permissions> 760 <required-components> 761 <service> 762 <intent-filter> 763 <action name="android.speech.RecognitionService" /> 764 </intent-filter> 765 </service> 766 </required-components> 767 </role> 768 769 <role 770 name="android.app.role.SYSTEM_WIFI_COEX_MANAGER" 771 defaultHolders="config_systemWifiCoexManager" 772 exclusive="true" 773 exclusivity="user" 774 minSdkVersion="31" 775 static="true" 776 systemOnly="true" 777 visible="false"> 778 <permissions> 779 <permission name="android.permission.WIFI_ACCESS_COEX_UNSAFE_CHANNELS" /> 780 <permission name="android.permission.WIFI_UPDATE_COEX_UNSAFE_CHANNELS" /> 781 </permissions> 782 </role> 783 784 <role 785 name="android.app.role.SYSTEM_WELLBEING" 786 defaultHolders="config_systemWellbeing" 787 exclusive="true" 788 exclusivity="user" 789 minSdkVersion="31" 790 static="true" 791 systemOnly="true" 792 visible="false" > 793 <permissions> 794 <permission-set name="notifications" /> 795 <permission name="android.permission.ACCESS_AMBIENT_CONTEXT_EVENT" minSdkVersion="33"/> 796 <permission name="android.permission.ACCESS_INSTANT_APPS"/> 797 <permission name="android.permission.START_CROSS_PROFILE_ACTIVITIES" minSdkVersion="33"/> 798 <permission name="android.permission.SUSPEND_APPS"/> 799 <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY"/> 800 </permissions> 801 <app-op-permissions> 802 <app-op-permission name="android.permission.SCHEDULE_EXACT_ALARM" minSdkVersion="34"/> 803 </app-op-permissions> 804 </role> 805 806 <!--- 807 ~ A role for the notification handler on TV devices. 808 ~ Note: on TV devices that have the Dashboard screen, the holder for this role is responsible 809 ~ for it, which is why it needs OBSERVE_SENSOR_PRIVACY permission (the Dashboard displays 810 ~ the state of the privacy sensors). 811 --> 812 <role 813 name="android.app.role.SYSTEM_TELEVISION_NOTIFICATION_HANDLER" 814 behavior="v31.TelevisionRoleBehavior" 815 defaultHolders="config_systemTelevisionNotificationHandler" 816 exclusive="true" 817 exclusivity="user" 818 minSdkVersion="31" 819 static="true" 820 systemOnly="true" 821 visible="false"> 822 <permissions> 823 <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY" /> 824 <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" /> 825 </permissions> 826 </role> 827 828 <!--- 829 A role for the system package that is allowed to create CompanionDeviceManager associations 830 based on user consent to allow the associated app to manage the associated device. 831 --> 832 <role 833 name="android.app.role.SYSTEM_COMPANION_DEVICE_PROVIDER" 834 defaultHolders="config_systemCompanionDeviceProvider" 835 exclusive="true" 836 exclusivity="user" 837 minSdkVersion="31" 838 static="true" 839 systemOnly="true" 840 visible="false" > 841 <permissions> 842 <permission name="android.permission.ASSOCIATE_COMPANION_DEVICES"/> 843 </permissions> 844 </role> 845 846 <!--- 847 ~ A role for the system package that provides privacy-preserving intelligent processor for 848 ~ system UI features. 849 ~ 850 ~ A package holding this role MUST comply with requirements outlined in the Android CDD 851 ~ section "9.8.6 Content Capture". 852 ~ Example link for Android 11: 853 ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture 854 ~ 855 ~ In addition, packages MUST NOT: 856 ~ - Request INTERNET permission. Instead packages MUST access the internet through 857 ~ well-defined APIs in an open source project. 858 ~ - Perform direct binds to other applications, except the following system packages or 859 ~ other preloaded packages conforming with the requirements here: 860 ~ - Bluetooth 861 ~ - Contacts 862 ~ - Media 863 ~ - Telephony 864 ~ - System UI 865 ~ - Component providing internet APIs (see above) 866 ~ To achieve this packages MUST set up explicit <allow-association> configuration in the 867 ~ system config. 868 --> 869 <role 870 name="android.app.role.SYSTEM_UI_INTELLIGENCE" 871 defaultHolders="config_systemUiIntelligence" 872 exclusive="true" 873 exclusivity="user" 874 minSdkVersion="31" 875 static="true" 876 systemOnly="true" 877 visible="false"> 878 <permissions> 879 <permission-set name="notifications" /> 880 <permission name="android.permission.ACCESS_SHORTCUTS" /> 881 <permission name="android.permission.ACCESS_BACKGROUND_LOCATION" minSdkVersion="33" /> 882 <permission name="android.permission.ACCESS_COARSE_LOCATION" minSdkVersion="33" /> 883 <permission name="android.permission.ACCESS_FINE_LOCATION" minSdkVersion="33" /> 884 <permission name="android.permission.BLUETOOTH_CONNECT" /> 885 <permission name="android.permission.BLUETOOTH_SCAN" /> 886 <permission name="android.permission.MANAGE_APP_PREDICTIONS" /> 887 <permission name="android.permission.UNLIMITED_SHORTCUTS_API_CALLS" /> 888 <permission name="android.permission.MANAGE_SEARCH_UI" /> 889 <permission name="android.permission.READ_CALL_LOG" minSdkVersion="33" /> 890 <permission name="android.permission.READ_CONTACTS" minSdkVersion="33" /> 891 <permission name="android.permission.READ_EXTERNAL_STORAGE" /> 892 <permission name="android.permission.READ_MEDIA_AUDIO" minSdkVersion="33" /> 893 <permission name="android.permission.READ_MEDIA_IMAGES" minSdkVersion="33" /> 894 <permission name="android.permission.READ_MEDIA_VIDEO" minSdkVersion="33" /> 895 <permission name="android.permission.READ_SMS" minSdkVersion="33" /> 896 <permission name="android.permission.READ_PEOPLE_DATA" /> 897 <permission name="android.permission.READ_GLOBAL_APP_SEARCH_DATA" /> 898 <permission name="android.permission.EXECUTE_APP_FUNCTIONS_TRUSTED" 899 featureFlag="android.app.appfunctions.flags.Flags.enableAppFunctionManager" /> 900 </permissions> 901 </role> 902 903 <!--- 904 ~ A role for the system package that provides on-device intelligent processor for ambient 905 ~ audio. 906 ~ 907 ~ A package holding this role MUST comply with requirements outlined in the Android CDD 908 ~ section "9.8.6 Content Capture". 909 ~ Example link for Android 11: 910 ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture 911 ~ 912 ~ In addition, packages MUST NOT: 913 ~ - Request INTERNET permission. Instead packages MUST access the internet through 914 ~ well-defined APIs in an open source project. 