4

Background: I was trying out the new Tiles and TileService and decided to recreate the USB Tethering tile from CyanogenMod. I used reflection to access Connectivity manager's methods.

Problem: One Such method is the isTetheringSupported() which causes java.lang.SecurityException: You either need MANAGE_USERS or CREATE_USERS permission to: query user

So I added the permissions to the manifest but every time I use pm grant it returns "Permission is not a changeable permission type"

According to this I should not get this error when signed with the debug key.

Question: How do I get those permissions?

Anubhav
  • 83
  • 1
  • 1
  • 6

1 Answers1

2

UPDATE: Via Xposed it is possible to hook into the PackageManger and remove the below check and then do pm grant... to successfully grant whatever permission. If someone sees this and needs help to do so comment below I'll help you out.

OLD ANSWER This code in the source

boolean isDevelopment =
            ((bp.protectionLevel&PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) != 0);

doesn't check if your app is in development mode. It checks if the permission you are requesting has the protectionLevel attribute (set in manifest) set to development. And the permission you are trying to get seems not to have any elements declared in the manifest that could pass this check:

if (!isNormal && !isDangerous && !isDevelopment) {
        throw new SecurityException("Permission " + bp.name
                + " is not a changeable permission type");
    }

Just stumbled upon this with another permission. Seems there's sadly no way to get it.

Alex Newman
  • 1,369
  • 12
  • 34
  • I couldn't find anything about the `development` protection level, but it turns out `CREATE_USERS` and `MANAGE_USERS` have protection level set to `signature` for which I should be able to use the `platform.x509.pem` and `platform.pk8` [here](https://github.com/android/platform_build/tree/master/target/product/security) to get the permissions. [source](https://stackoverflow.com/questions/3635101/how-to-sign-android-app-with-system-signature) – Anubhav Jun 28 '17 at 09:31
  • @Bhav yes those 2 permissions are not `development` protected so you can't access them through adb for instance as the check in the `if` stateament above will throw you the exception. If the protection level is `signature` you can only be granted that permission as in your attached post. – Alex Newman Jun 28 '17 at 10:45