Default permissions are not auto granted for permissions categorised as runtime or dangerous permissions via default-permissions-example.xml file for an application that I am trying to run as a system app on AOSP image running AOS 12 on Pixel 4a device.
I am installing a service based android application as system app in an AOSP image of AOS 12 running on Pixel 4a device via adb commands –
adb root
adb remount
adb push /Users/Downloads/example-debug.apk /system/priv-app
Then I am pushing the permission xmls for privileged permission and default permission as below –
adb push /Users/Downloads/default-permissions-example.xml /etc/permissions/
adb push /Users/Downloads/privapp-permissions-example.xml /etc/permissions/
Contents of each are as below –
- privapp-permissions-example.xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<permissions>
<privapp-permissions
package="com.abc.example">
<permission name="android.permission.READ_PRIVILEGED_PHONE_STATE"/>
</privapp-permissions>
</permissions>
- default-permissions-example.xml
<?xml version="1.0" encoding="utf-8"?>
<exceptions>
<exception package="com.abc.example">
<permission name="android.permission.ACCESS_NETWORK_STATE" fixed="true"/>
<permission name="android.permission.INTERNET" fixed="true"/>
<permission name="android.permission.ACCESS_WIFI_STATE" fixed="true"/>
<permission name="android.permission.CHANGE_WIFI_STATE" fixed="true"/>
<permission name="android.permission.RECEIVE_BOOT_COMPLETED" fixed="true"/>
<permission name="android.permission.FOREGROUND_SERVICE" fixed="true"/>
<permission name="android.permission.POST_NOTIFICATIONS" fixed="true"/>
<permission name="android.permission.FOREGROUND_SERVICE_LOCATION" fixed="true"/>
<permission name="android.permission.READ_SMS" fixed="true"/>
<permission name="android.permission.PROCESS_OUTGOING_CALLS" fixed="true"/>
<permission name="android.permission.READ_EXTERNAL_STORAGE" fixed="true"/>
<permission name="android.permission.READ_PHONE_STATE" fixed="true"/>
<permission name="android.permission.ACCESS_FINE_LOCATION" fixed="true"/>
<permission name="android.permission.ACCESS_BACKGROUND_LOCATION" fixed="true"/>
</exception>
</exceptions>
Then I run a factory reset and reboot my device, which subsequently install my apk but does not auto grant the permissions requested in default-permission-example.xml file.
When i run a dumpsys on my package i see that runtime permissions are not granted, see below –
requested permissions:
android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.FOREGROUND_SERVICE
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_BACKGROUND_LOCATION
android.permission.READ_PHONE_STATE
android.permission.PROCESS_OUTGOING_CALLS
android.permission.READ_SMS
android.permission.READ_EXTERNAL_STORAGE
android.permission.MANAGE_EXTERNAL_STORAGE
android.permission.ACTIVITY_RECOGNITION
com.google.android.gms.permission.ACTIVITY_RECOGNITION
android.permission.READ_PRIVILEGED_PHONE_STATE
android.permission.WAKE_LOCK
android.permission.READ_MEDIA_IMAGES
android.permission.READ_MEDIA_VIDEO
android.permission.MODIFY_AUDIO_SETTINGS
com.abc.example.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
android.permission.POST_NOTIFICATIONS
android.permission.FOREGROUND_SERVICE_LOCATION
install permissions:
android.permission.MODIFY_AUDIO_SETTINGS: granted=true
android.permission.MANAGE_EXTERNAL_STORAGE: granted=true
android.permission.FOREGROUND_SERVICE: granted=true
android.permission.RECEIVE_BOOT_COMPLETED: granted=true
android.permission.INTERNET: granted=true
android.permission.READ_PRIVILEGED_PHONE_STATE: granted=true
android.permission.CHANGE_WIFI_STATE: granted=true
android.permission.ACCESS_NETWORK_STATE: granted=true
com.abc.example.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION: granted=true
android.permission.ACCESS_WIFI_STATE: granted=true
android.permission.WAKE_LOCK: granted=true
User 0: ceDataInode=2296 installed=true hidden=false suspended=false distractionFlags=0 stopped=false notLaunched=false enabled=0 instant=false virtual=false
gids=[3003]
runtime permissions:
android.permission.READ_SMS: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED|RESTRICTION_UPGRADE_EXEMPT]
android.permission.ACCESS_FINE_LOCATION: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED]
android.permission.READ_EXTERNAL_STORAGE: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED|RESTRICTION_UPGRADE_EXEMPT]
android.permission.ACCESS_COARSE_LOCATION: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED]
android.permission.READ_PHONE_STATE: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED]
android.permission.PROCESS_OUTGOING_CALLS: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED|RESTRICTION_UPGRADE_EXEMPT]
android.permission.ACTIVITY_RECOGNITION: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED]
android.permission.ACCESS_BACKGROUND_LOCATION: granted=false, flags=[ USER_SENSITIVE_WHEN_GRANTED|RESTRICTION_UPGRADE_EXEMPT]
So in a nutshell, privileged permissions are auto granted just fine but the default permissions which are runtime are not being granted automatically.
I also see an exception processing the default-permissions-example.xml file as below –
2024-07-18 17:36:13.514 1993-2458 SystemConfig system_process I Reading permissions from /product/etc/permissions/default-permissions-example.xml
2024-07-18 17:36:13.518 1993-2458 SystemConfig system_process W Got exception parsing permissions.
org.xmlpull.v1.XmlPullParserException: Unexpected start tag in /product/etc/permissions/default-permissions-example.xml: found exceptions, expected 'permissions' or 'config'
I can grant these permissions via adb commands after device is rebooted but I want these permissions to be auto-granted.
Can someone help or guide on this behaviour and let me know how can i run the application out of the box with all the permissions auto-granted.