915 ~ - Perform direct binds to other applications, except the following system packages: 916 ~ - Bluetooth 917 ~ - Contacts 918 ~ - Media 919 ~ - Telephony 920 ~ - System UI 921 ~ - Component providing internet APIs (see above) 922 ~ To achieve this packages MUST set up explicit <allow-association> configuration in the 923 ~ system config. 924 --> 925 <role 926 name="android.app.role.SYSTEM_AMBIENT_AUDIO_INTELLIGENCE" 927 defaultHolders="config_systemAmbientAudioIntelligence" 928 exclusive="true" 929 exclusivity="user" 930 minSdkVersion="31" 931 static="true" 932 systemOnly="true" 933 visible="false"> 934 <permissions> 935 <permission-set name="notifications" /> 936 <permission name="android.permission.CAPTURE_AUDIO_OUTPUT" /> 937 <permission name="android.permission.CAPTURE_MEDIA_OUTPUT" /> 938 <permission name="android.permission.CAPTURE_VOICE_COMMUNICATION_OUTPUT" /> 939 <permission name="android.permission.MODIFY_AUDIO_ROUTING" /> 940 <permission name="android.permission.RECORD_AUDIO" /> 941 <permission name="android.permission.CAPTURE_AUDIO_HOTWORD" /> 942 <permission name="android.permission.EXEMPT_FROM_AUDIO_RECORD_RESTRICTIONS" /> 943 <permission name="android.permission.MANAGE_SOUND_TRIGGER" /> 944 <permission name="android.permission.LOCATION_HARDWARE" /> 945 <permission name="android.permission.MANAGE_MUSIC_RECOGNITION" /> 946 <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" /> 947 <permission name="android.permission.READ_PHONE_STATE" minSdkVersion="33" /> 948 </permissions> 949 </role> 950 951 <!--- 952 ~ A role for the system package that provides on-device intelligent processor for audio. 953 ~ 954 ~ A package holding this role MUST comply with requirements outlined in the Android CDD 955 ~ section "9.8.6 Content Capture". 956 ~ Example link for Android 11: 957 ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture 958 ~ 959 ~ In addition, packages MUST NOT: 960 ~ - Request INTERNET permission. Instead packages MUST access the internet through 961 ~ well-defined APIs in an open source project. 962 ~ - Perform direct binds to other applications, except the following system packages: 963 ~ - Bluetooth 964 ~ - Contacts 965 ~ - Media 966 ~ - Telephony 967 ~ - System UI 968 ~ - Component providing internet APIs (see above) 969 ~ To achieve this packages MUST set up explicit <allow-association> configuration in the 970 ~ system config. 971 --> 972 <role 973 name="android.app.role.SYSTEM_AUDIO_INTELLIGENCE" 974 defaultHolders="config_systemAudioIntelligence" 975 exclusive="true" 976 exclusivity="user" 977 minSdkVersion="31" 978 static="true" 979 systemOnly="true" 980 visible="false"> 981 <permissions> 982 <permission-set name="notifications" /> 983 <permission name="android.permission.CAPTURE_AUDIO_OUTPUT" /> 984 <permission name="android.permission.CAPTURE_MEDIA_OUTPUT" /> 985 <permission name="android.permission.CAPTURE_VOICE_COMMUNICATION_OUTPUT" /> 986 <permission name="android.permission.CONTROL_INCALL_EXPERIENCE" /> 987 <permission name="android.permission.MODIFY_AUDIO_ROUTING" /> 988 <permission name="android.permission.MODIFY_PHONE_STATE" /> 989 <permission name="android.permission.READ_CALL_LOG" minSdkVersion="33" /> 990 <permission name="android.permission.READ_PHONE_STATE" minSdkVersion="33" /> 991 <permission name="android.permission.RECORD_AUDIO" /> 992 <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY" /> 993 <permission name="android.permission.SET_SYSTEM_AUDIO_CAPTION" minSdkVersion="33" /> 994 </permissions> 995 </role> 996 997 <!--- 998 ~ A role for the system package that provides on-device intelligent processor for 999 ~ notifications. 1000 ~ 1001 ~ A package holding this role MUST comply with requirements outlined in the Android CDD 1002 ~ section "9.8.6 Content Capture". 1003 ~ Example link for Android 11: 1004 ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture 1005 ~ 1006 ~ In addition, packages MUST NOT: 1007 ~ - Request INTERNET permission. Instead packages MUST access the internet through 1008 ~ well-defined APIs in an open source project. 1009 ~ - Perform direct binds to other applications, except the following system packages: 1010 ~ - Bluetooth 1011 ~ - Contacts 1012 ~ - Media 1013 ~ - Telephony 1014 ~ - System UI 1015 ~ - Component providing internet APIs (see above) 1016 ~ To achieve this packages MUST set up explicit <allow-association> configuration in the 1017 ~ system config. 1018 --> 1019 <role 1020 name="android.app.role.SYSTEM_NOTIFICATION_INTELLIGENCE" 1021 defaultHolders="config_systemNotificationIntelligence" 1022 exclusive="true" 1023 exclusivity="user" 1024 minSdkVersion="31" 1025 static="true" 1026 systemOnly="true" 1027 visible="false"> 1028 <permissions> 1029 <permission-set name="notifications" /> 1030 <permission name="android.permission.REQUEST_NOTIFICATION_ASSISTANT_SERVICE" /> 1031 <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY" /> 1032 <!-- If this role holder has a NotificationListenerService, let that service receive 1033 notifications with sensitive content unredacted--> 1034 <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/> 1035 </permissions> 1036 <app-ops> 1037 <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> 1038 </app-ops> 1039 </role> 1040 1041 <!--- 1042 ~ A role for the system package that provides on-device intelligent processor for text. 1043 ~ 1044 ~ A package holding this role MUST comply with requirements outlined in the Android CDD 1045 ~ section "9.8.6 Content Capture". 1046 ~ Example link for Android 11: 1047 ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture 1048 ~ 1049 ~ In addition, packages MUST NOT: 1050 ~ - Request INTERNET permission. Instead packages MUST access the internet through 1051 ~ well-defined APIs in an open source project. 1052 ~ - Perform direct binds to other applications, except the following system packages: 1053 ~ - Bluetooth 1054 ~ - Contacts 1055 ~ - Media 1056 ~ - Telephony 1057 ~ - System UI 1058 ~ - Component providing internet APIs (see above) 1059 ~ To achieve this packages MUST set up explicit <allow-association> configuration in the 1060 ~ system config. 