Hi,
Move the thread if it is on wrong place.
Is it possible on system (Android) to set some flags like read,execution, write ( the ones who u can change on linux with chmod) on each application so u let them use some permissions and others not (even if the application says the aplication has this permissions). I mean system will check if you have granted some permission to certain app. The target is that u can install all application u want with all kind of permisions and once u have installed u let them use only the permisions u want.
Excuse my english (im learning).
Probably not 'coz it has potential to seriously mess up your phone/apps. Certain permissions are required for some apps to work properly though it may not be obvious to you.
The system doesn't not have a filter set up to check if each and every app is using the permissions listed when it's being installed. And if you were going to install an app with such ability, you do realize that the app will have access to everything on your phone, can you trust any app for that?
MilkPudding said:
Probably not 'coz it has potential to seriously mess up your phone/apps. Certain permissions are required for some apps to work properly though it may not be obvious to you.
The system doesn't not have a filter set up to check if each and every app is using the permissions listed when it's being installed. And if you were going to install an app with such ability, you do realize that the app will have access to everything on your phone, can you trust any app for that?
Click to expand...
Click to collapse
I think u didnt understand. Obvious and app who require cost of money permissions and u deny his permission on operative system it may wont work properly.
What i say is if it is possible only that some apis/script or whatever application use permissions are somehow controlled by users. It could be done (i think) by several users on operative system that can be access some scripts/apis (permissions) and u make chown to the apps depend of permissions u want them to access.
Someone who know more than me can teach me a little and tell me if it is possible?
P.D.Excuse my english. Im learning. You can send me a MP with my english errors so i can learn faster. Thx.
My answer would be no cause the developer designs the app that way
Sent from my SGH-T959 using XDA App
Diamond_dawg said:
My answer would be no cause the developer designs the app that way
Sent from my SGH-T959 using XDA App
Click to expand...
Click to collapse
It has nothing to do with developer. It has to do with the OS.
I have been looking for information and it seems every app has a user on the system , so it would be easy changing this user to different group depend on the permissions u want to have it.
Any expert here who know something?
heres some info:
you have to differentiate between system memory starting at / (root) and the sdcard.
Every app has read/write/execute permission on the sdcard, if you set <use permission write external storage>, if not they can't do anything there.
On the directories at / like system/data/cache etc. you can change permissions through common linux commands like chmod.
Keep in mind that changing rights with chmod is sometimes not enough as for example /system is read only, and would have to be remounted to be writeable.
Dark3n said:
heres some info:
you have to differentiate between system memory starting at / (root) and the sdcard.
Every app has read/write/execute permission on the sdcard, if you set <use permission write external storage>, if not they can't do anything there.
On the directories at / like system/data/cache etc. you can change permissions through common linux commands like chmod.
Keep in mind that changing rights with chmod is sometimes not enough as for example /system is read only, and would have to be remounted to be writeable.
Click to expand...
Click to collapse
Yes, but what i like to know is if you can change android permissions of an application, not read/write/execute of system unix. I mean for example and application that has permision to make calls and expend money, and after install u change this user application that system has just created to another group who cant make calls.
My english is too bad and i dont know if u understand what i mean.
Related
Hi all,
I am trying to write an app that requires the Android permission WRITE_SECURE_SETTINGS which I know is only granted to system apps so I want to have my app push a second apk to /system/app and install after a reboot (via "su" so I understand device will need to be rooted). I can get the apk into /system/app and install fine. Then I use my first app to send messages to the helper that can use
Code:
Settings.Secure.putInt()
because the helper is a system app, which is how I imagine the excellent app Secure Settings does it.
The problem I have is that when the helper tries to call
Code:
Settings.Secure.putInt()
it crashes and I see logs saying the permission WRITE_SECURE_SETTINGS is not being given to my app (the helper).
Is it correct that only apk's signed with the system keys can have this permission? If I manage to sign my apk with these keys, will it work on any device from any manufacturer?
I'd love to know how Secure Settings does it and I've asked the devs, but I understand they wont want to give too much away.
Thanks
Got it working with using WRITE_SECURE_SETTINGS and not needing signing with system keys.
Coming along fantastic now.
???
Can you tell us how you got it working? I'm trying to turn airplane mode on and off, and need WRITE_SECURE_SETTINGS to work on 4.2 and above.
nexus_2006 said:
Can you tell us how you got it working? I'm trying to turn airplane mode on and off, and need WRITE_SECURE_SETTINGS to work on 4.2 and above.
Click to expand...
Click to collapse
Yes, would be nice to help others also
aww this thread is the first result on google
Hey guys,
This is the wrong place forum, but I like you guys, so I will ask you a question
Say there is an app that requires root (in this case Cisco AnyConnect rooted version), but I do not want to have root access enabled from within Android OS. Is there a way to install the app with automatic root access? E.g. by flashing it from within the recovery?
Thanks,
Su
Do it need root access or system permissions ?
If it needs root, you must have "su" in android OS.
