I came across this issue in our team: We want to test interactions with the calendar and we obviously need calendar write permission in order to do this.
Is there a way to make sure necessary permissions are in place for instrument tests? I know you can virtually grant permissions on a specific avd but is there a better way of doing this?
You can grant and revoke permissions using:
adb pm grant com.package.myapp android.permission.<PERMISSION>
adb pm revoke com.package.myapp android.permission.<PERMISSION>
Update for Android Debug Bridge (adb) version 1.0.32:
You need to add shell to run these commands, e.g. ./adb shell pm grant ......
I would comment but I can't yet,
here a guide on android M permissions: http://inthecheesefactory.com/blog/things-you-need-to-know-about-android-m-permission-developer-edition/en.
In android M you need to check 2 things before doing something that requires permissions. 1. If they allowed or denied 2. If they chose deny always or not (remember my choice). Most of this is covered in the link I provided.
I don't know if you can apply this to tests but I would think so.
Related
In AppOpsManager.noteOp, it said SecurityException will be thrown
if the app has been configured to crash on this op
I can't find any information about how to do that. Is it something app developer can configure in the source code?
My bad.
It's already explained in the document of AppOpsManager
To control access the app-op can be set to a mode to:
MODE_ERRORED
Throw a SecurityException on access. This can be suppressed by using a ...noThrow method to check the mode
To set MODE_ERRORED, you can use adb shell command: cmd appops set <package> <OP> deny
While migrating one of my apps to use the Android 6.0 permissions system, I found it very hard to debug permissions using the emulator.
Findings:
Disabling a permission in the app info screen doesn't re-show the grant permission dialog when using the requestPermissions() method.
Reinstalling the app seems to be the only way to make the app show the grant permission dialog again.
What is the proper method to debug permission using the Android emulator?
It’s actually very easy to debug Android 6.0 permissions. You can reset the permissions to the "install state" for the current foreground app all apps using the following ADB shell command:
adb shell pm reset-permissions
Note: Currently you can't reset the runtime permissions for a specific package, the package manger (pm) tool help section states:
revert all runtime permissions to their default state.
You can easily execute the reset-permissions command using the terminal interface in Android Studio. Note that ADB commands only works if the ADB directory is added to the PATH system environment variable (see: add ADB to path variable).
You can also reset/revoke a specific permissions using:
adb shell pm revoke com.your.package android.permission.WRITE_EXTERNAL_STORAGE
A downside of this command is that it will restart your app, but this doesn't reset the runtime permissions for all apps. To grant a permission replace revoke with grant.
I have an application where I create a process and call the dumpsys telephony.registry command to get information about the mobile network status.
String[] cmds={"dumpsys telephony.registry"};
Process p = Runtime.getRuntime().exec(cmds [0]+"\n");
and then after that I parse the result of the command. For "ls" or other commands it works fine. For dupmsys I get Permission Denial: can't dump telephony.registry from pid-953, uid=10090. I get the same error results for dumpsys power or other dumpsys commands.
I have set DUMP permissions android.permission.DUMP in the android Manifest like suggested here
I think that I am doing this right since Android offers this feature here
I have also done the step described here to force eclipse to allow me to give my application DUMP permission in the manifest.
When I execute the dumpsys command I always get the same result
Permission Denial: can't dump telephony.registry from pid-953, uid=10090
Am I doing something wrong? Why does android OS still deny me access to the dump service ?
PS I have set min API 8 and I am testing the application on device running (ICS)
API 15
Why does android OS still deny me access to the dump service ?
Because that permission is flagged as android:protectionLevel="signature|system|development" (or signatureOrSystem using the old syntax) on Android 2.3+, and therefore cannot be held by ordinary Android SDK applications.
There's another (hacky) way to access dumpsys without rooting your device - through adb shell.
This will require allowing USB debugging, and finding the port of the adb service.
Enable USB debugging on your device. This option is found under Settings -> Developer Options.
Connect your device to a PC, and run the following command from the PC's shell/command line:
adb tcpip 12345. Then, from your devices shell, issue the command adb connect localhost:12345 from your application. You can now disconnect the device from USB.
Alternatively, you can scan the ports on your device one by one without USB connection, using adb connect localhost:<portnum> and find the port adb service is listening to.
Authorize USB debugging from the pop up confirmation dialog, if prompted. Check the "always" checkbox to do not require this step again.
Now, when you have access to the adb service, use adb shell dumpsys ... from your application code to get whatever service dump you need.
NOTE: You don't need the DUMP permission for that to work.
The android dev team decided to stop granting these permissions to third-party apps. Only system apps can now get them.
more details:https://code.google.com/p/acra/issues/detail?id=100
It reports private values of core Android services that you would never be able to typically obtain. Official document says "Not for use by third-party applications".
Add permission on your manifest "android.permission.DUMP". I have not tried it yet but it shows on adb shell that it is missing that permission
I have added "android.permission.WRITE_SECURE_SETTINGS" in the Manifest. But still i get an error message saying - required "WRITE_SECURE_SETTINGS".
I have seen a lot of talks about this, and that this setting is prevented for third party software.
It is any other way that i can add my application can gain this permission?
