bypass android usb host permission confirmation di

2020-01-24 10:51发布

站内问答 / Android
2004 12 4

I want to use android in industry,

I can connect to Profilic and Ftdi USB to Serial chips with slickdevlabs.com library without any problem.

The application has a service and it starts on boot,connect to the usb serial port and do the other things.

my problem is that the host device does not have any interaction with user,

so when the android asks 

Allow the app "MyAPP" to access the USB device ?
[checkmark]Use by default for this USB device
Cancel            OK

there is no person to click on ok.

even when I check the use by default... checkbox,If I reinsert the USB ,or reboot the host device, it asks again on next boot.

I ran the service and app with SuperUser mode,but no difference,it asks again.

I added intent filter but no difference,it asks me every time.

        <intent-filter>
            <action android:name="android.hardware.usb.action.USB_DEVICE_ATTACHED" />
            <action android:name="android.hardware.usb.action.USB_DEVICE_DETACHED" />
        </intent-filter>

        <meta-data
            android:name="android.hardware.usb.action.USB_DEVICE_ATTACHED"
            android:resource="@xml/device_filter" />
        <meta-data
            android:name="android.hardware.usb.action.USB_DEVICE_DETACHED"
            android:resource="@xml/device_filter" />

Any opinion how to bypass or disable it ?

I have root and SU access.

12条回答
爷的心禁止访问
2楼-- · 2020-01-24 10:57

I know it's a bit late, but still...

I had the same kind of problem and I think I've managed to solve it. There's a service that Android uses internally that allows to manage USB devices and accessories. This service is hidden from thrid party developers and is not documented. If you check the source code for UsbPermissionActivity you'll be able to figure out how that service is called. In order to call the service IUsbManager interface and ServiceManager class are employed. These are both hidden too, so you can't use them directly. But what you can do is to create their stubs with exactly the same names and in corresponding namespaces (packages). Then you'll be able to compile that code, while the runtime environment will use the real things.

The only requirement is that your application has to be a system one - that is it has to be located in /system/app/ directory. Since your device is rooted that shouldn't be a problem.

So you will have to add a package to your project: "android.hardware.usb" and put a file in it named "IUsbManager.java" with the following content:

package android.hardware.usb;

public interface IUsbManager extends android.os.IInterface
{
    /** Local-side IPC implementation stub class. */
    public static abstract class Stub extends android.os.Binder implements android.hardware.usb.IUsbManager
    {
        /** Construct the stub at attach it to the interface. */
        public Stub()
        {
            throw new RuntimeException( "Stub!" );
        }
        /**
         * Cast an IBinder object into an android.hardware.usb.IUsbManager interface,
         * generating a proxy if needed.
         */
        public static android.hardware.usb.IUsbManager asInterface( android.os.IBinder obj )
        {
            throw new RuntimeException( "Stub!" );
        }

        public android.os.IBinder asBinder()
        {
            throw new RuntimeException( "Stub!" );
        }

        public boolean onTransact( int code, android.os.Parcel data, android.os.Parcel reply, int flags ) throws android.os.RemoteException
        {
            throw new RuntimeException( "Stub!" );
        }

        static final int TRANSACTION_getDeviceList = (android.os.IBinder.FIRST_CALL_TRANSACTION + 0);
        static final int TRANSACTION_openDevice = (android.os.IBinder.FIRST_CALL_TRANSACTION + 1);
        static final int TRANSACTION_getCurrentAccessory = (android.os.IBinder.FIRST_CALL_TRANSACTION + 2);
        static final int TRANSACTION_openAccessory = (android.os.IBinder.FIRST_CALL_TRANSACTION + 3);
        static final int TRANSACTION_setDevicePackage = (android.os.IBinder.FIRST_CALL_TRANSACTION + 4);
        static final int TRANSACTION_setAccessoryPackage = (android.os.IBinder.FIRST_CALL_TRANSACTION + 5);
        static final int TRANSACTION_hasDevicePermission = (android.os.IBinder.FIRST_CALL_TRANSACTION + 6);
        static final int TRANSACTION_hasAccessoryPermission = (android.os.IBinder.FIRST_CALL_TRANSACTION + 7);
        static final int TRANSACTION_requestDevicePermission = (android.os.IBinder.FIRST_CALL_TRANSACTION + 8);
        static final int TRANSACTION_requestAccessoryPermission = (android.os.IBinder.FIRST_CALL_TRANSACTION + 9);
        static final int TRANSACTION_grantDevicePermission = (android.os.IBinder.FIRST_CALL_TRANSACTION + 10);
        static final int TRANSACTION_grantAccessoryPermission = (android.os.IBinder.FIRST_CALL_TRANSACTION + 11);
        static final int TRANSACTION_hasDefaults = (android.os.IBinder.FIRST_CALL_TRANSACTION + 12);
        static final int TRANSACTION_clearDefaults = (android.os.IBinder.FIRST_CALL_TRANSACTION + 13);
        static final int TRANSACTION_setCurrentFunction = (android.os.IBinder.FIRST_CALL_TRANSACTION + 14);
        static final int TRANSACTION_setMassStorageBackingFile = (android.os.IBinder.FIRST_CALL_TRANSACTION + 15);
    }

