How to bypass permissions on a rooted device? - android

I am creating an android app for media box. The box is rooted. I have to bypass permissions (run time permission too) because user will not be interacting with the device. I tried to push the apk in system/priv-app folder also to make it system app. Still, whenever my app is launched, it asks for permissions. Is there any way to bypass permissions in rooted device? I have used following commands to push the APK to priv-app folder.
adb remount
adb push apk-filename-here /system/app/
adb shell chmod 644 /system/app/apk-filename-here
adb reboot
App seems to be like system app because it is not uninstallable now. But permission problem is still there. Is anything extra required to be done to grant all permissions? Please help.
I tried bypass android usb host permission confirmation dialog also but this seems to be a very old story now.


Some permissions are signature-level, meaning they can't be granted unless your app is signed with the same key used to sign the rest of the system. If you need any of these, there's very little you can do, unless the relevant APIs have shell-command alternatives.
Other permissions are privileged-level, meaning they're only granted if the app is located in /system/priv-app/. You haven't mentioned which permissions you're using, but I recommend putting your app in priv-app instead of app anyway. If this device is on Lollipop or later, apps should have a sub-folder inside priv-app (eg /system/priv-app/SomeApp/SomeApp.apk).
The third type is app-op permissions. These aren't runtime permissions, but they can be granted with a shell command:
cmd appops set <PACKAGE> <OP> <MODE>
For example, to grant the SYSTEM_ALERT_WINDOW permission:
cmd appops set com.some.package android:system_alert_window allow
The fourth type is runtime/development permissions. Both can be granted with the following:
pm grant <PACKAGE> <PERMISSION>
For example, to grant WRITE_EXTERNAL_STORAGE:
pm grant com.some.package android.permission.WRITE_EXTERNAL_STORAGE
You can check which type your permissions are by looking at the platform AndroidManifest.xml. Find your permission and check the protectionLevel field.
signature means signature
privileged means privileged
development means development
dangerous means runtime
normal permissions will be automatically granted
Certain permissions, like WRITE_SECURE_SETTINGS have multiple protection levels: signature|privileged|development.
If any of those conditions is met, Android will grant the permission to your app. With WSS, you could either put the app in priv-app or use pm grant. Either way will get you access.
If a permission's protection levels have both appops and development, such as PACKAGE_USAGE_STATS, be careful. Using cmd appops will grant that permission for certain functions, while pm grant will for others.

Related

Granting a non changeable permission to a third party app with root access

On my rooted android device, how can I grant "Signature level" (INTERNAL_SYSTEM_WINDOW) permission to a third party app.
What I have tried already is
rooted my device using magisk
in adb shell, used pm grant com.example.app android.permission.INTERNAL_SYSTEM_WINDOW
After this, I am getting below error:
java.lang.SecurityException: Permission android.permission.INTERNAL_SYSTEM_WINDOW requested by com.example.app is not a changeable permission type
at com.android.server.pm.permission.BasePermission.enforceDeclaredUsedAndRuntimeOrDevelopment(BasePermission.java:429)
at com.android.server.pm.permission.PermissionManagerService.grantRuntimePermission(PermissionManagerService.java:2114)
at com.android.server.pm.permission.PermissionManagerService.access$900(PermissionManagerService.java:121)
at com.android.server.pm.permission.PermissionManagerService$PermissionManagerServiceInternalImpl.grantRuntimePermission(PermissionManagerService.java:3018)
at com.android.server.pm.PackageManagerService.grantRuntimePermission(PackageManagerService.java:5735)
at com.android.server.pm.PackageManagerShellCommand.runGrantRevokePermission(PackageManagerShellCommand.java:1955)
at com.android.server.pm.PackageManagerShellCommand.onCommand(PackageManagerShellCommand.java:230)
at android.os.ShellCommand.exec(ShellCommand.java:104)
at com.android.server.pm.PackageManagerService.onShellCommand(PackageManagerService.java:21745)
at android.os.Binder.shellCommand(Binder.java:881)
at android.os.Binder.onTransact(Binder.java:765)
at android.content.pm.IPackageManager$Stub.onTransact(IPackageManager.java:4860)
at com.android.server.pm.PackageManagerService.onTransact(PackageManagerService.java:4015)
at android.os.Binder.execTransactInternal(Binder.java:1021)
at android.os.Binder.execTransact(Binder.java:994)
Was looking for a way such that I can grant all types of permissions to the app (since I have root access).

Granting Runtime Permission for a thirdparty app

I need to grant the Permission android.permission.INSTALL_PACKAGES to an Android App, which is not made by me. My Device is running on LineageOS and is rooted, but the Command
pm grant <package> android.permission.INSTALL_PACKAGES
returns
Operation not allowed: java.lang.SecurityException: Permission android.permission.INSTALL_PACKAGES is not a changeable permission type.
Is there any way to bypass this?

Ok, I found a solution: Copying the app to the /system/app folder through TWRP works fine

How to debug/reset Android 6.0 permissions?

