FileNotFound EACCESS when opening file Android Marshmallow

Question

During automated tests for my product, I push files to the apps private directory and chmod the file so that the app can access it. On APIs < Marshmallow, this was fine and the apps never had an issue accessing files.

Now, on some files, I get the following logs when trying to open it:

W/System.err(7669): Caused by: 
java.io.FileNotFoundException: /data/user/0/foo/foo.txt: open failed: EACCES (Permission denied) 09-28 18:20:56.724: 
W/System.err(7669):     at libcore.io.IoBridge.open(IoBridge.java:452) 09-28 18:20:56.724: 
W/System.err(7669):     at java.io.FileInputStream.<init>(FileInputStream.java:76) 09-28 18:20:56.724: 
W/System.err(7669):     at android.app.ContextImpl.openFileInput(ContextImpl.java:384) 09-28 18:20:56.724: 
W/System.err(7669):     at android.content.ContextWrapper.openFileInput(ContextWrapper.java:177) 09-28 18:20:56.724: 
W/System.err(7669): Caused by: android.system.ErrnoException: open failed: EACCES (Permission denied) 09-28 18:20:56.724: 
W/System.err(7669):     at libcore.io.Posix.open(Native Method) 09-28 18:20:56.724: 
W/System.err(7669):     at libcore.io.BlockGuardOs.open(BlockGuardOs.java:186) 09-28 18:20:56.724: 
W/System.err(7669):     at libcore.io.IoBridge.open(IoBridge.java:438) 09-28 18:20:56.716: 
W/pool-5-thread-1(8279): type=1400 audit(0.0:57): avc: denied { search } for name="files" dev="mtdblock1" ino=7314 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0 tclass=dir permissive=0

How can I fix?

Answer 1

Android Marshmallow has adopted the extended file attributes of its underlying OS, SELinux (Security Enhanced Linux) so there are going to be problems pushing files and preferences willy-nilly betwixt apps through the shell and not through an app that has permissions on the FS.

First, ensure that you chmod the file properly. Then, ensure that the file is owned correctly as well. You can check what a normal file's owner and group look like by doing an ls -la file then changing the group of your file in question to what you found from the previous command by chgrp user.group file

$ ls -la  
drwxrwxrwx u0_a69   u0_a69            2015-09-28 18:20 existing_file
drwxrwxrwx root   root            2015-09-28 18:20 file    
$ chown u0_a69.u0_a69 file

If neither of those work, check the extended file attributes by ls -Z file and go read https://fedoraproject.org/wiki/Security_context?rd=SELinux/SecurityContext to understand what you're looking at, then use chcon some:extended:security:attributes file to change your files permissions.

$ ls -Z 
 drwxrwx--x u0_a69   u0_a69 u:object_r:app_data_file:s0:c512,c768 existing_file    
 drwxrwx--x u0_a69   u0_a69 u: file
$ chcon u:object_r:app_data_file:s0:c512,c768 file

If that still doesn't work, there's a binary in /system/bin called setenforce that disables the extended file system security of Marshmallow's underlying SELinux.

Call setenforce permissive from a rooted shell and your app will be able to access the files it needs. This may mask bugs so use with caution.

$ setenforce permissive

Answer 2

In Android Manifest file try putting

<uses-sdk android:minSdkVersion="14" android:targetSdkVersion="19"/>
    <uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/> 

And in runtime you could check the permission granted or directly grant access to all permissions in your settings->App->Permission and see whether it works...

public boolean isStoragePermissionGranted() {
            if (Build.VERSION.SDK_INT >= 23) {
                if(checkSelfPermission(android.Manifest.permission.WRITE_EXTERNAL_STORAGE)== PackageManager.PERMISSION_GRANTED) {
                    return true;
                } else {
                    ActivityCompat.requestPermissions(this, new String[]{Manifest.permission.WRITE_EXTERNAL_STORAGE}, 1);
                    return false;
                }
            } else {
                return true;
            }
        }