Hi I'm a newbie for Android... Please throw some light on the following issue..
I have a file created by a linux application (written in C) with S_IRWXU|S_IRWXG permission and the file belongs to root user and root group.
Now I'd like to read/write to this file as an Android application as a different user (say app_41). It is not possible for the android application because it has no permission for the file.
What is the best way to implement this (without allowing "others" permission to the file/folder)?
The reason is that I have a daemon written in C that creates and manages named pipes for other process use. I'm trying to write to the named pipe from Android application (using native code) and I don't have the right permission to do it.
I won't be surprised, if someone says... "Hey it is very simple.. do this..."
Thanks for your help!!
I figured out a solution and it works... Please let me know if anyone has any better solution..
For an android application to share a file owened by a root process, we need to do the following
Make the Android application to belong to "system" user using
android:sharedUserId="android.uid.system"
Let the other platform process (owning the file) remain as root, but add it to the group "system".
Now the question is how do I add a process to the group "system".. One quick thing that comes to our mind is to add the process to init.rc and use the "group" keyword and start it. But Android doesn't allow it to happen.
To add the process to group "system" the process has to request the groupid from inside the process. That is, use the setgid(1000) system call from inside the process to add it to the group "system"..
And it works great!
Related
I am trying to execute an fopen() function on a file that is given permissions only to "shell" from a native (C++) application that is triggered from a service on my Android application. When I run the native code as a PIE from the shell, I am able to open the file for reading, but if I try from the Android application, it fails to open the file as the Android application is run in a different user space and so I am not able to open the file. My question is, is it possible to run the command as a "shell" user or a child of "shell" from the Android application. I want to be able to do this without rooting the device so su is out of question.
You can't change the user ID of your app without a rooted device. If you could, the security model wouldn't be very useful. If your app needs access to the file, you will need to grant appropriate permissions.
The other common workaround is to have a service, running as the "shell" user, whose job is to open the file and hand back a file descriptor. The tricky part is that you need a way to launch that service as the "shell" user, which brings us back to needing "su".
FWIW, the situation is the same whether you're coding in Java or C++.
hi everybody
i need some help please does anyone know how can i put this in my manifest tag in androidmanifest.xml file:
android:sharedUserId="android.uid.system"
==>because when i do the deployment failed .
and how can i use this permission :
<uses-permission android:name="android.permission.FORCE_STOP_PACKAGES" />
==>because xamarin studio tell me it's a unknown permission
to use this:
ActivityManager am = (ActivityManager)GetSystemService (Context.ActivityService);
am.forceStopPackage(PACKAGE_NAME);
_Any help will be appreciated _
Setting the sharedUserId to android.id.system actually means declaring your app to belong to the system. You cannot do that unless your app is actually signed with the system certificate. In order to get that certificate, you would have to negotiate with the manufacturer of the device. The only possibility you would actually be able to get the system key is running a firmware on your device that you built and signed yourself.
ActivityManager.forceStopPackage() is reserved for system applications and there is no chance to use it in a user-space application.
You can find various explanations on the Internet and on SO, e.g. here: Android Permission Denial: forceStopPackage()
If your goal is to quite your app, I would direct you to this question:
Is quitting an application frowned upon?
Which sums up how and why you might close your own application.
Actually terminating the application is near impossible, but sending it to the back ground or finishing all activities gets the similar effect of being gone from the screen. This is by design and is explained in the article
To close other applications is either a ROOT only or system specific. So your application could request root permission on android if available. Otherwise, I believe it is possible to negotiate a app with some root access through google play but I assume it is very complicated.
I have been trying to figure this out on the web with no information whatsoever as to what this actually does. The Google Manifest information says:
Allows an application to set the maximum number of (not needed) application processes that can be running.
I am thinking this is not a third party app permission but I need to be sure, its for our embedded device.
My guess is that this limits the number of processes that one application can have open when calling android:process=".RemoteActivity" in the manifest.
Anyone? Thank you.
It's a development/debug intended permisson. And just do what it says. Remember that when you run an app, android creates a process for all it's activities. This is, if you start opening the different activities of your application, you use the same process. However, Android let's you choose if an activity uses the main process or another new one. That's why this permission exists.
Sources:
http://developer.android.com/guide/topics/fundamentals/processes-and-threads.html
http://developer.android.com/reference/android/Manifest.permission.html#SET_PROCESS_LIMIT
I'm new in Android. I have an Idea to enrich user's knowledge whilst installing a desired application.
the idea is developing an application that can analyze .apk file of the application to check if it's over-privileged or not. and inform the user if this application which he's trying to install is over-privileged or not.
but since there's already a mechanism from Android which asks user's consent to grant whatever permission the application requests, I'm not sure if my application can somehow intervene this mechanism, postpone it, pause it or it can not.
I'm not sure if my application can somehow intervene this mechanism, postpone it, pause it
None of these are possible, sorry. You are welcome to create your own custom firmware that has this feature, but you cannot create this capability via an SDK application, for obvious security reasons.
I am not far from where you are ~ the entire mechanization you seek is based on an xml file in the "root" of the installation - it is called AndroidManifest.xml = all permission based issues should begin original first efforts on that file:
The AndroidManifest.xml File
Every application must have an AndroidManifest.xml file (with precisely that name) in its root directory. The manifest presents essential information about the application to the Android system, information the system must have before it can run any of the application's code. Among other things, the manifest does the following: .....
the "app-store" web based distribution system is supposed to pick that up and not only make some decisions on what to present to the user but as well differentiate to some extent what to do in the matter but as I just got a Droid-X emulator available in my installation I can tell you for a fact that "versioning" is subject to oversimplification as we cannot rely on users being tech-geeks
Part of my application, I create an Android Service, which encapsulate a Native code library. The Android Service is running in its own process.
I need the Native code from the Android service to access and write in the private data from the installation folder (/data/data/package folder).
Is that possible?
Looks like the native code is getting a Write Access error.
In the same line, can this Service access the SD Card directory at "/mnt/sdcard/Android/data/ ?
It looks also that the native code gets an access error.
Any confirmation will help
thanks
eric
For both questions: Yes.
Your Service is part of your application, same process as Activities and other parts of app. It can access app's private folder, correctly determined by:
getPackageManager().getPackageInfo("com.example.app", 0).applicationInfo.dataDir;
Also it can write to SD card, assuming you have permission in manifest:
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
You probably wrongly assume that your service runs in different process than rest of app. It's still the same process, native code doesn't make difference.