1061 --> 1062 <role 1063 name="android.app.role.SYSTEM_TEXT_INTELLIGENCE" 1064 defaultHolders="config_systemTextIntelligence" 1065 exclusive="true" 1066 exclusivity="user" 1067 minSdkVersion="31" 1068 static="true" 1069 systemOnly="true" 1070 visible="false"> 1071 <permissions> 1072 <permission-set name="notifications" /> 1073 <permission name="android.permission.ACCESS_BACKGROUND_LOCATION" minSdkVersion="33" /> 1074 <permission name="android.permission.ACCESS_COARSE_LOCATION" minSdkVersion="33" /> 1075 <permission name="android.permission.MANAGE_UI_TRANSLATION" /> 1076 <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY" /> 1077 <permission name="android.permission.READ_CLIPBOARD_IN_BACKGROUND" minSdkVersion="33" /> 1078 </permissions> 1079 </role> 1080 1081 <!--- 1082 ~ A role for the system package that provides on-device intelligent processor for visual 1083 ~ features. 1084 ~ 1085 ~ A package holding this role MUST comply with requirements outlined in the Android CDD 1086 ~ section "9.8.6 Content Capture". 1087 ~ Example link for Android 11: 1088 ~ https://source.android.com/compatibility/11/android-11-cdd#9_8_6_content_capture 1089 ~ 1090 ~ In addition, packages MUST NOT: 1091 ~ - Request INTERNET permission. Instead packages MUST access the internet through 1092 ~ well-defined APIs in an open source project. 1093 ~ - Perform direct binds to other applications, except the following system packages: 1094 ~ - Bluetooth 1095 ~ - Contacts 1096 ~ - Media 1097 ~ - Telephony 1098 ~ - System UI 1099 ~ - Component providing internet APIs (see above) 1100 ~ To achieve this packages MUST set up explicit <allow-association> configuration in the 1101 ~ system config. 1102 --> 1103 <role 1104 name="android.app.role.SYSTEM_VISUAL_INTELLIGENCE" 1105 defaultHolders="config_systemVisualIntelligence" 1106 exclusive="true" 1107 exclusivity="user" 1108 minSdkVersion="31" 1109 static="true" 1110 systemOnly="true" 1111 visible="false"> 1112 <permissions> 1113 <permission-set name="notifications" /> 1114 <permission name="android.permission.CAMERA" /> 1115 <permission name="android.permission.SYSTEM_CAMERA" /> 1116 <permission name="android.permission.UPDATE_DEVICE_STATS" /> 1117 <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" /> 1118 </permissions> 1119 </role> 1120 1121 <!--- 1122 ~ A role for the system package that is allowed to manage documents (e.g., attach files etc.) 1123 ~ on the device. 1124 ~ A package holding this role must comply with the requirements outlined in the Android CDD 1125 ~ section "2.2.3. Software" under heading "3.2.3.1/H-0-1". 1126 ~ Example link for Android 11: 1127 ~ https://source.android.com/compatibility/11/android-11-cdd#2_2_3_software 1128 --> 1129 <role 1130 name="android.app.role.SYSTEM_DOCUMENT_MANAGER" 1131 behavior="v33.DocumentManagerRoleBehavior" 1132 exclusive="true" 1133 exclusivity="user" 1134 minSdkVersion="33" 1135 static="true" 1136 systemOnly="true" 1137 visible="false"> 1138 <required-components> 1139 <!--- Flag value is MATCH_DISABLED_COMPONENTS--> 1140 <activity queryFlags="0x00000200"> 1141 <intent-filter> 1142 <action name="android.intent.action.OPEN_DOCUMENT" /> 1143 <category name="android.intent.category.OPENABLE" /> 1144 <data mimeType="*/*" /> 1145 </intent-filter> 1146 </activity> 1147 </required-components> 1148 <permissions> 1149 <permission-set name="notifications" /> 1150 <permission name="android.permission.MANAGE_DOCUMENTS" /> 1151 <permission name="android.permission.CACHE_CONTENT" /> 1152 <permission name="android.permission.REMOVE_TASKS" /> 1153 </permissions> 1154 </role> 1155 1156 <!--- 1157 ~ A role for the system package that serves as the activity recognizer on the device. 1158 ~ This is the application that provides the data behind the activity recognition 1159 ~ runtime permission. 1160 --> 1161 <role 1162 name="android.app.role.SYSTEM_ACTIVITY_RECOGNIZER" 1163 allowBypassingQualification="true" 1164 defaultHolders="config_systemActivityRecognizer" 1165 exclusive="false" 1166 exclusivity="none" 1167 static="true" 1168 systemOnly="true" 1169 visible="false"> 1170 <required-components> 1171 <service> 1172 <intent-filter> 1173 <action name="android.intent.action.ACTIVITY_RECOGNIZER" /> 1174 </intent-filter> 1175 </service> 1176 </required-components> 1177 </role> 1178 1179 <!--- 1180 ~ A role for the system UI package. 1181 --> 1182 <role 1183 name="android.app.role.SYSTEM_UI" 1184 defaultHolders="config_systemUi" 1185 exclusive="true" 1186 exclusivity="user" 1187 minSdkVersion="31" 1188 static="true" 1189 systemOnly="true" 1190 visible="false"> 1191 <permissions> 1192 <permission-set name="notifications" /> 1193 <permission name="android.permission.MANAGE_SENSOR_PRIVACY" /> 1194 <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" /> 1195 <permission name="android.permission.ACCESS_AMBIENT_CONTEXT_EVENT" minSdkVersion="33"/> 1196 <!-- If this role holder has a NotificationListenerService, let that service receive 1197 notifications with sensitive content unredacted--> 1198 <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/> 1199 </permissions> 1200 <app-ops> 1201 <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> 1202 </app-ops> 1203 </role> 1204 1205 <!--- 1206 ~ A role for the package responsible for interacting with a TV remote. 1207 --> 1208 <role 1209 name="android.app.role.SYSTEM_TELEVISION_REMOTE_SERVICE" 1210 behavior="v31.TelevisionRoleBehavior" 1211 defaultHolders="config_systemTelevisionRemoteService" 1212 exclusive="true" 1213 exclusivity="user" 1214 minSdkVersion="31" 1215 static="true" 1216 systemOnly="true" 1217 visible="false"> 1218 <permissions> 1219 <permission name="android.permission.OBSERVE_SENSOR_PRIVACY" /> 1220 </permissions> 1221 </role> 1222 1223 <!--- 1224 ~ A role for the companion device package that create and manage connections to connected 1225 ~ devices and perform app streaming to the devices. 1226 --> 1227 <role 1228 name="android.app.role.COMPANION_DEVICE_APP_STREAMING" 1229 allowBypassingQualification="true" 1230 behavior="v33.CompanionDeviceAppStreamingRoleBehavior" 1231 description="@string/role_app_streaming_description" 1232 exclusive="false" 1233 exclusivity="none" 1234 minSdkVersion="33" 1235 systemOnly="true" 1236 visible="false"> 1237 <permissions> 1238 <permission-set name="notifications" /> 1239 <permission-set name="virtual_device" /> 1240 <!