If it needs system permisssions, you could push it in /system/app/ or /system/priv-app/ (more access than /system/app/)
Hmm, from the description, it seems like root access... ah well, from the CM11 SuperUser settings, seems like it is possible to automatically deny root access to all requests, and only allow selected apps.
Perhaps this is a better way to set up the device...
Sumanji said:
Hmm, from the description, it seems like root access... ah well, from the CM11 SuperUser settings, seems like it is possible to automatically deny root access to all requests, and only allow selected apps.
Perhaps this is a better way to set up the device...
Click to expand...
Click to collapse
every app that wants SU permission should be prompting you the first time to allow or deny it.
if any app gets SU permission without you allowing it, something is wrong.
what i dont understand is, you said the phone is NOT rooted, then mentioned cm11. if you are running cm11, your phone is already rooted.
Hi
I recently rooted my phone and started using a few "root only" apps.
When I look at app permissions and let's say it example says that it can access "Phone" and "Other". By other it means root.
Does that actually gives it permission to anything? So if I accept the permissions "Phone" and "Other" it can actually access my camera too (just an example) or do I understand the root access wrong?
Thanks in advance
what i understand if an apps ask for a root permission, the apps will ask for the permission to read/write in a secure area, eg : /data, /etc
It is different from the permission of using camera, message, etc like when we install apps from playstore.
dubay.yabud said:
what i understand if an apps ask for a root permission, the apps will ask for the permission to read/write in a secure area, eg : /data, /etc
It is different from the permission of using camera, message, etc like when we install apps from playstore.
Click to expand...
Click to collapse
Thanks. Was what I was curious about. As I understood root, as the app could do whatever it wanted to.
No. It is not as you think. By allowing an app root permission, it means you're allowing it to do more than controlling limited applications. It can do more than that. And dont worry it wont damage your phone because everything has its limit but yeah be careful of what you're doing as sometimes you can risk your phone if you(not by allowing an app root permissions) but by using it after giving it root permission. So be careful and know what you're doing.
Please press the thanks button if you think I helped
If an application is signed with the system signing keys and installed into system-priv does that application have root privileges? Does it have access to all permissions and have the ability to run shell scripts as root?
Thanks
cbrammer said:
If an application is signed with the system signing keys and installed into system-priv does that application have root privileges? Does it have access to all permissions and have the ability to run shell scripts as root?
Thanks
Click to expand...
Click to collapse
Yes, it certainly does...
Thank you !
cbrammer said:
If an application is signed with the system signing keys and installed into system-priv does that application have root privileges? Does it have access to all permissions and have the ability to run shell scripts as root?
Thanks
Click to expand...
Click to collapse
Not strictly "root" permissions. It has access to "system" and "signatureOrSystem" permissions, which are the highest Android permissions available.
They shouldn't be able to violate the Android sandbox however (i.e. read data from other apps etc), but will have access to do many privileged operations.
pulser_g2 said:
Not strictly "root" permissions. It has access to "system" and "signatureOrSystem" permissions, which are the highest Android permissions available.
They shouldn't be able to violate the Android sandbox however (i.e. read data from other apps etc), but will have access to do many privileged operations.
Click to expand...
Click to collapse
Great answer, thank you! Does it have access to running commands like `pm install ...`, `settings put ...` ?
cbrammer said:
Great answer, thank you! Does it have access to running commands like `pm install ...`, `settings put ...` ?
Click to expand...
Click to collapse
Yes, it can install apps without prompting the user (that's how Google play do it I believe).
You don't need to use the shell commands for this though - you can call the internal APIs when you are signature or system. Check the source for ideas of how to do it. For example the settings app is a good place to figure out how to change system settings in the global settings store, and there are APIs available for this.
I guess he does not need to install root
Hey all, long time no see. Anyways, I'd like to be able to do quite a few adb commands without actually using adb here locally on the device. So I was curious and started thinking, could you use adb to grant a terminal emulator app (i.e. Termux, the one I use) permissions such as DUMP and WRITE_SECURE_SETTINGS, or whatever else it may need to perform certain commands like clear cache and install apps. I obviously don't have root (Dag on US Carriers). Maybe I don't have a great understanding of what these permissions do? Any help is appreciated.
Unfortunately you cannot just pop into adb and try to give the app the permission, as termux doesn't request it. Termux:API does not as well. I saw somewhere over on Github some guy edited the source of Termux:API and added more APIs to use, I just don't know how to compile an app from source)
Thanks,
Gavin
Craz Basics said:
Hey all, long time no see. Anyways, I'd like to be able to do quite a few adb commands without actually using adb here locally on the device. So I was curious and started thinking, could you use adb to grant a terminal emulator app (i.e. Termux, the one I use) permissions such as DUMP and WRITE_SECURE_SETTINGS, or whatever else it may need to perform certain commands like clear cache and install apps. I obviously don't have root (Dag on US Carriers). Maybe I don't have a great understanding of what these permissions do? Any help is appreciated.
