2 <!-- Aegis manifest declares the security credentials required by an
3 application to run correctly. By default, a manifest file will be
4 created or updated automatically as a part of build.
6 The detection of required credentials is based on static scan of
7 application binaries. In some cases, the scan may not be able to
8 detect the correct set of permissions. If this is the case, you must
9 declare the credentials required by your application in this file.
11 To create a manifest file automatically as a part of build (DEFAULT):
13 * Make sure this file starts with the string "AutoGenerateAegisFile" (without quotes).
14 * Alternatively, it can also be completely empty.
16 To provide a manifest yourself:
18 * List the correct credentials for the application in this file.
19 * Some commented-out examples of often required tokens are provided.
20 * Ensure the path to your application binary given in
21 '<for path="/path/to/app" />' is correct.
22 * Please do not request more credentials than what your application
25 To disable manifest file:
27 * Replace this file with a file starting with the string "NoAegisFile" (without quotes).
28 * Final application package will not contain a manifest.
32 <request policy="add">
34 <!-- Make a GSM call, send text messages (SMS). -->
36 <credential name="Cellular" />
39 <!-- Access Facebook social data. -->
41 <credential name="FacebookSocial" />
44 <!-- Read access to data stored in tracker. -->
46 <credential name="TrackerReadAccess" />
49 <!-- Read and write access to data stored in tracker. -->
51 <credential name="TrackerWriteAccess" />
54 <!-- Read Location information. -->
56 <credential name="Location" />
59 <!-- Access to Audio, Multimedia and Camera. -->
61 <credential name="GRP::pulse-access" />
62 <credential name="GRP::video" />
63 <credential name="GRP::audio" />
68 <for path="/opt/fontmanager/bin/fontmanager" />
69 <for path="applauncherd-launcher::/usr/bin/applauncherd.bin" id="" />