How Android tracks permissions granted to application after reading from manifest file? Are application permission tracked based on applicationId/package name/signing key/some other way?
If it stores permissions on some storage then how android will retrieve the permissions array/data to match. What will it use? Something like SHA, Apllication ID or Package name?
Note : Marshmallow 6.0 is the Target Environment
Please take a look at following links -
1) http://trendblog.net/android-app-permissions/
2) https://www.se.jku.at/wp-content/uploads/2012/09/2012.permission-tracking.pdf
If Signature is specified, access is granted if a requesting
application is signed with the same certificate as the application
that declared the permission. The level SignatureOrSystem grants
access to applications that are in the Android system image or that
are signed with the same certificates as those in the system image.
So here Signing Certificate is the key ingredient which helps android system identify permitted applications for a specific Permission.
It may be helpful for you!
The android os will read the Manifest file of the Application.
Applications use a lot of permissions like using internet, accessing your phone book, accessing SD card, etc. Android shows what permissions an application needs before each install of the applications. User knows what permissions the application is using just before the application installation.
And Android knows this by going through the Androidmenifest file named Androidmenifest.xml. This file is contained in root directory of every Android applications. All of the permissions are controlled in there.
Structure of Manifest file:
<uses-permission />
<permission />
<permission-tree />
<permission-group />
<instrumentation />
<uses-sdk />
<uses-configuration />
<uses-feature />
<supports-screens />
<compatible-screens />
<supports-gl-texture />
<application>
<activity>
<intent-filter>
<action />
<category />
<data />
</intent-filter>
<meta-data />
</activity>
<activity-alias>
<intent-filter> . . . </intent-filter>
<meta-data />
</activity-alias>
<service>
<intent-filter> . . . </intent-filter>
<meta-data/>
</service>
<receiver>
<intent-filter> . . . </intent-filter>
<meta-data />
</receiver>
<provider>
<grant-uri-permission />
<meta-data />
<path-permission />
</provider>
<uses-library />
</application>
Each permission is identified by a unique label and the label indicates tha action that is restricted. Some examples of permission defined by Android:
android.permission.INTERNET
android.permission.READ_OWNER_DATA
android.permission.SET_WALLPAPER
android.permission.DEVICE_POWER
If an application needs permissions like the ones mentioned above, it must declare that with a <used-permission> element in the menifest file as shown below.
<uses-permission android:name="android.permission.INTERNET" />
In every android application, there is a file called AndroidManifest.xml which defines app's permission using tag called uses-permission. For example
<uses-permission android:name="android.permission.INTERNET" />
which define permission for Internet usage.
Related
i upload my bundle to google play and show me this permissions which contain
android.permission.REQUEST_INSTALL_PACKAGES
and this is my AndroidManifest file content:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.flutter.application">
<!-- The INTERNET permission is required for development. Specifically,
flutter needs it to communicate with the running application
to allow setting breakpoints, to provide hot reload, etc.
-->
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.INTERNET"/>
<!-- io.flutter.app.FlutterApplication is an android.app.Application that
calls FlutterMain.startInitialization(this); in its onCreate method.
In most cases you can leave this as-is, but you if you want to provide
additional functionality it is fine to subclass or reimplement
FlutterApplication and put your custom class here. -->
<application
android:name="io.flutter.app.FlutterApplication"
android:label="flutter"
android:icon="#mipmap/ic_launcher">
<activity
android:name=".MainActivity"
android:launchMode="singleTop"
android:theme="#style/LaunchTheme"
android:configChanges="orientation|keyboardHidden|keyboard|screenSize|locale|layoutDirection|fontScale|screenLayout|density|uiMode"
android:hardwareAccelerated="true"
android:windowSoftInputMode="adjustResize">
<!-- This keeps the window background of the activity showing
until Flutter renders its first frame. It can be removed if
there is no splash screen (such as the default splash screen
defined in #style/LaunchTheme). -->
<meta-data
android:name="io.flutter.app.android.SplashScreenUntilFirstFrame"
android:value="true" />
<intent-filter>
<action android:name="android.intent.action.MAIN"/>
<category android:name="android.intent.category.LAUNCHER"/>
</intent-filter>
<intent-filter>
<action android:name="FLUTTER_NOTIFICATION_CLICK" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
</activity>
<activity
android:name="com.yalantis.ucrop.UCropActivity"
android:screenOrientation="portrait"
android:theme="#style/Theme.AppCompat.Light.NoActionBar"/>
</application>
what is this permission and how i can handle it or remove it from my package
and when i install my app on phone this permission not show?
