I am getting:
java.lang.SecurityException: Permission Denial: not allowed to send broadcast android.intent.action.TIME_SET from pid=xxxxx, uid=xxxxx
for:
Intent timeChanged = new Intent(Intent.ACTION_TIME_CHANGED);
sendBroadcast(timeChanged);
even when I have put my app in /system/app folder. Please help me out to know why this is happening?
Try putting the app in the priv-app folder in the system partition,
and adding the app to the privapp-permissions.xml file on the same partition, with the TIME_SET permission.
Please come here: Permission Denial of android.intent.action.REBOOT for APP in /system/priv-app. To get the most recent version of the code, just replace "android-5.1.1_r20" with "master").
It seems the app must be a persistent app, which can be done by setting the persistent flag to true on the Application tag of the Manifest. Either that, or have a UserId whitelisted, which is also on the code (though, sharedUserId is deprecated as of API 29, so might not be a good idea to use that way).
Related
I am trying to disable one of the app from my app. I have created a launcher app and trying to use following method of package manager
pm.setApplicationEnabledSetting(packageInfo.packageName, PackageManager.COMPONENT_ENABLED_STATE_DISABLED, PackageManager.DONT_KILL_APP);
But I'm getting SecurityException as
SecurityException: Permission Denial: attempt to change component state from pid=20217, uid=10066, package uid=10067
Note: Somewhere I found the solution to this is to mention below permission in manifest
But I'm getting a warning in this permission that this permission is only granted to system apps.
In order to disable/enable other apps your app must have system privileges. To achieve privileges you should do these steps.
Add this line to your manifest header android:sharedUserId="android.uid.system"
Add this permission to the manifest "android.permission.CHANGE_COMPONENT_ENABLED_STATE"
Sign your app with a system key.
I checked it in my launcher app.
<uses-permission android:name="android.permission.CALL_PRIVILEGED"/>
I cannot grant this permission in the android manifest file as it shows the following
error:
Permissions with the protection level signature or signatureOrSystem are only granted to system apps. If an app is a regular non-system app, it will never be able to use these permissions.
So,what should i do now?
Permissions with the protection level signature or signatureOrSystem
are only granted to system apps. If an app is a regular non-system
app, it will never be able to use these permissions.
So,what should i do now?
If your app is expected to run on non-rooted devices, then you're simply doomed - you can do nothing, unless you have platform keys to sign your app with it.
Alternatively, you may narrow your audience to rooted devices only but that would allow you to do what you want incl. using features usually reserved for the platform or system apps ony.
Finally you may rethink your approach. Perhaps what you want to do can be achieved other way, w/o need of elevating app privileges.
For this "CALL_PRIVILEGED" permission , you will need a rooted device and the app must be installed as a system app only.
From the documentation (https://developer.android.com/reference/android/Manifest.permission.html#CALL_PRIVILEGED):
String CALL_PRIVILEGED
Allows an application to call any phone number, including emergency numbers,
without going through the Dialer user interface for the user to confirm the
call being placed.
Not for use by third-party applications.
So, the short answer is that you can't use it. What are you trying to accomplish?
I know it's a simple question but I can't find any answer. Well actually it's three related questions:
If my code requires a uses-permission manifest element, does Eclipse automatically add it to the manifest?
If Eclipse doesn't automatically add it, how do I know which permissions my app needs? Of course there is this list, but it's hard to go though this list checking if what my app does falls within each of these permissions.
If Eclipse doesn't automatically add the permission and I fail to do it, how will I find out? Will the app fail to install on the emulator? Will it install on the emulator but be force-closed when trying to access something it doesn't have permissions for? Or do I have to install the apk on a real device in order to find out?
If my code requires a uses-permission manifest element, does Eclipse automatically add it to the manifest?
No.
how do I know which permissions my app needs?
Generally, by reading the JavaDocs, which do a decent job of pointing out what permissions you need. Otherwise, you will find out in testing, when your app crashes with a SecurityException.
If Eclipse doesn't automatically add the permission and I fail to do it, how will I find out?
See above.
Will it install on the emulator but be force-closed when trying to access something it doesn't have permissions for?
Correct.
Eclipse will not add permissions automatically. However, if you try to use a feature that requires permission, you will be made aware of the missing permission. Here's an excerpt from android resource page on Permissions: Link
Often times a permission failure will result in a SecurityException
being thrown back to the application. However, this is not guaranteed
to occur everywhere. For example, the sendBroadcast(Intent) method
checks permissions as data is being delivered to each receiver, after
the method call has returned, so you will not receive an exception if
there are permission failures. In almost all cases, however, a
permission failure will be printed to the system log.
Your third question is answered by:
In almost all cases, however, a permission failure will be printed to
the system log.
Just in case you're wondering about what you would see in Logcat:
11-20 08:08:47.766: E/AndroidRuntime(9380):
java.lang.SecurityException: Need BLUETOOTH permission: Neither user
10111 nor current process has android.permission.BLUETOOTH.
