How to bypass permissions on a rooted device?

Question

I am creating an android app for media box. The box is rooted. I have to bypass permissions (run time permission too) because user will not be interacting with the device. I tried to push the apk in system/priv-app folder also to make it system app. Still, whenever my app is launched, it asks for permissions. Is there any way to bypass permissions in rooted device? I have used following commands to push the APK to priv-app folder.

adb remount
adb push apk-filename-here /system/app/
adb shell chmod 644 /system/app/apk-filename-here
adb reboot

App seems to be like system app because it is not uninstallable now. But permission problem is still there. Is anything extra required to be done to grant all permissions? Please help.

I tried bypass android usb host permission confirmation dialog also but this seems to be a very old story now.

Answer 1

If your app is in the /system/priv-app then you're half way there.

The part you're missing is that you need to add another XML Permission file to the /system/etc/permission folder, the permission file should be named:

"privapp-permissions-[Your package name].xml"

Full path should look similar to:

/system/etc/permissions/privapp-permissions-com.example.myapp.xml 

and it should look as the following:

<permissions>
    <privapp-permissions package="com.example.myapp">
        <permission name="android.permission.CAMERA"/>
        <permission name="android.permission.MANAGE_USERS"/>
    </privapp-permissions>
</permissions>

More details in Android Docs

Answer 2

Some permissions are signature-level, meaning they can't be granted unless your app is signed with the same key used to sign the rest of the system. If you need any of these, there's very little you can do, unless the relevant APIs have shell-command alternatives.

Other permissions are privileged-level, meaning they're only granted if the app is located in /system/priv-app/. You haven't mentioned which permissions you're using, but I recommend putting your app in priv-app instead of app anyway. If this device is on Lollipop or later, apps should have a sub-folder inside priv-app (eg /system/priv-app/SomeApp/SomeApp.apk).

The third type is app-op permissions. These aren't runtime permissions, but they can be granted with a shell command:

cmd appops set <PACKAGE> <OP> <MODE>

For example, to grant the SYSTEM_ALERT_WINDOW permission:

cmd appops set com.some.package android:system_alert_window allow

The fourth type is runtime/development permissions. Both can be granted with the following:

pm grant <PACKAGE> <PERMISSION>

For example, to grant WRITE_EXTERNAL_STORAGE:

pm grant com.some.package android.permission.WRITE_EXTERNAL_STORAGE

You can check which type your permissions are by looking at the platform AndroidManifest.xml. Find your permission and check the protectionLevel field.

• signature means signature
• privileged means privileged
• development means development
• dangerous means runtime
• normal permissions will be automatically granted

Certain permissions, like WRITE_SECURE_SETTINGS have multiple protection levels: signature|privileged|development.

If any of those conditions is met, Android will grant the permission to your app. With WSS, you could either put the app in priv-app or use pm grant. Either way will get you access.

If a permission's protection levels have both appops and development, such as PACKAGE_USAGE_STATS, be careful. Using cmd appops will grant that permission for certain functions, while pm grant will for others.