ok i found why android.permission.REQUEST_INSTALL_PACKAGES permission added to package
this is because file_open package has this permission
and it added to project automatically
As like the answers above it could have been requested by many packages. It can be made to be removed from the final manifest.xml by add these in the Androidmanifest.xml
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools" //Add this line
package="com.example.app">
<uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES" tools:node="remove"/> //Add this line
The tools:node='remove' will remove the permission from final manifest.xml
This technique can be used to remove other permissions also.
You could check the build/app/outputs/logs/manifest-merger-release-report.txt file. This is generated after you make a release build.
This file contains all information on how the final AndroidManifest.xml is created and where permissions might come from.
In my case, it came from open_file package.
I came across the same issue. In my case, it was because of the pakage open_file after going through many online threads about the same topic.
I used the open_file_safe package to resolve the issue.
open_file_safe is same as open_file, but .apk file type is not
supported. Thus, android.permission.REQUEST_INSTALL_PACKAGES
permission is removed.
Got this shiny manifest ready to be granted all ze permissions
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="exm.rand.lol">
<uses-permission android:name="com.google.android.things.permission.MODIFY_SCREEN_SETTINGS" />
<uses-permission android:name="com.google.android.things.permission.REBOOT"/>
<application>
<uses-library android:name="com.google.android.things" />
<activity android:name=".MainActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.IOT_LAUNCHER" />
<category android:name="android.intent.category.DEFAULT" />
</intent-filter>
</activity>
</application>
</manifest>
and yet when I boot up the raspberry pi it fails with this in the logcat
12-01 15:23:19.349 2960 2960 E AndroidRuntime: java.lang.RuntimeException: Unable to start activity ComponentInfo{exm.rand.lol/exm.rand.lol.MainActivity}: java.lang.SecurityException: Calling process requires permission com.google.android.things.permission.MODIFY_SCREEN_SETTINGS
I searched high and low, stumbled upon multiple threads on StackOverflow
Android Things permission com.google.android.things.permission.MANAGE_INPUT_DRIVERS not found
How to request permission on Android Things?
but to no avail. Rebooting doesn't do anything, reinstalling doesn't do anything, the only way I found atm to give permissions is to manually grant them through adb like dis
adb shell pm grant exm.rand.lol com.google.android.things.permission.REBOOT
Running latest Preiew 6 of Android Things.
With Developer Preview 6, you should use the DeviceManager API. Reboot permission can only be granted to system apps if I'm not wrong, and the Android Things console will never package your APK as a system app.
new DeviceManager().reboot()
To summerize things... Altough it's stated in Android Things readme that:
All normal and dangerous permissions declared in your app's manifest are granted at install time.
It's not enough to declare permissions in manifest:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.xxx.yyy">
<uses-permission android:name="android.permission.WRITE_SETTINGS" />
<uses-permission android:name="com.google.android.things.permission.MODIFY_SCREEN_SETTINGS"/>
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<application>
</application>
</manifest>
You need to restart the device with the installed application.
APPLICATION RIGHTS ARE GRANTED UPON DEVICE RESTART not application restart.
All:
I got one of those Android Privacy Policy notifications for an Android watch face I wrote. I wrote it in Android Studio, and it has the following permissions:
android.permission.ACCESS_NETWORK_STATE
android.permission.GET_ACCOUNTS
android.permission.INTERNET
android.permission.READ_EXTERNAL_STORAGE
android.permission.USE_CREDENTIALS
android.permission.WAKE_LOCK
android.permission.WRITE_EXTERNAL_STORAGE
com.google.android.c2dm.permission.RECEIVE
I really don't need all of those. I really think I only need the WAKE_LOCK and I think one other one. It shouldn't use any sort of writing, accessing networks, or any of that other stuff.
