A device owner can grant runtime permissions to a third-party app using DevicePolicyManager.setPermissionGrantState() to avoid user prompts.
But is there any way for a device owner to grant USB permissions as well, so that this app gets access to plugged USB devices without user prompt ?
I've tried to call UsbManager.grantPermission() (with reflection) but it raises a SecurityException since it requires the MANAGE_USB permission which is granted only to system apps (and not to device owner, obviously).
NB: I'm looking for a solution working on a non-root & non-custom Android system, the device owner app is set using Android Enterprise provisioning methods.
There is a special system config to disable USB permission dialogs:
https://github.com/aosp-mirror/platform_frameworks_base/blob/8ff4a5a5b510e724b25ac00369696594bb0c9fdc/core/res/res/values/config.xml#L2283
Maybe you can also change it at runtime with root privileges using setprop.
Another way is to customize the UsbUserSettingsManager class, specifically this method: https://android.googlesource.com/platform/frameworks/base.git/+/master/services/usb/java/com/android/server/usb/UsbUserSettingsManager.java#178
I assumed that as a device owner you have full control over your ROM source code.
It's a bit old, but hopefully it helps s.o. else.
I've been using this for granting permission to apps
public boolean setPermissionGrantState (ComponentName admin,
String packageName,
String permission,
int grantState)
Link: https://developer.android.com/reference/android/app/admin/DevicePolicyManager#setPermissionGrantState(android.content.ComponentName,%20java.lang.String,%20java.lang.String,%20int)
Related
I am making an app that will allow external devices to be controlled through that app. Every time I plug in a device, I get the popup asking for permission to use the device (even if I already granted it permission to use it and checked the box to remember). Is there a way to just automatically allow all devices and never ask for permission? Or maybe a way to short circuit the permission like
private UsbManager mUsbManager;
mUsbManager.hasPermission(device) = true;
UsbManager doesn't have the method to grant permission, but you can automatically grant permission if you are using intent filters.
An example of what to add in the Android manifest file and the sample device_filter.xml is described here:
https://developer.android.com/guide/topics/connectivity/usb/host.html#using-intents
I want to create an app to turn on/turn off Android developer mode. This will be on a rooted device. What api's do need to call?
I know i am answering it very late but i will surely help other who are searching on this.
To enable developer options programatically :
Settings.Global.putString(this.getContentResolver(), Settings.Global.DEVELOPMENT_SETTINGS_ENABLED, "1");
To disable :
Settings.Global.putString(this.getContentResolver(), Settings.Global.DEVELOPMENT_SETTINGS_ENABLED, "0");
But to access this Settings.Global... , it requires a permission
android.permission.WRITE_SECURE_SETTINGS
But normally , This permission is only granted to system app
You can also grant this permission to user app using ADB
Since you said your app would be running on a rooted deice , so have access to the shell , so you can grant this permission to your app by running the below shell command
pm grant <your.package.name> android.permission.WRITE_SECURE_SETTINGS
I don't think it is possible. Since it is part of the Settings.Secure.
Secure system settings, containing system preferences that applications can read but are not allowed to write. These are for preferences that the user must explicitly modify through the system UI or specialized APIs for those values, not modified directly by applications.
Short and simple question:
rooted devices can grant apps with extra permissions during runtime (using "grant permission" command using the adb , as I recall). An example for this is the ability to read system logs , which became a non-user permission starting with API16 (link here) .
Is there a list of such permissions?
The command you may be thinking of is pm grant PACKAGE PERMISSION, which can be sent to an adb-connected device using adb shell pm grant PACKAGE PERMISSION.
However, only optional permissions can be granted or revoked this way. If you try to grant a permission not requested in the app's manifest, you'll get Operation not allowed: java.lang.SecurityException: Package PACKAGE has not requested permission PERMISSION. Likewise, if you try to revoke a permission not deemed optional, you'll get Operation not allowed: java.lang.SecurityException: Can't change PERMISSION. It is required by the application. Even for a rooted device or emulator.
