Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 22d2add7 authored by Jonathan Scott's avatar Jonathan Scott Committed by Android (Google) Code Review
Browse files

Merge changes from topics "dmrh_permisssions",... 

Merge changes from topics "dmrh_permisssions", "remaining-user-restriction-permissions-dpm", "unicorn_dpm_permissions"

* changes:
  Add remaining new permissions to cover user restrictions.
  Add remaining permissions required for the device management role holder
  Add remaining new permissions required by Unicorn role.
parents 02e24406 ba03e3c7

core/api/current.txt

+36 −0
Original line number Diff line number Diff line
@@ -127,22 +127,58 @@ package android { 
    field public static final String LOADER_USAGE_STATS = "android.permission.LOADER_USAGE_STATS";

    field public static final String LOCATION_HARDWARE = "android.permission.LOCATION_HARDWARE";

    field public static final String MANAGE_DEVICE_LOCK_STATE = "android.permission.MANAGE_DEVICE_LOCK_STATE";

    field public static final String MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT = "android.permission.MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT";

    field public static final String MANAGE_DEVICE_POLICY_ACROSS_USERS = "android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS";

    field public static final String MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL = "android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL";

    field public static final String MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL = "android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL";

    field public static final String MANAGE_DEVICE_POLICY_AIRPLANE_MODE = "android.permission.MANAGE_DEVICE_POLICY_AIRPLANE_MODE";

    field public static final String MANAGE_DEVICE_POLICY_APPS_CONTROL = "android.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL";

    field public static final String MANAGE_DEVICE_POLICY_APP_RESTRICTIONS = "android.permission.MANAGE_DEVICE_POLICY_APP_RESTRICTIONS";

    field public static final String MANAGE_DEVICE_POLICY_AUDIO_OUTPUT = "android.permission.MANAGE_DEVICE_POLICY_AUDIO_OUTPUT";

    field public static final String MANAGE_DEVICE_POLICY_AUTOFILL = "android.permission.MANAGE_DEVICE_POLICY_AUTOFILL";

    field public static final String MANAGE_DEVICE_POLICY_BACKUP_SERVICE = "android.permission.MANAGE_DEVICE_POLICY_BACKUP_SERVICE";

    field public static final String MANAGE_DEVICE_POLICY_BLUETOOTH = "android.permission.MANAGE_DEVICE_POLICY_BLUETOOTH";

    field public static final String MANAGE_DEVICE_POLICY_CALLS = "android.permission.MANAGE_DEVICE_POLICY_CALLS";

    field public static final String MANAGE_DEVICE_POLICY_CAMERA = "android.permission.MANAGE_DEVICE_POLICY_CAMERA";

    field public static final String MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES = "android.permission.MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES";

    field public static final String MANAGE_DEVICE_POLICY_DEFAULT_SMS = "android.permission.MANAGE_DEVICE_POLICY_DEFAULT_SMS";

    field public static final String MANAGE_DEVICE_POLICY_DISPLAY = "android.permission.MANAGE_DEVICE_POLICY_DISPLAY";

    field public static final String MANAGE_DEVICE_POLICY_FACTORY_RESET = "android.permission.MANAGE_DEVICE_POLICY_FACTORY_RESET";

    field public static final String MANAGE_DEVICE_POLICY_FUN = "android.permission.MANAGE_DEVICE_POLICY_FUN";

    field public static final String MANAGE_DEVICE_POLICY_INPUT_METHODS = "android.permission.MANAGE_DEVICE_POLICY_INPUT_METHODS";

    field public static final String MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES = "android.permission.MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES";

    field public static final String MANAGE_DEVICE_POLICY_KEYGUARD = "android.permission.MANAGE_DEVICE_POLICY_KEYGUARD";

    field public static final String MANAGE_DEVICE_POLICY_LOCALE = "android.permission.MANAGE_DEVICE_POLICY_LOCALE";

