Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Android permissions protection levels 18 and 50

Tags:

java

android

When I do a dump of all permissions on all apps on a Nexus 7 I get (as expected) permissions with protection levels 0 (NORMAL), 1 (DANGEROUS), 2 (SIGNATURE). Nothing is logging under 3 (SIGNATURE_OR_SYSTEM)*.

But there are also a lot of permissions whose protection level is set at '18' and some that are '50'.

I can't find any documentation on what these values represent. Does anybody know?

*It's not logging anything under 3.

These are what was logged:

android.permission.ACCESS_CACHE_FILESYSTEM - 18
android.permission.ACCESS_CHECKIN_PROPERTIES - 18
android.permission.ACCESS_DOWNLOAD_MANAGER - 18
android.permission.ACCESS_DOWNLOAD_MANAGER_ADVANCED - 18
android.permission.ACCESS_MTP - 18
android.permission.ALLOW_ANY_CODEC_FOR_PLAYBACK - 18
android.permission.BACKUP - 18
android.permission.BIND_APPWIDGET - 18
android.permission.BIND_DIRECTORY_SEARCH - 18
android.permission.BIND_KEYGUARD_APPWIDGET - 18
android.permission.BIND_REMOTEVIEWS - 18
android.permission.BIND_WALLPAPER - 18
android.permission.CALL_PRIVILEGED - 18
android.permission.CHANGE_COMPONENT_ENABLED_STATE - 18
android.permission.CHANGE_CONFIGURATION - 18
android.permission.CONNECTIVITY_INTERNAL - 18
android.permission.CONTROL_LOCATION_UPDATES - 18
android.permission.CRYPT_KEEPER - 18
android.permission.DELETE_CACHE_FILES - 18
android.permission.DELETE_PACKAGES - 18
android.permission.DOWNLOAD_CACHE_NON_PURGEABLE - 18
android.permission.GLOBAL_SEARCH - 18
android.permission.INSTALL_LOCATION_PROVIDER - 18
android.permission.INSTALL_PACKAGES - 18
android.permission.MANAGE_USB - 18
android.permission.MANAGE_USERS - 18
android.permission.MASTER_CLEAR - 18
android.permission.MODIFY_APPWIDGET_BIND_PERMISSIONS - 18
android.permission.MODIFY_NETWORK_ACCOUNTING - 18
android.permission.MODIFY_PHONE_STATE - 18
android.permission.MOUNT_FORMAT_FILESYSTEMS - 18
android.permission.MOUNT_UNMOUNT_FILESYSTEMS - 18
android.permission.MOVE_PACKAGE - 18
android.permission.PACKAGE_USAGE_STATS - 18
android.permission.PACKAGE_VERIFICATION_AGENT - 18
android.permission.PERFORM_CDMA_PROVISIONING - 18
android.permission.READ_FRAME_BUFFER - 18
android.permission.READ_NETWORK_USAGE_HISTORY - 18
android.permission.READ_PRIVILEGED_PHONE_STATE - 18
android.permission.REBOOT - 18
android.permission.RECEIVE_DATA_ACTIVITY_CHANGE - 18
android.permission.RECEIVE_EMERGENCY_BROADCAST - 18
android.permission.RETRIEVE_WINDOW_CONTENT - 18
android.permission.SEND_SMS_NO_CONFIRMATION - 18
android.permission.SERIAL_PORT - 18
android.permission.SET_TIME - 18
android.permission.SET_WALLPAPER_COMPONENT - 18
android.permission.SHUTDOWN - 18
android.permission.STATUS_BAR - 18
android.permission.STOP_APP_SWITCHES - 18
android.permission.UPDATE_DEVICE_STATS - 18
android.permission.UPDATE_LOCK - 18
android.permission.WRITE_APN_SETTINGS - 18
android.permission.WRITE_GSERVICES - 18
android.permission.WRITE_MEDIA_STORAGE - 18
com.android.chrome.TOS_ACKED - 18
com.android.launcher.permission.PRELOAD_WORKSPACE - 18
com.android.vending.TOS_ACKED - 18
com.android.vending.billing.ADD_CREDIT_CARD - 18
com.android.vending.billing.BILLING_ACCOUNT_SERVICE - 18
com.google.android.c2dm.permission.SEND - 18
com.google.android.gallery3d.permission.GALLERY_PROVIDER - 18
com.google.android.gtalkservice.permission.SEND_HEARTBEAT - 18
com.google.android.partnersetup.permission.UPDATE_CLIENT_ID - 18
com.google.android.permission.BROADCAST_DATA_MESSAGE - 18
com.google.android.providers.gsf.permission.WRITE_GSERVICES - 18
com.google.android.xmpp.permission.BROADCAST - 18
com.google.android.xmpp.permission.XMPP_ENDPOINT_BROADCAST - 18

