1 <?xml version="1.0" encoding="utf-8"?> 2 <!-- Copyright (C) 2008 The Android Open Source Project 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 --> 16 17 <!-- This file is used to define the mappings between lower-level system 18 user and group IDs and the higher-level permission names managed 19 by the platform. 20 21 Be VERY careful when editing this file! Mistakes made here can open 22 big security holes. 23 --> 24 <permissions> 25 26 <!-- ================================================================== --> 27 <!-- ================================================================== --> 28 <!-- ================================================================== --> 29 30 <!-- The following tags are associating low-level group IDs with 31 permission names. By specifying such a mapping, you are saying 32 that any application process granted the given permission will 33 also be running with the given group ID attached to its process, 34 so it can perform any filesystem (read, write, execute) operations 35 allowed for that group. --> 36 37 <permission name="android.permission.BLUETOOTH_ADMIN" > 38 <group gid="net_bt_admin" /> 39 </permission> 40 41 <permission name="android.permission.BLUETOOTH" > 42 <group gid="net_bt" /> 43 </permission> 44 45 <permission name="android.permission.BLUETOOTH_STACK" > 46 <group gid="net_bt_stack" /> 47 </permission> 48 49 <permission name="android.permission.NET_TUNNELING" > 50 <group gid="vpn" /> 51 </permission> 52 53 <permission name="android.permission.INTERNET" > 54 <group gid="inet" /> 55 </permission> 56 57 <permission name="android.permission.READ_LOGS" > 58 <group gid="log" /> 59 </permission> 60 61 <permission name="android.permission.READ_EXTERNAL_STORAGE" > 62 <group gid="sdcard_r" /> 63 </permission> 64 65 <permission name="android.permission.WRITE_EXTERNAL_STORAGE" > 66 <group gid="sdcard_r" /> 67 <group gid="sdcard_rw" /> 68 </permission> 69 70 <permission name="android.permission.ACCESS_ALL_EXTERNAL_STORAGE" > 71 <group gid="sdcard_r" /> 72 <group gid="sdcard_rw" /> 73 <group gid="sdcard_all" /> 74 </permission> 75 76 <permission name="android.permission.WRITE_MEDIA_STORAGE" > 77 <group gid="media_rw" /> 78 </permission> 79 80 <permission name="android.permission.ACCESS_MTP" > 81 <group gid="mtp" /> 82 </permission> 83 84 <permission name="android.permission.NET_ADMIN" > 85 <group gid="net_admin" /> 86 </permission> 87 88 <!-- The group that /cache belongs to, linked to the permission 89 set on the applications that can access /cache --> 90 <permission name="android.permission.ACCESS_CACHE_FILESYSTEM" > 91 <group gid="cache" /> 92 </permission> 93 94 <!-- RW permissions to any system resources owned by group 'diag'. 95 This is for carrier and manufacture diagnostics tools that must be 96 installable from the framework. Be careful. --> 97 <permission name="android.permission.DIAGNOSTIC" > 98 <group gid="input" /> 99 <group gid="diag" /> 100 </permission> 101 102 <!-- Group that can read detailed network usage statistics --> 103 <permission name="android.permission.READ_NETWORK_USAGE_HISTORY"> 104 <group gid="net_bw_stats" /> 105 </permission> 106 107 <!-- Group that can modify how network statistics are accounted --> 108 <permission name="android.permission.MODIFY_NETWORK_ACCOUNTING"> 109 <group gid="net_bw_acct" /> 110 </permission> 111 112 <permission name="android.permission.LOOP_RADIO" > 113 <group gid="loop_radio" /> 114 </permission> 115 116 <!-- ================================================================== --> 117 <!-- ================================================================== --> 118 <!-- ================================================================== --> 119 120 <!-- The following tags are assigning high-level permissions to specific 121 user IDs. These are used to allow specific core system users to 122 perform the given operations with the higher-level framework. For 123 example, we give a wide variety of permissions to the shell user 124 since that is the user the adb shell runs under and developers and 125 others should have a fairly open environment in which to 126 interact with the system. --> 127 128 <assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="media" /> 129 <assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="media" /> 130 <assign-permission name="android.permission.WAKE_LOCK" uid="media" /> 131 <assign-permission name="android.permission.UPDATE_DEVICE_STATS" uid="media" /> 132 <assign-permission name="android.permission.UPDATE_APP_OPS_STATS" uid="media" /> 133 134 <assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="graphics" /> 135 136 <!-- This is a list of all the libraries available for application 137 code to link against. --> 138 139 <library name="android.test.runner" 140 file="/system/framework/android.test.runner.jar" /> 141 <library name="javax.obex" 142 file="/system/framework/javax.obex.jar"/> 143 144 </permissions> 145
