Android: Create new System Permission in through AOSP source code.

user2074216 picture user2074216 · Feb 15, 2013 · Viewed 7k times · Source

I was wondering how one can edit Android OS source code to impose a new permission. For example like we have BLUETOOTH permission, if the device offers a new sensor, then how appropriate permission can be created in order for applications to use the new sensor, at application level using manifest entry for the new permission available in android rom.

Does anybody know how new Permissions are created on the OS level in AOSP source code??

And i think if we have modified the android source to add the new permission we must compile the our custom SDK for using permission in application development, otherwise the existing SDK will give compile time error, as it wont recognize our custom permission...

Any ideas, thoughts highly appreciated.

Answer

StarPinkER picture StarPinkER · Feb 15, 2013

In framework/base/data/etc/platform.xml

You can define your newly created permission with a corresponding gid.

<permissions>

    <!-- ================================================================== -->
    <!-- ================================================================== -->
    <!-- ================================================================== -->

    <!-- The following tags are associating low-level group IDs with
         permission names.  By specifying such a mapping, you are saying
         that any application process granted the given permission will
         also be running with the given group ID attached to its process,
         so it can perform any filesystem (read, write, execute) operations
         allowed for that group. -->

    <permission name="android.permission.BLUETOOTH_ADMIN" >
        <group gid="net_bt_admin" />
    </permission>

    <permission name="android.permission.BLUETOOTH" >
        <group gid="net_bt" />
    </permission>

    <permission name="android.permission.BLUETOOTH_STACK" >
        <group gid="net_bt_stack" />
    </permission>

    <permission name="android.permission.NET_TUNNELING" >
        <group gid="vpn" />
    </permission>

    <permission name="android.permission.INTERNET" >
        <group gid="inet" />
    </permission>

    <permission name="android.permission.CAMERA" >
        <group gid="camera" />
    </permission>

    <permission name="android.permission.READ_LOGS" >
        <group gid="log" />
    </permission>

    ...
</permission>

Other permission definitions is not in the above file, because there are actually two kinds of permission in Android as shown in the following figure. Only permissions that enforced by Linux Kernel are defined in that file.

Permission Enforcement in Android

Other permissions like ACCESS_FINE_LOCATION, READ_CONTACTS, etc are defines in the AndroidManifest.xml in system applications(packages/.../AndroidManifest.xml) and framework(frameworks/base/core/res/AndroidManifest.xml).

After you adding your permission and related code, compile and build the project according to Building Instruction