-- For capturing audio from the app on the device. --> 1241 <permission name="android.permission.RECORD_AUDIO" /> 1242 <permission 1243 name="android.permission.ADD_MIRROR_DISPLAY" 1244 featureFlag="android.companion.virtualdevice.flags.Flags.enableLimitedVdmRole" /> 1245 <!--TODO(b/201605314) For calling Telecom framework API for audio streaming--> 1246 <!--<permission name="android.permission.PROVIDE_CALL_ENDPOINTS" />--> 1247 </permissions> 1248 </role> 1249 1250 <!--- 1251 ~ A role for the companion device package that allows connected computers to mirror 1252 ~ notifications and access photos and media from the phone. 1253 --> 1254 <role 1255 name="android.app.role.COMPANION_DEVICE_COMPUTER" 1256 allowBypassingQualification="true" 1257 behavior="v33.CompanionDeviceComputerRoleBehavior" 1258 description="@string/role_companion_device_computer_description" 1259 exclusive="false" 1260 exclusivity="none" 1261 minSdkVersion="33" 1262 systemOnly="true" 1263 visible="false"> 1264 <permissions> 1265 <permission-set name="notifications" /> 1266 <permission-set name="storage" /> 1267 <!-- If this role holder has a NotificationListenerService, let that service receive 1268 notifications with sensitive content unredacted--> 1269 <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/> 1270 </permissions> 1271 <app-ops> 1272 <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> 1273 </app-ops> 1274 </role> 1275 1276 <role 1277 name="android.app.role.COMPANION_DEVICE_GLASSES" 1278 behavior="v34.CompanionDeviceGlassesRoleBehavior" 1279 exclusive="false" 1280 exclusivity="none" 1281 minSdkVersion="34" 1282 systemOnly="false" 1283 visible="false"> 1284 <permissions> 1285 <permission-set name="contacts" /> 1286 <permission-set name="microphone" /> 1287 <permission-set name="nearby_devices" /> 1288 <permission-set name="notifications" /> 1289 <permission-set name="phone" /> 1290 <permission-set name="sms" /> 1291 <!-- If this role holder has a NotificationListenerService, let that service receive 1292 notifications with sensitive content unredacted--> 1293 <permission name="android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS" minSdkVersion="35"/> 1294 </permissions> 1295 <app-op-permissions> 1296 <app-op-permission name="android.permission.MANAGE_ONGOING_CALLS" /> 1297 </app-op-permissions> 1298 <app-ops> 1299 <app-op name="android:receive_sensitive_notifications" mode="allowed" minSdkVersion="35"/> 1300 </app-ops> 1301 </role> 1302 1303 <role 1304 name="android.app.role.COMPANION_DEVICE_NEARBY_DEVICE_STREAMING" 1305 allowBypassingQualification="true" 1306 exclusive="false" 1307 exclusivity="none" 1308 minSdkVersion="34" 1309 systemOnly="true" 1310 visible="false"> 1311 <permissions> 1312 <permission-set name="nearby_devices" /> 1313 <permission-set name="virtual_device" /> 1314 <permission-set name="notifications" 1315 featureFlag="android.companion.virtualdevice.flags.Flags.notificationsForDeviceStreaming" /> 1316 </permissions> 1317 </role> 1318 1319 <role 1320 name="android.app.role.SYSTEM_SUPERVISION" 1321 defaultHolders="config_systemSupervision" 1322 exclusive="true" 1323 exclusivity="user" 1324 minSdkVersion="33" 1325 static="true" 1326 systemOnly="true" 1327 visible="false" > 1328 <permissions> 1329 <permission name="android.permission.ACCESS_INSTANT_APPS"/> 1330 <permission name="android.permission.KILL_UID" minSdkVersion="34"/> 1331 <permission name="android.permission.MANAGE_DEFAULT_APPLICATIONS" minSdkVersion="34"/> 1332 <permission name="android.permission.SUSPEND_APPS"/> 1333 <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY"/> 1334 <permission name="android.permission.MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT" 1335 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1336 <permission name="android.permission.MANAGE_DEVICE_POLICY_APP_RESTRICTIONS" 1337 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1338 <permission name="android.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL" 1339 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1340 <permission name="android.permission.MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES" 1341 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1342 <permission name="android.permission.MANAGE_DEVICE_POLICY_DISPLAY" 1343 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1344 <permission name="android.permission.MANAGE_DEVICE_POLICY_FACTORY_RESET" 1345 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1346 <permission name="android.permission.MANAGE_DEVICE_POLICY_FUN" 1347 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1348 <permission name="android.permission.MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES" 1349 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1350 <permission name="android.permission.MANAGE_DEVICE_POLICY_KEYGUARD" 1351 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1352 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCATION" 1353 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1354 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK" 1355 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1356 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK_CREDENTIALS" 1357 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1358 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK_TASK" 1359 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1360 <permission name="android.permission.MANAGE_DEVICE_POLICY_MODIFY_USERS" 1361 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1362 <permission name="android.permission.MANAGE_DEVICE_POLICY_PACKAGE_STATE" 1363 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1364 <permission name="android.permission.MANAGE_DEVICE_POLICY_RESET_PASSWORD" 1365 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1366 <permission name="android.permission.MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS" 1367 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1368 <permission name="android.permission.MANAGE_DEVICE_POLICY_SAFE_BOOT" 1369 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1370 <permission name="android.permission.MANAGE_DEVICE_POLICY_TIME" 1371 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1372 <permission name="android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS" 1373 featureFlag="android.permission.flags.Flags.supervisionRolePermissionUpdateEnabled"/> 1374 </permissions> 1375 </role> 1376 1377 <!