Android Marshmallow, “dangerous” protection level and system components/apps

I’m developing an application that going to be pr-installed (as a system app) on the firmware.

from the documentation so far about the relation between system apps, new permissions model, and the protection levels – I don’t understand exactly when system app needs (if at all) to request user permission.

  • How to let a TextView have multiple lines?
  • Streaming AAC audio with Android
  • View.setFocusable() and View.setClickable() have contrary effect in custom ArrayAdapter
  • General application design (IntentService/ContentProvider/AsyncTask)
  • Calling getIntent Method in service
  • augmented reality framework
  • My problems starts when I try to use the WRITE_EXTERNAL_STORAGE permission. from the documentation I can see that it marked as “dangerous” permission.

    – does “dangerous” permissions grant automatically to system apps?

    when I use WRITE_EXTERNAL_STORAGE permission (as a system app) I’m getting security exception, and I don’t know if it’s mean that even tough my app installed as a system app – “dangerous” permissions must be requested by the user..

    another point to mention:
    to check the app behavior as a system app, I’m installing my application APK on the sys-priv directory (the device is rooted) of a nexus 5 running SDK preview 3. this is when I’m getting the security exception when attep to use methods requires the external storage permission..

    Related posts:

    How to change action bar size
    Dismiss PopupWindow on touch outside popup, without using deprecated constructor
    Recycler view not scrolling properly after implementing swipe to refresh layout
    react native android failed to load JS bundle
    Few memory leaks in Facebook SDK
    UserNotAuthenticatedException during FingerprintManager.authenticate()
  • Android Studio Unsupported Version of Gradle Plugin
  • Do old GCM tokens live on even after an uninstall?
  • Custom checkbox style in dialog
  • Is it possible to change the RatingBar direction?
  • Drawing multiple shapes with ShapeDrawable in xml with Android
  • how to remove Black background between start new activity during slide_left animation?
  • 2 Solutions collect form web for “Android Marshmallow, “dangerous” protection level and system components/apps”

    Quoting the release notes for the 2nd M preview:

    Apps included in the system image are no longer granted dangerous permissions automatically. All apps should check for and request permissions at runtime.

    That fits with what I recall seeing when I first used the stock Camera app on a Nexus 5 with the final(?) 6.0 preview firmware — it too asked for the runtime permission.

    So, AFAIK, system apps have to ask for runtime permissions, as do non-system apps.

    After a lot of digging and debugging, I finally found some clue of granting runtime permission on marshmallow for system app, with a lot of inspirations in this stackoverflow ticket.

    The key logic is in DefaultPermissionGrantPolicy. After systemReady, PackageManagerService checks if this user’s default runtime permissions are not set yet(i.e. this is a new user), if so, PackageManagerService calls DefaultPermissionGrantPolicy.grantDefaultPermissions() to check/grant permissions:

    public void grantDefaultPermissions(int userId) {
        grantPermissionsToSysComponentsAndPrivApps(userId);
        grantDefaultSystemHandlerPermissions(userId);
    }
    

    There are two cases that your built-in app may be automatically granted with runtime permission.

    A> grantPermissionsToSysComponentsAndPrivApps -> will grant runtime permission with FLAG_PERMISSION_SYSTEM_FIXED and FLAG_PERMISSION_GRANTED_BY_DEFAULT.

    • if your system app has uid<10000, you will be granted with permissions for your user group.
    • if your system app fits all below conditions, it will be granted the permissions.

      1. is a privilegedApp (under /system/priv-app/)
      2. is persistent (android:persistent=”true”)
      3. signed with platform signature.

    B> grantDefaultSystemHandlerPermissions -> will grant runtime permission with FLAG_PERMISSION_GRANTED_BY_DEFAULT .

    • If your app is considered as a “default platform handler app”, (i.e. your app is “expected to work out-of-the-box”, like camera, dialer, SMS, calendar .etc, you can read more in method grantDefaultSystemHandlerPermissions()).

    Other than that, your system application needs to ask user for granting dangerous permission, as long as it has targetSdk set to 23.

    Android Babe is a Google Android Fan, All about Android Phones, Android Wear, Android Dev and Android Games Apps and so on.