15

Consider a simple tool using a BroadcastReceiver to achieve a simple goal. Because this should not be used by other applications, it defines a permission with a protectionLevel of signature or signatureOrSystem:

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="any.test">

    <permission
        android:name="any.test.PERMISSION"
        android:protectionLevel="signatureOrSystem" />

    <application android:label="AnyTest">
        <receiver
            android:name=".Receiver"
            android:exported="true"
            android:permission="any.test.PERMISSION" />
    </application>
</manifest>

Now I'd like to test this by sending broadcasts via

adb shell am broadcast -n any.test/.Receiver

from my computer. While this works perfectly fine on an emulator, it doesn't work at all on a real device when this permission is set. If the permission is not set, everything works as intended.

So how can I define or grant the permission so that I can test all this on a real device with ADB?

I want to make this exported receiver a little more secure in debug mode, so if there's a special permission for ADB usage or a run-time test to only allow calls from ADB I can implement in Receiver.onReceive(Context, Intent), it would help too. The receiver doesn't have to work for ADB and other apps at the same time.

tynn
  • 38,113
  • 8
  • 108
  • 143
  • 1
    I don't understand this statement: "...doesn't work ... as long as the permission is set. Without it all works fine..." are you saying it works **without** the permission and you want it to not to work? – muratgu Jan 25 '16 at 02:23
  • Here is my answer https://stackoverflow.com/questions/35603856/how-to-send-broadcast-with-permission-from-command-line/55824554#55824554 – y4n9b0 Apr 24 '19 at 07:34

2 Answers2

6

A root shell can send any broadcast protected by any permissions.
A normal shell also has been granted lots of permissions, check this file in the AOSP souce code: frameworks\base\packages\Shell\AndroidManifest.xml.

Replace your any.test.PERMISSION with one permission in this file that the protectionLevel is signatureOrSystem, like android.permission.REAL_GET_TASKS. After that, you can send broadcast to this receiver in shell, but other 3rd app can not.

tynn
  • 38,113
  • 8
  • 108
  • 143
Swing
  • 858
  • 1
  • 8
  • 21
  • Replace your `any.test.PERMISSION` with one permission in this file that the protectionLevel is `signatureOrSystem`, like `android.permission.REAL_GET_TASKS`. After that ,you can send broadcast to this receiver in shell, but other 3rd app can not. – Swing Feb 05 '16 at 06:17
  • The `Shell` package was introduced with Android 4.3 though. – tynn Feb 08 '16 at 18:12
  • @tynn: can you please provide the exact shell command which you used which resolved your problem? – srv_sud Feb 25 '16 at 04:39
  • @srv_sud there's no shell command involved in resolving my issue. Only using a different `android:permission` for the receiver. – tynn Feb 25 '16 at 07:07
  • @tynn: I posted a question [How to send broadcast with permission from command line](http://stackoverflow.com/questions/35603856/how-to-send-broadcast-with-permission-from-command-line) . Some one suggested me to check with your answer regarding this. – srv_sud Feb 25 '16 at 07:34
0

I did not want to change the permissions. Instead I created an Activity as a proxy: https://stackoverflow.com/a/70110207/1651697

c0nstruct0r
  • 186
  • 1
  • 6