Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Which permissions can be granted to rooted devices?

Short and simple question:

rooted devices can grant apps with extra permissions during runtime (using "grant permission" command using the adb , as I recall). An example for this is the ability to read system logs , which became a non-user permission starting with API16 (link here) .

Is there a list of such permissions?

like image 658
android developer Avatar asked Dec 30 '13 06:12

android developer


People also ask

How do I grant root permissions?

In most versions of Android, that goes like this: Head to Settings, tap Security, scroll down to Unknown Sources and toggle the switch to the on position. Now you can install KingoRoot. Then run the app, tap One Click Root, and cross your fingers. If all goes well, your device should be rooted within about 60 seconds.

What is root permission?

Rooting allows the user to obtain privileged access to a phone. It does not allow a user to install a new OS (custom firmware or custom ROM) or recovery image, and it doesn't allow a phone that locked to a certain carrier to be used on another one. Related operations allow these.

What is device permission?

You can allow some apps to use various features on your phone, such as your camera or contacts list. An app will send a notification to ask for permission to use features on your phone, which you can Allow or Deny. You can also change permissions for a single app or by permission type in your phone's Settings.

Is rooted device safe?

If you installed a modified (rooted) version of Android on your device, you lose some of the security protection provided by Google. Important: If you signed up for the Advanced Protection Program, using a modified version of Android can compromise Advanced Protection's security features.


1 Answers

The command you may be thinking of is pm grant PACKAGE PERMISSION, which can be sent to an adb-connected device using adb shell pm grant PACKAGE PERMISSION.

However, only optional permissions can be granted or revoked this way. If you try to grant a permission not requested in the app's manifest, you'll get Operation not allowed: java.lang.SecurityException: Package PACKAGE has not requested permission PERMISSION. Likewise, if you try to revoke a permission not deemed optional, you'll get Operation not allowed: java.lang.SecurityException: Can't change PERMISSION. It is required by the application. Even for a rooted device or emulator.

Now, as far as what is deemed 'optional', as well as getting a list of such permissions, that's a little unclear. However, based on some experimentation, I believe these include at least the set of permissions assigned to permission group android.permission-group.DEVELOPMENT_TOOLS. You can see which these are on a running device using pm list permissions -g. On my API 19 emulator, as well as a Nexus 7 running AOSP 4.4.4, these are:

group:android.permission-group.DEVELOPMENT_TOOLS
  permission:android.permission.ACCESS_ALL_EXTERNAL_STORAGE
  permission:android.permission.SIGNAL_PERSISTENT_PROCESSES
  permission:android.permission.READ_LOGS
  permission:android.permission.SET_ALWAYS_FINISH
  permission:android.permission.WRITE_SECURE_SETTINGS
  permission:android.permission.SET_PROCESS_LIMIT
  permission:android.permission.CHANGE_CONFIGURATION
  permission:android.permission.DUMP
  permission:android.permission.SET_DEBUG_AP

If (and only if) these are declared in the manifest, then you can grant/revoke them using the above command. Note that they are not granted automatically on installation; you must issue the pm grant command. I was able to observe and confirm this by using the Settings app and seeing the reported permissions change as I granted and revoked them.

There may be other permissions that behave like this, but I haven't found them. Normal permissions like android.permission.INTERNET cannot be granted or revoked in this manner.

Addendum: Per additional question in comment section regarding pm set-permission-enforced PERMISSION: As far as I know, the only permission which currently supports this is android.permission.READ_EXTERNAL_STORAGE. I'm basing this statement on my reading of the source code, which is also consistent with my experiences using the command. The purpose of the selective enforcement setting on this permission is to allow testing of apps under pre- and post-API 19 conditions as described here.

like image 140
Paul Ratazzi Avatar answered Oct 11 '22 07:10

Paul Ratazzi