Home » Android » Android runtime permission for system apps

Android runtime permission for system apps

Posted by: admin June 15, 2020 Leave a comment


Question about Android runtime permissions. AFAIK, android grant dangerous permission at runtime. I reset my phone, then adb pull /data/system/users/0/runtime-permissions.xml, I found android.ui.system has already granted many dangerous permissions. can anybody tell me how it does?

How to&Answers:

The mechanism to insert dangerous runtime permissions into the /data/system/users/0/runtime-permissions.xml file via a user-confirmed dialog applies only to third party applications, and is not relevant for built-in applications.

For built-in/system applications and framework components, all
permissions are granted by default when a new user is created or
when the device boots and a systemReady event is fired

You can see the AndroidManifest.xml from AOSP, where all types of required permissions are written for system components.

For third party apps, when the user grants any runtime permission, it gets added into the file /data/system/users/0/runtime-permissions.xml. The permission gets removed from the file when the user revokes it from any third party app. In the case of a full factory reset, runtime permissions of all third party apps are removed, as /data/system/users/0/runtime-permissions.xml gets deleted (data partition wipe).

But even after a factory reset, /data/system/users/0/runtime-permissions.xml contains runtime permissions (even dangerous ones) for system apps, see the default permissions: runtime-permissions.xml.

And it happens because:

All the default permissions are granted from
PackageManagerService, via these two methods:

newUserCreated() //this get called when new user is created   
systemReady() //this get called when device is booted

and the above methods internally invoke:


Have a look at How DefaultPermissionPolicy triggers

And if you see DefaultPermissionPolicy’s implementation, it
contains all the relevant method to load all type of permissions for
System components.

Specifically DefaultPermissionPolicy.grantDefaultPermissions()
internally calls


and it internally invokes grantRuntimePermissionsLPw(), which
performs all the remaining work.