Most of the permission checking will happened in checkPermission or checkUidPermission in current Android permission framework.
But the android.permission.INTERNET permission will not be checked in these two methods. So I wondering about the exactly checking function/method of this permission in Android.
I've checked the code.
The system permission like INTERNET or file operations will be controlled by gids with the user id. The uid without the net gid will not be able to create the socket and will return EACCES(permission denied) by linux kernel.
Related
I am trying to add "HDMI connection" check in my app.
I referred to How to check the HDMI device connection status in Android? and decided to add the checks to read /sys/devices/virtual/switch/hdmi/state or if not, /sys/class/switch/hdmi/state files.
But I am getting:
java.io.FileNotFoundException
with "Permission denied". Do we need to request some permissions for this kind of access?
Thanks,
Vinay
I stumbled across the same problem.
resolve permissions problem
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
READ should be enough but if you grand Write works the same.
resolve runtime permmision problem - if you work with API 23+ you have to ask permission on runtime.
Root device - I had to root device to access sys/class/switch/*
I want to get the location from Android, so I set a permission. But I got confused when I found another article saying:
android.permission.INTERNET is needed.
Why is it so? Does ACCESS_FINE_LOCATION include INTERNET?
INTERNET permission allows you to connect to the internet. Without it, all attempts will fail or throw an exception. FINE_LOCATION allows you to use GPS. It does not include INTERNET.
Is it necessary to use "ACCESS_NETWORK_STATE" permission to work "CONNECTIVITY_CHANGE" reciver?
When I test it with "INTERNET" permission and not "ACCESS_NETWORK_STATE" works like a charm.
Any idea or comment will be appreciated.
android.permission.INTERNET
Allows applications to open network sockets
&&
android.permission.ACCESS_NETWORK_STATE
Allows applications to access information about networks
It do requires the caller to hold the permission ACCESS_NETWORK_STATE
I'm trying to get the new ConnectivityManager.bindProcessToNetwork(Network) using ConnectivityManager.requestNetwork(NetworkRequest, ConnectivityManager.NetworkCallback)
The reason is to force the app to call the future request in some specific network, which doesn't have a internet connectivity (it's a local hardware communication network). At this point, the system is sending the requests over 3G/4G network and never reach the desired Wifi network, because this network doesn't respond the connectivity check that android call.
When I call the requestNetwork method, I receive the following error:
java.lang.SecurityException: com.xyz.app was not granted either of these permissions: android.permission.CHANGE_NETWORK_STATE, android.permission.WRITE_SETTINGS.
I try to call the new method to request permission available in Android 6.0:
requestPermissions(new String[]{Manifest.permission.CHANGE_NETWORK_STATE, Manifest.permission.WRITE_SETTINGS}, PERMISSIONS_REQUEST_WIFI);
But the callback is always PackageManager.PERMISSION_DENIED.
I put both of these permissions in the AndroidManifest.xml, without success.
Notice: The Manifest.permission.WRITE_SETTINGS is not in the Permissions Groups.
I'm not sure if this was intended by Google, but the following is the behavior I'm seeing:
CHANGE_NETWORK_STATE seems to always be denied (as noted in the comments, its a signature permission) but it also doesn't seem to matter. My ConnectivityManager network requests all seem to be gated by WRITE_SETTINGS only - so if you have WRITE_SETTINGS you don't need CHANGE_NETWORK_STATE.
As noted in comments, you do this differently than other permissions, using:
Intent goToSettings = new Intent(Settings.ACTION_MANAGE_WRITE_SETTINGS);
goToSettings.setData(Uri.parse("package:" + Context.getPackageName()));
startActivity(goToSettings);
And after that, my ConnectivityManager network requests were peachy.
To check if the permission is already granted before calling the ACTION_MANAGE_WRITE_SETTINGS activity, this answer has the solution using
Settings.System.canWrite(Context)
Can't get WRITE_SETTINGS permission
UPDATE: as of Android 6.0.1, CHANGE_NETWORK_STATE is auto granted when requested in your manifest file. The above WRITE_SETTINGS checks are only required for 6.0
This was an Android 6.0 bug. It's fixed in Android 6.0.1, requestNetwork() can be called if you request CHANGE_NETWORK_STATE in the manifest. No need to call requestPermissions(), it's a normal permission.
Short and simple question:
rooted devices can grant apps with extra permissions during runtime (using "grant permission" command using the adb , as I recall). An example for this is the ability to read system logs , which became a non-user permission starting with API16 (link here) .
Is there a list of such permissions?
The command you may be thinking of is pm grant PACKAGE PERMISSION, which can be sent to an adb-connected device using adb shell pm grant PACKAGE PERMISSION.
However, only optional permissions can be granted or revoked this way. If you try to grant a permission not requested in the app's manifest, you'll get Operation not allowed: java.lang.SecurityException: Package PACKAGE has not requested permission PERMISSION. Likewise, if you try to revoke a permission not deemed optional, you'll get Operation not allowed: java.lang.SecurityException: Can't change PERMISSION. It is required by the application. Even for a rooted device or emulator.
Now, as far as what is deemed 'optional', as well as getting a list of such permissions, that's a little unclear. However, based on some experimentation, I believe these include at least the set of permissions assigned to permission group android.permission-group.DEVELOPMENT_TOOLS. You can see which these are on a running device using pm list permissions -g. On my API 19 emulator, as well as a Nexus 7 running AOSP 4.4.4, these are:
group:android.permission-group.DEVELOPMENT_TOOLS
permission:android.permission.ACCESS_ALL_EXTERNAL_STORAGE
permission:android.permission.SIGNAL_PERSISTENT_PROCESSES
permission:android.permission.READ_LOGS
permission:android.permission.SET_ALWAYS_FINISH
permission:android.permission.WRITE_SECURE_SETTINGS
permission:android.permission.SET_PROCESS_LIMIT
permission:android.permission.CHANGE_CONFIGURATION
permission:android.permission.DUMP
permission:android.permission.SET_DEBUG_AP
If (and only if) these are declared in the manifest, then you can grant/revoke them using the above command. Note that they are not granted automatically on installation; you must issue the pm grant command. I was able to observe and confirm this by using the Settings app and seeing the reported permissions change as I granted and revoked them.
There may be other permissions that behave like this, but I haven't found them. Normal permissions like android.permission.INTERNET cannot be granted or revoked in this manner.
Addendum: Per additional question in comment section regarding pm set-permission-enforced PERMISSION: As far as I know, the only permission which currently supports this is android.permission.READ_EXTERNAL_STORAGE. I'm basing this statement on my reading of the source code, which is also consistent with my experiences using the command. The purpose of the selective enforcement setting on this permission is to allow testing of apps under pre- and post-API 19 conditions as described here.