I have see this adb command, but i not so familiar how to use this to add my application to my device, is below command is require root my device before it can be use because it failed to copy by Read-only file system?
adb remount
adb push app.apk /system/app/
I would like to add that WRITE_SECURE_SETTINGS permission can be granted over adb and this approach does NOT require root. Here is a command:
adb shell pm grant your.package.name android.permission.WRITE_SECURE_SETTINGS
Firstly, as you have read before, WRITE_SECURE_SETTINGS is NOT available to applications! So you cannot use this permission regardless whether you are on rooted or production builds.
So, if you wish to enable this setting, create your own firmware that does what you need and load that firmware on whatever devices you wish. Or, contribute your changes to existing firmware mods (e.g., Cyanogen).
Some other applications use techniques like Reflection using Java to gain access to functions not exposed via API, you can probably try the same.
Secondly, adb remount does not work as is with production builds unless the phone is rooted or firmware enables it by default.
I recently struggled with this very thing. My client wanted an app that would turn NFC off when the device was charging (wireless charger) and then on when it was removed from the charger. I was running KitKat on my Nexus 7, and even though I had WRITE_SECURE_SETTINGS in the Manifest, and the app in /system/app/, it would not work.
Turns out, that in 4.4 they added additional security. In 4.3 however, it works if three things are true:
Manifest has WRITE_SECURE_SETTINGS
App is in /system/app/
The package is signed by a key (any key)
I rooted the device using the awesome Nexus Root Toolkit (NRT) from http://www.wugfresh.com/nrt/ then installed BusyBox and system app mover from:
https://play.google.com/store/apps/details?id=stericson.busybox
https://play.google.com/store/apps/details?id=de.j4velin.systemappmover
I installed my custom signed APK and moved it into place using system app mover, which then restarted the device. It worked perfectly. Hope this helps.
For the api that I used, which required WRITE_SECURE_SETTINGS privileges, I had to include this in the manifest:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
...
coreApp="true"
android:sharedUserId="android.uid.system">
<uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS"/>
...
ref: https://github.com/android/platform_packages_apps_settings/blob/master/AndroidManifest.xml
I also had to run the application as a system app (under: /system/app).
Here is an how to: http://www.addictivetips.com/mobile/how-to-install-any-app-as-system-app-on-android/
I met this situation too,and then i follow the rules below:
1.add WRITE_SECURE_SETTINGS in manifest
2.make my own firmware
3.add LOCAL_CERTIRICATE := platform
Try this,
adb shell pm grant your.package.name android.permission.WRITE_SECURE_SETTINGS
I was able to fix this problem by enabling notification access.
go to settings
click on sound and notification
scroll down
click on notification access
Is it possible to enable USB debugging (under settings/applications/development) programmatically from within my app?
I was looking at Permission.WRITE_SETTINGS and
http://developer.android.com/reference/android/provider/Settings.System.html,
but I couldn't find anything appropriate.
You will need root permissions to do so from an app.
That said, it is possible to enable ADB by executing the following terminal commands:
setprop persist.service.adb.enable 1
start adbd
This blog post gives an excellent example of how to execute these commands with escalated permissions through su.
First: Your app must be a system app
This line of code may help:
Settings.Global.putInt(getContentResolver(), Global.ADB_ENABLED, 1);
and you need this permission:
<uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS"/>
but after adding this permission in manifest you will get this error:
Permission is only granted to system apps
which means your app must be a system app.
It's not possible without using your own custom firmware that grants access to the security settings.
See thread here: http://groups.google.com/group/android-developers/browse_frm/thread/953c6f0eb0fa9bed#
You can enable adb programmatically by requesting WRITE_SECURE_SETTINGS in manifest and granting it over adb shell:
adb shell pm grant your.package.name android.permission.WRITE_SECURE_SETTINGS
Then you can enable adb on API 17 and above by calling:
Settings.Global.putString(mContext.getContentResolver, Settings.Global.ADB_ENABLED,"1");
For API 16 to API 3 call:
Settings.Secure.putString(mContext.getContentResolver, Settings.Secure.ADB_ENABLED,"1");
To disable adb replace "1" with "0" in commands
You need to follow these 3 steps
in the manifest put <uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS"/>
Use this command in the code to enable USB debug Settings.Secure.putInt(requireActivity().contentResolver, Settings.Global.ADB_ENABLED, 1) or Settings.Secure.putInt(requireActivity().contentResolver, Settings.Global.ADB_ENABLED, 0) to disable it
IMPORTANT Before being able to use these system API you must grant WRITE_SECURE_SETTINGS from adb running adb shell pm grant your.package.name android.permission.WRITE_SECURE_SETTINGS. The device has to be attached to the computer with USB debug active.
I developed a simple app that uses this approach to enable/disable some developer options such as Debug USB and Keep Device Screen Active https://play.google.com/store/apps/details?id=it.stzan.devtools
Disclaimer: I am the actual developer of DevTools
If your device has root, and API level > 17 for enable adb:
Runtime.getRuntime().exec(new String[] {"su", "-c", "settings put global adb_enabled 1"});
or (depends of su implementation)
Runtime.getRuntime().exec(new String[] {"su", "settings put global adb_enabled 1"});
For disable - change last argument from 1 to 0