Android: Create new System Permission in through AOSP source code.

Question

I was wondering how one can edit Android OS source code to impose a new permission. For example like we have BLUETOOTH permission, if the device offers a new sensor, then how appropriate permission can be created in order for applications to use the new sensor, at application level using manifest entry for the new permission available in android rom.

Does anybody know how new Permissions are created on the OS level in AOSP source code??

And i think if we have modified the android source to add the new permission we must compile the our custom SDK for using permission in application development, otherwise the existing SDK will give compile time error, as it wont recognize our custom permission...

Any ideas, thoughts highly appreciated.

StarPinkER · Answer 1 · 2013-02-15T04:31:15.563

In framework/base/data/etc/platform.xml

You can define your newly created permission with a corresponding gid.

<permissions>

    <!-- ================================================================== -->
    <!-- ================================================================== -->
    <!-- ================================================================== -->

    <!-- The following tags are associating low-level group IDs with
         permission names.  By specifying such a mapping, you are saying
         that any application process granted the given permission will
         also be running with the given group ID attached to its process,
         so it can perform any filesystem (read, write, execute) operations
         allowed for that group. -->

    <permission name="android.permission.BLUETOOTH_ADMIN" >
        <group gid="net_bt_admin" />
    </permission>

    <permission name="android.permission.BLUETOOTH" >
        <group gid="net_bt" />
    </permission>

    <permission name="android.permission.BLUETOOTH_STACK" >
        <group gid="net_bt_stack" />
    </permission>

    <permission name="android.permission.NET_TUNNELING" >
        <group gid="vpn" />
    </permission>

    <permission name="android.permission.INTERNET" >
        <group gid="inet" />
    </permission>

    <permission name="android.permission.CAMERA" >
        <group gid="camera" />
    </permission>

    <permission name="android.permission.READ_LOGS" >
        <group gid="log" />
    </permission>

    ...
</permission>

Other permission definitions is not in the above file, because there are actually two kinds of permission in Android as shown in the following figure. Only permissions that enforced by Linux Kernel are defined in that file.

Permission Enforcement in Android

Other permissions like ACCESS_FINE_LOCATION, READ_CONTACTS, etc are defines in the AndroidManifest.xml in system applications(packages/.../AndroidManifest.xml) and framework(frameworks/base/core/res/AndroidManifest.xml).

After you adding your permission and related code, compile and build the project according to Building Instruction

+1 For the IPC illustration, did you draw that one yourself or did you find it somewhere? — Bjarke Freund-Hansen, Feb 15 '13 at 11:35
@StarPinkER Can you give more information on, how IPC takes place in android apps. When an app actually asks for location, how does the OS validate if the app has corresponding permission if not throw an exception. — Adi GuN, Nov 03 '13 at 02:46
We published a paper this year. http://faculty.cs.tamu.edu/guofei/paper/VetDroid-CCS13.pdf , you can read the 3.1.2 section. Please let me know if you have any further question. @AdiGuN — StarPinkER, Nov 03 '13 at 13:36
for real permission, I want to add one. but PackageManager said ```Unknown permission android.permission.CAMERA_CUSTOM in package com.example.hello```. I just added it into framework/base/data/etc/platform.xml. — kangear, Feb 13 '15 at 06:59
I found AndroidManifest.xml file inside framework/base/core/res directory of Android Source Code. So most of the permissions are defined here. Is it necessary to add permission to this file as well? — Raj, Apr 09 '15 at 05:08
If you want to add a new group to associate with a new permission, they're added in `system/core/include/private/android_filesystem_config.h`. — , Feb 03 '17 at 12:49
In case anyone sees this answer in future, additional change needs to be done in frameworks/base/core/res/AndroidManifest.xml . Refer to my answer here https://stackoverflow.com/a/49565570/553094 — androidFan, Mar 29 '18 at 21:55

Android: Create new System Permission in through AOSP source code.

1 Answers1

Linked