Add role allowlist for restricted permissions

    field public static final String FEATURE_WIFI_DIRECT = "android.hardware.wifi.direct";

    field public static final String FEATURE_WIFI_PASSPOINT = "android.hardware.wifi.passpoint";

    field public static final String FEATURE_WIFI_RTT = "android.hardware.wifi.rtt";

    field public static final int FLAG_PERMISSION_ALLOWLIST_ROLE = 8; // 0x8

    field public static final int FLAG_PERMISSION_WHITELIST_INSTALLER = 2; // 0x2

    field public static final int FLAG_PERMISSION_WHITELIST_SYSTEM = 1; // 0x1

    field public static final int FLAG_PERMISSION_WHITELIST_UPGRADE = 4; // 0x4

    field public static final int FLAG_PERMISSION_ONE_TIME = 65536; // 0x10000

    field public static final int FLAG_PERMISSION_POLICY_FIXED = 4; // 0x4

    field public static final int FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT = 2048; // 0x800

    field public static final int FLAG_PERMISSION_RESTRICTION_ROLE_EXEMPT = 262144; // 0x40000

    field public static final int FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT = 4096; // 0x1000

    field public static final int FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT = 8192; // 0x2000

    field public static final int FLAG_PERMISSION_REVIEW_REQUIRED = 64; // 0x40

    field public static final int FLAG_PERMISSION_ONE_TIME = 65536; // 0x10000

    field public static final int FLAG_PERMISSION_POLICY_FIXED = 4; // 0x4

    field public static final int FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT = 2048; // 0x800

    field public static final int FLAG_PERMISSION_RESTRICTION_ROLE_EXEMPT = 262144; // 0x40000

    field public static final int FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT = 4096; // 0x1000

    field public static final int FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT = 8192; // 0x2000

    field public static final int FLAG_PERMISSION_REVIEW_REQUIRED = 64; // 0x40

    @SystemApi

    public static final int FLAG_PERMISSION_AUTO_REVOKED = 1 << 17;

    /**

     * Permission flag: The permission is restricted but the app is exempt

     * from the restriction and is allowed to hold this permission in its

     * full form and the exemption is provided by the held roles.

     *

     * @hide

     */

    @TestApi

    @SystemApi

    public static final int FLAG_PERMISSION_RESTRICTION_ROLE_EXEMPT =  1 << 18;

    /**

     * Permission flags: Reserved for use by the permission controller. The platform and any

     * packages besides the permission controller should not assume any definition about these

    public static final int FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT =

            FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT

                    | FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT

                    | FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT;

                    | FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT

                    | FLAG_PERMISSION_RESTRICTION_ROLE_EXEMPT;

    /**

     * Mask for all permission flags.

    /**

     * Permission whitelist flag: permissions whitelisted by the system.

     * Permissions can also be whitelisted by the installer or on upgrade.

     * Permissions can also be whitelisted by the installer, on upgrade, or on

     * role grant.

     *

     * <p>

     * <strong>Note: </strong>In retrospect it would have been preferred to use

    /**

     * Permission whitelist flag: permissions whitelisted by the installer.

     * Permissions can also be whitelisted by the system or on upgrade.

     * Permissions can also be whitelisted by the system, on upgrade, or on role

     * grant.

     *

     * <p>

     * <strong>Note: </strong>In retrospect it would have been preferred to use

     * Permission whitelist flag: permissions whitelisted by the system

     * when upgrading from an OS version where the permission was not

     * restricted to an OS version where the permission is restricted.

     * Permissions can also be whitelisted by the installer or the system.

     * Permissions can also be whitelisted by the installer, the system, or on

     * role grant.

     *

     * <p>

     * <strong>Note: </strong>In retrospect it would have been preferred to use

     */

    public static final int FLAG_PERMISSION_WHITELIST_UPGRADE = 1 << 2;

    /**

     * Permission allowlist flag: permissions exempted by the system

     * when being granted a role.

     * Permissions can also be exempted by the installer, the system, or on

     * upgrade.

     */

    public static final int FLAG_PERMISSION_ALLOWLIST_ROLE = 1 << 3;

    /** @hide */

    @IntDef(flag = true, prefix = {"FLAG_PERMISSION_WHITELIST_"}, value = {

            FLAG_PERMISSION_WHITELIST_SYSTEM,

            FLAG_PERMISSION_WHITELIST_INSTALLER,

            FLAG_PERMISSION_WHITELIST_UPGRADE

            FLAG_PERMISSION_WHITELIST_UPGRADE,

            FLAG_PERMISSION_ALLOWLIST_ROLE

    })

    @Retention(RetentionPolicy.SOURCE)

    public @interface PermissionWhitelistFlags {}

     * allows for the to hold that permission and whitelisting a soft restricted

     * permission allows the app to hold the permission in its full, unrestricted form.

