Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5829ea74 authored by Elis Elliott's avatar Elis Elliott
Browse files

Create new permissions for managing policies across users. 

Bug: 234609037

Test: N/A

Change-Id: I0254bdd9746724c00c7951442d5b4cf3f8ece15b
parent a8fcf131

core/api/current.txt

+4 −0
Original line number Diff line number Diff line
@@ -122,6 +122,10 @@ package android { 
    field public static final String LOADER_USAGE_STATS = "android.permission.LOADER_USAGE_STATS";

    field public static final String LOCATION_HARDWARE = "android.permission.LOCATION_HARDWARE";

    field public static final String MANAGE_DEVICE_LOCK_STATE = "android.permission.MANAGE_DEVICE_LOCK_STATE";

    field public static final String MANAGE_DEVICE_POLICY_ACROSS_USERS = "android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS";

    field public static final String MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL = "android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL";

    field public static final String MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL = "android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL";

    field public static final String MANAGE_DEVICE_POLICY_TIME = "android.permission.MANAGE_DEVICE_POLICY_TIME";

    field public static final String MANAGE_DOCUMENTS = "android.permission.MANAGE_DOCUMENTS";

    field public static final String MANAGE_EXTERNAL_STORAGE = "android.permission.MANAGE_EXTERNAL_STORAGE";

    field public static final String MANAGE_MEDIA = "android.permission.MANAGE_MEDIA";

core/res/AndroidManifest.xml

+28 −0
Original line number Diff line number Diff line
@@ -3118,6 +3118,34 @@ 
    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_APP_EXEMPTIONS"

                android:protectionLevel="signature|role" />



    <!-- Allows an application to manage date and time device policy. -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_TIME"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set device policies outside the current user

        that are critical for securing data within the current user.

        <p>Holding this permission allows the use of other held MANAGE_DEVICE_POLICY_*

            permissions across all users on the device provided they are required for securing data

            within the current user.-->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set device policies outside the current user

        that are required for securing device ownership without accessing user data.

        <p>Holding this permission allows the use of other held MANAGE_DEVICE_POLICY_*

            permissions across all users on the device provided they do not grant access to user

            data. -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS"

                android:protectionLevel="internal|role" />



    <!-- Allows an application to set device policies outside the current user.

        <p>Fuller form of {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS}

             that removes the restriction on accessing user data.

        <p>Holding this permission allows the use of any other held MANAGE_DEVICE_POLICY_*

            permissions across all users on the device.-->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL"

                android:protectionLevel="internal|role" />



    <!-- @SystemApi @hide Allows an application to set a device owner on retail demo devices.-->

    <permission android:name="android.permission.PROVISION_DEMO_DEVICE"

                android:protectionLevel="signature|setup" />