Re: [android-developers] Application permissions

[Dianne Hackborn]

There are unfortunately a lot of internal permissions that we forgot to
remove from the SDK prior to 1.0, and haven't had time since then to clean
up.

Also there are a number of permissions (BIND_DEVICE_ADMIN) that are there
not for an app to use, but for it to require to ensure secure interaction
with the system.  These permissions generally have a brief doc saying this,
and more extensive docs in the related platform APIs:

http://developer.android.com/reference/android/Manifest.permission.html#BIND_DEVICE_ADMIN

http://developer.android.com/reference/android/app/admin/DeviceAdminReceiver.html

Third party apps can't get signature or signatureOrSystem permissions,
period.  I don't know why you call out those 4 permissions as being ones you
think are system only...  all the permissions on your list as far as I can
see are protection level 2 or 3, which is signature or signatureOrSystem.

On Thu, Aug 5, 2010 at 11:40 AM, doug <doug_a...@yahoo.com> wrote:

> Hello,
>
> I wrote a test to check what kind of permissions are allowed to an
> application.  A test run in the emulator shows the following error:
>
> 08-05 17:57:46.129: WARN/PackageManager(52): Not granting permission
> android.permission.ACCESS_CHECKIN_PROPERTIES to package XXXX
> (protectionLevel=3 flags=0x7e44)
> 08-05 17:57:46.129: WARN/PackageManager(52): Not granting permission
> android.permission.ACCESS_SURFACE_FLINGER to package XXXX
> (protectionLevel=2 flags=0x7e44)
> 08-05 17:57:46.129: WARN/PackageManager(52): Not granting permission
> android.permission.ACCOUNT_MANAGER to package XXXX (protectionLevel=2
> flags=0x7e44)
> 08-05 17:57:46.139: WARN/PackageManager(52): Not granting permission
> android.permission.BIND_APPWIDGET to package XXXX (protectionLevel=3
> flags=0x7e44)
> 08-05 17:57:46.139: WARN/PackageManager(52): Not granting permission
> android.permission.BIND_INPUT_METHOD to package XXXX
> (protectionLevel=2 flags=0x7e44)
> 08-05 17:57:46.149: WARN/PackageManager(52): Not granting permission
> android.permission.BRICK to package XXXX (protectionLevel=2
> flags=0x7e44)
> 08-05 17:57:46.149: WARN/PackageManager(52): Not granting permission
> android.permission.BROADCAST_PACKAGE_REMOVED to package XXXX
> (protectionLevel=2 flags=0x7e44)
> 08-05 17:57:46.149: WARN/PackageManager(52): Not granting permission
> android.permission.BROADCAST_SMS to package XXXX (protectionLevel=2
> flags=0x7e44)
> 08-05 17:57:46.149: WARN/PackageManager(52): Not granting permission
> android.permission.BROADCAST_WAP_PUSH to package XXXX
> (protectionLevel=2 flags=0x7e44)
> 08-05 17:57:46.149: WARN/PackageManager(52): Not granting permission
> android.permission.CALL_PRIVILEGED to package XXXX (protectionLevel=3
> flags=0x7e44)
> 08-05 17:57:46.158: WARN/PackageManager(52): Not granting permission
> android.permission.CHANGE_COMPONENT_ENABLED_STATE to package XXXX
> (protectionLevel=2 flags=0x7e44)
> 08-05 17:57:46.158: WARN/PackageManager(52): Not granting permission
> android.permission.CLEAR_APP_USER_DATA to package XXXX
> (protectionLevel=2 flags=0x7e44)
> 08-05 17:57:46.158: WARN/PackageManager(52): Not granting permission
> android.permission.CONTROL_LOCATION_UPDATES to package XXXX
> (protectionLevel=3 flags=0x7e44)
> 08-05 17:57:46.158: WARN/PackageManager(52): Not granting permission
> android.permission.DELETE_CACHE_FILES to package XXXX
> (protectionLevel=2 flags=0x7e44)
> 08-05 17:57:46.158: WARN/PackageManager(52): Not granting permission
> android.permission.DELETE_PACKAGES to package XXXX (protectionLevel=3
> flags=0x7e44)
> 08-05 17:57:46.170: WARN/PackageManager(52): Not granting permission
> android.permission.DEVICE_POWER to package XXXX (protectionLevel=2
> flags=0x7e44)
> 08-05 17:57:46.170: WARN/PackageManager(52): Not granting permission
> android.permission.DIAGNOSTIC to package XXXX (protectionLevel=2
> flags=0x7e44)
> 08-05 17:57:46.170: WARN/PackageManager(52): Not granting permission
> android.permission.FACTORY_TEST to package XXXX (protectionLevel=2
