1 ## 9.1\. Permissions 2 3 Device implementations: 4 5 * [C-0-1] MUST support the [Android permissions model]( 6 http://developer.android.com/guide/topics/security/permissions.html) 7 as defined in the Android developer documentation. Specifically, they 8 MUST enforce each permission defined as described in the SDK documentation; no 9 permissions may be omitted, altered, or ignored. 10 11 * MAY add additional permissions, provided the new permission ID strings 12 are not in the `android.\*` namespace. 13 14 * [C-0-2] Permissions with a `protectionLevel` of 15 [`PROTECTION_FLAG_PRIVILEGED`]( 16 https://developer.android.com/reference/android/content/pm/PermissionInfo.html#PROTECTION_FLAG_PRIVILEGED) 17 MUST only be granted to apps preloaded in the privileged path(s) of the system 18 image and within the subset of the explicitly whitelisted permissions for each 19 app. The AOSP implementation meets this requirement by reading and honoring 20 the whitelisted permissions for each app from the files in the 21 `etc/permissions/` path and using the `system/priv-app` path as the 22 privileged path. 23 24 Permissions with a protection level of dangerous are runtime permissions. 25 Applications with `targetSdkVersion` > 22 request them at runtime. 26 27 Device implementations: 28 29 * [C-0-3] MUST show a dedicated interface for the user to decide 30 whether to grant the requested runtime permissions and also provide 31 an interface for the user to manage runtime permissions. 32 * [C-0-4] MUST have one and only one implementation of both user 33 interfaces. 34 * [C-0-5] MUST NOT grant any runtime permissions to preinstalled 35 apps unless: 36 * the user's consent can be obtained before the application 37 uses it 38 * the runtime permissions are associated with an intent pattern 39 for which the preinstalled application is set as the default handler 40 41 Handheld device implementations: 42 43 * [H-0-1] MUST allow third-party apps to access the usage statistics via the 44 `android.permission.PACKAGE_USAGE_STATS` permission and provide a 45 user-accessible mechanism to grant or revoke access to such apps in response 46 to the [`android.settings.ACTION_USAGE_ACCESS_SETTINGS`]( 47 https://developer.android.com/reference/android/provider/Settings.html#ACTION_USAGE_ACCESS_SETTINGS) 48 intent. 49 50 If device implementations include a pre-installed app or wish to allow 51 third-party apps to access the usage statistics, they: 52 53 * [C-1-1] are STRONGLY RECOMMENDED provide user-accessible mechanism to grant 54 or revoke access to the usage stats in response to the 55 [`android.settings.ACTION_USAGE_ACCESS_SETTINGS`]( 56 https://developer.android.com/reference/android/provider/Settings.html#ACTION_USAGE_ACCESS_SETTINGS) 57 intent for apps that declare the `android.permission.PACKAGE_USAGE_STATS` 58 permission. 59 60 If device implementations intend to disallow any apps, including pre-installed 61 apps, from accessing the usage statistics, they: 62 63 * [C-2-1] MUST still have an activity that handles the 64 [`android.settings.ACTION_USAGE_ACCESS_SETTINGS`]( 65 https://developer.android.com/reference/android/provider/Settings.html#ACTION_USAGE_ACCESS_SETTINGS) 66 intent pattern but MUST implement it as a no-op, that is to have an 67 equivalent behavior as when the user is declined for access.