Use the features described in this section to grant permissions properly in Android.
Capabilities allow Linux processes to drop most root-like privileges while retaining the subset of privileges that they require to perform their function. Ambient capabilities bring configuration into a single file.
Discretionary Access Control
Newer versions of Android (Android 8.0 and higher) support a new method for extending filesystem capabilities, This new method has supports multiple source locations for configuration files,build-time sanity checking of OEM AID values, generation of a custom OEM AID header that can be used in source files, and more.
Android 7.0 introduced namespaces for native libraries to limit internal API visibility and resolve situations when apps accidentally end up using platform libraries instead of their own.
Privileged permission whitelisting
Privileged applications are system applications located in the /system/priv-app directory on the system image. Starting in Android 8.0, implementors can explicitly whitelist privileged apps in the system configuration XML files.
The Android application permission model in Android 6.0 and later is designed to make permissions more understandable, useful, and secure for users. The model moved Android applications that require dangerous permissions from an install-time permission model to runtime permission model.
The Android O release moves handling of USB commands out of
init scripts and
into a native USB daemon for better configuration and code reliability. For the
Gadget function configuration,
init scripts (property triggers) are used to
perform device-specific gadget operations.
Android 6.0 (Marshmallow) brought an implementation of visual voicemail (VVM) support integrated into the Dialer, allowing compatible Carrier VVM services to hook into the Dialer with minimal configuration.