But the odd thing is, I can't find anywhere in my app where these permissions are located. This is my Wear manifest:
<?xml version="1.0" encoding="utf-8"?>
<uses-feature android:name="android.hardware.type.watch" />
<!-- Required to act as a custom watch face. -->
<uses-permission android:name="com.google.android.permission.PROVIDE_BACKGROUND" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<application
android:allowBackup="true"
android:icon="#mipmap/ic_launcher"
android:label="#string/app_name"
android:theme="#android:style/Theme.DeviceDefault" >
<service
android:name=".MorseWatchFace"
android:label="#string/my_digital_name"
android:permission="android.permission.BIND_WALLPAPER" >
<meta-data
android:name="android.service.wallpaper"
android:resource="#xml/watch_face" />
<meta-data
android:name="com.google.android.wearable.watchface.preview"
android:resource="#drawable/preview_digital" />
<meta-data
android:name="com.google.android.wearable.watchface.preview_circular"
android:resource="#drawable/preview_digital_circular" />
<intent-filter>
<action android:name="android.service.wallpaper.WallpaperService" />
<category android:name="com.google.android.wearable.watchface.category.WATCH_FACE" />
</intent-filter>
</service>
<meta-data
android:name="com.google.android.gms.version"
android:value="#integer/google_play_services_version" />
</application>
And this is my Mobile manifest:
<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="monte.morsewatch">
<application android:allowBackup="true" android:label="#string/app_name"
android:icon="#mipmap/ic_launcher" android:theme="#style/AppTheme">
</application>
I know I'm missing something. The email said I had until January 30th to fix it, but I am unsure what I need to change to fix it.
Any help greatly appreciated.
Based from this documentation, the user must now grant permissions to Wear apps separately from the handset versions of the apps. Previously, when a user installed a Wear app, it automatically inherited the set of permissions that the user had granted to the handset version of the app. To declare that your app needs a permission, you're right in putting a <uses-permission> element in your app manifest, as a child of the top-level <manifest> element.
This SO thread might also help on how to remove unwanted permissions in your app.
The extra permissions are probably being added by some part of Google
Play Services - and which probably doesn't need them for what you're
doing.
Solution #1 is to only use the pieces of Google Play Services that you
actually need. In your Wear module's build.gradle file, you might
have an entry that looks like this:
dependencies {
compile com.google.android.gms:play-service:8.4.0
}
However, that will bring in the entire Play Services library -
which requires a number of extra permissions. It might well be that
all you need is this:
compile com.google.android.gms:play-services-wearable:8.4.0
...or perhaps other specific modules. But the point is, don't include
more than you need.
If you've pared the dependencies back as far as you can, and you're
still getting extra permissions in your merged manifest, then you may
need Solution #2 - which I described in detail in a different answer:
https://stackoverflow.com/a/31017339/252080
Hope this helps!
I know it may be silly question and I have referred all the similar question before but unfortunately I could resolve this issue. Most probably it is problem in my Manifest.xml file.
When I am trying to access location, app is crashing
here is my manifest.xml
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.test.tt.test" >
<application
android:allowBackup="true"
android:icon="#drawable/ic_launcher"
android:label="#string/app_name"
android:theme="#style/AppTheme" >
<activity
android:name=".sTest"
android:label="#string/app_name" >
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<service android:name="com.test.tt.test.sService">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter> </service>
<service android:name="com.test.tt.test.sServiceRequest" />
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_COARSE_UPDATES" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
</application>
when I run it throw this error
java.lang.SecurityException: Neither user 11029 nor current process has android.permission.ACCESS_COARSE_LOCATION.
Similar with other permissions. I can not see any mistake in my manifest file. Help appreciated
If you are running on a device on Android Marshmallow and above:
If the device is running Android 6.0 or higher and if the app's target SDK is 23 or higher, the app not just have to list the permissions in the manifest but also must request each dangerous permission it needs while the app is running.
More info:
http://developer.android.com/training/permissions/requesting.html
and
http://developer.android.com/guide/topics/security/permissions.html#normal-dangerous
This means you have some wrong information or malformed info in your menifest file and that is the reason none of your Permission is not identified by your app. Just make sure you have cleaned ANDROIDMANIFEST file with any malformed data.
It will work and all permission should be outside Application tag
move the uses-permission outside application just below the manifest tag
Moving permission section solved my problem with "Neither user or current process has android.permission.READ_PHONE_STATE". Thank you so much to everyone in this forum.