--- 1378 ~ A role for the package responsible for constructing managed device experiences, 1379 ~ including during provisioning. 1380 --> 1381 <role 1382 name="android.app.role.DEVICE_POLICY_MANAGEMENT" 1383 behavior="v33.DevicePolicyManagementRoleBehavior" 1384 defaultHolders="config_devicePolicyManagement" 1385 exclusive="true" 1386 exclusivity="user" 1387 minSdkVersion="33" 1388 static="true" 1389 systemOnly="false" 1390 visible="false"> 1391 <required-components> 1392 <activity permission="android.permission.LAUNCH_DEVICE_MANAGER_SETUP"> 1393 <intent-filter> 1394 <action name="android.app.action.ROLE_HOLDER_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE" /> 1395 </intent-filter> 1396 </activity> 1397 <activity permission="android.permission.LAUNCH_DEVICE_MANAGER_SETUP"> 1398 <intent-filter> 1399 <action name="android.app.action.ROLE_HOLDER_PROVISION_MANAGED_PROFILE" /> 1400 </intent-filter> 1401 </activity> 1402 <activity permission="android.permission.LAUNCH_DEVICE_MANAGER_SETUP"> 1403 <intent-filter> 1404 <action name="android.app.action.ROLE_HOLDER_PROVISION_FINALIZATION" /> 1405 </intent-filter> 1406 </activity> 1407 </required-components> 1408 <permissions> 1409 <permission-set name="notifications" /> 1410 <permission name="android.permission.BIND_DEVICE_ADMIN" /> 1411 <permission name="android.permission.MANAGE_DEVICE_ADMINS" /> 1412 <permission name="android.permission.NETWORK_MANAGED_PROVISIONING" /> 1413 <permission name="android.permission.PEERS_MAC_ADDRESS" /> 1414 <permission name="android.permission.USE_COLORIZED_NOTIFICATIONS" /> 1415 <permission name="android.permission.MASTER_CLEAR" /> 1416 <permission name="android.permission.WRITE_SECURE_SETTINGS" /> 1417 <permission name="android.permission.READ_PRIVILEGED_PHONE_STATE" /> 1418 <permission name="android.permission.START_ACTIVITIES_FROM_BACKGROUND" /> 1419 <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" /> 1420 <permission name="android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS" /> 1421 <permission name="android.permission.INTERACT_ACROSS_USERS" /> 1422 <permission name="android.permission.INTERACT_ACROSS_USERS_FULL" /> 1423 <permission name="com.android.permission.INSTALL_EXISTING_PACKAGES" /> 1424 <permission name="android.permission.DELETE_PACKAGES" /> 1425 <permission name="android.permission.ACCESS_PDB_STATE" /> 1426 <permission name="android.permission.MARK_DEVICE_ORGANIZATION_OWNED" /> 1427 <permission name="android.permission.CHANGE_COMPONENT_ENABLED_STATE" /> 1428 <permission name="android.permission.SET_TIME" /> 1429 <permission name="android.permission.SET_TIME_ZONE" /> 1430 <permission name="android.permission.CRYPT_KEEPER" /> 1431 <permission name="android.permission.SHUTDOWN" /> 1432 <permission name="android.permission.PERFORM_CDMA_PROVISIONING" /> 1433 <permission name="android.permission.CONFIGURE_INTERACT_ACROSS_PROFILES" /> 1434 <permission name="android.permission.WRITE_SETTINGS" /> 1435 <permission name="android.permission.CHANGE_CONFIGURATION" /> 1436 <permission name="android.permission.LAUNCH_DEVICE_MANAGER_SETUP" /> 1437 <permission name="android.permission.INSTALL_DPC_PACKAGES" /> 1438 <permission name="android.permission.QUERY_USERS" /> 1439 <permission name="android.permission.UPDATE_DEVICE_MANAGEMENT_RESOURCES" /> 1440 <permission name="android.permission.QUERY_ADMIN_POLICY" /> 1441 <permission name="android.permission.TRIGGER_LOST_MODE" /> 1442 <permission name="android.permission.MANAGE_DEVICE_POLICY_APP_EXEMPTIONS" minSdkVersion="34" /> 1443 <permission name="android.permission.MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT" minSdkVersion="34" /> 1444 <permission name="android.permission.MANAGE_DEVICE_POLICY_AIRPLANE_MODE" minSdkVersion="34" /> 1445 <permission name="android.permission.MANAGE_DEVICE_POLICY_CAMERA" minSdkVersion="34" /> 1446 <permission name="android.permission.MANAGE_DEVICE_POLICY_CERTIFICATES" minSdkVersion="34" /> 1447 <permission name="android.permission.MANAGE_DEVICE_POLICY_COMMON_CRITERIA_MODE" minSdkVersion="34" /> 1448 <permission name="android.permission.MANAGE_DEVICE_POLICY_DEFAULT_SMS" minSdkVersion="34" /> 1449 <permission name="android.permission.MANAGE_DEVICE_POLICY_FACTORY_RESET" minSdkVersion="34" /> 1450 <permission name="android.permission.MANAGE_DEVICE_POLICY_INPUT_METHODS" minSdkVersion="34" /> 1451 <permission name="android.permission.MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES" minSdkVersion="34" /> 1452 <permission name="android.permission.MANAGE_DEVICE_POLICY_KEYGUARD" minSdkVersion="34" /> 1453 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK" minSdkVersion="34" /> 1454 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK_CREDENTIALS" minSdkVersion="34" /> 1455 <permission name="android.permission.MANAGE_DEVICE_POLICY_MOBILE_NETWORK" minSdkVersion="34" /> 1456 <permission name="android.permission.MANAGE_DEVICE_POLICY_MTE" minSdkVersion="34" /> 1457 <permission name="android.permission.MANAGE_DEVICE_POLICY_PACKAGE_STATE" minSdkVersion="34" /> 1458 <permission name="android.permission.MANAGE_DEVICE_POLICY_PROFILES" minSdkVersion="34" /> 1459 <permission name="android.permission.MANAGE_DEVICE_POLICY_RESTRICT_PRIVATE_DNS" minSdkVersion="34" /> 1460 <permission name="android.permission.MANAGE_DEVICE_POLICY_SCREEN_CAPTURE" minSdkVersion="34" /> 1461 <permission name="android.permission.MANAGE_DEVICE_POLICY_SECURITY_LOGGING" minSdkVersion="34" /> 1462 <permission name="android.permission.MANAGE_DEVICE_POLICY_SUSPEND_PERSONAL_APPS" minSdkVersion="34" /> 1463 <permission name="android.permission.MANAGE_DEVICE_POLICY_SYSTEM_UPDATES" minSdkVersion="34" /> 1464 <permission name="android.permission.MANAGE_DEVICE_POLICY_TIME" minSdkVersion="34" /> 1465 <permission name="android.permission.MANAGE_DEVICE_POLICY_USB_DATA_SIGNALLING" minSdkVersion="34" /> 1466 <permission name="android.permission.MANAGE_DEVICE_POLICY_WIFI" minSdkVersion="34" /> 1467 <permission name="android.permission.MANAGE_DEVICE_POLICY_WIPE_DATA" minSdkVersion="34" /> 