[英]Unable to use USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER permission signed Android app
for my use cases I needed to extract non-resettable hardware information like IMEI, MAC from android devices.对于我的用例,我需要从 android 设备中提取不可重置的硬件信息,例如 IMEI、MAC。
As per the android docs for getting IMEI https://developer.android.com/reference/android/telephony/TelephonyManager#getImei(int)根据获取 IMEI 的 android 文档https://developer.android.com/reference/android/telephony/TelephonyManager#getImei(int)
It says the method can be invoked if one of the following requirements is met.它表示如果满足以下要求之一,则可以调用该方法。 and I am trying to satisfy.
我正在努力满足。 If the calling app has been granted the USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER permission.
如果调用的应用程序已被授予USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER权限。
As per permission API document https://developer.android.com/reference/android/Manifest.permission#USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER this permission has protection level signature or apops根据权限 API 文档https://developer.android.com/reference/android/Manifest.permission#USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER此权限具有保护级别签名或 apops
So, I am going ahead with signature protection level.因此,我将继续使用签名保护级别。 So, I am creating a signed app and running on my andriod device google pixel 5A which runs on Android 12.
所以,我正在创建一个签名的应用程序并在我的安卓设备 google pixel 5A 上运行,该设备在 Android 12 上运行。
when I am running this code I am facing "The user 10240 does not meet the requirements to access device identifiers."当我运行此代码时,我面临“用户 10240 不符合访问设备标识符的要求”。 security exception
安全异常
2022-06-30 12:09:53.703 23348-23348/com.android.dataextraction E/AndroidRuntime: FATAL EXCEPTION: main
Process: com.android.dataextraction, PID: 23348
java.lang.RuntimeException: Unable to start activity ComponentInfo{com.android.dataextraction/com.android.dataextraction.LauncherActivity}: java.lang.SecurityException: getImeiForSlot: The user 10240 does not meet the requirements to access device identifiers.
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3635)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3792)
at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:103)
at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:135)
at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:95)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2210)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loopOnce(Looper.java:201)
at android.os.Looper.loop(Looper.java:288)
at android.app.ActivityThread.main(ActivityThread.java:7839)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1003)
Caused by: java.lang.SecurityException: getImeiForSlot: The user 10240 does not meet the requirements to access device identifiers.
at android.os.Parcel.createExceptionOrNull(Parcel.java:2425)
at android.os.Parcel.createException(Parcel.java:2409)
at android.os.Parcel.readException(Parcel.java:2392)
at android.os.Parcel.readException(Parcel.java:2334)
at com.android.internal.telephony.ITelephony$Stub$Proxy.getImeiForSlot(ITelephony.java:12142)
at android.telephony.TelephonyManager.getImei(TelephonyManager.java:2088)
at android.telephony.TelephonyManager.getImei(TelephonyManager.java:2043)
at com.android.dataextraction.LauncherActivity.onCreate(LauncherActivity.java:44)
at android.app.Activity.performCreate(Activity.java:8051)
at android.app.Activity.performCreate(Activity.java:8031)
at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1329)
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3608)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3792)
at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:103)
at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:135)
at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:95)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2210)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loopOnce(Looper.java:201)
at android.os.Looper.loop(Looper.java:288)
at android.app.ActivityThread.main(ActivityThread.java:7839)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1003)
and I am using a signed app for testing.我正在使用签名的应用程序进行测试。 here is my build.
这是我的构建。 Gradle configs
Gradle 配置
signingConfigs {
config {
keyAlias 'AndroidKey'
keyPassword '**********'
storeFile file('../android.jks')
storePassword '********'
}
}
buildTypes {
debug {
signingConfig signingConfigs.config
debuggable true
}
}
There is no problem with signing the app.签署应用程序没有问题。
I am not sure why signature protection level is not allowing me to access device identifiers我不确定为什么签名保护级别不允许我访问设备标识符
Take a second look at definition of signature protection再看签名保护的定义
A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission.
仅当请求应用程序使用与声明该权限的应用程序相同的证书签名时,系统才会授予该权限。 If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.
如果证书匹配,系统会自动授予权限,无需通知用户或请求用户明确批准。
Unless your app is signed with Google's keystore (same keystore as the provider signing your firmware), it cannot get access to signature-level permission.除非您的应用使用 Google 的密钥库(与签署您的固件的提供商相同的密钥库)进行签名,否则它无法访问签名级权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.