2

I was checking Android runtime permissions and was very curious about how Android runtime permissions work. Like if some application is asking for access to external storage, it will ask for permission, user will be presented with a dialog, and after pressing allow button, app will be granted read/write external storage. I just want to know what happens internally when user presses allow button on the dialog, what are the changes internally occur in Android.

I know permissions are stored in different files like /data/system/packages.list, /data/system/packages.xml and /data/system/users/0/runtime-permissions.xml but changing them manually does not effect app's permission preference. So what actually happens when user give permission to certain app, what corresponding file gets updated?

Hammad Farooq
  • 21
  • 1
  • What happens internally when you grant or revoke a permission depends on which permission you are talking about. In case of Storage permission, the Android framework switches mount namespace of the app process. See details in my answer to What is /storage/emulated/0/?. Similarly for some other permissions Android relies on kernel by mapping manifest permissions with DAC UIDs/GIDs/groups. See How Android's permissions mapping with UIDs/GIDs works?. – Irfan Latif Mar 29 '21 at 11:25
  • For many other permissions Android just keeps a record of the permission state in the files you mentioned and later ActivityManagerService enforces them on apps. Manually editing these files doesn't work because these files are cached in Android framework. You can reboot the device immediately to make changes effective. See an example case here: How to grant an app a permission that isn't in its manifest? – Irfan Latif Mar 29 '21 at 11:26
  • Thank you @IrfanLatif for your comments, actually I have read all your answer you have posted here and on XDA. As you said reboot the device immediately to make changes effective, will it work for all permissions, or only permissions which are handled by DAC? – Hammad Farooq Mar 29 '21 at 11:37
  • It's not guaranteed that manual changes will always work. If the changes aren't justified (e.g. not requested in manifest or the app not entitled to have that permission), Android may reset them on reboot or when app tries to use that permission. In other cases manual changes should work for all permissions irrespective of whether the permission is handled by Android framework in Java stack itself or by some underlying kernel framework. – Irfan Latif Mar 29 '21 at 11:46
  • I just tried on my phone, disabling storage and microphone permissions from app settings and then changing them manually, with immediate reboot, it worked. – Hammad Farooq Mar 29 '21 at 11:50
  • one more question what does flags do in this line <item name="android.permission.RECORD_AUDIO" granted="true" flags="300" /> – Hammad Farooq Mar 29 '21 at 11:52
  • Android's PackageManager/PermissionManager may attach one or more flags with a permission state for its internal record when simply remembering granted or revoked state isn't enough. E.g. when user taps on "Deny and don't ask again", Android attaches USER_FIXED flag to that permissions so that when the app asks again for the same permission, Android won't show the user the request dialog. 300 is binary number 100101100. Every 1 bit denotes a set flag. – Irfan Latif Mar 29 '21 at 12:09
  • See details here: https://developer.android.com/reference/android/R.attr#protectionLevel and here: https://github.com/aosp-mirror/platform_frameworks_base/blob/android-11.0.0_r1/core/java/android/content/pm/PackageManager.java#L3307 – Irfan Latif Mar 29 '21 at 12:10
  • Thank you IrfanLatif. – Hammad Farooq Mar 29 '21 at 12:14

0 Answers0