1468 <permission name="android.permission.SET_TIME" minSdkVersion="34" /> 1469 <permission name="android.permission.SET_TIME_ZONE" minSdkVersion="34" /> 1470 <permission name="android.permission.MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES" minSdkVersion="34" /> 1471 <permission name="android.permission.MANAGE_DEVICE_POLICY_MODIFY_USERS" minSdkVersion="34" /> 1472 <permission name="android.permission.MANAGE_DEVICE_POLICY_SAFE_BOOT" minSdkVersion="34" /> 1473 <permission name="android.permission.MANAGE_DEVICE_POLICY_MICROPHONE" minSdkVersion="34" /> 1474 <permission name="android.permission.MANAGE_DEVICE_POLICY_USB_FILE_TRANSFER" minSdkVersion="34" /> 1475 <permission name="android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL" minSdkVersion="34" /> 1476 <permission name="android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS" minSdkVersion="34" /> 1477 <permission name="android.permission.MANAGE_DEVICE_POLICY_CONTENT_PROTECTION" minSdkVersion="35" /> 1478 <permission name="android.permission.MANAGE_DEVICE_POLICY_QUERY_SYSTEM_UPDATES" minSdkVersion="35" /> 1479 <permission name="android.permission.MANAGE_DEVICE_POLICY_BLOCK_UNINSTALL" minSdkVersion="35" /> 1480 <permission name="android.permission.MANAGE_DEVICE_POLICY_CAMERA_TOGGLE" minSdkVersion="35" /> 1481 <permission name="android.permission.MANAGE_DEVICE_POLICY_MICROPHONE_TOGGLE" minSdkVersion="35" /> 1482 <permission name="android.permission.QUERY_DEVICE_STOLEN_STATE" minSdkVersion="35" /> 1483 <permission name="android.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING" minSdkVersion="35" /> 1484 <permission name="android.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL" minSdkVersion="35" /> 1485 <permission name="android.permission.MANAGE_DEVICE_POLICY_WALLPAPER" minSdkVersion="35" /> 1486 <permission name="android.permission.MANAGE_DEVICE_POLICY_VPN" minSdkVersion="35" /> 1487 <permission name="android.permission.MANAGE_DEVICE_POLICY_AUTOFILL" minSdkVersion="35" /> 1488 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCATION" minSdkVersion="35" /> 1489 <permission name="android.permission.MANAGE_DEVICE_POLICY_DISPLAY" minSdkVersion="35" /> 1490 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCALE" minSdkVersion="35" /> 1491 <permission name="android.permission.MANAGE_DEVICE_POLICY_SMS" minSdkVersion="35" /> 1492 <permission name="android.permission.MANAGE_DEVICE_POLICY_APP_FUNCTIONS" 1493 featureFlag="android.app.appfunctions.flags.Flags.enableAppFunctionManager" /> 1494 <permission name="android.permission.COPY_ACCOUNTS" 1495 featureFlag="android.app.admin.flags.Flags.splitCreateManagedProfileEnabled" /> 1496 <permission name="android.permission.REMOVE_ACCOUNTS" 1497 featureFlag="android.app.admin.flags.Flags.splitCreateManagedProfileEnabled" /> 1498 </permissions> 1499 </role> 1500 1501 <role 1502 name="android.app.role.SYSTEM_APP_PROTECTION_SERVICE" 1503 defaultHolders="config_systemAppProtectionService" 1504 exclusive="true" 1505 exclusivity="user" 1506 minSdkVersion="33" 1507 static="true" 1508 systemOnly="true" 1509 visible="false"> 1510 <permissions> 1511 <permission-set name="notifications" /> 1512 <permission name="android.permission.GET_HISTORICAL_APP_OPS_STATS" /> 1513 <permission name="android.permission.READ_SMS" /> 1514 <permission name="android.permission.RECEIVE_SMS" /> 1515 <permission name="android.permission.GET_BACKGROUND_INSTALLED_PACKAGES" minSdkVersion="35" /> 1516 <permission name="android.permission.START_ACTIVITIES_FROM_BACKGROUND" /> 1517 <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" /> 1518 <permission name="android.permission.SYSTEM_APPLICATION_OVERLAY" /> 1519 </permissions> 1520 <app-op-permissions> 1521 <app-op-permission name="android.permission.SYSTEM_ALERT_WINDOW" /> 1522 </app-op-permissions> 1523 </role> 1524 1525 <!--- 1526 ~ A role for the system package that handles syncing calendar from another device on 1527 ~ Automotive. 1528 --> 1529 <role 1530 name="android.app.role.SYSTEM_AUTOMOTIVE_CALENDAR_SYNC_MANAGER" 1531 behavior="v31.AutomotiveRoleBehavior" 1532 defaultHolders="config_systemAutomotiveCalendarSyncManager" 1533 exclusive="true" 1534 exclusivity="user" 1535 minSdkVersion="33" 1536 static="true" 1537 systemOnly="true" 1538 visible="false"> 1539 <permissions> 1540 <permission name="android.permission.READ_CALENDAR" /> 1541 <permission name="android.permission.WRITE_CALENDAR" /> 1542 </permissions> 1543 </role> 1544 1545 <!--- 1546 ~ A role for the package that handles navigation on the Automotive. 1547 ~ This is the application that provides point-of-interest search and 1548 ~ turn-by-turn navigation guidance. 1549 --> 1550 <role 1551 name="android.app.role.AUTOMOTIVE_NAVIGATION" 1552 behavior="v31.AutomotiveRoleBehavior" 1553 defaultHolders="config_defaultAutomotiveNavigation" 1554 description="@string/role_automotive_navigation_description" 1555 exclusive="true" 1556 exclusivity="user" 1557 label="@string/role_automotive_navigation_label" 1558 minSdkVersion="33" 1559 overrideUserWhenGranting="true" 1560 requestDescription="@string/role_automotive_navigation_request_description" 1561 requestTitle="@string/role_automotive_navigation_request_title" 1562 shortLabel="@string/role_automotive_navigation_short_label"> 1563 <required-components> 1564 <activity> 1565 <intent-filter> 1566 <action name="android.intent.action.MAIN" /> 1567 <category name="android.intent.category.APP_MAPS" /> 1568 </intent-filter> 1569 </activity> 1570 <activity> 1571 <intent-filter> 1572 <action name="android.intent.action.NAVIGATE" /> 1573 <data scheme="geo" /> 1574 </intent-filter> 1575 </activity> 1576 <activity> 1577 <intent-filter> 1578 <action name="android.intent.action.MAIN" /> 1579 <category name="android.car.cluster.NAVIGATION" /> 1580 </intent-filter> 1581 </activity> 1582 </required-components> 1583 <preferred-activities> 1584 <preferred-activity> 1585 <activity> 1586 <intent-filter> 1587 <action name="android.intent.action.MAIN" /> 1588 <category name="android.intent.category.APP_MAPS" /> 1589 </intent-filter> 1590 </activity> 1591 <intent-filter> 1592 <action name="android.intent.action.MAIN" /> 1593 <category name="android.intent.category.APP_MAPS" /> 1594 </intent-filter> 1595 </preferred-activity> 1596 <preferred-activity> 1597 <activity> 1598 <intent-filter> 1599 <action name="android.intent.action.NAVIGATE" /> 1600 <data scheme="geo" /> 1601 </intent-filter> 1602 </activity> 1603 <intent-filter> 1604 <action name="android.intent.action.NAVIGATE" /> 1605 <data scheme="geo" /> 1606 </intent-filter> 1607 </preferred-activity> 1608 <preferred-activity> 1609 <activity> 1610 <intent-filter> 1611 <action name="android.intent.action.MAIN" /> 1612 <category name="android.car.cluster.NAVIGATION" /> 1613 </intent-filter> 1614 </activity> 1615 <intent-filter> 1616 <action name="android.intent.action.MAIN" /> 1617 <category name="android.car.cluster.NAVIGATION" /> 1618 </intent-filter> 1619 </preferred-activity> 1620 </preferred-activities> 1621 </role> 1622 1623 <!