Platform signed apps are apps sharing the same (or compatible) signing
certificate with the platform package (android). A platform signed app can be
a system app (located on a system image partition), or a nonsystem app.
Platform signature permissions are permissions defined by the platform package
that also have the signature protection level. Debuggable builds are builds
whose android.os.Build.isDebuggable() return true, such as userdebug or
eng builds.
Historically, device manufacturers had little control over which platform
signature permissions could be granted to platform signed nonsystem apps.
Starting in Android 15, manufacturers can explicitly
grant platform signature permissions in the system configuration XML files in
the /etc/permissions directory. If a platform signed nonsystem app isn't
added to the allowlist for a platform signature permission, that permission acts
as if the app isn't platform signed on nondebuggable builds.
Add an allowlist
You can list permission allowlists for apps in a single XML file or in multiple
XML files located in the frameworks/base/etc/permissions directory:
/etc/permissions/signature-permissions-OEM_NAME.xml/etc/permissions/signature-permissions-DEVICE_NAME.xml
No strict rule applies to how content is organized. Device implementers can determine content structure as long as the appropriate apps and their permissions are added to the allowlist.
Customize an allowlist
AOSP includes an allowlist implementation that you can customize as needed, similar to the privileged permission allowlist. For example:
<!--
~ This XML file declares which platform signature permissions to grant to
~ platform signed nonsystem apps.
-->
<permissions>
<signature-permissions package="com.android.example">
<permission name="android.permission.READ_DEVICE_CONFIG"/>
...
</signature-permissions>
...
</permissions>
Find missing permissions
To find missing permissions, install your platform signed app and inspect device logs for the following format of warning messages:
Signature permission {PERMISSION_NAME} for package {PACKAGE_NAME} ({PACKAGE_PATH}) not in signature permission allowlist
The system can still grant the permission on debuggable builds, but not on
nondebuggable builds such as user builds.