In reference to others, my changes are bellow:
Original:
<uses-permission android:name="android.permission.NFC" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
<uses-feature
android:name="android.hardware.nfc"
android:required="true" />
<activity android:name=".NfcRead"></activity>
</application>
Change:
<uses-permission android:name="android.permission.NFC" />
<uses-feature
android:name="android.hardware.nfc"
android:required="true" />
<activity android:name=".NfcRead"></activity>
</application>
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
This exception is related to the runtime permission system in Android 6 and above. The Location permission comes under dangerous permission [check here], so you must have to fulfill below 2 minimum requirements to handle these permissions:
Declared below 2 permission in manifest (These permissions must be outside application tag)
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION " />
Check for the granted permission at runtime using checkSelfPermission() and request permissions using requestPermissions() if not already granted.
If you have already done both of the above then and still getting error then check below:
You App's targetSdkVersion (should be >=23) [If the application's targetSdkVersion is set to less than 23. It will be assumed that application is not tested with new permission system yet and will switch to the same old behavior: user has to accept every single permission at install time and they will be all granted once installed].
Check if you have any thing wrong with you manifest file. You might have malformed manifest file.
Check if you are calling any function, that works on location data, before the user Accept/revoked runtime location permission dialog?
Clean you app (Clean build) and re-run.
Hope this may help :-)
I know it may be silly question and I have referred all the similar question before but unfortunately I could resolve this issue. Most probably it is problem in my Manifest.xml file.
When I am trying to access location, app is crashing
here is my manifest.xml
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.test.tt.test" >
<application
android:allowBackup="true"
android:icon="#drawable/ic_launcher"
android:label="#string/app_name"
android:theme="#style/AppTheme" >
<activity
android:name=".sTest"
android:label="#string/app_name" >
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<service android:name="com.test.tt.test.sService">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter> </service>
<service android:name="com.test.tt.test.sServiceRequest" />
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_COARSE_UPDATES" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
</application>
when I run it throw this error
java.lang.SecurityException: Neither user 11029 nor current process has android.permission.ACCESS_COARSE_LOCATION.
Similar with other permissions. I can not see any mistake in my manifest file. Help appreciated
If you are running on a device on Android Marshmallow and above:
If the device is running Android 6.0 or higher and if the app's target SDK is 23 or higher, the app not just have to list the permissions in the manifest but also must request each dangerous permission it needs while the app is running.
More info:
http://developer.android.com/training/permissions/requesting.html
and
http://developer.android.com/guide/topics/security/permissions.html#normal-dangerous
This means you have some wrong information or malformed info in your menifest file and that is the reason none of your Permission is not identified by your app. Just make sure you have cleaned ANDROIDMANIFEST file with any malformed data.
It will work and all permission should be outside Application tag
move the uses-permission outside application just below the manifest tag
Moving permission section solved my problem with "Neither user or current process has android.permission.READ_PHONE_STATE". Thank you so much to everyone in this forum.
In reference to others, my changes are bellow:
Original:
<uses-permission android:name="android.permission.NFC" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
<uses-feature
android:name="android.hardware.nfc"
android:required="true" />
<activity android:name=".NfcRead"></activity>
</application>
Change:
<uses-permission android:name="android.permission.NFC" />
<uses-feature
android:name="android.hardware.nfc"
android:required="true" />
<activity android:name=".NfcRead"></activity>
</application>
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
This exception is related to the runtime permission system in Android 6 and above. The Location permission comes under dangerous permission [check here], so you must have to fulfill below 2 minimum requirements to handle these permissions:
Declared below 2 permission in manifest (These permissions must be outside application tag)
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION " />
Check for the granted permission at runtime using checkSelfPermission() and request permissions using requestPermissions() if not already granted.
If you have already done both of the above then and still getting error then check below:
You App's targetSdkVersion (should be >=23) [If the application's targetSdkVersion is set to less than 23. It will be assumed that application is not tested with new permission system yet and will switch to the same old behavior: user has to accept every single permission at install time and they will be all granted once installed].
Check if you have any thing wrong with you manifest file. You might have malformed manifest file.
Check if you are calling any function, that works on location data, before the user Accept/revoked runtime location permission dialog?
Clean you app (Clean build) and re-run.
Hope this may help :-)