FileObserver on system files - android

For a survey I want to monitor user-compelled changes in the Android M application permission settings.
I decided to create a FileObserver watching /data/system/users/0/runtime-permissions.xml. This file holds all information but only has read/write access for the system -rw-------. chmod won't work because access privileges are restored on every change. So my monitoring app needs system permissions.
I followed this method to deploy my app directly to priv-app directory. Works like a charm, app is considered a system app, but still does not have permission to read the above-mentioned file. File.canRead() fails just as File.exists().
Is there maybe something I have to add in the AndroidManifest.xml to make it work, or is making use of the priv-app folder a complete wrong guess? Do I have to sign the application? For final deployment I wanted to add the application to a custom rom using some kind of kitchen.

Related

Permission handling for privileged system apps

I'm writing an Android app, that will run on custom hardware with a ROM that I have control of.
The device will run a single application (as a launcher) and once the device is deployed I (generally) do not have access to it anymore. The app also has support for updating itself.
As such, I need a way to properly handle permissions for the app i.e. permissions need to be granted automatically (including dangerous ones) if they are ever added to the manifest.
Now, the app is being signed by the same certificate as the Android OS running on the device, and the app is placed in the priv-app directory when the device is flashed.
I assumed that this would automatically grant permissions but this does not appear to be the case.
I have tried adding android:sharedUserId="android.uid.system" to the manifest, and that does indeed grant all permissions, but since there are already quite a few legacy devices "in the wild", adding this option makes it so that the app can no longer be updated (throwing a INSTALL_FAILED_SHARED_USER_INCOMPATIBLE error).
So, what is the best way to handle permissions in this case? Is there some other voodoo magic I am missing here? Should I just bite the bullet, add the sharedUserId option and manually update all devices (undesired, but possible option)?

How to deploy files into a device for multi-app access

My idea is to develop an application for Android, which is able to do the following:
The APK-File contains a resource, e.g. a pdf-file. And this file should be accessible for certain other apps. My intention is to install that /res/raw/-file in a dedicated Directory, e.g. /Download/PDF-Files, where it can be accessed by different applications.
This process should be done by installation of the app.
How should I configure the manifest.xml for that purpose?
During the installation process, no action can be performed unless the user presses 'open' to launch the app. The code that first executes after that is the onCreate() method of your MainActivity specified in your manifest. To do that you have to add the code in the onCreate() method. You also need to add the following permission:

Running a command as a shell user from an Android app

I am trying to execute an fopen() function on a file that is given permissions only to "shell" from a native (C++) application that is triggered from a service on my Android application. When I run the native code as a PIE from the shell, I am able to open the file for reading, but if I try from the Android application, it fails to open the file as the Android application is run in a different user space and so I am not able to open the file. My question is, is it possible to run the command as a "shell" user or a child of "shell" from the Android application. I want to be able to do this without rooting the device so su is out of question.
You can't change the user ID of your app without a rooted device. If you could, the security model wouldn't be very useful. If your app needs access to the file, you will need to grant appropriate permissions.
The other common workaround is to have a service, running as the "shell" user, whose job is to open the file and hand back a file descriptor. The tricky part is that you need a way to launch that service as the "shell" user, which brings us back to needing "su".
FWIW, the situation is the same whether you're coding in Java or C++.

intervening Android Install-time Permission granting mechanism

I'm new in Android. I have an Idea to enrich user's knowledge whilst installing a desired application.
the idea is developing an application that can analyze .apk file of the application to check if it's over-privileged or not. and inform the user if this application which he's trying to install is over-privileged or not.
but since there's already a mechanism from Android which asks user's consent to grant whatever permission the application requests, I'm not sure if my application can somehow intervene this mechanism, postpone it, pause it or it can not.
I'm not sure if my application can somehow intervene this mechanism, postpone it, pause it
None of these are possible, sorry. You are welcome to create your own custom firmware that has this feature, but you cannot create this capability via an SDK application, for obvious security reasons.
I am not far from where you are ~ the entire mechanization you seek is based on an xml file in the "root" of the installation - it is called AndroidManifest.xml = all permission based issues should begin original first efforts on that file:
The AndroidManifest.xml File
Every application must have an AndroidManifest.xml file (with precisely that name) in its root directory. The manifest presents essential information about the application to the Android system, information the system must have before it can run any of the application's code. Among other things, the manifest does the following: .....
the "app-store" web based distribution system is supposed to pick that up and not only make some decisions on what to present to the user but as well differentiate to some extent what to do in the matter but as I just got a Droid-X emulator available in my installation I can tell you for a fact that "versioning" is subject to oversimplification as we cannot rely on users being tech-geeks

can an Android service running on its own process access the app's /data/data/<package> folder?

Part of my application, I create an Android Service, which encapsulate a Native code library. The Android Service is running in its own process.
I need the Native code from the Android service to access and write in the private data from the installation folder (/data/data/package folder).
Is that possible?
Looks like the native code is getting a Write Access error.
In the same line, can this Service access the SD Card directory at "/mnt/sdcard/Android/data/ ?
It looks also that the native code gets an access error.
Any confirmation will help
thanks
eric
For both questions: Yes.
Your Service is part of your application, same process as Activities and other parts of app. It can access app's private folder, correctly determined by:
getPackageManager().getPackageInfo("com.example.app", 0).applicationInfo.dataDir;
Also it can write to SD card, assuming you have permission in manifest:
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
You probably wrongly assume that your service runs in different process than rest of app. It's still the same process, native code doesn't make difference.

Categories

Resources