android.permission.CHANGE_CONFIGURATION - 50
android.permission.DUMP - 50
android.permission.INTERACT_ACROSS_USERS - 50
android.permission.READ_LOGS - 50
android.permission.SET_ALWAYS_FINISH - 50
android.permission.SET_ANIMATION_SCALE - 50
android.permission.SET_DEBUG_APP - 50
android.permission.SET_PROCESS_LIMIT - 50
android.permission.SIGNAL_PERSISTENT_PROCESSES - 50
android.permission.WRITE_SECURE_SETTINGS - 50
like image 222
Dan MacBean Avatar asked Nov 22 '12 14:11

Dan MacBean


People also ask

What are protection levels in Android permissions?

The three permission protection levels in Android are as follows: Normal Permissions. Signature Permissions. Dangerous Permissions.

What is dangerous permissions in Android?

Runtime permissions, also known as dangerous permissions, give your app additional access to restricted data, and they allow your app to perform restricted actions that more substantially affect the system and other apps.

Which is the strongest permission level in Android ecosystem?

3. Signature permissions signify the highest privilege; they can only be obtained if the requesting app is signed with the device manufacturer's certificate.

Which are the three protection levels that affect third party apps?

There are three protection levels that affect third-party apps: normal, signature, and dangerous permissions.


2 Answers

Just saw an old unanswered question. Although you might already get your answer, I'll answer it anyway. It may help others. :)

there are also a lot of permissions whose protection level is set at '18' and some that are '50'.

The following code is retrieved from PermissionInfo.java in Android Source:

/**
 * Additional flag for {@link #protectionLevel}, corresponding
 * to the <code>system</code> value of
 * {@link android.R.attr#protectionLevel}.
 */
public static final int PROTECTION_FLAG_SYSTEM = 0x10;

/**
 * Additional flag for {@link #protectionLevel}, corresponding
 * to the <code>development</code> value of
 * {@link android.R.attr#protectionLevel}.
 */
public static final int PROTECTION_FLAG_DEVELOPMENT = 0x20;

So if there is a signature/system permission, the level would be 18(0x10 | 0x2). If the permission use used for special development tools, it would be 50(0x10 | 0x20 | 0x2).

I can't find any documentation on what these values represent. Does anybody know?

As I answered in an existing question, you can checked the protection level and the description of these permissions in frameworks/base/core/res/AndroidManifest.xml and frameworks/base/data/etc/platform.xml. I post some of them here for your reference.

<!-- Configure an application for debugging. -->
<permission android:name="android.permission.SET_DEBUG_APP"
    android:permissionGroup="android.permission-group.DEVELOPMENT_TOOLS"
    android:protectionLevel="signature|system|development"
    android:label="@string/permlab_setDebugApp"
    android:description="@string/permdesc_setDebugApp" />

<!-- @hide Package verifier needs to have this permission before the PackageManager will
     trust it to verify packages.
-->
<permission android:name="android.permission.PACKAGE_VERIFICATION_AGENT"
    android:label="@string/permlab_packageVerificationAgent"
    android:description="@string/permdesc_packageVerificationAgent"
    android:protectionLevel="signature|system" />

If there is a @hide annotation on that xml block, you cannot find any resources from documentation about this permission.

like image 137
StarPinkER Avatar answered Oct 27 '22 01:10

StarPinkER


The development permission 0x20 that composes the ones you are referring to are a set of permissions introduced by Google to be used during Android development and they are never granted by the PackageManager automatically. To be able to use them you must grant using adb shell pm grant permission .

You can see the code that does that and the change that was introduced by Google on this 02/21/2012 commit.

like image 33
Alexandre Marcondes Avatar answered Oct 27 '22 00:10

Alexandre Marcondes