[英]Which permissions can be granted to rooted devices?
Short and simple question: 简短而简单的问题:
rooted devices can grant apps with extra permissions during runtime (using "grant permission" command using the adb , as I recall). root设备可以在运行时为应用程序授予额外权限(我记得使用adb使用“grant permission”命令)。 An example for this is the ability to read system logs , which became a non-user permission starting with API16 (link here ) . 这方面的一个例子是能够读取系统日志,这些日志从API16开始成为非用户权限( 此处链接)。
Is there a list of such permissions? 是否有这样的权限列表?
The command you may be thinking of is pm grant PACKAGE PERMISSION
, which can be sent to an adb-connected device using adb shell pm grant PACKAGE PERMISSION
. 您可能正在考虑的命令是pm grant PACKAGE PERMISSION
,可以使用adb shell pm grant PACKAGE PERMISSION
将其发送到adb连接的设备。
However, only optional permissions can be granted or revoked this way. 但是,只能以这种方式授予或撤消可选权限。 If you try to grant a permission not requested in the app's manifest, you'll get Operation not allowed: java.lang.SecurityException: Package PACKAGE has not requested permission PERMISSION
. 如果您尝试在应用程序清单中授予未请求的权限,则Operation not allowed: java.lang.SecurityException: Package PACKAGE has not requested permission PERMISSION
。 Likewise, if you try to revoke a permission not deemed optional, you'll get Operation not allowed: java.lang.SecurityException: Can't change PERMISSION. It is required by the application
同样,如果您尝试撤销不被视为可选的权限,您将Operation not allowed: java.lang.SecurityException: Can't change PERMISSION. It is required by the application
Operation not allowed: java.lang.SecurityException: Can't change PERMISSION. It is required by the application
. Operation not allowed: java.lang.SecurityException: Can't change PERMISSION. It is required by the application
。 Even for a rooted device or emulator. 即使是有根设备或模拟器。
Now, as far as what is deemed 'optional', as well as getting a list of such permissions, that's a little unclear. 现在,就被认为是“可选的”而言,以及获得此类权限的列表,这有点不清楚。 However, based on some experimentation, I believe these include at least the set of permissions assigned to permission group android.permission-group.DEVELOPMENT_TOOLS
. 但是,根据一些实验,我认为这些至少包括分配给权限组android.permission-group.DEVELOPMENT_TOOLS
权限集。 You can see which these are on a running device using pm list permissions -g
. 您可以使用pm list permissions -g
查看正在运行的设备上的这些内容。 On my API 19 emulator, as well as a Nexus 7 running AOSP 4.4.4, these are: 在我的API 19仿真器上,以及运行AOSP 4.4.4的Nexus 7,它们是:
group:android.permission-group.DEVELOPMENT_TOOLS
permission:android.permission.ACCESS_ALL_EXTERNAL_STORAGE
permission:android.permission.SIGNAL_PERSISTENT_PROCESSES
permission:android.permission.READ_LOGS
permission:android.permission.SET_ALWAYS_FINISH
permission:android.permission.WRITE_SECURE_SETTINGS
permission:android.permission.SET_PROCESS_LIMIT
permission:android.permission.CHANGE_CONFIGURATION
permission:android.permission.DUMP
permission:android.permission.SET_DEBUG_AP
If (and only if) these are declared in the manifest, then you can grant/revoke them using the above command. 如果(且仅当)在清单中声明这些,则可以使用上述命令授予/撤消它们。 Note that they are not granted automatically on installation; 请注意,安装时不会自动授予它们; you must issue the pm grant
command. 您必须发出pm grant
命令。 I was able to observe and confirm this by using the Settings app and seeing the reported permissions change as I granted and revoked them. 我能够通过使用“设置”应用观察并确认这一点,并在我授予和撤消它们时看到报告的权限发生变化。
There may be other permissions that behave like this, but I haven't found them. 可能有其他权限的行为,但我还没有找到它们。 Normal permissions like android.permission.INTERNET
cannot be granted or revoked in this manner. 像android.permission.INTERNET
这样的正常权限不能以这种方式授予或撤销。
Addendum: Per additional question in comment section regarding pm set-permission-enforced PERMISSION
: As far as I know, the only permission which currently supports this is android.permission.READ_EXTERNAL_STORAGE
. 附录:关于pm set-permission-enforced PERMISSION
评论部分中的每个附加问题:据我所知,目前支持的唯一权限是android.permission.READ_EXTERNAL_STORAGE
。 I'm basing this statement on my reading of the source code , which is also consistent with my experiences using the command. 我在阅读源代码时基于此声明,这与我使用该命令的经验一致。 The purpose of the selective enforcement setting on this permission is to allow testing of apps under pre- and post-API 19 conditions as described here . 在此权限的选择性执法设置的目的是为了让所描述的前置和后置API 19种条件下的应用程序的测试在这里 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.