I'm looking into android HAL and try to understand how the apps grant permission to access the sensor or hardware. The case is, I do not root my device(I can, but I won't), so if you want to tell me root the device or modify init.rc file, please save your time, thanks.
I did some tests.
I tried to directly get access to some sensors or hardwares in JAVA code, like new FileOutputStream("/dev/XXX"), failed.
I tried to use JNI, like, fd = open("/dev/XXX", O_RDWR, 0), failed.
I guess both of them above are permission denied.
I used the sample named "native-activity" under NDK directory. It's a pure C code. And finally get the value from the sensors.
So I don't know in the case 3, how and when this "native-activity" app grant the permission, which is able to get the value from sensors.
I may misunderstand something. Correct me if you think there is something wrong. Thanks
Related
I need some help. I have an app that is mostly written in native C code. I use the __system_property_get(const char * name, char * value) method to read the serial nr. of the device at various points in my native code. With Android 8 I always get a "Access denied" message now.
libc: Access denied finding property "ro.serialno"
Is there a way for me to still be able to read the serial nr. in Android 8? I tried switching to targetSDKversion < 26 but it still gives me a "Access denied" message. I do get the correct values if I use Java with Build.SERIAL (regardless of SDK version) and Build.getSerial() in SDK version 26 if I grant the READ_PHONE_STATE permission. But I cannot read these values in Java and pass them to the native code without a huge rewrite of the native code.
Any help?
I met this problem too. Finally I find the root cause of the problem. In Android O, SELinux sets a lot of limitations in system property. In this case, There is a neverallow to limit read serial number except some domain in whitelist.
For more specific information, you can read code in system/sepolicy/public/domain.te:
neverallow {
domain
-adbd
-dumpstate
-hal_drm
-init
-mediadrmserver
-recovery
-shell
-system_server
} serialno_prop:file r_file_perms;
If you have the hand on AOSP:
Put android:sharedUserId="android.uid.system" to AdnroidMainfest
Run app like system_app.
Change in Android.mk. LOCAL_MODULE_PATH := $(TARGET_OUT)/app.
Or you can duplicate the property.
I think you did not call it on the UI thread, so this error occur.
If you call it on non-ui thread, you should create opengl context at first.
Currently, this is my first time going into kernel modifications and such, so please be gentle with me as I'm learning as I go!
Any who, I've been wanting for some time to allow creation of raw packets for my rooted android phone (nexus 5). I've learned about the AOSP, and started diving into perhaps building the kernel itself to allow the CAP_NET_RAW privilege to the root user, or apps that request root permission.
I've found the functions extern bool capable(int cap); (<linux/capability.h> and <kernel/capability.c>), which calls the function ns_capable (<linux/capability.h> and <kernel/capability.c>). This function is used to check the CAP_NET_RAW capability a lot. However, now I'm stuck. Is there a header I can change somewhere, that would allow CAP_NET_RAW for the user group that I specify? Or will I need to add code myself to allow for this capability (and if so, has there been anyone who has posted a solution to this before me?).
I want to read the status file of all processes in an Android system. I check the permission of /proc/pid/status files, it is -r-r-r-, seems like it could be read from every user, and I have turn seAndroid off.
In shell, it works fine, but when I read the file in an application (.apk), it always return "no such file". I think maybe it is the permission issue, but I don't know why, what blocks an application from reading this file.
I am trying to open a socket in the android source code. Specifically, right now, I am in the DisplayDevice.cpp file, but the location of the socket code may change. Right now after I do:
int fd = socket(AF_INET, SOCK_STREAM, 0);
fd gets returned as -1, and when i check the error message it is listed as Permission Denied. I have looked around a lot for this, most answers involve adding the internet permission to the AndroidManifest file. This will not work for me as the code I am adding is inside of the android source code.
I was wondering if there is a way to bypass the permission denied. Or if there is a better way to do this/ a different type of socket to use(right now I am using sockets from
Thank you.
It is quite natural that you get Permission Denied error. This is simply because you don't have correct permission :). Check out android permission model!
Imagine a scenario like a normal user in an operating system and you write a program which tries to open a socket like yours. You would most probably face the same problem, depending on where the named socket is to be created.
As you are trying to create the socket in DisplayDevice.cpp (compiling android from the source), you may be interested in compiling the source as a superuser. Here is a solution posted by m-ric (I have never tested it).
Some useful pointers/references in similar direction and which I found useful during research on this enthralling topic are:
https://android.stackexchange.com/questions/18857/how-to-build-compile-su-from-source
execv command => http://code.google.com/p/superuser/source/browse/trunk/su/su.c?r=2#169
https://github.com/ChainsDD/su-binary
http://e2e.ti.com/support/omap/f/849/p/178679/648158.aspx#648158
A video from Google I/O 2011 http://www.youtube.com/watch?v=5yorhsSPFG4
I need to be able to toggle the GPS receiver on and off, and WRITE_SECURE_SETTINGS is required to be able to access secure settings. I've searched around quite a bit, and every answer I saw pretty much said that no app outside of the system/firmware can get that permisssion.
However, that is simply untrue. There are several apps on the market that do exactly what I'm trying to (in regards to GPS), but there are a bunch more that have the WRITE_SECURE_SETTINGS permissions. For example:
Extended Controls
SwitchPro
Profile Flow
So, how can this be done?
I need to be able to toggle the GPS receiver on and off
For privacy reasons, if nothing else, enabling or disabling any sort of location-tracking needs to be solely in the hands of the user via trusted applications, not at the request of arbitrary third parties.
So, if you wish to enable and disable GPS, create your own firmware that does what you need and load that firmware on whatever devices you wish. Or, contribute your changes to existing firmware mods (e.g., Cyanogen).
WRITE_SECURE_SETTINGS is required to be able to access secure settings
Correct.
I've searched around quite a bit, and every answer I saw pretty much said that no app outside of the system/firmware can get that permisssion.
Correct.
However, that is simply untrue.
No, it's pretty true.
There are several apps on the market that do exactly what I'm trying to (in regards to GPS)
They found a security loophole. I will take steps to help ensure this hole gets fixed.
but there are a bunch more that have the WRITE_SECURE_SETTINGS permissions
No, there are a bunch who ask for them. You can ask for whatever permission you want. What you ask for is what shows up in these listings. What you get is a different story.
Try this adb command, this will give permission at application run time
adb shell pm grant package android.permission.WRITE_SECURE_SETTINGS
Step to follow:
Connect your device (Make sure USB Debugging enabled)
Execute above adb command
Install apk
It worked for me...
Just this. You can access the widget that every mobile have.
public void ativaGPS() {
LocationManager locationManager = (LocationManager)getSystemService(Context.LOCATION_SERVICE);
if (!locationManager.isProviderEnabled(LocationManager.GPS_PROVIDER)) {
Intent intent = new Intent();
intent.setClassName("com.android.settings", "com.android.settings.widget.SettingsAppWidgetProvider");
intent.addCategory(Intent.CATEGORY_ALTERNATIVE);
intent.setData(Uri.parse("3"));
sendBroadcast(intent);
}