Eclipse does not automatically add the uses-permission to your manifest. I once had forgot to add a permission and had my app fail when it got to that part of the code. I can't remember the exact error but it did mention that a permission was required to use the method I tried using and I believe that it told me what permission.
If you don't add one in then you will soon find out.
On a tablet I installed a apk develloped in Eclipse under Ubuntu. The App works on the AVD and is already installed on a phone and working.
The installation of the apk gives no error, however when starting the App it gives a "not installed" toast message.
In the aLogCat output I see a Permission denial message of the Launcher for WRITE_EXTERNAL_STORAGE. Note that the USB connection is not connected when I started the App.
Furthermore I noticed the following line in aLogCat and I noted that the "-1" was added to the package name.
New package installed in /data/app/com.company.AppName-1.apk
In the manifest the lines
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-sdk android:minSdkVersion="8" android:targetSdkVersion="15" />
are in the manifest block and
<android:permission="android.permission.WRITE_EXTERNAL_STORAGE">
in the application block.
Why is this working on a Android 2.3 phone and in a Android 4.0.3 AVD, but not on a Android 4.0.3 tablet?
Platform info: Eclipse 3.7.2, Tablet: Yarvik TAB461EUK; Installed with "ES File Explorer"
Try removing the permission from the application block. I dont know for sure but from personal experience ICS do not support permission attribute in application block which has already been defined in the main block. It inherits from the main block. Please tell if that solves the problem.
I dont know why it works on the AVD, may be because AVD do not have any external storage.
Related documentation:
http://developer.android.com/guide/topics/manifest/manifest-intro.html describes the permission element only for the main manifest block (now)
Changes per version states:
HONEYCOMB: When an application requires a permission to access one of its components (activity, receiver, service, provider), this permission is no longer enforced when the application wants to access its own component. This means it can require a permission on a component that it does not itself hold and still access that component.
Activity states:
The name of a permission that clients must have to launch the activity or otherwise get it to respond to an intent. If a caller of startActivity() or startActivityForResult() has not been granted the specified permission, its intent will not be delivered to the activity.
If this attribute is not set, the permission set by the element's permission attribute applies to the activity. If neither attribute is set, the activity is not protected by a permission.
Not very clear to me
I am trying to reboot (through code) the phone at some point. In order to do that I do this:
Intent i = new Intent(android.content.Intent.ACTION_REBOOT);
i.putExtra("nowait", 1);
i.putExtra("interval", 1);
i.putExtra("window", 0);
this.sendBroadcast(i);
The problem is that, even if I have in the manifest this line:
uses-permission android:name="android.permission.REBOOT" (with the delimiters).
When trying to execute it, it gives me the next error:
Permission Denial: not allowed to send broadcast android.intent.action.REBOOT from pid= uid= gids=
I read that you should create an .apk and sign it with SignApk, but I created the key/certificate with openssl and signed with those and this didn't run either, I continue getting exactly the same error.
Do you have any clue about how to solve this and being able to reboot the phone? I do really need to do it.
public static final String ACTION_REBOOT
Since: API Level 1
Broadcast Action: Have the device reboot. **This is only for use by system code.**
**This is a protected intent that can only be sent by the system.**
Constant Value: "android.intent.action.REBOOT"
http://developer.android.com/reference/android/content/Intent.html#ACTION_REBOOT
So, unless you go off band and rely on having SuperUser you wont be able to force a reboot.
Why does my app throw an `android.permission.REBOOT SecurityException`?
From what I understand, the permission REBOOT is only available to apps signed by the key that signed the hardware, ie system apps
For rebooting Android device through code u need "android.intent.action.REBOOT" permission which is granted only to the system applications or to the application which are signed with the same key as that of system applications. Apart from this one also has to add a tag in Android Manifest android:sharedUserId="android.uid.system". So as to insure application shares the same uid as that of system application.
The key used for signing system app. is unique to device manufacturer and it cant be duplicated.
Android applications are not allowed to send android.content.Intent.ACTION_REBOOT
See the note here http://www.google.com/codesearch/p?hl=en#5oTG8Wvrixk/trunk/android-x86/frameworks/base/core/java/android/content/Intent.java&l=1510
/**
* Broadcast Action: Have the device reboot. This is only for use by
* system code.
*/
#SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)
public static final String ACTION_REBOOT =
"android.intent.action.REBOOT";
http://www.krvarma.com/posts/android/security-permissions-in-android/
Permissions are granted to the application by package installer while installing. But not all the permissions will be granted to the system. There are some system permission which will not be granted to the user applications, but only to the system applications. Following are some of the permissions that may NOT be granted to the user application.
To get these permissions, the application must be signed with the key which used to sign the platform. This may be different for manufacturers. So it practically not possible to get these permissions granted to a user application.