1package: "android.permission.flags" 2container: "system" 3 4flag { 5 name: "device_aware_permission_apis_enabled" 6 is_exported: true 7 is_fixed_read_only: true 8 namespace: "permissions" 9 description: "enable device aware permission APIs" 10 bug: "274852670" 11} 12 13flag { 14 name: "voice_activation_permission_apis" 15 is_exported: true 16 namespace: "permissions" 17 description: "enable voice activation permission APIs" 18 bug: "287264308" 19} 20 21flag { 22 name: "system_server_role_controller_enabled" 23 is_exported: true 24 is_fixed_read_only: true 25 namespace: "permissions" 26 description: "enable role controller in system server" 27 bug: "302562590" 28} 29 30flag { 31 name: "set_next_attribution_source" 32 is_exported: true 33 namespace: "permissions" 34 description: "enable AttributionSource.setNextAttributionSource" 35 bug: "304478648" 36} 37 38flag { 39 name: "should_register_attribution_source" 40 is_exported: true 41 namespace: "permissions" 42 description: "enable the shouldRegisterAttributionSource API" 43 bug: "305057691" 44} 45 46flag { 47 name: "enhanced_confirmation_mode_apis_enabled" 48 is_exported: true 49 is_fixed_read_only: true 50 namespace: "permissions" 51 description: "enable enhanced confirmation mode apis" 52 bug: "310220212" 53} 54 55flag { 56 name: "enhanced_confirmation_in_call_apis_enabled" 57 is_exported: true 58 is_fixed_read_only: true 59 namespace: "permissions" 60 description: "enable enhanced confirmation incall apis" 61 bug: "364535720" 62} 63 64flag { 65 name: "unknown_call_package_install_blocking_enabled" 66 is_exported: true 67 is_fixed_read_only: true 68 namespace: "permissions" 69 description: "enable the blocking of certain app installs during an unknown call" 70 bug: "364535720" 71} 72 73flag { 74 name: "op_enable_mobile_data_by_user" 75 is_exported: true 76 namespace: "permissions" 77 description: "enables logging of the OP_ENABLE_MOBILE_DATA_BY_USER" 78 bug: "222650148" 79} 80 81flag { 82 name: "factory_reset_prep_permission_apis" 83 is_exported: true 84 namespace: "wallet_integration" 85 description: "enable Permission PREPARE_FACTORY_RESET." 86 bug: "302016478" 87} 88 89flag { 90 name: "retail_demo_role_enabled" 91 is_exported: true 92 namespace: "permissions" 93 description: "default retail demo role holder" 94 bug: "274132354" 95} 96 97flag { 98 name: "server_side_attribution_registration" 99 namespace: "permissions" 100 description: "controls whether the binder representing an AttributionSource is created in the system server, or client process" 101 bug: "310953959" 102} 103 104flag { 105 name: "wallet_role_enabled" 106 is_exported: true 107 namespace: "wallet_integration" 108 description: "This flag is used to enabled the Wallet Role for all users on the device" 109 bug: "283989236" 110} 111 112# This flag is enabled since V but not a MUST requirement in CDD yet, so it needs to stay around 113# for now and any code working with it should keep checking the flag. 114flag { 115 name: "signature_permission_allowlist_enabled" 116 is_fixed_read_only: true 117 namespace: "permissions" 118 description: "Enable signature permission allowlist" 119 bug: "308573169" 120} 121 122flag { 123 name: "sensitive_notification_app_protection" 124 is_exported: true 125 # Referenced in WM where WM starts before DeviceConfig 126 is_fixed_read_only: true 127 namespace: "permissions" 128 description: "This flag controls the sensitive notification app protections while screen sharing" 129 bug: "312784351" 130} 131 132flag { 133 name: "sensitive_content_improvements" 134 # Referenced in WM where WM starts before DeviceConfig 135 is_fixed_read_only: true 136 namespace: "permissions" 137 description: "Improvements to sensitive content/notification features, such as the Toast UX." 138 bug: "301960090" 139 140} 141 142flag { 143 name: "sensitive_content_metrics_bugfix" 144 # Referenced in WM where WM starts before DeviceConfig 145 is_fixed_read_only: true 146 namespace: "permissions" 147 description: "Enables metrics bugfixes for sensitive content/notification features" 148 bug: "312784351" 149 150 metadata { 151 purpose: PURPOSE_BUGFIX 152 } 153} 154 155flag { 156 name: "sensitive_content_recents_screenshot_bugfix" 157 # Referenced in WM where WM starts before DeviceConfig 158 is_fixed_read_only: true 159 namespace: "permissions" 160 description: "Enables recents screenshot bugfixes for sensitive content/notification features" 161 bug: "312784351" 162 metadata { 163 purpose: PURPOSE_BUGFIX 164 } 165} 166 167flag { 168 name: "device_aware_permissions_enabled" 169 is_exported: true 170 is_fixed_read_only: true 171 namespace: "permissions" 172 description: "When the flag is off no permissions can be device aware" 173 bug: "274852670" 174} 175 176flag { 177 name: "get_emergency_role_holder_api_enabled" 178 is_exported: true 179 is_fixed_read_only: true 180 namespace: "permissions" 181 description: "Enables the getEmergencyRoleHolder API." 182 bug: "323157319" 183} 184 185flag { 186 name: "ignore_process_text" 187 namespace: "permissions" 188 description: "Ignore activities that handle PROCESS_TEXT in TextView" 189 bug: "325356776" 190} 191 192flag { 193 name: "finish_running_ops_for_killed_packages" 194 namespace: "permissions" 195 description: "Finish all appops for a dead app process" 196 bug: "234630570" 197 metadata { 198 purpose: PURPOSE_BUGFIX 199 } 200} 201 202flag { 203 name: "runtime_permission_appops_mapping_enabled" 204 is_fixed_read_only: true 205 namespace: "permissions" 206 description: "Use runtime permission state to determine appop state" 207 bug: "266164193" 208} 209 210flag { 211 name: "device_id_in_op_proxy_info_enabled" 212 is_fixed_read_only: true 213 namespace: "permissions" 214 description: "Enable getDeviceId API in OpEventProxyInfo" 215 bug: "337340961" 216 is_exported: true 217} 218 219flag { 220 name: "device_aware_app_op_new_schema_enabled" 221 is_fixed_read_only: true 222 namespace: "permissions" 223 description: "Persist device attributed AppOp accesses on the disk" 224 bug: "308201969" 225} 226 227flag { 228 name: "check_op_validate_package" 229 namespace: "permissions" 230 description: "Validate package/uid match in checkOp similar to noteOp" 231 bug: "294609684" 232} 233 234flag { 235 name: "location_bypass_privacy_dashboard_enabled" 236 is_exported: true 237 namespace: "permissions" 238 description: "Show access entry of location bypass permission in the Privacy Dashboard" 239 bug: "325536053" 240} 241 242flag { 243 name: "dont_remove_existing_uid_states" 244 is_fixed_read_only: true 245 namespace: "permissions" 246 description: "Double check if the uid still exists before attempting to remove its appops state" 247 bug: "353474742" 248 metadata { 249 purpose: PURPOSE_BUGFIX 250 } 251} 252 253flag { 254 name: "sync_on_op_noted_api" 255 namespace: "permissions" 256 description: "New setOnOpNotedCallback API to allow subscribing to only sync ops." 257 bug: "372910217" 258 is_exported: true 259} 260 261flag { 262 name: "use_frozen_aware_remote_callback_list" 263 namespace: "permissions" 264 description: "Whether to use the new frozen-aware RemoteCallbackList API for op noted callbacks." 265 bug: "361157077" 266} 267 268flag { 269 name: "wallet_role_icon_property_enabled" 270 is_exported: true 271 namespace: "wallet_integration" 272 description: "This flag is used to enabled the Wallet Role s icon fetching from manifest property" 273 bug: "349942654" 274} 275 276flag { 277 name: "appop_access_tracking_logging_enabled" 278 is_fixed_read_only: true 279 namespace: "permissions" 280 description: "Enables logging of the AppOp access tracking" 281 bug: "365584286" 282} 283 284flag { 285 name: "replace_body_sensor_permission_enabled" 286 is_fixed_read_only: true 287 is_exported: true 288 namespace: "android_health_services" 289 description: "Enables replacement of BODY_SENSORS/BODY_SENSORS_BACKGROUND permissions with granular health permissions READ_HEART_RATE, READ_SKIN_TEMPERATURE, READ_OXYGEN_SATURATION, and READ_HEALTH_DATA_IN_BACKGROUND" 290 bug: "364638912" 291} 292 293flag { 294 name: "delay_uid_state_changes_from_capability_updates" 295 is_fixed_read_only: true 296 namespace: "permissions" 297 description: "If proc state is decreasing over the restriction threshold and capability is changed, delay if no new capabilities are added" 298 bug: "347891382" 299 metadata { 300 purpose: PURPOSE_BUGFIX 301 } 302} 303 304flag { 305 name: "allow_host_permission_dialogs_on_virtual_devices" 306 is_exported: true 307 namespace: "permissions" 308 description: "Allow host device permission dialogs (i.e., dialogs for non device-aware permissions) to be shown on virtual devices" 309 bug: "371173672" 310} 311 312flag { 313 name: "appop_mode_caching_enabled" 314 is_fixed_read_only: true 315 namespace: "permissions" 316 description: "Enable AppOp mode caching in AppOpsManager" 317 bug: "366013082" 318} 319 320flag { 321 name: "permission_tree_apis_deprecated" 322 is_fixed_read_only: true 323 is_exported: true 324 namespace: "permissions" 325 description: "This flag is used to deprecate permission tree related APIs" 326 bug: "376535612" 327} 328 329flag { 330 name: "enable_otp_in_text_classifiers" 331 is_fixed_read_only: true 332 is_exported: true 333 namespace: "permissions" 334 description: "Enables ExtServices to leverage TextClassifier for OTP detection" 335 bug: "351976749" 336} 337 338flag { 339 name: "health_connect_backup_restore_permission_enabled" 340 is_fixed_read_only: true 341 namespace: "health_fitness_aconfig" 342 description: "This flag protects the permission that is required to call Health Connect backup and restore apis" 343 bug: "376014879" # android_fr bug 344 is_exported: true 345} 346 347flag { 348 name: "enable_aiai_proxied_text_classifiers" 349 is_fixed_read_only: true 350 is_exported: true 351 namespace: "permissions" 352 description: "Enables the AiAi to utilize the default OTP text classifier that is also used by ExtServices" 353 bug: "377229653" 354} 355 356flag { 357 name: "enable_sqlite_appops_accesses" 358 is_fixed_read_only: true 359 is_exported: true 360 namespace: "permissions" 361 description: "Enables SQlite for recording discrete and historical AppOp accesses" 362 bug: "377584611" 363} 364 365flag { 366 name: "ranging_permission_enabled" 367 is_fixed_read_only: true 368 is_exported: true 369 namespace: "uwb" 370 description: "This fixed read-only flag is used to enable new ranging permission for all ranging use cases." 371 bug: "370977414" 372} 373 374flag { 375 name: "system_selection_toolbar_enabled" 376 namespace: "permissions" 377 description: "Enables the system selection toolbar feature." 378 bug: "363318732" 379} 380 381flag { 382 name: "use_system_selection_toolbar_in_sysui" 383 namespace: "permissions" 384 description: "Uses the SysUi process to host the SelectionToolbarRenderService." 385 bug: "363318732" 386} 387 388flag { 389 name: "note_op_batching_enabled" 390 is_fixed_read_only: true 391 is_exported: true 392 namespace: "permissions" 393 description: "Batch noteOperations on the client to reduce binder call volume" 394 bug: "366013082" 395} 396 397flag { 398 name: "supervision_role_permission_update_enabled" 399 is_fixed_read_only: true 400 is_exported: true 401 namespace: "supervision" 402 description: "This flag is used to enable all the remaining permissions required to the supervision role" 403 bug: "367333883" 404} 405 406flag { 407 name: "permission_request_short_circuit_enabled" 408 is_fixed_read_only: true 409 is_exported: true 410 namespace: "permissions" 411 description: "This flag is used to short circuit the request for permananently denied permissions" 412 bug: "378923900" 413} 414 415flag { 416 name: "check_op_overload_api_enabled" 417 is_exported: true 418 is_fixed_read_only: true 419 namespace: "permissions" 420 description: "Add new checkOp APIs that accept attributionTag" 421 bug: "240617242" 422} 423 424flag { 425 name: "device_policy_management_role_split_create_managed_profile_enabled" 426 is_fixed_read_only: true 427 is_exported: true 428 namespace: "enterprise" 429 description: "Gives the device policy management role the ability to create a managed profile using new APIs" 430 bug: "375382324" 431} 432 433flag { 434 name: "use_profile_labels_for_default_app_section_titles" 435 is_exported: true 436 is_fixed_read_only: true 437 namespace: "profile_experiences" 438 description: "Use profile labels from UserManager for default app section titles to allow partner customization" 439 bug: "358369931" 440} 441 442flag { 443 name: "wallet_role_cross_user_enabled" 444 is_exported: true 445 is_fixed_read_only: true 446 namespace: "wallet_integration" 447 description: "Enable the Wallet role within profiles" 448 bug: "356107987" 449} 450 451flag { 452 name: "text_classifier_choice_api_enabled" 453 is_fixed_read_only: true 454 is_exported: true 455 namespace: "permissions" 456 description: "API change to enable getTextClassifier by type" 457 bug: "377229653" 458} 459 460flag { 461 name: "updatable_text_classifier_for_otp_detection_enabled" 462 is_fixed_read_only: true 463 is_exported: true 464 namespace: "permissions" 465 description: "Enables text classifier for OTP detection that is updatable from mainline module" 466 bug: "377229653" 467} 468 469flag { 470 name: "cross_user_role_platform_api_enabled" 471 is_exported: true 472 is_fixed_read_only: true 473 namespace: "permissions" 474 description: "Enable cross-user roles platform API" 475 bug: "367732307" 476} 477 478flag { 479 name: "rate_limit_batched_note_op_async_callbacks_enabled" 480 is_fixed_read_only: true 481 is_exported: true 482 namespace: "permissions" 483 description: "Rate limit async noteOp callbacks for batched noteOperation binder call" 484 bug: "366013082" 485} 486 487flag { 488 name: "system_vendor_intelligence_role_enabled" 489 is_exported: true 490 is_fixed_read_only: true 491 namespace: "permissions" 492 description: "This flag is used to enable the role system_vendor_intelligence" 493 bug: "377553620" 494} 495 496flag { 497 name: "fine_power_monitor_permission" 498 is_fixed_read_only: true 499 is_exported: true 500 namespace: "permissions" 501 description: "Add support for fine-grained PowerMonitor readings" 502 bug: "341941666" 503} 504 505