Now, as far as what is deemed 'optional', as well as getting a list of such permissions, that's a little unclear. However, based on some experimentation, I believe these include at least the set of permissions assigned to permission group android.permission-group.DEVELOPMENT_TOOLS. You can see which these are on a running device using pm list permissions -g. On my API 19 emulator, as well as a Nexus 7 running AOSP 4.4.4, these are:
group:android.permission-group.DEVELOPMENT_TOOLS
permission:android.permission.ACCESS_ALL_EXTERNAL_STORAGE
permission:android.permission.SIGNAL_PERSISTENT_PROCESSES
permission:android.permission.READ_LOGS
permission:android.permission.SET_ALWAYS_FINISH
permission:android.permission.WRITE_SECURE_SETTINGS
permission:android.permission.SET_PROCESS_LIMIT
permission:android.permission.CHANGE_CONFIGURATION
permission:android.permission.DUMP
permission:android.permission.SET_DEBUG_AP
If (and only if) these are declared in the manifest, then you can grant/revoke them using the above command. Note that they are not granted automatically on installation; you must issue the pm grant command. I was able to observe and confirm this by using the Settings app and seeing the reported permissions change as I granted and revoked them.
There may be other permissions that behave like this, but I haven't found them. Normal permissions like android.permission.INTERNET cannot be granted or revoked in this manner.
Addendum: Per additional question in comment section regarding pm set-permission-enforced PERMISSION: As far as I know, the only permission which currently supports this is android.permission.READ_EXTERNAL_STORAGE. I'm basing this statement on my reading of the source code, which is also consistent with my experiences using the command. The purpose of the selective enforcement setting on this permission is to allow testing of apps under pre- and post-API 19 conditions as described here.
I have a (FOSS) app out there which can, among other features, enable and disable Wifi.
AndroidManifest.xml contains android.permission.CHANGE_WIFI_STATE, unit tests on the emulator pass and the feature works on a real device, a HTC Desire running 2.2.2.
The SDK versions are android:minSdkVersion="7" and android:targetSdkVersion="10", so I can't say about newer releases of Android.
I have received one single crash report:
java.lang.SecurityException: Permission Denial: writing com.android.providers.settings.SettingsProvider
uri content://settings/secure from pid=6191,
uid=10114 requires android.permission.WRITE_SETTINGS
Is android.permission.WRITE_SETTINGS possibly required on recent versions of Android? The reference says the permission exists since API 1, so I'd be surprised why it wasn't on older releases.
The user message is weird, it just says "lies", so I am unsure if I should just follow this report and add android.permission.WRITE_SETTINGS.
Any thoughts?
Cheers,
Torsten
That's weird, cause I needed to check exactly the same issue, so i just wrote a few lines of code doing exactly just that : enable/disable wifi and bluetooth.
My conclusion: you dont need the WRITE_SETTINGS permission to toggle the wifi, nor the bluetooth for that matter.
wifi = access_wifi_state + change_wifi_state
BT = bluetooth + bluetooth_admin
(with 4.2.2)
Check whether you were trying something else too, which may trigger the exception ?
For allowing or preventing manually installation of apk file from sdcard we ticks/unticks the checkbox which says "Allow installation of app from unknown source".
Can we do this Programmatically by avoiding any User Interface?
Thanks,
Nirav
No, not unless you're a carrier, or not unless you're on an enterprise phone that your company has admin access over.
This is part of the security model of Android, so that a user can not lose the control of his phone to a malicious application.
Here are the actual permissions you would need to do something like that:
<uses-permission android:name="android.permission.WRITE_SETTINGS" />
<uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS" />
You can try using those permissions, but by design they won't work unless you have root access to the device.
Within the device settings, users are able to view permissions for
applications they have previously installed. Users can also turn off
some functionality globally when they choose, such as disabling GPS,
radio, or wi-fi.
In the event that an application attempts to use a protected feature
which has not been declared in the application's manifest, the
permission failure will typically result in a security exception being
thrown back to the application. Protected API permission checks are
enforced at the lowest possible level to prevent circumvention.