Home » Android » java – Android permissions protection levels 18 and 50

java – Android permissions protection levels 18 and 50

Posted by: admin June 15, 2020 Leave a comment

Questions:

When I do a dump of all permissions on all apps on a Nexus 7 I get (as expected) permissions with protection levels 0 (NORMAL), 1 (DANGEROUS), 2 (SIGNATURE). Nothing is logging under 3 (SIGNATURE_OR_SYSTEM)*.

But there are also a lot of permissions whose protection level is set at ’18’ and some that are ’50’.

I can’t find any documentation on what these values represent. Does anybody know?

*It’s not logging anything under 3.

These are what was logged:

android.permission.ACCESS_CACHE_FILESYSTEM - 18
android.permission.ACCESS_CHECKIN_PROPERTIES - 18
android.permission.ACCESS_DOWNLOAD_MANAGER - 18
android.permission.ACCESS_DOWNLOAD_MANAGER_ADVANCED - 18
android.permission.ACCESS_MTP - 18
android.permission.ALLOW_ANY_CODEC_FOR_PLAYBACK - 18
android.permission.BACKUP - 18
android.permission.BIND_APPWIDGET - 18
android.permission.BIND_DIRECTORY_SEARCH - 18
android.permission.BIND_KEYGUARD_APPWIDGET - 18
android.permission.BIND_REMOTEVIEWS - 18
android.permission.BIND_WALLPAPER - 18
android.permission.CALL_PRIVILEGED - 18
android.permission.CHANGE_COMPONENT_ENABLED_STATE - 18
android.permission.CHANGE_CONFIGURATION - 18
android.permission.CONNECTIVITY_INTERNAL - 18
android.permission.CONTROL_LOCATION_UPDATES - 18
android.permission.CRYPT_KEEPER - 18
android.permission.DELETE_CACHE_FILES - 18
android.permission.DELETE_PACKAGES - 18
android.permission.DOWNLOAD_CACHE_NON_PURGEABLE - 18
android.permission.GLOBAL_SEARCH - 18
android.permission.INSTALL_LOCATION_PROVIDER - 18
android.permission.INSTALL_PACKAGES - 18
android.permission.MANAGE_USB - 18
android.permission.MANAGE_USERS - 18
android.permission.MASTER_CLEAR - 18
android.permission.MODIFY_APPWIDGET_BIND_PERMISSIONS - 18
android.permission.MODIFY_NETWORK_ACCOUNTING - 18
android.permission.MODIFY_PHONE_STATE - 18
android.permission.MOUNT_FORMAT_FILESYSTEMS - 18
android.permission.MOUNT_UNMOUNT_FILESYSTEMS - 18
android.permission.MOVE_PACKAGE - 18
android.permission.PACKAGE_USAGE_STATS - 18
android.permission.PACKAGE_VERIFICATION_AGENT - 18
android.permission.PERFORM_CDMA_PROVISIONING - 18
android.permission.READ_FRAME_BUFFER - 18
android.permission.READ_NETWORK_USAGE_HISTORY - 18
android.permission.READ_PRIVILEGED_PHONE_STATE - 18
android.permission.REBOOT - 18
android.permission.RECEIVE_DATA_ACTIVITY_CHANGE - 18
android.permission.RECEIVE_EMERGENCY_BROADCAST - 18
android.permission.RETRIEVE_WINDOW_CONTENT - 18
android.permission.SEND_SMS_NO_CONFIRMATION - 18
android.permission.SERIAL_PORT - 18
android.permission.SET_TIME - 18
android.permission.SET_WALLPAPER_COMPONENT - 18
android.permission.SHUTDOWN - 18
android.permission.STATUS_BAR - 18
android.permission.STOP_APP_SWITCHES - 18
android.permission.UPDATE_DEVICE_STATS - 18
android.permission.UPDATE_LOCK - 18
android.permission.WRITE_APN_SETTINGS - 18
android.permission.WRITE_GSERVICES - 18
android.permission.WRITE_MEDIA_STORAGE - 18
com.android.chrome.TOS_ACKED - 18
com.android.launcher.permission.PRELOAD_WORKSPACE - 18
com.android.vending.TOS_ACKED - 18
com.android.vending.billing.ADD_CREDIT_CARD - 18
com.android.vending.billing.BILLING_ACCOUNT_SERVICE - 18
com.google.android.c2dm.permission.SEND - 18
com.google.android.gallery3d.permission.GALLERY_PROVIDER - 18
com.google.android.gtalkservice.permission.SEND_HEARTBEAT - 18
com.google.android.partnersetup.permission.UPDATE_CLIENT_ID - 18
com.google.android.permission.BROADCAST_DATA_MESSAGE - 18
com.google.android.providers.gsf.permission.WRITE_GSERVICES - 18
com.google.android.xmpp.permission.BROADCAST - 18
com.google.android.xmpp.permission.XMPP_ENDPOINT_BROADCAST - 18

