Android has lots of permission as default, http://developer.android.com/reference/android/Manifest.permission.html
My question is am I able to define my own created permission? If yes how can I define and implement it?
Declaring and Enforcing Permissions
To enforce Permissions there are many functions like Context.checkCallingPermission() , Context.checkPermission() to check whether the Application has the specified permission.
Related
I have to merge an old project to lollipop version and add checking permissions at runtime in the whole files project . It is tough! But I notice that not all permissions invoke security exception.
Should I check all the permissions who are in the manifest at runtime ? Otherwise How to distinguish between permissions who invoke security Exception and the other who do not ?
Any help or information would be appreciated !
Thank you in advance
There are two main types of permissions, Normal and Dangerous permissions.
Normal permissions cover areas where your app needs to access data or
resources outside the app's sandbox, but where there's very little
risk to the user's privacy or the operation of other apps.
Dangerous permissions cover areas where the app wants data or resources that involve the user's private information, or could
potentially affect the user's stored data or the operation of other
apps.
You need runTime permission model for all the Dangerous Permissions. Here is a list of all this Dangerous Permissions https://developer.android.com/guide/topics/permissions/requesting.html#perm-groups.
from marshmallow the permission are set at run time here you get all dangerous permission u need to handle runtime
https://developer.android.com/guide/topics/permissions/requesting.html
We make some libraries that clients implement in their apps and now we are looking to update them to support Android 6.0 new permissions model.
My question is if there is any way to request dangerous permissions in runtime from our libraries (mostly static classes) instead of asking the client to request those permissions prior to using our libraries.
I have been messing with it but it just seems not possible for me, looks like it has to be made from an Activity which we do not have.
Am I right or is there any way to do it?
Thanks in advance.
looks like it has to be made from an Activity which we do not have.
Correct. That is because the permission-request logic depends heavily on startActivityForResult() and onActivityResult(), wrapped to handle permission requests.
Plus, requesting permissions needs to be tightly tied into the overall application flow, and a UI-less library will have no way of knowing whether it is appropriate to be attempting to request a permission at this time.
You are welcome to check whether you have the permission, via ContextCompat.checkSelfPermission(), as that has no UI. So, you might use this to check, at the entry point(s) of your library, whether you have the requisite permissions to do your work, rather than just let the SecurityException or whatever happen.
Google official library for android runtime permissions both java & kotlin
Library name: EasyPermissions
Java-library
Kotlin-library
I am going through the documentation for the contentprovider "exported" attribute here
Can someone pleas explain what does this statement mean :
You can set android:exported="false" and still limit access to your provider by setting permissions with the permission attribute
I always thought with exported=false, none of the external apps can access the provider. But the above statement seems contradictory.
Thanks,
Your understanding of exported = false is right. It will block access to the contentProvider to everyone.
However, with right permissions (read/write) you can create 'exceptions' so that only apps with permissions will be able to access the content Provider even if it is blocked for every other app.
also, read this question
I think that is just a typo. And what it means is that you can 'allow access' by setting it to true and that you can use permissions to limit what applications can access the content provider.
I'll look into this, since I help teach this material... (will update)
From what I uderstand, there is no way to do something like
if(have certain permission){
//do something that requires the permission
}
where the application can request optional permissions.
For example I want to track usage of my app only if the user accepts to being tracked. But still allow the user to download and use the app with tracking disabled if he dosen't agree.
Is this at all possible ? If not, what is the reasoning behind not supporting this feature ?
EDIT: to clarify, Im referring to Android permissions, like using the camera or looking at the contact list.
According to the Android documentation:
The permissions required by an application are declared statically in
that application, so they can be known up-front at install time and
will not change after that.
User needs to be informed about the permissions while installing the application. Asking them at run time would be a security risk. A rouge application can use clickjacking to make user accept the permission..
If your are really talking about Android permissions, such as camera. Use the :
http://developer.android.com/guide/topics/manifest/uses-feature-element.html
<uses-feature android:name="android.hardware.camera" android:required="false" />
This means the app can also be used on a device which does not have a camera.
For your example (asking the user permission to track him/her)
You can do this with any language you want. Because your permission is not something like Android permissions.
Just ask the user a question, with a checkbox. Save the value of the checkbox (using SharedPreferences) and use the value in your if statement.
For instance, let's take android.permission.GET_PACKAGE_SIZE.
Searching for this string in Android 1.6 *.xml source files only points to a single application that uses it, frameworks\base\tests\AndroidTests.
So the next step is to search through the .java files in a hope that I'll eventually find the code that might look like it queries for package size.
Is this the supposed way of discovering permission use?
The Manage Applications UI uses the API protected by this permission. It probably doesn't request the permission in its manifest because it runs as the system user ID so is implicitly getting the permission.
For applications in general, yes you can look at their AndroidManifest.xml to find the permissions. This is complicated by shared user IDs, which allow multiple applications to run as the same uid, and thus share permissions; any such app requesting a permission grants that permission to all such apps. The settings app, which has the Manage Applications UI, uses the "system" shared user ID so gets all such permissions available to the system.
Generally speaking, you find out what permissions you need because they are referenced from APIs you want to use, normally in the docs, occasionally by exceptions.
Conversely, if a given permission is not cited in the docs, except where it is named (e.g., on Manifest.permission), then it is probably a system permission that you are ineligible to hold unless you are working on alternative firmware.
And, if you are working on alternative firmware, you'd be well-versed in searching the source code. I use Google Code Search, personally, such as this search for your desired permission.
So, in the case of GET_PACKAGE_SIZE, the only place you find it in the docs is in Manifest.permission, and the only place the source code requires it is in a non-SDK method, so I suspect you cannot hold it.
Just check the docs.
GET_PACKAGE_SIZE : Allows an
application to find out the space used
by any package.
http://developer.android.com/reference/android/Manifest.permission.html
EDIT
I may have mis-understood the question. If you want to know what code is using a permission value. Then you will in fact have to dig through the source yourself.