Android O (api 26): root-app not recognized as "priviledged"

Question

I have an app that works well on Android N. It is (via root) installed into /system/priv-app/* and gets the permissions granted that are only for priviledged apps.

Now on Android O Preview, the app does not get the permissions granted:

08-12 20:30:01.178   687   814 W PackageManager: Privileged permission android.permission.CAPTURE_AUDIO_OUTPUT for package eu.asd.service - not in privapp-permissions whitelist
08-12 20:30:01.178   687   814 W PackageManager: Privileged permission android.permission.UPDATE_APP_OPS_STATS for package eu.asd.service - not in privapp-permissions whitelist
08-12 20:30:01.178   687   814 W PackageManager: Privileged permission android.permission.WRITE_SECURE_SETTINGS for package eu.asd.service - not in privapp-permissions whitelist

Anyone knows where this "privapp-permissions whitelist" comes from, and what to do, to get onto this list on a rooted Android?

Which Android O preview did you use? I'm looking for that particular message on PackageManagerService, but I couldn't find it. Take a look: https://android.googlesource.com/platform/frameworks/base/+/o-preview/services/core/java/com/android/server/pm/PackageManagerService.java — Perazzo, Aug 20 '17 at 14:27
Thanks for your comment. It's the latest preview OPP4 on Nexus 5x. I assume I have to check the sources again after the final release of the sources. — Martin L., Aug 20 '17 at 18:42
No problem. Yeah, probably is something they are working on off records until final release, especially because privileged apps are usually made by manufacturers. — Perazzo, Aug 20 '17 at 21:30

score 6 · Accepted Answer · answered Aug 21 '17 at 12:47

6

There should be a xml file where the priv-app permissions for you app are listed. Please check /system/etc/permissions

You'll have to add your permissions to one of the files inside.

Example:

<privapp-permissions package="[your package name]"> <permission name="android.permission.PERMISSION_YOU_WANT"/> .... </privapp-permissions>

answered Aug 21 '17 at 12:47

pedrop

134
1
7

Many thanks. Are you sure this file isn't auto-generated after installing new apps? I remember a permission-file that could have been hijacked in earlier Android-versions. It this file shipped with the ROM, so modifications via remount/root are persistent? – Martin L. Aug 21 '17 at 14:03
Alright, seems to be the correct answer and also mentioned here: https://stackoverflow.com/a/45766410/164036 – Martin L. Aug 21 '17 at 14:25
@MartinL. There's a python script you can run when you're building AOSP to generate the xml - see https://source.android.com/devices/tech/config/perms-whitelist. It's part of building, not installing, and it's something you have to run. It's not auto-generated. – James Moore Jun 05 '20 at 23:57
Its work for me, thanks – Ajay Keshri Jun 27 '23 at 11:26

score 1 · Answer 2 · answered Sep 04 '18 at 09:18

Adding to @pedrop's correct answer - in case you are developing your own AOSP, you can edit these XMLs before compilation and have them inserted to the build. The files can be found in the source code. There is one file for the platform (all devices and vendors), one for each vendor and one for each device.
You can find them in the following locations:
1. Platform -
AOSP/frameworks/base/data/etc/privapp-permissions-platform.xml
2. Vendor -
AOSP/vendor/VENDOR_NAME/proprietary/system/etc/permissions/privapp-permissions-VENDOR.xml
3. Device -

AOSP/vendor/VENDOR_DEVICES/DEVICE_NAME/proprietary/etc/permissions/privapp-permissions-DEVICE_NAME.xml

Android O (api 26): root-app not recognized as "priviledged"

2 Answers2