--- 1624 ~ A role for the package that handles AI features for the settings app 1625 --> 1626 <role 1627 name="android.app.role.SYSTEM_SETTINGS_INTELLIGENCE" 1628 defaultHolders="config_systemSettingsIntelligence" 1629 exclusive="true" 1630 exclusivity="user" 1631 minSdkVersion="33" 1632 static="true" 1633 systemOnly="true" 1634 visible="false"> 1635 <permissions> 1636 <permission-set name="notifications" /> 1637 <permission name="android.permission.INTERACT_ACROSS_USERS_FULL" minSdkVersion="34" /> 1638 </permissions> 1639 </role> 1640 1641 <!--- 1642 ~ A role for the package that handles Bluetooth for the device 1643 --> 1644 <role 1645 name="android.app.role.SYSTEM_BLUETOOTH_STACK" 1646 defaultHolders="config_systemBluetoothStack" 1647 exclusive="true" 1648 exclusivity="user" 1649 minSdkVersion="33" 1650 static="true" 1651 systemOnly="true" 1652 visible="false"> 1653 <permissions> 1654 <permission name="android.permission.NETWORK_FACTORY" /> 1655 <permission name="android.permission.BLUETOOTH_MAP" /> 1656 <permission name="android.permission.BLUETOOTH_STACK" /> 1657 <permission name="android.permission.NET_ADMIN" /> 1658 <permission name="android.permission.LISTEN_ALWAYS_REPORTED_SIGNAL_STRENGTH" /> 1659 <permission name="android.permission.MANAGE_APP_OPS_MODES" /> 1660 <permission name="android.permission.MANAGE_COMPANION_DEVICES" /> 1661 <permission name="android.permission.QUERY_AUDIO_STATE" /> 1662 <permission name="android.permission.DEVICE_POWER" /> 1663 <permission name="android.permission.NET_TUNNELING" /> 1664 </permissions> 1665 </role> 1666 1667 <!-- 1668 ~ A role assigned to the financing kiosk app 1669 --> 1670 <role 1671 name="android.app.role.FINANCED_DEVICE_KIOSK" 1672 exclusive="true" 1673 exclusivity="user" 1674 minSdkVersion="34" 1675 visible="false"> 1676 <permissions> 1677 <permission-set name="notifications" /> 1678 <permission name="android.permission.MANAGE_DEVICE_LOCK_STATE" /> 1679 </permissions> 1680 </role> 1681 1682 <!-- 1683 ~ A role assigned to the device lock controller 1684 --> 1685 <role 1686 name="android.app.role.SYSTEM_FINANCED_DEVICE_CONTROLLER" 1687 defaultHolders="config_systemFinancedDeviceController" 1688 exclusive="true" 1689 exclusivity="user" 1690 minSdkVersion="34" 1691 static="true" 1692 systemOnly="true" 1693 visible="false"> 1694 <permissions> 1695 <permission-set name="notifications" /> 1696 <permission name="android.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL" /> 1697 <permission name="android.permission.MANAGE_DEVICE_POLICY_CALLS" /> 1698 <permission name="android.permission.MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES" /> 1699 <permission name="android.permission.MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES" /> 1700 <permission name="android.permission.MANAGE_DEVICE_POLICY_LOCK_TASK" /> 1701 <permission name="android.permission.MANAGE_DEVICE_POLICY_SAFE_BOOT" /> 1702 <permission name="android.permission.MANAGE_DEVICE_POLICY_TIME" /> 1703 <permission name="android.permission.MASTER_CLEAR" /> 1704 <permission name="android.permission.INTERACT_ACROSS_USERS" /> 1705 <permission name="android.permission.READ_PRIVILEGED_PHONE_STATE" /> 1706 </permissions> 1707 </role> 1708 1709 <!--- 1710 ~ A role for the wear health service that handles health/fitness tracking features. 1711 --> 1712 <role 1713 name="android.app.role.SYSTEM_WEAR_HEALTH_SERVICE" 1714 behavior="v33.SystemWearHealthServiceRoleBehavior" 1715 defaultHolders="config_systemWearHealthService" 1716 exclusive="true" 1717 exclusivity="user" 1718 minSdkVersion="33" 1719 static="true" 1720 systemOnly="true" 1721 visible="false"> 1722 <permissions> 1723 <permission-set name="sensors" /> 1724 <permission-set name="location" /> 1725 <permission name="android.permission.ACCESS_BACKGROUND_LOCATION" /> 1726 <permission name="android.permission.ACTIVITY_RECOGNITION" /> 1727 <permission 1728 name="android.permission.health.READ_HEART_RATE" 1729 featureFlag="android.permission.flags.Flags.replaceBodySensorPermissionEnabled" /> 1730 <permission 1731 name="android.permission.health.READ_HEALTH_DATA_IN_BACKGROUND" 1732 featureFlag="android.permission.flags.Flags.replaceBodySensorPermissionEnabled" /> 1733 </permissions> 1734 </role> 1735 1736 <!--- 1737 ~ A role for the package that responds to system notes actions. 1738 --> 1739 <role 1740 name="android.app.role.NOTES" 1741 behavior="v34.NotesRoleBehavior" 1742 defaultHolders="config_defaultNotes" 1743 description="@string/role_notes_description" 1744 exclusive="true" 1745 exclusivity="user" 1746 label="@string/role_notes_label" 1747 minSdkVersion="34" 1748 overrideUserWhenGranting="true" 1749 requestable="false" 1750 searchKeywords="@string/role_notes_search_keywords" 1751 shortLabel="@string/role_notes_short_label" 1752 showNone="true"> 1753 <required-components> 1754 <!-- Flag value is FLAG_SHOW_WHEN_LOCKED | FLAG_TURN_SCREEN_ON --> 1755 <activity flags="0x1800000"> 1756 <intent-filter> 1757 <action name="android.intent.action.CREATE_NOTE" /> 1758 </intent-filter> 1759 </activity> 1760 </required-components> 1761 <preferred-activities> 1762 <preferred-activity> 1763 <!