PermissionController

The PermissionController module enables updatable privacy policies and UI elements (for example, the policies and UI around granting and managing permissions).

Starting in Android 12, the framework and system server classes for Role are moved into the module to make Role completely modular.

About PermissionController

The com.google.android.permissioncontroller APK handles permission-related UI, logic, and roles to allow access for apps for specific purpose. It controls the following:

  • Runtime permission granting (including granting to system apps)

  • Runtime permission management (including grouping of permissions)

  • Runtime permission usage tracking

  • Roles

In Android 9, such permissions were part of com.google.android.packageinstaller. In Android 10, the Package Installer app is split into sections to enable the permissions logic to be updated. As an updatable Mainline module, PermissionController:

  • Interacts with the framework only through stable @SystemApi (no @hide API usage).

  • Handles permission-related intents with a priority above 0.

  • Exposes a mechanism for enabling OEMs to customize theming.

  • Provides services to which the system and apps can bind, including role management, permission revocation, and basic permission information (for Settings).

  • Supports auto-revoke for unused apps (new in Android 11).

Auto-revoke for unused apps

In Android 11, the PermissionsController module can automatically revoke runtime permissions for apps that haven't been used for an extended period of time. Apps targeting SDK 30 or higher have auto-revoke enabled by default, while apps targeting SDK 29 or lower have auto-revoke disabled by default. When enabled, auto-revoke affects all runtime permissions but exempts all pre-granted permissions, including policy- and system-fixed permissions and permissions granted by default or by role. For details, refer to Auto-reset permissions from unused apps.

Package format

The PermissionController module is delivered as an APK file.

Module boundary

In Android 12, the Permission module code is moved from packages/apps/PermissionController (the platform/packages/apps/PackageInstaller project) and frameworks/base/apex/permission (this is a subdirectory of the frameworks/base project).

The new project structure for packages/modules/Permission is as follows:

  • Files from frameworks/base/apex/permission
  • PermissionController files from packages/apps/PermissionController

OEMs can use the sample commands to help move their patches from the original project directories to the new project directory.

Move a patch from frameworks/base/apex/permission

root/frameworks/base/$ git format-patch -1 --relative=apex/permission commit --stdout > patch-file.txt

root/packages/modules/Permission$ git am -p2 patch-file.txt

Move a patch from packages/apps/PermissionController

root/packages/apps/PermissionController$ git format-patch -1 commit --stdout > patch-file.txt

root/packages/modules/Permission$ git am -p2 --directory=PermissionController patch-file.txt

Customization

OEMs can customize the permissions UI theme (colors, margins, fonts, and drawables) using runtime resource overlays (RROS).