From other apps I know that they can set the screen size (which is done via wm overscan <LEFT>,<TOP>,<RIGHT>,<BOTTOM>
from within the app after you have granted android.permission.WRITE_SECURE_SETTINGS
to those apps.
Any ideas how I can "forward" this permission to the shell? I thought the shell will have the same permission and UID as my app, but I can't get to work what other apps can do.
My simple test case looks like following:
val test: (Int, String) -> Unit = { index, command ->
val res = Shell.SH.run(command)
L.d { "Result $index: ${res.isSuccessful} | ${res.exitCode} | ${res.getStdout()} | ${res.getStderr()}" }
}
val commands = arrayOf(
"wm overscan 0,0,0,$overscanOffset",
"settings get global policy_control",
"echo \$PATH",
"echo Some echod text",
"id"
)
var c = 1
for (command in commands) {
test(c++, command)
}
Shell.SH.closeConsole()
And the output is following:
2019-03-12 08:53:13.682 D/[UITuner$setOverscanStatus$test:56 invoke]: Result 1: false | 20 | | cmd: Can't find service: window (UITuner.kt:56)
2019-03-12 08:53:13.714 D/[UITuner$setOverscanStatus$test:56 invoke]: Result 2: false | 255 | | Security exception: You either need MANAGE_USERS or CREATE_USERS permission to: query user (UITuner.kt:56)
java.lang.SecurityException: You either need MANAGE_USERS or CREATE_USERS permission to: query user
at com.android.server.pm.UserManagerService.checkManageOrCreateUsersPermission(UserManagerService.java:2097)
at com.android.server.pm.UserManagerService.getUserInfo(UserManagerService.java:1250)
at android.os.UserManager.getUserInfo(UserManager.java:1636)
at com.android.providers.settings.SettingsService$MyShellCommand.onCommand(SettingsService.java:273)
at android.os.ShellCommand.exec(ShellCommand.java:103)
at com.android.providers.settings.SettingsService.onShellCommand(SettingsService.java:51)
at android.os.Binder.shellCommand(Binder.java:642)
at android.os.Binder.onTransact(Binder.java:540)
at android.os.Binder.execTransact(Binder.java:739)
2019-03-12 08:53:13.727 D/[UITuner$setOverscanStatus$test:56 invoke]: Result 3: true | 0 | /sbin:/system/sbin:/system/bin:/system/xbin:/odm/bin:/vendor/bin:/vendor/xbin | (UITuner.kt:56)
2019-03-12 08:53:13.741 D/[UITuner$setOverscanStatus$test:56 invoke]: Result 4: true | 0 | Some echod text | (UITuner.kt:56)
2019-03-12 08:53:13.764 D/[UITuner$setOverscanStatus$test:56 invoke]: Result 5: true | 0 | uid=10290(u0_a290) gid=10290(u0_a290) groups=10290(u0_a290),9997(everybody),20290(u0_a290_cache),50290(all_a290) context=u:r:untrusted_app:s0:c34,c257,c512,c768 | (UITuner.kt:56)
I'm not sure if test 2 can succeed (have not seen an app doing it yet), but test 1 can succeed on unrooted devices if android.permission.WRITE_SECURE_SETTINGS
is granted to the app.
Do you have any ideas, why I instead get the Can't find service: window
although the same command works perfectly fine from an adb command line? I would expect an exception, if a permission is missing, but not the can't find error... I'm not sure at all if WRITE_SECURE_SETTINGS
and shell commands can work together at all, any ideas if this is even possible?