I am currently playing around with android m's new permission system.
What i am planning is to add a screen to my in-app settings where the user can grant or revoke permissions.
The screen would look like the regular system settings screen, but will have additional information why my app needs the specific permission. This settings screen would be an addition to the regular permission handling as suggested in the Documentation.
The workflow would be:
granting permission: open the systems dialog to grant/revoke (like suggested here)
revoking permission: revoke it programmatically
So my question is, can permissions be revoked programatically?
I searched a lot, but didn't manage to get some results.
You can't do anything (at least until now). In addition, there isn't any intent action to open the activity system settings for your app. My suggestion is to open a "feature request" on the developer preview issue tracker.
You can revoke permission from ADB Shell.
if you consider writing shell script and doing all this under programatically then YES, else NO
Grant and revoke permissions
You can use new ADB package manager (pm) commands to grant and revoke permissions to an installed app. This functionality can be useful for automated testing.
To grant a permission, use the package manager's grant command:
$ adb shell pm grant <package_name> <permission_name>
For example, to grant the com.example.myapp package permission to record audio, use this command:
$ adb shell pm grant com.example.myapp android.permission.RECORD_AUDIO
To revoke a permission, use the package manager's revoke command:
$ adb shell pm revoke <package_name> <permission_name>
Starting API 33 (Android 13) you can programmatically revoke previously granted runtime permissions via the revokeSelfPermissionOnKill APIs. E.g.
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
context.revokeSelfPermissionOnKill(Manifest.permission.POST_NOTIFICATIONS)
}
Triggers the asynchronous revocation of a runtime permission. If the
permission is not currently granted, nothing happens (even if later
granted by the user).
There is also a function which takes a collection of multiple permissions to revoke.
Be sure to also put a version code guard around this as there currently doesn't seem to be a warning in the IDE. Unfortunately this hasn't been added to ContextCompat yet.
No Programmatically it is not possible in Android M Preview with new permissions Model.
But Manually you can do as given.
revoke permissions manually
for some special permission like SYSTEM_ALERT_WINDOW.
you need this :
adb shell appops set <package_name> SYSTEM_ALERT_WINDOW allow
Related
A device owner can grant runtime permissions to a third-party app using DevicePolicyManager.setPermissionGrantState() to avoid user prompts.
But is there any way for a device owner to grant USB permissions as well, so that this app gets access to plugged USB devices without user prompt ?
I've tried to call UsbManager.grantPermission() (with reflection) but it raises a SecurityException since it requires the MANAGE_USB permission which is granted only to system apps (and not to device owner, obviously).
NB: I'm looking for a solution working on a non-root & non-custom Android system, the device owner app is set using Android Enterprise provisioning methods.
There is a special system config to disable USB permission dialogs:
https://github.com/aosp-mirror/platform_frameworks_base/blob/8ff4a5a5b510e724b25ac00369696594bb0c9fdc/core/res/res/values/config.xml#L2283
Maybe you can also change it at runtime with root privileges using setprop.
Another way is to customize the UsbUserSettingsManager class, specifically this method: https://android.googlesource.com/platform/frameworks/base.git/+/master/services/usb/java/com/android/server/usb/UsbUserSettingsManager.java#178
I assumed that as a device owner you have full control over your ROM source code.
It's a bit old, but hopefully it helps s.o. else.
I've been using this for granting permission to apps
public boolean setPermissionGrantState (ComponentName admin,
String packageName,
String permission,
int grantState)
Link: https://developer.android.com/reference/android/app/admin/DevicePolicyManager#setPermissionGrantState(android.content.ComponentName,%20java.lang.String,%20java.lang.String,%20int)
I am trying to make a form where people can toggle notifications on and off. I figured the easiest way to do that would be set the permissions to allow or deny but I can't figure out how to remove the permission once it has been granted.
I am triggering the initial permission request by doing the following in android and not too sure what I will do with iOS as it requests the permissions somewhat automatically.
string rec = "android.c2dm.intent.RECEIVE";
string reg = "android.c2dm.intent.REGISTRATION";
ActivityCompat.RequestPermissions(Plugin.CurrentActivity.CrossCurrentActivity.Current.Activity, new string[] { rec, reg },0);
I essentially would like a page that has a few Switch controls to enable/disable permissions.
any help would be greatly appreciated.
Thanks,
There's no built in method for you to toggle a permission (ie, allow, then disallow), but you could do it if your app can run an adb command.
To undo a permission:
adb shell pm revoke <package_name> <permission_name>
https://stackoverflow.com/a/32683390/6668797
To run an adb command within your app, a couple of variations, but all involve:
Process process = Runtime.getRuntime().exec("your command")
how to run adb shell commands from android code?
Is it possible to execute adb commands through my android app?
