While migrating one of my apps to use the Android 6.0 permissions system, I found it very hard to debug permissions using the emulator.
Findings:
Disabling a permission in the app info screen doesn't re-show the grant permission dialog when using the requestPermissions() method.
Reinstalling the app seems to be the only way to make the app show the grant permission dialog again.
What is the proper method to debug permission using the Android emulator?
It’s actually very easy to debug Android 6.0 permissions. You can reset the permissions to the "install state" for the current foreground app all apps using the following ADB shell command:
adb shell pm reset-permissions
Note: Currently you can't reset the runtime permissions for a specific package, the package manger (pm) tool help section states:
revert all runtime permissions to their default state.
You can easily execute the reset-permissions command using the terminal interface in Android Studio. Note that ADB commands only works if the ADB directory is added to the PATH system environment variable (see: add ADB to path variable).
You can also reset/revoke a specific permissions using:
adb shell pm revoke com.your.package android.permission.WRITE_EXTERNAL_STORAGE
A downside of this command is that it will restart your app, but this doesn't reset the runtime permissions for all apps. To grant a permission replace revoke with grant.
Related
I am creating an android app for media box. The box is rooted. I have to bypass permissions (run time permission too) because user will not be interacting with the device. I tried to push the apk in system/priv-app folder also to make it system app. Still, whenever my app is launched, it asks for permissions. Is there any way to bypass permissions in rooted device? I have used following commands to push the APK to priv-app folder.
adb remount
adb push apk-filename-here /system/app/
adb shell chmod 644 /system/app/apk-filename-here
adb reboot
App seems to be like system app because it is not uninstallable now. But permission problem is still there. Is anything extra required to be done to grant all permissions? Please help.
I tried bypass android usb host permission confirmation dialog also but this seems to be a very old story now.
Some permissions are signature-level, meaning they can't be granted unless your app is signed with the same key used to sign the rest of the system. If you need any of these, there's very little you can do, unless the relevant APIs have shell-command alternatives.
Other permissions are privileged-level, meaning they're only granted if the app is located in /system/priv-app/. You haven't mentioned which permissions you're using, but I recommend putting your app in priv-app instead of app anyway. If this device is on Lollipop or later, apps should have a sub-folder inside priv-app (eg /system/priv-app/SomeApp/SomeApp.apk).
The third type is app-op permissions. These aren't runtime permissions, but they can be granted with a shell command:
cmd appops set <PACKAGE> <OP> <MODE>
For example, to grant the SYSTEM_ALERT_WINDOW permission:
cmd appops set com.some.package android:system_alert_window allow
The fourth type is runtime/development permissions. Both can be granted with the following:
pm grant <PACKAGE> <PERMISSION>
For example, to grant WRITE_EXTERNAL_STORAGE:
pm grant com.some.package android.permission.WRITE_EXTERNAL_STORAGE
You can check which type your permissions are by looking at the platform AndroidManifest.xml. Find your permission and check the protectionLevel field.
signature means signature
privileged means privileged
development means development
dangerous means runtime
normal permissions will be automatically granted
Certain permissions, like WRITE_SECURE_SETTINGS have multiple protection levels: signature|privileged|development.
If any of those conditions is met, Android will grant the permission to your app. With WSS, you could either put the app in priv-app or use pm grant. Either way will get you access.
If a permission's protection levels have both appops and development, such as PACKAGE_USAGE_STATS, be careful. Using cmd appops will grant that permission for certain functions, while pm grant will for others.
I need to start the installation of an apk on an android 8 phone, but this should not be silent (adb install). The behavior should be as if the user has touched the apk file on the device.
Before android 8 it was possible to launch the installation of an apk by adb like this:
adb shell am start -d file:"///sdcard/foobar.apk" -p com.google.android.packageinstaller
This is not possible anymore on android 8. According to the log file the permission android.permission.REQUEST_INSTALL_PACKAGES is necessary.
09-25 16:39:55.691 6066 6066 E InstallStart: Requesting uid 2000 needs to declare permission android.permission.REQUEST_INSTALL_PACKAGES
I know that since android 8 apps that requests installing other apps needs this permission, but this shouldn't be the case by doing it via adb, right?
Is this a bug in android 8? Is it somehow possible to do it in an other way?
Try adding in Manifest
<uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES"/>
I came across this issue in our team: We want to test interactions with the calendar and we obviously need calendar write permission in order to do this.
Is there a way to make sure necessary permissions are in place for instrument tests? I know you can virtually grant permissions on a specific avd but is there a better way of doing this?
You can grant and revoke permissions using:
adb pm grant com.package.myapp android.permission.<PERMISSION>
adb pm revoke com.package.myapp android.permission.<PERMISSION>
Update for Android Debug Bridge (adb) version 1.0.32:
You need to add shell to run these commands, e.g. ./adb shell pm grant ......
I would comment but I can't yet,
here a guide on android M permissions: http://inthecheesefactory.com/blog/things-you-need-to-know-about-android-m-permission-developer-edition/en.
In android M you need to check 2 things before doing something that requires permissions. 1. If they allowed or denied 2. If they chose deny always or not (remember my choice). Most of this is covered in the link I provided.
I don't know if you can apply this to tests but I would think so.
