Reputation: 449
How to get system app permission on Android 9.0
I want to grant my application with system permission "INJECT_EVENTS" on Android 9.0 device, but I can't.
- device is rooted
- apk is signed with certs from AOSP repository
- apk is installed in /system/app/ by copying apk there and rebooting
- manifest of apk contains:
<uses-permission android:name="android.permission.INJECT_EVENTS"
android:protectionLevel="signature"
tools:ignore="ProtectedPermissions" />
Also I've read https://source.android.com/devices/tech/config/perms-whitelist article and moved apk to /system/priv-app, and then tried to whitelist my apk with inject_events permission in next places:
First try:
- apk: /system/priv-app
- edited: /system/etc/permissions/priv-app.com.my.apk.xml (no reboot)
Second try:
- apk: /system/priv-app
- edited: /etc/permissions/priv-app.com.my.apk.xml /etc/permissions/privapp-permissions-platform.xml (reboot and still no profit)
This is how my whitelist edits look like in both files:
<privapp-permissions package="com.my.apk">
<permission name="android.permission.INJECT_EVENTS"/>
</privapp-permissions>
</permissions>
*I tried to debug this by grep'ing logcat with "PackageManager", but nothing useful. Also adb shell dumpsys package myapk | grep permission shows that permission.INJECT_EVENTS is not granted.
important: apk is granted inject_events while running on android 8.1. No whitelisting was used.
After everything done It was expected that inject_events will be granted, but no.
Upvotes: 0
Views: 4237
Answers (1)
Reputation: 449
I solved it. The thing is I have SAMSUNG A205FN. And stock ROM, signed by Samsung. To convert my app to system app I need to sign it with ROM's sign. In common, it's Android release signature, that can be found in their repo. But SAMSUNG's signature is a secret one, so it's impossible.
Workaround: If you have SAMSUNG phone, just flash GSI ROM and use Android's signature.
P.S. To understand what signature should I use I took all system apps and priv-apps from phone and have read their signature. It revealed that all of them are signed by SAMSUNG and none are signed by Android. Maybe, for that exists an easier way.
First, find all priv-app apks and copy them to pc:
adb shell find /system/priv-app -name "*.apk" -exec cp {} /path/to/copy \;
and then print certificates and grep them by "Common Name" CN. Also you can look closed using CN=Android or else
ls | xargs -L 1 keytool -printcert -jarfile | grep CN=
P.S. If you have not SAMSUNG phone, to easily convert app to system app you can use systemizer app (Magisk->Modules->Systemizer and download)
Upvotes: 1
Related Questions
- Get Android system permissions by putting app in /system/app?
- Permission is only granted to system app, in Manifest
- Android runtime permissions for System app
- system app permission issue
- Android: how to get system rights officialy
- permission is only granted to system application
- How to grant system permissions to my android app?
- How to Write Permission to System/app in Android
- Not able to get signature|system permission on an app installed as a system app
- How to grant system permission