    field public static final String MANAGE_DEVICE_POLICY_LOCATION = "android.permission.MANAGE_DEVICE_POLICY_LOCATION";

    field public static final String MANAGE_DEVICE_POLICY_LOCK_CREDENTIALS = "android.permission.MANAGE_DEVICE_POLICY_LOCK_CREDENTIALS";

    field public static final String MANAGE_DEVICE_POLICY_LOCK_TASK = "android.permission.MANAGE_DEVICE_POLICY_LOCK_TASK";

    field public static final String MANAGE_DEVICE_POLICY_MICROPHONE = "android.permission.MANAGE_DEVICE_POLICY_MICROPHONE";

    field public static final String MANAGE_DEVICE_POLICY_MOBILE_NETWORK = "android.permission.MANAGE_DEVICE_POLICY_MOBILE_NETWORK";

    field public static final String MANAGE_DEVICE_POLICY_MODIFY_USERS = "android.permission.MANAGE_DEVICE_POLICY_MODIFY_USERS";

    field public static final String MANAGE_DEVICE_POLICY_NEARBY_COMMUNICATION = "android.permission.MANAGE_DEVICE_POLICY_NEARBY_COMMUNICATION";

    field public static final String MANAGE_DEVICE_POLICY_ORGANIZATION_IDENTITY = "android.permission.MANAGE_DEVICE_POLICY_ORGANIZATION_IDENTITY";

    field public static final String MANAGE_DEVICE_POLICY_PACKAGE_STATE = "android.permission.MANAGE_DEVICE_POLICY_PACKAGE_STATE";

    field public static final String MANAGE_DEVICE_POLICY_PHYSICAL_MEDIA = "android.permission.MANAGE_DEVICE_POLICY_PHYSICAL_MEDIA";

    field public static final String MANAGE_DEVICE_POLICY_PRINTING = "android.permission.MANAGE_DEVICE_POLICY_PRINTING";

    field public static final String MANAGE_DEVICE_POLICY_PROFILES = "android.permission.MANAGE_DEVICE_POLICY_PROFILES";

    field public static final String MANAGE_DEVICE_POLICY_PROFILE_INTERACTION = "android.permission.MANAGE_DEVICE_POLICY_PROFILE_INTERACTION";

    field public static final String MANAGE_DEVICE_POLICY_RESET_PASSWORD = "android.permission.MANAGE_DEVICE_POLICY_RESET_PASSWORD";

    field public static final String MANAGE_DEVICE_POLICY_RESTRICT_PRIVATE_DNS = "android.permission.MANAGE_DEVICE_POLICY_RESTRICT_PRIVATE_DNS";

    field public static final String MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS = "android.permission.MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS";

    field public static final String MANAGE_DEVICE_POLICY_RUN_IN_BACKGROUND = "android.permission.MANAGE_DEVICE_POLICY_RUN_IN_BACKGROUND";

    field public static final String MANAGE_DEVICE_POLICY_SAFE_BOOT = "android.permission.MANAGE_DEVICE_POLICY_SAFE_BOOT";

    field public static final String MANAGE_DEVICE_POLICY_SCREEN_CAPTURE = "android.permission.MANAGE_DEVICE_POLICY_SCREEN_CAPTURE";

    field public static final String MANAGE_DEVICE_POLICY_SCREEN_CONTENT = "android.permission.MANAGE_DEVICE_POLICY_SCREEN_CONTENT";

    field public static final String MANAGE_DEVICE_POLICY_SMS = "android.permission.MANAGE_DEVICE_POLICY_SMS";

    field public static final String MANAGE_DEVICE_POLICY_STATUS_BAR = "android.permission.MANAGE_DEVICE_POLICY_STATUS_BAR";

    field public static final String MANAGE_DEVICE_POLICY_SUPPORT_MESSAGE = "android.permission.MANAGE_DEVICE_POLICY_SUPPORT_MESSAGE";

    field public static final String MANAGE_DEVICE_POLICY_SYSTEM_DIALOGS = "android.permission.MANAGE_DEVICE_POLICY_SYSTEM_DIALOGS";

