AOSP Insider
AOSP Framework & Internals
3 min read

PackageManagerService (PMS)

Understand how the system parses APKs, builds the massive intent resolution database, and rigorously enforces app permissions.

The PackageManagerService (PMS) is the massive database engine of the Android System Server. It is responsible for tracking every single application installed on the device, understanding their capabilities, and managing their security permissions.

The Boot Scan

When you turn on your Android phone, the boot sequence takes slightly longer than a simple reboot. This is largely due to the PMS.

During the System Server startup phase, the PMS performs a massive file system scan.

  1. It scans /system/app, /vendor/app, and /data/app.
  2. It physically unzips the manifest (AndroidManifest.xml) from every single .apk file it finds.
  3. It parses these manifests to build a gigantic, in-memory data structure containing all Activities, Services, and BroadcastReceivers.

Because this parsing process is extremely slow and CPU-intensive, PMS caches the results in an XML file located at /data/system/packages.xml. On subsequent boots, PMS just reads this cache file instead of re-parsing all the APKs.

<!-- A snippet of the massive internal packages.xml database -->
<package name="com.google.android.youtube" codePath="/data/app/~~XYZ/com.google.android.youtube" ...>
    <perms>
        <item name="android.permission.INTERNET" granted="true" flags="0" />
        <item name="android.permission.CAMERA" granted="false" flags="0" />
    </perms>
</package>

Component Resolution (Intent Matching)

When you share a photo and an Android "Chooser" dialog pops up asking if you want to use WhatsApp, Messages, or Email, you are seeing PMS in action.

When an app fires an implicit Intent (e.g., ACTION_SEND with image data), the AMS intercepts it and immediately asks the PMS to resolve it. The PMS rapidly searches its in-memory database of all <intent-filter> blocks registered by every app, returning the list of apps capable of handling the request.

# Developers can use the 'pm' command to query PMS directly via adb
# To see which app handles viewing a specific web URL:
adb shell pm resolve-activity -a android.intent.action.VIEW -d "https://aosp.com"

Permission Granting

The PMS is the ultimate enforcer of the Android security model.

When you install an app, PMS reads the <uses-permission> tags in the manifest.

  • If it is a Normal permission (like INTERNET), PMS automatically grants it and writes the grant into packages.xml.
  • If it is a Dangerous permission (like CAMERA), PMS tracks the request but marks it as granted="false" until the user explicitly taps "Allow" on the runtime permission dialog.

Whenever the Camera HAL or Location Service needs to know if an app is allowed to use a piece of hardware, they query the PMS database to check the current grant state via checkUidPermission().

Previous Lesson
WindowManagerService (WMS)
Next Lesson
PowerManagerService