Starting March 27, 2025, we recommend using android-latest-release instead of aosp-main to build and contribute to AOSP. For more information, see Changes to AOSP.

PermissionController

The PermissionController Mainline module contains privacy policies and the UI related to granting and managing permissions (for example, the policies and UI for granting and managing permissions).

About PermissionController

The PermissionController module handles permission-related UI, logic, and roles to allow access for apps for specific purpose. It controls the following:

Runtime permission granting (including granting to system apps)
Runtime permission management (including grouping of permissions)
Runtime permission usage tracking
Roles

Starting in Android 12, the framework and system server classes for Role are moved into the module to make Role completely modular.

In Android 10, the Package Installer app is split into sections to enable the permissions logic to be updated. As an updatable Mainline module, PermissionController:

Interacts with the framework only via stable @SystemApi (no @hide API usage).
Handles permission-related intents with priority > 0.
Exposes a mechanism for enabling OEMs to customize theming.
Provides services to which the system and applications can bind, including role management, permission revocation, and basic permission information (for Settings).
Supports auto-revoke for unused apps (new in Android 11).

In Android9, permission control is part of com.android.packageinstaller.

Auto-revoke for unused apps

In Android 11, the PermissionsController module can automatically revoke runtime permissions for apps that haven't been used for an extended period of time. Apps targeting SDK 30 or higher have auto-revoke enabled by default, while apps targeting SDK 29 or lower have auto-revoke disabled by default. When enabled, auto-revoke affects all runtime permissions but exempts all pre-granted permissions, including policy- and system-fixed permissions and permissions granted by default or by role. For details, refer to Auto-reset permissions from unused apps.

Package format

The format of the PermissionController module differs between releases.

In Android 11 or higher, the PermissionController module is in APEX format and is updatable. The package name is com.google.android.permission.
In Android 10, the PermissionController module is in APK format and isn't updatable. The package name is com.google.android.permissioncontroller.

Module boundary

In Android 12, the Permission module code is moved from packages/apps/PermissionController (the platform/packages/apps/PackageInstaller project) and frameworks/base/apex/permission (this is a subdirectory of the frameworks/base project).

The new project structure for packages/modules/Permission is as follows:

Files from frameworks/base/apex/permission
PermissionController files from packages/apps/PermissionController

OEMs can use the sample commands to help move their patches from the original project directories to the new project directory.

Move a patch from frameworks/base/apex/permission

root/frameworks/base/$ git format-patch -1 --relative=apex/permission commit --stdout > patch-file.txt

root/packages/modules/Permission$ git am -p2 patch-file.txt

Move a patch from packages/apps/PermissionController

root/packages/apps/PermissionController$ git format-patch -1 commit --stdout > patch-file.txt

root/packages/modules/Permission$ git am -p2 --directory=PermissionController patch-file.txt

Customization

OEMs can customize the permissions UI theme (colors, margins, fonts, and drawables) using runtime resource overlays (RROS).