-- Flag value is FLAG_SHOW_WHEN_LOCKED | FLAG_TURN_SCREEN_ON --> 1764 <activity flags="0x1800000"> 1765 <intent-filter> 1766 <action name="android.intent.action.CREATE_NOTE" /> 1767 </intent-filter> 1768 </activity> 1769 <intent-filter> 1770 <action name="android.intent.action.CREATE_NOTE" /> 1771 </intent-filter> 1772 </preferred-activity> 1773 </preferred-activities> 1774 <permissions> 1775 <permission name="android.permission.LAUNCH_CAPTURE_CONTENT_ACTIVITY_FOR_NOTE" minSdkVersion="34"/> 1776 </permissions> 1777 </role> 1778 1779 <!--- 1780 ~ A role for the package that streams calls to other devices. 1781 --> 1782 <role 1783 name="android.app.role.SYSTEM_CALL_STREAMING" 1784 allowBypassingQualification="true" 1785 defaultHolders="config_systemCallStreaming" 1786 exclusive="true" 1787 exclusivity="user" 1788 minSdkVersion="34" 1789 static="true" 1790 systemOnly="true" 1791 visible="false"> 1792 <permissions> 1793 <permission name="android.permission.CALL_AUDIO_INTERCEPTION" /> 1794 <permission name="android.permission.RECORD_AUDIO" /> 1795 </permissions> 1796 <required-components> 1797 <service permission="android.permission.BIND_CALL_STREAMING_SERVICE"> 1798 <intent-filter> 1799 <action name="android.telecom.CallStreamingService" /> 1800 </intent-filter> 1801 </service> 1802 </required-components> 1803 </role> 1804 1805 <role 1806 name="android.app.role.RETAIL_DEMO" 1807 behavior="v35.RetailDemoRoleBehavior" 1808 defaultHolders="config_defaultRetailDemo" 1809 exclusive="true" 1810 exclusivity="user" 1811 minSdkVersion="35" 1812 static="true" 1813 visible="false"> 1814 <permissions> 1815 <permission name="android.permission.ACCESS_BLOBS_ACROSS_USERS" /> 1816 <permission name="android.permission.CHANGE_CONFIGURATION" /> 1817 <permission name="android.permission.MODIFY_DAY_NIGHT_MODE" /> 1818 <permission name="android.permission.MODIFY_PHONE_STATE" /> 1819 <permission name="android.permission.OBSERVE_APP_USAGE" /> 1820 <permission name="android.permission.QUERY_USERS" /> 1821 <permission name="android.permission.READ_PRIVILEGED_PHONE_STATE" /> 1822 <permission name="android.permission.START_ACTIVITIES_FROM_BACKGROUND" /> 1823 <permission name="android.permission.START_FOREGROUND_SERVICES_FROM_BACKGROUND" /> 1824 <permission name="android.permission.WRITE_SETTINGS" /> 1825 </permissions> 1826 <app-op-permissions> 1827 <app-op-permission name="android.permission.PACKAGE_USAGE_STATS" /> 1828 </app-op-permissions> 1829 </role> 1830 1831 <role 1832 name="android.app.role.WALLET" 1833 behavior="v35.WalletRoleBehavior" 1834 defaultHolders="config_defaultWallet" 1835 description="@string/role_wallet_description" 1836 exclusive="true" 1837 exclusivity="user" 1838 label="@string/role_wallet_label" 1839 minSdkVersion="35" 1840 overrideUserWhenGranting="true" 1841 requestable="true" 1842 requestDescription="@string/role_wallet_request_description" 1843 requestTitle="@string/role_wallet_request_title" 1844 showNone="true" 1845 shortLabel="@string/role_wallet_short_label" 1846 uiBehavior="v35.WalletRoleUiBehavior"/> 1847 1848 <role 1849 name="android.app.role.SYSTEM_DEPENDENCY_INSTALLER" 1850 allowBypassingQualification="true" 1851 defaultHolders="config_systemDependencyInstaller" 1852 exclusive="true" 1853 exclusivity="user" 1854 featureFlag="android.content.pm.Flags.sdkDependencyInstaller" 1855 static="true" 1856 systemOnly="true" 1857 visible="false"> 1858 <required-components> 1859 <service permission="android.permission.BIND_DEPENDENCY_INSTALLER"> 1860 <intent-filter> 1861 <action name="android.content.pm.action.INSTALL_DEPENDENCY" /> 1862 </intent-filter> 1863 </service> 1864 </required-components> 1865 <permissions> 1866 <permission name="android.permission.ACCESS_SHARED_LIBRARIES" /> 1867 <permission name="android.permission.INSTALL_DEPENDENCY_SHARED_LIBRARIES" /> 1868 </permissions> 1869 </role> 1870 1871 <!--- 1872 ~ A role for testing cross-user roles (exclusivity="profileGroup"). This should never be used 1873 ~ to gate any actual functionality. 1874 --> 1875 <role 1876 name="android.app.role.RESERVED_FOR_TESTING_PROFILE_GROUP_EXCLUSIVITY" 1877 behavior="ReservedForTestingProfileGroupExclusivityRoleBehavior" 1878 description="@string/role_for_testing_profile_group_exclusivity_description" 1879 exclusive="true" 1880 exclusivity="profileGroup" 1881 fallBackToDefaultHolder="true" 1882 featureFlag="com.android.permission.flags.Flags.crossUserRoleEnabled" 1883 label="@string/role_for_testing_profile_group_exclusivity_label" 1884 requestable="true" 1885 requestDescription="@string/role_for_testing_profile_group_exclusivity_request_description" 1886 requestTitle="@string/role_for_testing_profile_group_exclusivity_request_title" 1887 shortLabel="@string/role_for_testing_profile_group_exclusivity_short_label" 1888 showNone="true" 1889 visible="true"/> 1890 1891 <!--- 1892 ~ A role for the vendor package that provides privacy-preserving intelligent processor for 1893 ~ vendor specific features. 1894 ~ 1895 ~ A package holding this role MUST comply with requirements outlined in the Android CDD 1896 ~ section "9.8.6 Content Capture". 1897 ~ Example link for Android 15: 1898 ~ https://source.android.com/docs/compatibility/15/android-15-cdd#986_os-level_and_ambient_data 1899 ~ 1900 ~ In addition, packages MUST NOT: 1901 ~ - Request INTERNET permission. Instead packages MUST access the internet through 1902 ~ well-defined APIs in an open source project. 1903 ~ - Perform direct binds to other applications, except the following system packages or 1904 ~ other preloaded packages conforming with the requirements here: 1905 ~ - Bluetooth 1906 ~ - Contacts 1907 ~ - Media 1908 ~ - Telephony 1909 ~ - System UI 1910 ~ - Component providing internet APIs (see above) 1911 ~ To achieve this packages MUST set up explicit <allow-association> configuration in the 1912 ~ system config. 1913 --> 1914 <role 1915 name="android.app.role.SYSTEM_VENDOR_INTELLIGENCE" 1916 defaultHolders="config_systemVendorIntelligence" 1917 exclusive="true" 1918 exclusivity="user" 1919 featureFlag="android.permission.flags.Flags.systemVendorIntelligenceRoleEnabled" 1920 static="true" 1921 systemOnly="true" 1922 visible="false"> 1923 <permissions> 1924 <permission name="android.permission.READ_GLOBAL_APP_SEARCH_DATA" /> 1925 <permission name="android.permission.EXECUTE_APP_FUNCTIONS_TRUSTED" 1926 featureFlag="android.app.appfunctions.flags.Flags.enableAppFunctionManager" /> 1927 </permissions> 1928 </role> 1929</roles> 1930