Device implementations:
[C-0-1] MUST support the Android permissions model as defined in the Android developer documentation. Specifically, they MUST enforce each permission defined as described in the SDK documentation; no permissions may be omitted, altered, or ignored.
MAY add additional permissions, provided the new permission ID strings are not in the android.\*
namespace.
[C-0-2] Permissions with a protectionLevel
of PROTECTION_FLAG_PRIVILEGED
MUST only be granted to apps preloaded in the privileged path(s) of the system image and within the subset of the explicitly whitelisted permissions for each app. The AOSP implementation meets this requirement by reading and honoring the whitelisted permissions for each app from the files in the etc/permissions/
path and using the system/priv-app
path as the privileged path.
Permissions with a protection level of dangerous are runtime permissions. Applications with targetSdkVersion
> 22 request them at runtime.
Device implementations:
If device implementations include a pre-installed app or wish to allow third-party apps to access the usage statistics, they:
android.settings.ACTION_USAGE_ACCESS_SETTINGS
intent for apps that declare the android.permission.PACKAGE_USAGE_STATS
permission.If device implementations intend to disallow any apps, including pre-installed apps, from accessing the usage statistics, they:
android.settings.ACTION_USAGE_ACCESS_SETTINGS
intent pattern but MUST implement it as a no-op, that is to have an equivalent behavior as when the user is declined for access.