Permission Denial: startActivity asks to run as user -2 but is calling from user 0; this requires android.permission.INTERACT_ACROSS_USERS_FULL

Question

When I'm trying to use android 'am' command to start an activity ,it's wrong under 4.2 platform(I tried , it's ok under 2.3 version).The code is like this

out = process.getOutputStream();
out.write(("am start -a android.intent.action.VIEW -n com.android.browser/com.android.browser.BrowserActivity\n").getBytes());
out.flush();

InputStream in = process.getInputStream();
BufferedReader re = new BufferedReader(new InputStreamReader(in));
String line = null;
while((line = re.readLine()) != null) {
    Log.d("conio","[result]"+line);
}

and the error is like this:

java.lang.SecurityException: Permission Denial: startActivity asks to run as user -2 but is calling from user 0; this requires android.permission.INTERACT_ACROSS_USERS_FULL 
at android.os.Parcel.readException(Parcel.java:1425)                                                                                                                        
at android.os.Parcel.readException(Parcel.java:1379)                                                                                                                        
at android.app.ActivityManagerProxy.startActivityAsUser(ActivityManagerNative.java:1921)                                                                                    
at com.android.commands.am.Am.runStart(Am.java:494)                                                                                                                         
at com.android.commands.am.Am.run(Am.java:109)                                                                                                                              
at com.android.commands.am.Am.main(Am.java:82)                                                                                                                              
at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)                                                                                                      
at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:235)                                                                                                           
at dalvik.system.NativeStart.main(Native Method)

I want to know

1.what does the user -2 and 0 means?

2.where I can find the details about these ids?

3.what should I do,just add the permissions? I don't want to add the permissions which I know nothing about them.Could anyone help me it,very thanks!

What exactly did you do to resolve this error? I mean how did you explicitly pass the user handle to "am"? (https://code.google.com/p/android/issues/detail?id=39801) — Prakash, Oct 12 '14 at 03:04
I solved it by adding option `--user '0'` to the `am start` command — juanmf, May 29 '15 at 02:54
So, what about production environment? I mean, you can't start your app from command on the end user's device. Right? I get the same stupid annoying error while using Volley, and I have no idea how to solve it. — Saeed Neamati, Aug 02 '17 at 04:21

Paul Ratazzi · Answer 1 · 2014-08-01T14:03:43.443

The user 0 and user -2 you are seeing are framework userIds, not Linux uids. From android.os.UserHandle, you can see that userId 0 is the device owner, USER_OWNER (this is totally different than the Linux uid 0, which is root). userId -1 represents all users (USER_ALL), userId -2 represents the current user (USER_CURRENT), userId -3 represents the current user or self (CURRENT_OR_SELF), and userId -10000 represents the null user (USER_NULL).

As far as the permission INTERACT_ACROSS_USERS_FULL, you can declare it in your manifest file, but you will only be granted it if your app is in the Android system image or signed with the same certificate as another application in the system image that declares the permission. In other words it is a signature or signatureOrSystem permission.

Actually, so I didn't really need this permission after all. Being in the /system/priv-app directory worked for me — Kevin Parker, Aug 03 '14 at 03:27

score 5 · Answer 2 · answered Jan 06 '16 at 02:45

As @juanmf mentioned in a comment, adding the --user 0 option to the command resolved the issue for me. The resulting command would look like this:

am start --user 0 -a android.intent.action.VIEW -n com.android.browser/com.android.browser.BrowserActivity

score 1 · Answer 3 · answered Jun 20 '19 at 19:37

I was receiving this error after my Samsung Galaxy Tab Active 2 tablet upgraded to Android 9. After much searching, I found this post that suggested turning developer options off, restarting the tablet, then turning developer options back on. I ended up just turning USB Debugging off, restarting, then turning USB debugging back on, and everything worked fine after that.

score -2 · Answer 4 · answered Aug 12 '13 at 03:48

-2

Permissions are just a line of code that you need to add in the manifest to inform that you accessing those resources and requesting android to allow these resources to use.

1) i just added an example containing permission.

2) In Linux there is root user ,group and others . 0 comes to root and UID cannot be negative its value is between 0 - 999. See this link

answered Aug 12 '13 at 03:48

Viswanath Lekshmanan

9,945
1
40
64

thanks, I know the permission declare now.I add the permission and it also cause the Exception, I check the source code in ActivityManagerServcie,and I found that it may be the root uid that need this permission. – pangang Aug 12 '13 at 07:00
sudo ./adb kill-server sudo ./adb start-server Then try ./adb devices – Viswanath Lekshmanan Aug 12 '13 at 07:18
I know what you say,but my problem is different.this is a problem in 4.2 multi-users. I check that it may be the system that doesn't have INTERACT_ACROSS_USERS_FULL permission.And I also found a similar question here : https://code.google.com/p/android/issues/detail?id=39801 – pangang Aug 12 '13 at 08:51

score -14 · Accepted Answer · answered Aug 12 '13 at 03:42

-14

1)In linux every user has an id number. 0 and -2 are User IDs (UIDs). 0 is root, -2 is some random user (which may not be a person, it may just be a fake account used for internal reasons).

2)Any book on Linux. Android is just a graphical framework on top of Linux.

3)Yes, just add the permission.

answered Aug 12 '13 at 03:42

Gabe Sechan

90,003
9
87
127

Thanks for your answer,but I also wander why this user is root.I use this code to generate the Process: 'p = Runtime.getRuntime().exec("sh");' ,this process should not be root,so I think the problem may be from the 'am' command,it make the root process started.is that right? – pangang Aug 12 '13 at 05:58
I add the permission , and it also has that SecurityException. I checked the android 4.2 source code(method 'handleIncomingUser' in ActivityManagerService.java),the source code checks the callingUid‘s permission, not the application uid permission. So this problem could not be fixed? – pangang Aug 12 '13 at 06:14
17

Um, although accepted and upvoted, I can say with confidence that this answer is wrong on all 3 points. 1) -2 is a framework `userId` that refers to the current user, not a random Linux `uid`. 2) Android is far more than just a GUI on top of Linux. While a Linux book might be marginally helpful, there are so many other differences that you'd hardly understand Android from it. 3) Go ahead and add `INTERACT_ACROSS_USERS_FULL` to your manifest. It will be ignored unless your APK is signed with the platform key or is part of the system image. See my answer below for additional details. – Paul Ratazzi Aug 20 '14 at 03:40
Adding INTERACT_ACROSS_USERS_FULL had no effect. – FractalBob Apr 18 '16 at 17:57

Permission Denial: startActivity asks to run as user -2 but is calling from user 0; this requires android.permission.INTERACT_ACROSS_USERS_FULL

5 Answers5

Linked