Unfortunately you cannot just pop into adb and try to give the app the permission, as termux doesn't request it. Termux:API does not as well. I saw somewhere over on Github some guy edited the source of Termux:API and added more APIs to use, I just don't know how to compile an app from source)
Thanks,
Gavin
Click to expand...
Click to collapse
Terminal Emulator is the same thing as ADB shell(adb shell, not the normal adb), anything that can be done from PC using ADB shell can also be done using Terminal Emulator app, the commands are the same except the "adb" or "adb shell" part is removed from the command.
For example "adb reboot recovery" would instead be "reboot recovery" or "adb shell dumpstate" would instead be "dumpstate".
Some commands might not work or might need other protocols, parameters or switches added to the command.
But, unfortunately, you can't set Termux or any other app to have access to change or pull anything from system without root, if you don't have root, you're wasting your time. You cant change anything about the system without root unless you have TWRP, it can do whatever it wants to do and the device can't stop it.
Sent from my LGL84VL using Tapatalk
Droidriven said:
Terminal Emulator is the same thing as ADB shell(adb shell, not the normal adb), anything that can be done from PC using ADB shell can also be done using Terminal Emulator app, the commands are the same except the "adb" or "adb shell" part is removed from the command.
For example "adb reboot recovery" would instead be "reboot recovery" or "adb shell dumpstate" would instead be "dumpstate".
Some commands might not work or might need other protocols, parameters or switches added to the command.
But, unfortunately, you can't set Termux or any other app to have access to change or pull anything from system without root, if you don't have root, you're wasting your time. You cant change anything about the system without root unless you have TWRP, it can do whatever it wants to do and the device can't stop it.
Click to expand...
Click to collapse
I understand it's the same thing, and I'm not wanting to change anything related to the system. I'm wanting to do commands such as install apps and clear data. It gives me errors when I try and do this, because I don't have permission. If I am understanding correctly, you can decompile an app, add in the appropriate APIs for the permission, and recompile it. This way you won't get an error when you try to give it a permission (adb shell pm grant com.termux android.permission.WRITE_SECURE_SETTINGS). It tells me the app doesn't request this permission.
Craz Basics said:
I understand it's the same thing, and I'm not wanting to change anything related to the system. I'm wanting to do commands such as install apps and clear data. It gives me errors when I try and do this, because I don't have permission. If I am understanding correctly, you can decompile an app, add in the appropriate APIs for the permission, and recompile it. This way you won't get an error when you try to give it a permission (adb shell pm grant com.termux android.permission.WRITE_SECURE_SETTINGS). It tells me the app doesn't request this permission.
Click to expand...
Click to collapse
If you want the app to be able to access those permissions then you need to push the app to /system to make it a system app, apps outside of system can't access those permissions.
After moving the app to system, boot to recovery and wipe only the cache partition(if you have custom recovery, wipe dalvik cache also), then reboot the device.
But, unfortunately, you aren't rooted so it isn't an option for you, you need to root your device.
But even that won't help, see here:
https://stackoverflow.com/questions...-permission-error-even-when-added-in-manifest
Sent from my LGL84VL using Tapatalk
Droidriven said:
If you want the app to be able to access those permissions then you need to push the app to /system to make it a system app, apps outside of system can't access those permissions.
After moving the app to system, boot to recovery and wipe only the cache partition(if you have custom recovery, wipe dalvik cache also), then reboot the device.
But, unfortunately, you aren't rooted so it isn't an option for you, you need to root your device.
Click to expand...
Click to collapse
Take SystemUI Tuner from the Play Store for example, it requires those permissions to do its thing. It does NOT need to be a system app to utilize them, they just need to be granted manually via adb. Greenify does this as well.
As for root, I would if I could. Verizon Note 9 is locked down like Fort Knox.
Craz Basics said:
Take SystemUI Tuner from the Play Store for example, it requires those permissions to do its thing. It does NOT need to be a system app to utilize them, they just need to be granted manually via adb. Greenify does this as well.
Click to expand...
Click to collapse
Yes, some apps can access that permission, but it's built into the app, it isn't just granted via adb or terminal. Read some of the link that I posted above. As far as I knew, accessing secured settings/permissions required root and/or unlocked bootloader, but, things always change. Granted, over the years, things change and trickier things have to be done get mods and apps to do certain things without root, but it's not quite changing/accessing the system.
Sent from my LGL84VL using Tapatalk
Droidriven said:
Yes, some apps can access that permission, but it's built into the app, it isn't just granted via adb or terminal. Read some of the link that I posted above. As far as I knew, accessing secured settings/permissions required root and/or unlocked bootloader, but, things always change. Granted, over the years, things change and trickier things have to be done get mods and apps to do certain things without root, but it's not quite changing/accessing the system.
Click to expand...
Click to collapse
Just took a look, strange. Greenify and SystemUI Tuner are considered 3rd party, correct? Maybe it's it's something with their signature? (I don't know much about signatures either)
And yes I'm aware you have to add it into the app, the app requests it and you can grant it via adb.
Think my question is answered now anyway, no lol. Thanks for your responses man.