4

I have a few places in my code where state of permissions is not properly checked before the function requiring a permission is called. As a result I'm getting random SecurityException reports as my users encounter unprotected function calls.

(long introduction, please skip to last paragraph if tl;dr)

The code was originally written long before Android Marshmallow which introduced on-demand permissions. When migrating it was tested pretty much on "first occurrence" basis, meaning that first occurrence of required permission was identified and appropriate premission check / request code was wrapped around that.

However, once this is passed, the user may decide to revoke an already given permission and my app will not encounter the first occurrence code path. Instead an "already active" code path will be run resulting in SecurityExceptions as the permissions in question are no longer granted.

I'm obviously struggling with finding the affected code segments and thus tried (once more) to try and determine the functions requiring permissions through the use of lint. There are some posts on SO dealing with the issue.

However, I have been unsuccessful setting lint tool up such that it would actually identify the code lines invoking functions requiring permissions. All I ever get is one identified line where I'm warned that I should either wrap the call in checkPermisison or explicitly catch SecurityException.

This is of course not adequate as I know that my app requires 7 distinct permissions and I'm pretty sure the functions involved are there too (since I had to wrap some of them already).

Anyway, I'm guessing this needs to be set up somehow. Currently I'm using pretty much vanilla Android Studio 3.0.1 except for colour settings and code format settings. No code checks have been touched.

After just spending two days trying to set up the lint tool using all my Google-fu & SO-fu, I'm giving up writing this question. And yes, I HAVE removed the permissions from manifest.

I'm using both a library and flavors, if this makes any difference.

Can you give me a step-by-step guide on what needs to be done for lint to successfully identify functions requiring permissions?

velis
  • 8,747
  • 4
  • 44
  • 64
  • 2
    I suspect that only a small portion of the Android SDK has the appropriate information necessary to report to an IDE whether it needs a certain permission or not. – CommonsWare Jan 25 '18 at 16:48
  • So basically, I just need to make a VERY thorough check of my codebase? There are some permissions that will never be identified? e.g. WRITE_SETTINGS, SYSTEM_ALERT_WINDOW, GET_TASKS, PACKAGE_USAGE_STATS - these are not reported at all. I mean - some of these are easy to identify, some not so much... – velis Jan 25 '18 at 16:53
  • 2
    "There are some permissions that will never be identified?" -- pretty much, yes. Note that `WRITE_SETTINGS` and `SYSTEM_ALERT_WINDOW` are bizarre permissions in the first place (not using the standard runtime permission system). – CommonsWare Jan 25 '18 at 16:59
  • Yes, well, my app is an auto brightness app. Pretty obscure to boot and definitely gone with Android 9 (ban on background-running services), but for now it remains my "learn your Android" project and I like tinkering with it. I'd like to make one more shot towards its functionality before I lose the devices it can run on. – velis Jan 25 '18 at 17:03

1 Answers1

2

I know this is an old question but I have a method to identify where is missing permission check.

  1. In the Project tab in Android Studio use the view as Project
  2. Right click on the folder that contains all the java code

right click

  1. Go to Analyze > Inspect Code
  2. A Specify Inspection Scope dialog will prompt, here you can select the directory AS will inspect for Missing Permissions, in this case, as we previously selected the folder, the scope by default will be our previously folder, Click OK
  3. AS will start to searching for errors, warnings, etc., in your code, depending of the size of your project, is the time AS will take to scan.
  4. Once finish you can see a list of errors, warnings, etc., you need to go to Android Lint: Correctness > Missing Permissions

result

This is the easy way to found all the missing permissions errors in your project

I hope this be useful.

rockar06
  • 454
  • 3
  • 14