Add new DPM permissions required by DeviceLock role. (c2971374) · Commits · e / os / android_frameworks_base

core/api/current.txt

+12 −0

Original line number	Diff line number	Diff line
		@@ -125,6 +125,18 @@ package android {
		field public static final String MANAGE_DEVICE_POLICY_ACROSS_USERS = "android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS";
		field public static final String MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL = "android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL";
		field public static final String MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL = "android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL";
		field public static final String MANAGE_DEVICE_POLICY_APPS_CONTROL = "android.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL";
		field public static final String MANAGE_DEVICE_POLICY_APP_RESTRICTIONS = "android.permission.MANAGE_DEVICE_POLICY_APP_RESTRICTIONS";
		field public static final String MANAGE_DEVICE_POLICY_BACKUP_SERVICE = "android.permission.MANAGE_DEVICE_POLICY_BACKUP_SERVICE";
		field public static final String MANAGE_DEVICE_POLICY_CALLS = "android.permission.MANAGE_DEVICE_POLICY_CALLS";
		field public static final String MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES = "android.permission.MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES";
		field public static final String MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES = "android.permission.MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES";
		field public static final String MANAGE_DEVICE_POLICY_LOCK_TASK = "android.permission.MANAGE_DEVICE_POLICY_LOCK_TASK";
		field public static final String MANAGE_DEVICE_POLICY_MODIFY_USERS = "android.permission.MANAGE_DEVICE_POLICY_MODIFY_USERS";
		field public static final String MANAGE_DEVICE_POLICY_ORGANIZATION_IDENTITY = "android.permission.MANAGE_DEVICE_POLICY_ORGANIZATION_IDENTITY";
		field public static final String MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS = "android.permission.MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS";
		field public static final String MANAGE_DEVICE_POLICY_SAFE_BOOT = "android.permission.MANAGE_DEVICE_POLICY_SAFE_BOOT";
		field public static final String MANAGE_DEVICE_POLICY_SUPPORT_MESSAGE = "android.permission.MANAGE_DEVICE_POLICY_SUPPORT_MESSAGE";
		field public static final String MANAGE_DEVICE_POLICY_TIME = "android.permission.MANAGE_DEVICE_POLICY_TIME";
		field public static final String MANAGE_DOCUMENTS = "android.permission.MANAGE_DOCUMENTS";
		field public static final String MANAGE_EXTERNAL_STORAGE = "android.permission.MANAGE_EXTERNAL_STORAGE";

core/res/AndroidManifest.xml

+89 −2

Original line number	Diff line number	Diff line
		@@ -3116,12 +3116,99 @@

		<!-- @SystemApi @hide Allows an application to exempt apps from platform restrictions.-->
		<permission android:name="android.permission.MANAGE_DEVICE_POLICY_APP_EXEMPTIONS"
		android:protectionLevel="signature\|role" />
		android:protectionLevel="internal\|role" />

		<!-- Allows an application to manage date and time device policy. -->
		<!-- Allows an application to manage device policy relating to time.
		<p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call
		APIs protected by this permission on users different to the calling user.-->
		<permission android:name="android.permission.MANAGE_DEVICE_POLICY_TIME"
		android:protectionLevel="internal\|role" />

		<!-- Allows an application to set the grant state of runtime permissions on packages.
		<p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call
		APIs protected by this permission on users different to the calling user.
		-->
		<permission android:name="android.permission.MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS"
		android:protectionLevel="internal\|role" />

		<!-- Allows an application to manage the identity of the managing organization.
		<p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call
		APIs protected by this permission on users different to the calling user.
		-->
		<permission android:name="android.permission.MANAGE_DEVICE_POLICY_ORGANIZATION_IDENTITY"
		android:protectionLevel="internal\|role" />

		<!-- Allows an application to set support messages for when a user action is affected by an
		active policy.
		<p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call
		APIs protected by this permission on users different to the calling user.
		-->
		<permission android:name="android.permission.MANAGE_DEVICE_POLICY_SUPPORT_MESSAGE"
		android:protectionLevel="internal\|role" />

		<!-- Allows an application to manage backup service policy.
		<p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call
		APIs protected by this permission on users different to the calling user.
		-->
		<permission android:name="android.permission.MANAGE_DEVICE_POLICY_BACKUP_SERVICE"
		android:protectionLevel="internal\|role" />

		<!-- Allows an application to manage lock task policy.
		<p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call
		APIs protected by this permission on users different to the calling user.
		-->
		<permission android:name="android.permission.MANAGE_DEVICE_POLICY_LOCK_TASK"
		android:protectionLevel="internal\|role" />

		<!-- Allows an application to manage policy regarding modifying applications.
		<p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call
		APIs protected by this permission on users different to the calling user.
		-->
		<permission android:name="android.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL"
		android:protectionLevel="internal\|role" />

		<!-- Allows an application to manage installing from unknown sources policy.
		<p>MANAGE_SECURITY_CRITICAL_DEVICE_POLICY_ACROSS_USERS is required to call APIs protected
		by this permission on users different to the calling user.
		-->
		<permission android:name="android.permission.MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES"
		android:protectionLevel="internal\|role" />

		<!-- Allows an application to manage application restrictions.
		<p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call
		APIs protected by this permission on users different to the calling user.
		-->
		<permission android:name="android.permission.MANAGE_DEVICE_POLICY_APP_RESTRICTIONS"
		android:protectionLevel="internal\|role" />

		<!-- Allows an application to manage calling policy.
		<p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call
		APIs protected by this permission on users different to the calling user.
		-->
		<permission android:name="android.permission.MANAGE_DEVICE_POLICY_CALLS"
		android:protectionLevel="internal\|role" />

		<!-- Allows an application to manage debugging features policy.
		<p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call
		APIs protected by this permission on users different to the calling user.
		-->
		<permission android:name="android.permission.MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES"
		android:protectionLevel="internal\|role" />

		<!-- Allows an application to manage policy preventing users from modifying users.
		<p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call
		APIs protected by this permission on users different to the calling user
		-->
		<permission android:name="android.permission.MANAGE_DEVICE_POLICY_MODIFY_USERS"
		android:protectionLevel="internal\|role" />

		<!-- Allows an application to manage safe boot policy.
		<p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call
		APIs protected by this permission on users different to the calling user.
		-->
		<permission android:name="android.permission.MANAGE_DEVICE_POLICY_SAFE_BOOT"
		android:protectionLevel="internal\|role" />

		<!-- Allows an application to set device policies outside the current user
		that are critical for securing data within the current user.
		<p>Holding this permission allows the use of other held MANAGE_DEVICE_POLICY_*