Best to take a look at the website here: https://grapheneos.org/usage#sandboxed-google-play-configuration
Different setups would need different permissions, so maybe this short list off the top of my head of what different permissions enable Google Play Services to do.
- Network: notifications. Maybe necessary for location too. Haven't tried.
- Location: required to use Google Play Services for location, which is usually faster than location routed to the OS
- Nearby devices: helps with location, Cast, pair with some smart watches
- Body sensors / physical activity: let Google Play Services count steps and maybe some other exercise-related things I am not aware of. Gives Google Play Services access to some additional sensors for this purpose
- Sensors - only time this permission has affected me is if this is off, Google Maps doesn't know which direction you're facing. Not too sure what sensors these are vs the body sensors.
- SMS - sometimes apps will use a Google library to assist with autofilling an SMS one time password, and Google Play Services needs this permission to do that. Some apps handle this badly, so if it doesn't work there's no error of any kind, so enable only when you're trying to sign up for something and it's failing. Keep in mind this gives Google Play Services access to all SMS, not just incoming SMS so be careful with this permission and be sure to remove it after the verification is finished.
- SMS + Phone - sometimes the added Phone permission is needed if the above SMS permission doesn't work. Not sure why. I recall reading that Phone permission gives an app access to read your phone number, so maybe Google verifies the phone number is correct to help with the OTP thing.
I've never needed to grant any of the other permissions, so not sure what they could be used for other than giving Google unrestricted access to our personal information.