package: "android.security"
container: "system"

flag {
    name: "certificate_transparency_configuration"
    is_exported: true
    namespace: "network_security"
    description: "Enable certificate transparency setting in the network security config"
    bug: "28746284"
}

flag {
    name: "fsverity_api"
    is_exported: true
    namespace: "hardware_backed_security"
    description: "Feature flag for fs-verity API"
    bug: "285185747"
}

flag {
    name: "mgf1_digest_setter_v2"
    is_exported: true
    namespace: "hardware_backed_security"
    description: "Feature flag for mgf1 digest setter in key generation and import parameters."
    bug: "308378912"
    is_fixed_read_only: true
}

flag {
    name: "keyinfo_unlocked_device_required"
    is_exported: true
    namespace: "hardware_backed_security"
    description: "Add the API android.security.keystore.KeyInfo#isUnlockedDeviceRequired()"
    bug: "296475382"
}

flag {
    name: "unlocked_storage_api"
    namespace: "hardware_backed_security"
    description: "Feature flag for unlocked-only storage API"
    bug: "325129836"
}

flag {
    name: "deprecate_fsv_sig"
    namespace: "hardware_backed_security"
    description: "Feature flag for deprecating .fsv_sig"
    bug: "277916185"
}

flag {
    name: "extend_vb_chain_to_updated_apk"
    namespace: "hardware_backed_security"
    description: "Use v4 signature and fs-verity to chain verification of allowlisted APKs to Verified Boot"
    bug: "277916185"
    is_fixed_read_only: true
}

flag {
    name: "binary_transparency_sepolicy_hash"
    namespace: "hardware_backed_security"
    description: "Collect sepolicy hash from sysfs"
    bug: "308471499"
}

flag {
    name: "frp_enforcement"
    is_exported: true
    namespace: "hardware_backed_security"
    description: "This flag controls whether PDB enforces FRP"
    bug: "290312729"
    is_fixed_read_only: true
}

flag {
    name: "significant_places"
    namespace: "biometrics"
    description: "Enabled significant place monitoring"
    bug: "337870680"
}

flag {
    name: "report_primary_auth_attempts"
    namespace: "biometrics"
    description: "Report primary auth attempts from LockSettingsService"
    bug: "285053096"
}

flag {
    name: "dump_attestation_verifications"
    namespace: "hardware_backed_security"
    description: "Add a dump capability for attestation_verification service"
    bug: "335498868"
}

flag {
  name: "should_trust_manager_listen_for_primary_auth"
  namespace: "biometrics"
  description: "Causes TrustManagerService to listen for credential attempts and ignore reports from upstream"
  bug: "323086607"
}

flag {
    name: "clear_strong_auth_on_add_primary_credential"
    namespace: "biometrics"
    description: "Clear StrongAuth on add credential"
    bug: "320817991"
    is_exported: true
}

flag {
    name: "afl_api"
    namespace: "hardware_backed_security"
    description: "AFL feature"
    bug: "365994454"
}

flag {
    name: "protect_device_config_flags"
    namespace: "psap_ai"
    description: "Feature flag to limit adb shell to allowlisted flags"
    bug: "364083026"
    is_fixed_read_only: true
}

flag {
    name: "keystore_grant_api"
    namespace: "hardware_backed_security"
    description: "Feature flag for exposing KeyStore grant APIs"
    bug: "351158708"
    is_exported: true
}