search

solrudev / Ackpine

Android package installer library
https://solrudev.github.io/Ackpine/
Apache License 2.0
51 stars 7 forks source link

[Question] Does it allow restricted permissions to be in whitelist #63

Closed Poko-Apps closed 1 month ago

Poko-Apps commented 1 month ago

Can we do something like

params.setWhitelistedRestrictedPermissions( SetOf(android.Manifest.permission.READ_CALL_LOG))

As in some devices this permission (along with probably some other) is restricted and Package Installer themselves need to white list this permission (per app). Does this library provide any such api ? Also another question does the session based installation allow an app to hold accessibility service permission in android 13 and above?

solrudev commented 1 month ago

@Poko-Apps

Does this library provide any such api ?

No, though it wouldn't be hard to add. However, as far as I understand, all restricted permissions are whitelisted by default, so you don't have to add them explicitly. Do you really need this API to be implemented?

Also another question does the session based installation allow an app to hold accessibility service permission in android 13 and above?

This question is not clear enough for me to understand. Can you please expand on it?

Poko-Apps commented 1 month ago

all restricted permissions are whitelisted by default

If that's the case, then no need for that api for now .

Can you please expand on it?

Well, Android 13 introduced Restricted Settings that don't allow third-party apps (not installed from any store) to hold accessibility permissions. Basically, the mechanism differentiates third-party and legitimate apps by checking if the app is installed using a session-based installer. If so, the system doesn't restrict some permissions, including the accessibility service. I was just confirming if that's really the case !!

solrudev commented 1 month ago

@Poko-Apps

Basically, the mechanism differentiates third-party and legitimate apps by checking if the app is installed using a session-based installer.

Actually, intent-based installation also uses PackageInstaller API (session-based) under the hood.

So, I've digged through Android sources to determine the exact reason for denying restricted settings for an app installed through an Intent. My finding was that these settings are disabled if SessionParams.setPackageSource() was called with PackageInstaller.PACKAGE_SOURCE_LOCAL_FILE or PackageInstaller.PACKAGE_SOURCE_DOWNLOADED_FILE when creating an install session.

This is Android source code in question: https://cs.android.com/android/platform/superproject/main/+/main:frameworks/base/packages/PackageInstaller/src/com/android/packageinstaller/InstallStaging.java;drc=e865626dfa5a925dda2607bbfcb072dc3f211f95;l=187 https://cs.android.com/android/platform/superproject/main/+/main:frameworks/base/services/core/java/com/android/server/pm/InstallPackageHelper.java;drc=4ab0f20684661bba0223448d9cb01c7d8c15ae3e;l=2860

Ackpine doesn't set package source. So if installing with Ackpine, restricted settings are enabled by default. Does this answer resolve your question?

Poko-Apps commented 1 month ago

Hey @solrudev , nice finding. Thanks for your work . It does slove my question . You can close the issue now .