4

I am creating an android app for media box. The box is rooted. I have to bypass permissions (run time permission too) because user will not be interacting with the device. I tried to push the apk in system/priv-app folder also to make it system app. Still, whenever my app is launched, it asks for permissions. Is there any way to bypass permissions in rooted device? I have used following commands to push the APK to priv-app folder.

adb remount
adb push apk-filename-here /system/app/
adb shell chmod 644 /system/app/apk-filename-here
adb reboot

App seems to be like system app because it is not uninstallable now. But permission problem is still there. Is anything extra required to be done to grant all permissions? Please help.

I tried bypass android usb host permission confirmation dialog also but this seems to be a very old story now.

Phantômaxx
  • 37,901
  • 21
  • 84
  • 115
Prashant Sharma
  • 81
  • 1
  • 7

1 Answers1

7

Some permissions are signature-level, meaning they can't be granted unless your app is signed with the same key used to sign the rest of the system. If you need any of these, there's very little you can do, unless the relevant APIs have shell-command alternatives.

Other permissions are privileged-level, meaning they're only granted if the app is located in /system/priv-app/. You haven't mentioned which permissions you're using, but I recommend putting your app in priv-app instead of app anyway. If this device is on Lollipop or later, apps should have a sub-folder inside priv-app (eg /system/priv-app/SomeApp/SomeApp.apk).

The third type is app-op permissions. These aren't runtime permissions, but they can be granted with a shell command:

cmd appops set <PACKAGE> <OP> <MODE>

For example, to grant the SYSTEM_ALERT_WINDOW permission:

cmd appops set com.some.package android:system_alert_window allow

The fourth type is runtime/development permissions. Both can be granted with the following:

pm grant <PACKAGE> <PERMISSION>

For example, to grant WRITE_EXTERNAL_STORAGE:

pm grant com.some.package android.permission.WRITE_EXTERNAL_STORAGE

You can check which type your permissions are by looking at the platform AndroidManifest.xml. Find your permission and check the protectionLevel field.

  • signature means signature
  • privileged means privileged
  • development means development
  • dangerous means runtime
  • normal permissions will be automatically granted

Certain permissions, like WRITE_SECURE_SETTINGS have multiple protection levels: signature|privileged|development.

If any of those conditions is met, Android will grant the permission to your app. With WSS, you could either put the app in priv-app or use pm grant. Either way will get you access.

If a permission's protection levels have both appops and development, such as PACKAGE_USAGE_STATS, be careful. Using cmd appops will grant that permission for certain functions, while pm grant will for others.

TheWanderer
  • 16,775
  • 6
  • 49
  • 63
  • Thanks for your reply. Here is the list of permissions required in the app: WRITE_EXTERNAL_STORAGE, MANAGE_USB, ACCESS_FINE_LOCATION and ACCESS_NETWORK_STATE. – Prashant Sharma Oct 29 '18 at 14:56
  • So look those up in the manifest and use the appropriate action to grant them, if possible. – TheWanderer Oct 29 '18 at 14:57
  • Thanks but i am still having the same issue. Even if I put my app in priv-app folder, It asks for "Privileged" permission. "MANAGE_USB" permission belongs to "Privileged" group. So, it should be granted automatically. But, the same is not happening in my case. Do i have to explicitly grant permission in that case also? – Prashant Sharma Oct 29 '18 at 16:00
  • It asks for it? It's not a runtime permission and you can't grant it yourself. – TheWanderer Oct 29 '18 at 16:03