I have an application where I create a process and call the dumpsys telephony.registry command to get information about the mobile network status.
String[] cmds={"dumpsys telephony.registry"};
Process p = Runtime.getRuntime().exec(cmds [0]+"\n");
and then after that I parse the result of the command. For "ls" or other commands it works fine. For dupmsys I get Permission Denial: can't dump telephony.registry from pid-953, uid=10090. I get the same error results for dumpsys power or other dumpsys commands.
I have set DUMP permissions android.permission.DUMP in the android Manifest like suggested here
I think that I am doing this right since Android offers this feature here
I have also done the step described here to force eclipse to allow me to give my application DUMP permission in the manifest.
When I execute the dumpsys command I always get the same result
Permission Denial: can't dump telephony.registry from pid-953, uid=10090
Am I doing something wrong? Why does android OS still deny me access to the dump service ?
PS I have set min API 8 and I am testing the application on device running (ICS)
API 15
Why does android OS still deny me access to the dump service ?
Because that permission is flagged as android:protectionLevel="signature|system|development" (or signatureOrSystem using the old syntax) on Android 2.3+, and therefore cannot be held by ordinary Android SDK applications.
There's another (hacky) way to access dumpsys without rooting your device - through adb shell.
This will require allowing USB debugging, and finding the port of the adb service.
Enable USB debugging on your device. This option is found under Settings -> Developer Options.
Connect your device to a PC, and run the following command from the PC's shell/command line:
adb tcpip 12345. Then, from your devices shell, issue the command adb connect localhost:12345 from your application. You can now disconnect the device from USB.
Alternatively, you can scan the ports on your device one by one without USB connection, using adb connect localhost:<portnum> and find the port adb service is listening to.
Authorize USB debugging from the pop up confirmation dialog, if prompted. Check the "always" checkbox to do not require this step again.
Now, when you have access to the adb service, use adb shell dumpsys ... from your application code to get whatever service dump you need.
NOTE: You don't need the DUMP permission for that to work.
The android dev team decided to stop granting these permissions to third-party apps. Only system apps can now get them.
more details:https://code.google.com/p/acra/issues/detail?id=100
It reports private values of core Android services that you would never be able to typically obtain. Official document says "Not for use by third-party applications".
Add permission on your manifest "android.permission.DUMP". I have not tried it yet but it shows on adb shell that it is missing that permission
I have added "android.permission.WRITE_SECURE_SETTINGS" in the Manifest. But still i get an error message saying - required "WRITE_SECURE_SETTINGS".
I have seen a lot of talks about this, and that this setting is prevented for third party software.
It is any other way that i can add my application can gain this permission?
I have see this adb command, but i not so familiar how to use this to add my application to my device, is below command is require root my device before it can be use because it failed to copy by Read-only file system?
adb remount
adb push app.apk /system/app/
I would like to add that WRITE_SECURE_SETTINGS permission can be granted over adb and this approach does NOT require root. Here is a command:
adb shell pm grant your.package.name android.permission.WRITE_SECURE_SETTINGS
Firstly, as you have read before, WRITE_SECURE_SETTINGS is NOT available to applications! So you cannot use this permission regardless whether you are on rooted or production builds.
So, if you wish to enable this setting, create your own firmware that does what you need and load that firmware on whatever devices you wish. Or, contribute your changes to existing firmware mods (e.g., Cyanogen).
Some other applications use techniques like Reflection using Java to gain access to functions not exposed via API, you can probably try the same.
Secondly, adb remount does not work as is with production builds unless the phone is rooted or firmware enables it by default.
I recently struggled with this very thing. My client wanted an app that would turn NFC off when the device was charging (wireless charger) and then on when it was removed from the charger. I was running KitKat on my Nexus 7, and even though I had WRITE_SECURE_SETTINGS in the Manifest, and the app in /system/app/, it would not work.
Turns out, that in 4.4 they added additional security. In 4.3 however, it works if three things are true:
Manifest has WRITE_SECURE_SETTINGS
App is in /system/app/
The package is signed by a key (any key)
I rooted the device using the awesome Nexus Root Toolkit (NRT) from http://www.wugfresh.com/nrt/ then installed BusyBox and system app mover from:
https://play.google.com/store/apps/details?id=stericson.busybox
https://play.google.com/store/apps/details?id=de.j4velin.systemappmover
I installed my custom signed APK and moved it into place using system app mover, which then restarted the device. It worked perfectly. Hope this helps.
For the api that I used, which required WRITE_SECURE_SETTINGS privileges, I had to include this in the manifest:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
...
coreApp="true"
android:sharedUserId="android.uid.system">
<uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS"/>
...
ref: https://github.com/android/platform_packages_apps_settings/blob/master/AndroidManifest.xml
I also had to run the application as a system app (under: /system/app).
Here is an how to: http://www.addictivetips.com/mobile/how-to-install-any-app-as-system-app-on-android/
I met this situation too,and then i follow the rules below:
1.add WRITE_SECURE_SETTINGS in manifest
2.make my own firmware
3.add LOCAL_CERTIRICATE := platform
Try this,
adb shell pm grant your.package.name android.permission.WRITE_SECURE_SETTINGS
I was able to fix this problem by enabling notification access.
go to settings
click on sound and notification
scroll down
click on notification access