Capabilities will not be approved for these reasons
Some criteria on "what will not get approved to obtain a sensitive capability". Sensitive capabilites get requested for as many reasons as there are developers, naturally. However, many of these requests are such that the device manufacturer does not want to open sensitive resources for. This page lists these reasoning for each capability. If a practical workaround for a given use case is known, that can be written or linked here as well.
- Requesting this capability for a "File Browser" type of application.
- Requesting AllFiles for accessing "own" protected folder from an outside process. Some other workarounds can be implemented without the need for AllFiles.
- Basic file management features such as copy, move, and delete don’t need AllFiles capability by default. Public directories can be accessed without any capabilities. Only data caged directories are protected with AllFiles capability.
- RFs::NotifyChange() needs AllFiles only if used in data caged directories. If used in the public directories, it doesn't need any capabilities.
- Accessing attachments in the messaging inbox doesn’t require AllFiles. Instead of using direct file access to the attachment, the MMsvAttachmentManager class should be used.
- Playing of DRM protected content does not need this capability.
- Playing / streaming / recording video or audio does not require MultimediaDD capability by default. MultimediaDD capability is only needed if a custom priority value is needed for the application.
- Manipulating filestore to hide / unhide executables.
- Filebrowser app.
- Installing font files.