android.permission.CHANGE_CONFIGURATION - 50
android.permission.DUMP - 50
android.permission.INTERACT_ACROSS_USERS - 50
android.permission.READ_LOGS - 50
android.permission.SET_ALWAYS_FINISH - 50
android.permission.SET_ANIMATION_SCALE - 50
android.permission.SET_DEBUG_APP - 50
android.permission.SET_PROCESS_LIMIT - 50
android.permission.SIGNAL_PERSISTENT_PROCESSES - 50
android.permission.WRITE_SECURE_SETTINGS - 50
How to&Answers:

Just saw an old unanswered question. Although you might already get your answer, I’ll answer it anyway. It may help others. 🙂

there are also a lot of permissions whose protection level is set at ’18’ and some that are ’50’.

The following code is retrieved from PermissionInfo.java in Android Source:

/**
 * Additional flag for {@link #protectionLevel}, corresponding
 * to the <code>system</code> value of
 * {@link android.R.attr#protectionLevel}.
 */
public static final int PROTECTION_FLAG_SYSTEM = 0x10;

/**
 * Additional flag for {@link #protectionLevel}, corresponding
 * to the <code>development</code> value of
 * {@link android.R.attr#protectionLevel}.
 */
public static final int PROTECTION_FLAG_DEVELOPMENT = 0x20;

So if there is a signature/system permission, the level would be 18(0x10 | 0x2). If the permission use used for special development tools, it would be 50(0x10 | 0x20 | 0x2).

I can’t find any documentation on what these values represent. Does anybody know?

As I answered in an existing question, you can checked the protection level and the description of these permissions in frameworks/base/core/res/AndroidManifest.xml and frameworks/base/data/etc/platform.xml. I post some of them here for your reference.

<!-- Configure an application for debugging. -->
<permission android:name="android.permission.SET_DEBUG_APP"
    android:permissionGroup="android.permission-group.DEVELOPMENT_TOOLS"
    android:protectionLevel="signature|system|development"
    android:label="@string/permlab_setDebugApp"
    android:description="@string/permdesc_setDebugApp" />

<!-- @hide Package verifier needs to have this permission before the PackageManager will
     trust it to verify packages.
-->
<permission android:name="android.permission.PACKAGE_VERIFICATION_AGENT"
    android:label="@string/permlab_packageVerificationAgent"
    android:description="@string/permdesc_packageVerificationAgent"
    android:protectionLevel="signature|system" />

If there is a @hide annotation on that xml block, you cannot find any resources from documentation about this permission.

Answer:

The development permission 0x20 that composes the ones you are referring to are a set of permissions introduced by Google to be used during Android development and they are never granted by the PackageManager automatically. To be able to use them you must grant using adb shell pm grant permission .

You can see the code that does that and the change that was introduced by Google on this 02/21/2012 commit.