Grant Marlin and Sailfish default permission

This CL uses the new resource based config mechanism
to specify the default permission grants for Marlin
and Sailfish. The default grants have already been
approved.

bug:30929033
bug:29546655

Change-Id: I4eefc78068dea008e7b775c403e80c855b0ca6e3
diff --git a/default-permissions.xml b/default-permissions.xml
new file mode 100644
index 0000000..2db6c79
--- /dev/null
+++ b/default-permissions.xml
@@ -0,0 +1,58 @@
+<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
+
+<!-- Copyright (C) 2016 Google Inc.
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+
+<!--
+    This file contains permissions to be granted by default. Default
+    permissions are granted to special platform components and to apps
+    that are approved to get default grants. The special components
+    are apps that are expected tto work out-of-the-box as they provide
+    core use cases such as default dialer, default email, etc. These
+    grants are managed by the platform. The apps that are additionally
+    approved for default grants are ones that provide carrier specific
+    functionality, ones legally required at some location, ones providing
+    alternative disclosure and opt-out UI, ones providing highlight features
+    of a dedicated device, etc. This file contains only the latter exceptions.
+    Fixed permissions cannot be controlled by the user and need a special
+    approval. Typically these are to ensure either legally mandated functions
+    or the app is considered a part of the OS.
+-->
+
+<exceptions>
+
+    <!-- This is an example of an exception:
+    <exception
+        package="foo.bar.permission"
+      <permission name="android.permission.READ_CONTACTS" fixed="true"/>
+      <permission name="android.permission.READ_CALENDAR" fixed="false"/>
+    </exception>
+    -->
+
+    <exception
+            package="com.google.android.youtube">
+        <!-- Contacts -->
+        <permission name="android.permission.READ_CONTACTS" fixed="false"/>
+    </exception>
+
+    <exception
+            package="com.motricity.verizon.ssodownloadable">
+        <!-- Phone -->
+        <permission name="android.permission.READ_PHONE_STATE" fixed="false"/>
+        <!-- SMS -->
+        <permission name="android.permission.RECEIVE_SMS" fixed="false"/>
+    </exception>
+
+</exceptions>
diff --git a/device-common.mk b/device-common.mk
index 81bd888..ab24844 100644
--- a/device-common.mk
+++ b/device-common.mk
@@ -404,6 +404,10 @@
 PRODUCT_COPY_FILES += \
     device/google/marlin/gps.conf:system/etc/gps.conf
 
+# Default permission grant exceptions
+PRODUCT_COPY_FILES += \
+    device/google/marlin/default-permissions.xml:system/etc/default-permissions/default-permissions.xml
+
 # A/B OTA dexopt package
 PRODUCT_PACKAGES += otapreopt_script