I am trying to upgrade my app's targetSDK to above 23 and I've run into a small problem. I have an activity that binds traffic to Wifi (to measure the network speed to the router, even if the router is not connected to the internet). In order for that to happen my app needs the CHANGE_NETWORK_STATE permission. That permission is usually granted directly if declared in the manifest. On Android 6.0 (exact, this was fixed in 6.0.1 IIRC) CHANGE_NETWORK_STATE is broken and won't be granted so you need the WRITE_SETTINGS permission instead. I've implemented a way for Android 6.0 Users to grant that permission but when I want to test my Activity using espresso I am unable to do so. Permissions are granted to tests by adding something like
#Rule
public GrantPermissionRule runtimePermissionRule = GrantPermissionRule.grant(Manifest.permission.CHANGE_NETWORK_STATE);
to the TestCase. That worked in other places in the app but for this I get
junit.framework.AssertionFailedError: Failed to grant permissions, see logcat for details in my test results. In logcat I find E/GrantPermissionCallable: Permission: android.permission.WRITE_SETTINGS cannot be granted! or the same with CHANGE_NETWORK_STATE, I've tried granting both and they both don't work. Is there any other way for me to grant the permission in the testing environment? Or am I unable to test this activity on 6.0 devices from now on?
I managed to get around this by granting the permission using UiAutomator and the shell appops command:
Instrumentation instrumentation = getInstrumentation();
UiDevice device = UiDevice.getInstance(instrumentation);
String targetPackageName = instrumentation.getTargetContext().getPackageName();
if (Build.VERSION.SDK_INT >= 23) {
String shellCommand = String.format("appops set %s WRITE_SETTINGS allow", targetPackageName);
device.executeShellCommand(shellCommand);
}
Because WRITE_SETTINGS is a sensitive permission, you won't be able to grant it using GrantPermissionRule in API 23. You will likely end up needing to use UIAutomator in your tests to select the appropriate response in the permissions management screen.
I want to create an app to turn on/turn off Android developer mode. This will be on a rooted device. What api's do need to call?
I know i am answering it very late but i will surely help other who are searching on this.
To enable developer options programatically :
Settings.Global.putString(this.getContentResolver(), Settings.Global.DEVELOPMENT_SETTINGS_ENABLED, "1");
To disable :
Settings.Global.putString(this.getContentResolver(), Settings.Global.DEVELOPMENT_SETTINGS_ENABLED, "0");
But to access this Settings.Global... , it requires a permission
android.permission.WRITE_SECURE_SETTINGS
But normally , This permission is only granted to system app
You can also grant this permission to user app using ADB
Since you said your app would be running on a rooted deice , so have access to the shell , so you can grant this permission to your app by running the below shell command
pm grant <your.package.name> android.permission.WRITE_SECURE_SETTINGS
I don't think it is possible. Since it is part of the Settings.Secure.
Secure system settings, containing system preferences that applications can read but are not allowed to write. These are for preferences that the user must explicitly modify through the system UI or specialized APIs for those values, not modified directly by applications.
Short and simple question:
rooted devices can grant apps with extra permissions during runtime (using "grant permission" command using the adb , as I recall). An example for this is the ability to read system logs , which became a non-user permission starting with API16 (link here) .
Is there a list of such permissions?
The command you may be thinking of is pm grant PACKAGE PERMISSION, which can be sent to an adb-connected device using adb shell pm grant PACKAGE PERMISSION.
However, only optional permissions can be granted or revoked this way. If you try to grant a permission not requested in the app's manifest, you'll get Operation not allowed: java.lang.SecurityException: Package PACKAGE has not requested permission PERMISSION. Likewise, if you try to revoke a permission not deemed optional, you'll get Operation not allowed: java.lang.SecurityException: Can't change PERMISSION. It is required by the application. Even for a rooted device or emulator.
Now, as far as what is deemed 'optional', as well as getting a list of such permissions, that's a little unclear. However, based on some experimentation, I believe these include at least the set of permissions assigned to permission group android.permission-group.DEVELOPMENT_TOOLS. You can see which these are on a running device using pm list permissions -g. On my API 19 emulator, as well as a Nexus 7 running AOSP 4.4.4, these are:
group:android.permission-group.DEVELOPMENT_TOOLS
permission:android.permission.ACCESS_ALL_EXTERNAL_STORAGE
permission:android.permission.SIGNAL_PERSISTENT_PROCESSES
permission:android.permission.READ_LOGS
permission:android.permission.SET_ALWAYS_FINISH
permission:android.permission.WRITE_SECURE_SETTINGS
permission:android.permission.SET_PROCESS_LIMIT
permission:android.permission.CHANGE_CONFIGURATION
permission:android.permission.DUMP
permission:android.permission.SET_DEBUG_AP
If (and only if) these are declared in the manifest, then you can grant/revoke them using the above command. Note that they are not granted automatically on installation; you must issue the pm grant command. I was able to observe and confirm this by using the Settings app and seeing the reported permissions change as I granted and revoked them.
There may be other permissions that behave like this, but I haven't found them. Normal permissions like android.permission.INTERNET cannot be granted or revoked in this manner.
Addendum: Per additional question in comment section regarding pm set-permission-enforced PERMISSION: As far as I know, the only permission which currently supports this is android.permission.READ_EXTERNAL_STORAGE. I'm basing this statement on my reading of the source code, which is also consistent with my experiences using the command. The purpose of the selective enforcement setting on this permission is to allow testing of apps under pre- and post-API 19 conditions as described here.