I have a content provider and a test application both signed with a debug key. The client receives a content normally if permissions are not applied, but I want to apply permissions to the stuff. So the following lines are added into the content provider's manifest file:
<permission android:name="org.example.provider.READ"
android:permissionGroup="org.example.group.DATA_ACCESS"
android:label="#string/readonlyaccess"
android:protectionLevel="signature" />
<application
...
<provider android:name=".ImageContentProvider"
android:authorities="org.example.provider"
android:readPermission="org.example.provider.READ" />
In the client's manifest file the following line is added:
<uses-permission android:name="org.example.provider.READ" />
When I try to get the data from the provider, I get the error:
09-13 22:38:20.995: E/AndroidRuntime(13979): java.lang.RuntimeException: Unable to start activity ComponentInfo{com.example.hello/com.example.hello.HelloActivity}: java.lang.SecurityException: Permission Denial: reading org.example.ImageContentProvider uri content://org.example.provider/file from pid=13979, uid=10040 requires org.example.provider.READ
Am I missing something, or is it related to the fact that the applications are signed by debug key? How to solve the problem? I saw a suggestion to add uses-permission to the provider as well, but this does not help either. NB. This is checked inside emulator, if this can be of any importance.
I found a related question throws SecurityException when signing with the default debug keystore, but it does not provide actual solution.
Yes, it works with debug keystores, at least the last time I tried it.
I would have the <permission> element in both apps. If you installed the <uses-permission> one first, and then installed the <permission> one, you would run into problems. The permission needs to be defined before the <uses-permission> is encountered, and the simplest way to do that is to put the <permission> in both.
Related
I am trying to create a new release of my Codename One app for Android. When I upload the APK to the Google Play Console, I get an error that my APK uses android.permission.READ_PHONE_STATE and that I do need a privacy policy to be able to use that permission.
In the Codename One blog I read:
android.permission.READ_PHONE_STATE - is triggered by com.codename1.ads package, com.codename1.components.Ads, com.codename1.components.ShareButton, com.codename1.media, com.codename1.push, Display.getUdid() & Display.getMsisdn(). This permission is required for media in order to suspend audio playback when you get a phone call.
But my app does not use ads, does not use sharing, does not use media, does not use push and does not use UDID nor MSISDN. Hence, I have no clue why I would need this permission (which indeed is present in the generated APK).
How can I prevent this permission being added to the APK (or how can I detect why this permission is added).
#
#Sat Sep 28 17:12:49 BST 2019
codename1.vendor=Frans van Gool
codename1.displayName=S\u00F3 Verbos
codename1.icon=/C\:/EclipseData/JustVerbs/GaloDeBarcelos.png
codename1.arg.java.version=8
codename1.languageLevel=5
codename1.secondaryTitle=S\u00F3 Verbos
codename1.version=1.20
codename1.mainName=Main
codename1.ios.certificatePassword=
codename1.arg.ios.newStorageLocation=true
codename1.rim.signtoolDb=
libVersion=212
codename1.ios.certificate=
codename1.android.keystorePassword=**************
codename1.j2me.nativeTheme=nativej2me.res
codename1.rim.signtoolCsk=
codename1.android.keystore=/C\:/eclipseData/JustVerbs/keychain.ks
codename1.android.keystoreAlias=justverbs
codename1.rim.certificatePassword=
codename1.ios.provision=
codename1.packageName=nl.griffelservices.justverbs
Apparently this works (this text has always been here - not sure why it was hidden)
<uses-permission tools:node="remove" android:name="android.permission.READ_PHONE_STATE" />
<uses-permission tools:node="remove" android:name="android.permission.READ_PHONE_STATE" />
see:
https://facebook.github.io/react-native/docs/removing-default-permissions
(apparently this link no longer works)
I have implemented it but have not tried it (many moons later - I have tried it and it does work). I did not know one could remove permissions in the manifest - first of all I never expected they would get added!
Is is possible to make content provider read-only? I know that this question was asked few times but according to all of them (eg. this) I have to write my own custom write permission.
<permission android:name="com.test.WRITE_DATABASE" android:protectionLevel="normal" />
<permission android:name="com.test.READ_DATABASE" android:protectionLevel="normal" />
//...