While migrating one of my apps to use the Android 6.0 permissions system, I found it very hard to debug permissions using the emulator.
Findings:
Disabling a permission in the app info screen doesn't re-show the grant permission dialog when using the requestPermissions() method.
Reinstalling the app seems to be the only way to make the app show the grant permission dialog again.
What is the proper method to debug permission using the Android emulator?

It’s actually very easy to debug Android 6.0 permissions. You can reset the permissions to the "install state" for the current foreground app all apps using the following ADB shell command:
adb shell pm reset-permissions
Note: Currently you can't reset the runtime permissions for a specific package, the package manger (pm) tool help section states:
revert all runtime permissions to their default state.
You can easily execute the reset-permissions command using the terminal interface in Android Studio. Note that ADB commands only works if the ADB directory is added to the PATH system environment variable (see: add ADB to path variable).
You can also reset/revoke a specific permissions using:
adb shell pm revoke com.your.package android.permission.WRITE_EXTERNAL_STORAGE
A downside of this command is that it will restart your app, but this doesn't reset the runtime permissions for all apps. To grant a permission replace revoke with grant.

WRITE_SECURE_SETTINGS permission error even when added in Manifest

I have added "android.permission.WRITE_SECURE_SETTINGS" in the Manifest. But still i get an error message saying - required "WRITE_SECURE_SETTINGS".
I have seen a lot of talks about this, and that this setting is prevented for third party software.
It is any other way that i can add my application can gain this permission?
I have see this adb command, but i not so familiar how to use this to add my application to my device, is below command is require root my device before it can be use because it failed to copy by Read-only file system?
adb remount
adb push app.apk /system/app/

I would like to add that WRITE_SECURE_SETTINGS permission can be granted over adb and this approach does NOT require root. Here is a command:
adb shell pm grant your.package.name android.permission.WRITE_SECURE_SETTINGS

Firstly, as you have read before, WRITE_SECURE_SETTINGS is NOT available to applications! So you cannot use this permission regardless whether you are on rooted or production builds.
So, if you wish to enable this setting, create your own firmware that does what you need and load that firmware on whatever devices you wish. Or, contribute your changes to existing firmware mods (e.g., Cyanogen).
Some other applications use techniques like Reflection using Java to gain access to functions not exposed via API, you can probably try the same.
Secondly, adb remount does not work as is with production builds unless the phone is rooted or firmware enables it by default.

I recently struggled with this very thing. My client wanted an app that would turn NFC off when the device was charging (wireless charger) and then on when it was removed from the charger. I was running KitKat on my Nexus 7, and even though I had WRITE_SECURE_SETTINGS in the Manifest, and the app in /system/app/, it would not work.
Turns out, that in 4.4 they added additional security. In 4.3 however, it works if three things are true:
Manifest has WRITE_SECURE_SETTINGS
App is in /system/app/
The package is signed by a key (any key)
I rooted the device using the awesome Nexus Root Toolkit (NRT) from http://www.wugfresh.com/nrt/ then installed BusyBox and system app mover from:
https://play.google.com/store/apps/details?id=stericson.busybox
https://play.google.com/store/apps/details?id=de.j4velin.systemappmover
I installed my custom signed APK and moved it into place using system app mover, which then restarted the device. It worked perfectly. Hope this helps.

For the api that I used, which required WRITE_SECURE_SETTINGS privileges, I had to include this in the manifest:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
...
coreApp="true"
android:sharedUserId="android.uid.system">
<uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS"/>
...
ref: https://github.com/android/platform_packages_apps_settings/blob/master/AndroidManifest.xml
I also had to run the application as a system app (under: /system/app).
Here is an how to: http://www.addictivetips.com/mobile/how-to-install-any-app-as-system-app-on-android/

I met this situation too,and then i follow the rules below:
1.add WRITE_SECURE_SETTINGS in manifest
2.make my own firmware
3.add LOCAL_CERTIRICATE := platform

Try this,
adb shell pm grant your.package.name android.permission.WRITE_SECURE_SETTINGS

I was able to fix this problem by enabling notification access.
go to settings
click on sound and notification
scroll down
click on notification access

Why doesn't program in /system/app get SuperUser access?

We are creating an Android application which requires super user privileges. The SuperUser.apk and su are installed. However there seems to be a difference between installing our application in /data/app vs. /system/app. If we install in /data/app, everything seems to work fine. If we install in /system/app, SuperUser.apk does not popup to grant privileges.
Are there certain types of programs that must be installed in one location vs. another?
TIA

APK files in the /system/app folder already have system-level permissions so they don't require SuperUser, which I assume is why it doesn't pop up.
You should confirm that your application already has the permission you have requested. For instance, AlarmManager.setTime requires the signatureOrSystem permission android.permission.SET_TIME and will throw an exception if it doesn't have it. You can also check explicitly with PackageManager.checkPermission.
If this doesn't work, check the attributes of the APK file. If they don't match the other APKs in the system folder Android may ignore them. You can fix it like this:
chmod 644 <filename>

Categories

Resources