> flags=0x7e44)
> 08-05 17:57:46.180: WARN/PackageManager(52): Not granting permission
> android.permission.FORCE_BACK to package XXXX (protectionLevel=2
> flags=0x7e44)
> 08-05 17:57:46.180: WARN/PackageManager(52): Not granting permission
> android.permission.GLOBAL_SEARCH to package XXXX (protectionLevel=3
> flags=0x7e44)
> 08-05 17:57:46.180: WARN/PackageManager(52): Not granting permission
> android.permission.HARDWARE_TEST to package XXXX (protectionLevel=2
> flags=0x7e44)
> 08-05 17:57:46.180: WARN/PackageManager(52): Not granting permission
> android.permission.INJECT_EVENTS to package XXXX (protectionLevel=2
> flags=0x7e44)
> 08-05 17:57:46.190: WARN/PackageManager(52): Not granting permission
> android.permission.INSTALL_LOCATION_PROVIDER to package XXXX
> (protectionLevel=3 flags=0x7e44)
> 08-05 17:57:46.190: WARN/PackageManager(52): Not granting permission
> android.permission.INTERNAL_SYSTEM_WINDOW to package XXXX
> (protectionLevel=2 flags=0x7e44)
> 08-05 17:57:46.190: WARN/PackageManager(52): Not granting permission
> android.permission.MANAGE_APP_TOKENS to package XXXX
> (protectionLevel=2 flags=0x7e44)
> 08-05 17:57:46.190: WARN/PackageManager(52): Not granting permission
> android.permission.MASTER_CLEAR to package XXXX (protectionLevel=3
> flags=0x7e44)
> 08-05 17:57:46.199: WARN/PackageManager(52): Not granting permission
> android.permission.READ_FRAME_BUFFER to package XXXX
> (protectionLevel=2 flags=0x7e44)
> 08-05 17:57:46.199: WARN/PackageManager(52): Not granting permission
> android.permission.READ_INPUT_STATE to package XXXX (protectionLevel=2
> flags=0x7e44)
> 08-05 17:57:46.199: WARN/PackageManager(52): Not granting permission
> android.permission.REBOOT to package XXXX (protectionLevel=2
> flags=0x7e44)
> 08-05 17:57:46.209: WARN/PackageManager(52): Not granting permission
> android.permission.SET_ACTIVITY_WATCHER to package XXXX
> (protectionLevel=2 flags=0x7e44)
> 08-05 17:57:46.209: WARN/PackageManager(52): Not granting permission
> android.permission.SET_ORIENTATION to package XXXX (protectionLevel=2
> flags=0x7e44)
> 08-05 17:57:46.209: WARN/PackageManager(52): Not granting permission
> android.permission.STATUS_BAR to package XXXX (protectionLevel=3
> flags=0x7e44)
> 08-05 17:57:46.209: WARN/PackageManager(52): Not granting permission
> android.permission.UPDATE_DEVICE_STATS to package XXXX
> (protectionLevel=2 flags=0x7e44)
> 08-05 17:57:46.219: WARN/PackageManager(52): Not granting permission
> android.permission.WRITE_GSERVICES to package XXXX (protectionLevel=2
> flags=0x7e44)
> 08-05 17:57:46.219: WARN/PackageManager(52): Not granting permission
> android.permission.WRITE_SECURE_SETTINGS to package XXXX
> (protectionLevel=3 flags=0x7e44)
>
>
> However, a search of SDK doc revealed that only the following
> permissions are reversed to the system:
>
> ACCOUNT_MANGER
> BIND_DEVICE_ADMIN (Level 8)
> BIND_INPUT_METHOD
> BIND_WALLPAPER (Level 8)
>
> This brings up 2 questions:
>
> (1) Why did the emulator deny other permissions in addition to those 4
> system ones?
> (2) How could an app get the system permission?  If this can only be
> done by building a custom Android like an OEM build, where in the
> Android platform does it check for system-level permission?
>
> Thanks,
> doug
>
> --
> You received this message because you are subscribed to the Google
> Groups "Android Developers" group.
> To post to this group, send email to android-developers@googlegroups.com
> To unsubscribe from this group, send email to
> android-developers+unsubscr...@googlegroups.com<android-developers%2bunsubscr...@googlegroups.com>
> For more options, visit this group at
> http://groups.google.com/group/android-developers?hl=en
>



-- 
Dianne Hackborn
Android framework engineer
hack...@android.com

Note: please don't send private questions to me, as I don't have time to
provide private support, and so won't reply to such e-mails.  All such
questions should be posted on public forums, where I and others can see and
answer them.

-- 
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en