<provider
android:authorities="xxx"
android:name="xxx"
android:exported="true"
android:readPermission="com.test.READ_DATABASE"
android:writePermission="com.test.WRITE_DATABASE" />
But hacker could decompile my app and look inside manifest file and then he can easily write his own app with:
<uses-permission android:name="com.test.WRITE_DATABASE" />
So it's almost useless...
I have several apps to use one Content Provider inside my main application. Only this application should have write permission - other should only read from this database. Any ideas how to solve this?
See documentation about permissions here: https://developer.android.com/guide/topics/manifest/permission-element.html
Answer to your question is a android:protectionLevel property of a permission. You can set it to signature so only applications that signed with same key will be able to request this permissions.
In Appcelerator Titanium, I've build a simple one-page app that adds Roman Numerals. As best as I can tell, it has no need to ask for any permissions.
However, my friend testing the app told me it asks for access to the network and in the build/android/ directory the AndroidManifest.xml file includes these lines:
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
There's nothing in the tiapp.xml file requesting these permissions and I started with a stock, blank project and don't import any modules or widgets.
Where did these permission requests originate? How do I get rid of them?
All the info I can find discusses how to add or request a permission, but nothing explains how to ensure unnecessary permissions don't show up in the generated AndroidManifest.xml.
It is quite possible that those permissions are defined in one of the Android Libraries used by your app. Android build system provides tools to control how manifest merge is done. Try disabling manifest merge for <uses-permission/> elements of your app's manifest. See Merge Multiple Manifest Files docs.
Have a look at the builder.py (.titanium/mobilesdk/linux/5.3.0.GA/android/builder.py) somewhere around line 982. There you'll find the default permissions for Android. You can try to remove them and see if you have any errors. Make sure to disable the analytics first!
permissions don't seem to make any difference...
In the manifest, I have only one <uses-permission> (permission.INTERNET), and I have two <permission> elements:
<permission android:name="myapp.permission.READ"
android:permissionGroup="myapp.permission-group.MYAPP_DATA"
android:label="#string/perm_read"
android:description="#string/perm_read_summary"
android:protectionLevel="signature" />
<permission android:name="myapp.permission.WRITE"
android:permissionGroup="myapp.permission-group.MYAPP_DATA"
android:label="#string/perm_write"
android:description="#string/perm_write_summary"
android:protectionLevel="signature" />
And then there is the provider:
<provider
android:name=".data.DataProvider"
android:multiprocess="true"
android:authorities="myapp.data.DataProvider"
android:readPermission="myapp.permission.READ"
android:writePermission="myapp.permission.WRITE" />
Right now, I have normal access to the ContentProvider, and it works just fine.
Why does it work if I didn't enforce with <uses-permission>?
Shouldn't it be needed also in the app where the provider is
declared?
Adding <uses-permission> with my own permissions make no difference. The permissions are not even listed in the app info. Why?
ps.: yes, I've read questions here on SO and on Google Groups (ones with Hackborn answering, too). I've followed (as you can see) what is described everywhere, but still... You could say that it's working, but the point is exactly that I want to see when it doesn't.
Shouldn't it be needed also in the app where the provider is declared?
AFAIK, your own app holds all your own permissions that you declare. Third parties would need <uses-permission>.
The permissions are not even listed in the app info. Why?
See above.
You could say that it's working, but the point is exactly that I want to see when it doesn't.
Write another app, in its own package, to test your permissions.
I got a well known security exception:
java.lang.SecurityException: Sending SMS message: User 1001 does not have android.permission.SEND_SMS
I added the following line to the android manifest file:
<uses-permission android:name="android.permission.SEND_SMS" />
But even when I do this I got the same exception.
This has possibly something to do with the shared user id I use:
android:sharedUserId="android.uid.phone", so here my question:
When I use a shared user id (from a system application), can I add my own permissions to the manifest file.
additional information:
I used the same certificate as the system, else I couldn't use the same user id as a system application.
Thanks in advance for your answers and remarks!
I know this question is old but I just had the same problem in 2019 and only found this un-answered question. I too was tinkering with with android:process & android:sharedUserId to let two apps use the same process and I too got a permissions-error that had previously not occurred before I started tinkering. I always got:
Neither user 10003 nor current process has android.permission...
What solved it for me was to perform a factory reset.