    field public static final String MANAGE_DEVICE_POLICY_TIME = "android.permission.MANAGE_DEVICE_POLICY_TIME";

    field public static final String MANAGE_DEVICE_POLICY_USB_FILE_TRANSFER = "android.permission.MANAGE_DEVICE_POLICY_USB_FILE_TRANSFER";

    field public static final String MANAGE_DEVICE_POLICY_VPN = "android.permission.MANAGE_DEVICE_POLICY_VPN";

    field public static final String MANAGE_DEVICE_POLICY_WALLPAPER = "android.permission.MANAGE_DEVICE_POLICY_WALLPAPER";

    field public static final String MANAGE_DEVICE_POLICY_WIFI = "android.permission.MANAGE_DEVICE_POLICY_WIFI";

    field public static final String MANAGE_DEVICE_POLICY_WINDOWS = "android.permission.MANAGE_DEVICE_POLICY_WINDOWS";

    field public static final String MANAGE_DOCUMENTS = "android.permission.MANAGE_DOCUMENTS";

    field public static final String MANAGE_EXTERNAL_STORAGE = "android.permission.MANAGE_EXTERNAL_STORAGE";

    field public static final String MANAGE_MEDIA = "android.permission.MANAGE_MEDIA";

core/res/AndroidManifest.xml

+255 −0
Original line number Diff line number Diff line
@@ -3253,6 +3253,261 @@ 
    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_SAFE_BOOT"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to restricting a user's ability to use or

    enable and disable the microphone.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is required to call

        APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_MICROPHONE"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to restricting a user's ability to use or

    enable and disable the camera.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is required to call

        APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_CAMERA"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to manage policy related to keyguard.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_KEYGUARD"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to account management.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is required to call

        APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to hiding and suspending packages.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is required to call

        APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_PACKAGE_STATE"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to force set a new device unlock password or a managed profile

    challenge on current user.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call

        APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_RESET_PASSWORD"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to the status bar.-->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_STATUS_BAR"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to bluetooth.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call

        APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_BLUETOOTH"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to fun.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call

        APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_FUN"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to airplane mode.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is required to call

        APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_AIRPLANE_MODE"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to mobile networks.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call

        APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_MOBILE_NETWORK"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to physical media.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call

        APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_PHYSICAL_MEDIA"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to sms.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call

        APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_SMS"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to usb file transfers.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call

        APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_USB_FILE_TRANSFER"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to lock credentials.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_LOCK_CREDENTIALS"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to Wifi.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_WIFI"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to screen capture.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_SCREEN_CAPTURE"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to input methods.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_INPUT_METHODS"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to restricting the user from configuring

     private DNS.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_RESTRICT_PRIVATE_DNS"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to the default sms application.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_DEFAULT_SMS"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to profiles.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_PROFILES"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to interacting with profiles (e.g. Disallowing

    cross-profile copy and paste).

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_PROFILE_INTERACTION"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to VPNs.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_VPN"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to audio output.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_AUDIO_OUTPUT"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to the display.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_DISPLAY"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to location.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_LOCATION"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to factory reset.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_FACTORY_RESET"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to the wallpaper.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_WALLPAPER"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to the usage of the contents of the screen.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_SCREEN_CONTENT"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to system dialogs.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_SYSTEM_DIALOGS"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to users running in the background.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_RUN_IN_BACKGROUND"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to printing.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_PRINTING"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to nearby communications (e.g. Beam and

    nearby streaming).

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_NEARBY_COMMUNICATION"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to windows.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_WINDOWS"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to locale.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_LOCALE"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set policy related to autofill.

        <p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is

        required to call APIs protected by this permission on users different to the calling user.

    -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_AUTOFILL"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set device policies outside the current user

        that are critical for securing data within the current user.

        <p>Holding this permission allows the use of other held MANAGE_DEVICE_POLICY_*