     *

     * <p><ol>There are three whitelists:

     * <p><ol>There are four allowlists:

     *

     * <li>one for cases where the system permission policy whitelists a permission

     * This list corresponds to the{@link #FLAG_PERMISSION_WHITELIST_SYSTEM} flag.

     * This list corresponds to the {@link #FLAG_PERMISSION_WHITELIST_INSTALLER} flag.

     * Can be accessed by pre-installed holders of a dedicated permission or the

     * installer on record.

     *

     * <li>one for cases where the system exempts the permission when granting a role.

     * This list corresponds to the {@link #FLAG_PERMISSION_ALLOWLIST_ROLE} flag. Can

     * be accessed by pre-installed holders of a dedicated permission.

     * </ol>

     *

     * <p>

     * @see #FLAG_PERMISSION_WHITELIST_SYSTEM

     * @see #FLAG_PERMISSION_WHITELIST_UPGRADE

     * @see #FLAG_PERMISSION_WHITELIST_INSTALLER

     * @see #FLAG_PERMISSION_ALLOWLIST_ROLE

     *

     * @throws SecurityException if you try to access a whitelist that you have no access to.

     */

     * allows for the to hold that permission and whitelisting a soft restricted

     * permission allows the app to hold the permission in its full, unrestricted form.

     *

     * <p><ol>There are three whitelists:

     * <p><ol>There are four whitelists:

     *

     * <li>one for cases where the system permission policy whitelists a permission

     * This list corresponds to the {@link #FLAG_PERMISSION_WHITELIST_SYSTEM} flag.

     * Can be modified by pre-installed holders of a dedicated permission or the installer

     * on record.

     *

     * <li>one for cases where the system exempts the permission when permission when

     * granting a role. This list corresponds to the {@link #FLAG_PERMISSION_ALLOWLIST_ROLE}

     * flag. Can be modified by pre-installed holders of a dedicated permission.

     * </ol>

     *

     * <p>You need to specify the whitelists for which to set the whitelisted permissions

     * which will clear the previous whitelisted permissions and replace them with the

     * provided ones.

     * </ol>

     *

     * <p>

     * <strong>Note: </strong>In retrospect it would have been preferred to use

     * @see #FLAG_PERMISSION_WHITELIST_SYSTEM

     * @see #FLAG_PERMISSION_WHITELIST_UPGRADE

     * @see #FLAG_PERMISSION_WHITELIST_INSTALLER

     * @see #FLAG_PERMISSION_ALLOWLIST_ROLE

     *

     * @throws SecurityException if you try to modify a whitelist that you have no access to.

     */

     * allows for the to hold that permission and whitelisting a soft restricted

     * permission allows the app to hold the permission in its full, unrestricted form.

     *

     * <p><ol>There are three whitelists:

     * <p><ol>There are four whitelists:

     *

     * <li>one for cases where the system permission policy whitelists a permission

     * This list corresponds to the {@link #FLAG_PERMISSION_WHITELIST_SYSTEM} flag.

     * Can be modified by pre-installed holders of a dedicated permission or the installer

     * on record.

     *

     * <li>one for cases where the system exempts the permission when upgrading

     * from an OS version in which the permission was not restricted to an OS version

     * in which the permission is restricted. This list corresponds to the {@link

     * #FLAG_PERMISSION_WHITELIST_UPGRADE} flag. Can be modified by pre-installed

     * holders of a dedicated permission. The installer on record can only remove

     * permissions from this allowlist.

     * </ol>

     *

     * <p>You need to specify the whitelists for which to set the whitelisted permissions

     * which will clear the previous whitelisted permissions and replace them with the

     * provided ones.

     * @see #FLAG_PERMISSION_WHITELIST_SYSTEM

     * @see #FLAG_PERMISSION_WHITELIST_UPGRADE

     * @see #FLAG_PERMISSION_WHITELIST_INSTALLER

     * @see #FLAG_PERMISSION_ALLOWLIST_ROLE

     *

     * @throws SecurityException if you try to modify a whitelist that you have no access to.

     */

    field public static final String FEATURE_WIFI_DIRECT = "android.hardware.wifi.direct";

    field public static final String FEATURE_WIFI_PASSPOINT = "android.hardware.wifi.passpoint";

    field public static final String FEATURE_WIFI_RTT = "android.hardware.wifi.rtt";

    field public static final int FLAG_PERMISSION_ALLOWLIST_ROLE = 8; // 0x8

    field public static final int FLAG_PERMISSION_WHITELIST_INSTALLER = 2; // 0x2

    field public static final int FLAG_PERMISSION_WHITELIST_SYSTEM = 1; // 0x1

    field public static final int FLAG_PERMISSION_WHITELIST_UPGRADE = 4; // 0x4