I have encapsulated permission check into utility method and now I am receiving
Call requires permission which may be rejected by user: code should
explicitly check to see if permission is available (with
checkPermission) or explicitly handle a potential
SecurityException
error.
Like this:
Is it possible to smart control this error, for example, by adding some annotation (not just completely disable checking)?
Is it possible to smart control this error
This is not error per se but warning generated by static code analyser, most likely by bundled Lint. If that is so, you can suppress it by using #SuppressWarnings() annotation. See official docs on that: Suppressing Lint Warnings
Related
I've recently changed an app to target Marshmallow and as you know, I now need to handle the Marshmallow permissions model.
The app hasmany files and thousands of lines of code. Aside from the brute force way ie
turn off permissions and use the app , noting where exceptions happen
is there a more efficient way of finding out which lines of api calls request certain permissions so that they can be wrapped in a permission request?
There are some methods that will raise a lint error if they do not detect permission checks (for example location updates using Google Play Services.) To trigger that run Analyze > Inspect Code and look under the Android Lint Errors.
Other than that brute force is the only way. I had to do this for a project I was working on (also many many thousands of lines of code). I suggest monitoring Logcat for errors and hitting the app hard. Be careful though... if you catch the errors in code then they may not appear in logcat so you'll have to make sure the app functionality is as expected.
But, it's not as hard as it sounds. If take a moment to review your app and the potential locations where permissions are required you'll find that its pretty straight forward. Review this article to determine what permissions you'll need http://inthecheesefactory.com/blog/things-you-need-to-know-about-android-m-permission-developer-edition/en
I am setting my targetSdkVersion to 23 and therefore I want to implement
"Requesting permissions at runtime". (see here)
Lint directly calls out if you forget to check the permission and
tells you the following:
Call requires permission which may be rejected by user: code should
explicitly check to see if permission is available (with
checkPermission) or explicitly handle a potential
`SecurityException'
This is quite nice and I want to analyze my code for any call that I may
have forgotten, but I can't find Lint option that I have to select
in my Inspection profile.
How is the inspection called?
Thanks!
First click on Hector the Inspector (the small icon of a man with a moustache at the very bottom-right of Android Studio). This will bring up an option to Configure inspections.
You should then type 'Permissions' into the searchbar, and ensure that "Constant and Resource Type Mismatches" is checked. After that, it's a simple case of running an inspection via Analyse > Inspect Code.
I'm preparing my app to target Android 6.0 Marshmallow.
When setting the target api to 23, the app immediately crashes upon launch. There is no useful information in the logcat output. (It gives a "Requested window does not exist" IllegalStateException, but still, nothing actually useful like class name or line number.)
This is fine (not really), I eventually narrowed it down to my launch activity where I get the user's device IMEI code (TelephonyManager.getDeviceId()). There needs to be a runtime permission request added. I understand this.
However, the app has something like 60 classes across numerous activities, so there is a lot of code to sort through. How can I possibly search through the code to find all of the cases where runtime permissions are required?
Surely Google must have thought of an easy way for developers to track down where the permission requests are required? I thought perhaps commenting out the permissions in the manifest would trigger a compile-time error where the permissions are used, or something of the sort, but nope.
My current method is by going through the app and when it crashes, do like the above with my launch activity and very slowly narrow down where it is. This is extremely inefficient and time-consuming. I'm tempted to just leave it at API 22 for now, but I know sooner or later this will have to be done.
Delete all AndroidManifest.xml permission.
Analyze -> Run Inspection by Name ->Constant and Resource Type Mismatches in Android Studio.
You can detect permission.
But this detection is not perfect...
Because this detects only method that contains this xmls files.
https://android.googlesource.com/platform/tools/adt/idea/+/master/android/annotations/android
https://android.googlesource.com/platform/tools/adt/idea/+/master/android/annotations/android/accounts/annotations.xml#118
What worked for me is this :
Analyze -> Run Inspection by Name -> Missing Permissions
I'm trying to access the Usage_Stats_Service in lollipop through this :
final UsageStatsManager usageStatsManager=(UsageStatsManager)this.getSystemService(Context.USAGE_STATS_SERVICE);
I can go to the Context class and see how this constant exist but Android Studio keeps saying that it is not a valid constant.
I have tried to use the literal string too but it seems getSystemService has a constraint to only accept #ServiceName constants.
I have spent almost 2 hours into this without finding out what is hapenning. Any help is welcomed.
Android Studio keeps saying that it is not a valid constant.
It isn't a publicly available constant because USAGE_STAT_SERVICE is hidden using the #hide annotation in the source code. This is supported by the lack of USAGE_STAT_SERVICE in the documentation.
getSystemService has a constraint to only accept #ServiceName
constants.
This is due to "attribute inspection" and should not affect compilation. It can be turned off.
I've also successfully gotten an instance of UsageManagerService using a direct string.
UsageStatsManager manager = (UsageStatsManager) getSystemService("usagestats");
Additionally, it is worth noting that the permission required,
android.permission.PACKAGE_USAGE_STATS
is simply flagged by Studio as a permission that can't be granted (technically true based on the documentation) so Studio at this time, does not know about "special" permissions such as these.
Usage Access can be granted in
Settings > Security > Apps with usage access
I recently refactored my package structure for an Android project and moved a BroadcastReceiver class to a different package. However, I forgot to update the receiver tag's android:name field in the AndroidManifest.xml.
This BroadcastReceiver was used to send notifications to the client and this serious error simply meant that no notifications were sent. Unfortunately there is no compile time validation of this file or, it seems, any runtime error thrown to indicate a misconfiguration here.
Is there anything I can do from my side to validate these types of configurations? Perhaps this information can be accessed in a unit test and verified? Or, perhaps there is more verbose output I can configure to make sure error like this don't go unnoticed in the future?
or, it seems, any runtime error thrown to indicate a misconfiguration here
A warning might have shown up in LogCat, but probably not, as having zero receivers for a broadcast is a perfectly normal condition.
Is there anything I can do from my side to validate these types of configurations?
You can file a feature request to have Lint validate this portion of the manifest. Or, you can write your own script to analyze your source tree and manifest and include this as part of a customized Ant build script.
Perhaps this information can be accessed in a unit test and verified?
You can use PackageManager and queryBroadcastReceivers() to confirm that the Intent you use for broadcasts will resolve to 1+ receivers.