    /* Returns a list of all currently attached USB devices */
    public void getDeviceList( android.os.Bundle devices ) throws android.os.RemoteException;
    /* Returns a file descriptor for communicating with the USB device.
         * The native fd can be passed to usb_device_new() in libusbhost.
         */
    public android.os.ParcelFileDescriptor openDevice( java.lang.String deviceName ) throws android.os.RemoteException;
    /* Returns the currently attached USB accessory */
    public android.hardware.usb.UsbAccessory getCurrentAccessory() throws android.os.RemoteException;
    /* Returns a file descriptor for communicating with the USB accessory.
         * This file descriptor can be used with standard Java file operations.
         */
    public android.os.ParcelFileDescriptor openAccessory( android.hardware.usb.UsbAccessory accessory ) throws android.os.RemoteException;
    /* Sets the default package for a USB device
         * (or clears it if the package name is null)
         */
    public void setDevicePackage( android.hardware.usb.UsbDevice device, java.lang.String packageName ) throws android.os.RemoteException;
    /* Sets the default package for a USB accessory
         * (or clears it if the package name is null)
         */
    public void setAccessoryPackage( android.hardware.usb.UsbAccessory accessory, java.lang.String packageName ) throws android.os.RemoteException;
    /* Returns true if the caller has permission to access the device. */
    public boolean hasDevicePermission(android.hardware.usb.UsbDevice device) throws android.os.RemoteException;
    /* Returns true if the caller has permission to access the accessory. */
    public boolean hasAccessoryPermission( android.hardware.usb.UsbAccessory accessory ) throws android.os.RemoteException;
    /* Requests permission for the given package to access the device.
         * Will display a system dialog to query the user if permission
         * had not already been given.
         */
    public void requestDevicePermission( android.hardware.usb.UsbDevice device, java.lang.String packageName, android.app.PendingIntent pi ) throws android.os.RemoteException;
    /* Requests permission for the given package to access the accessory.
         * Will display a system dialog to query the user if permission
         * had not already been given. Result is returned via pi.
         */
    public void requestAccessoryPermission( android.hardware.usb.UsbAccessory accessory, java.lang.String packageName, android.app.PendingIntent pi ) throws android.os.RemoteException;
    /* Grants permission for the given UID to access the device */
    public void grantDevicePermission( android.hardware.usb.UsbDevice device, int uid ) throws android.os.RemoteException;
    /* Grants permission for the given UID to access the accessory */
    public void grantAccessoryPermission( android.hardware.usb.UsbAccessory accessory, int uid ) throws android.os.RemoteException;
    /* Returns true if the USB manager has default preferences or permissions for the package */
    public boolean hasDefaults( java.lang.String packageName ) throws android.os.RemoteException;
    /* Clears default preferences and permissions for the package */
    public void clearDefaults( java.lang.String packageName ) throws android.os.RemoteException;
    /* Sets the current USB function. */
    public void setCurrentFunction( java.lang.String function, boolean makeDefault ) throws android.os.RemoteException;
    /* Sets the file path for USB mass storage backing file. */
    public void setMassStorageBackingFile( java.lang.String path ) throws android.os.RemoteException;
}

Then another package: "android.os" with "ServiceManager.java":

package android.os;

import java.util.Map;

public final class ServiceManager
{
    public static IBinder getService( String name )
    {
        throw new RuntimeException( "Stub!" );
    }

    /**
     * Place a new @a service called @a name into the service
     * manager.
     * 
     * @param name the name of the new service
     * @param service the service object
     */
    public static void addService( String name, IBinder service )
    {
        throw new RuntimeException( "Stub!" );
    }

    /**
     * Retrieve an existing service called @a name from the
     * service manager.  Non-blocking.
     */
    public static IBinder checkService( String name )
    {
        throw new RuntimeException( "Stub!" );
    }

    public static String[] listServices() throws RemoteException
    {
        throw new RuntimeException( "Stub!" );
    }

    /**
     * This is only intended to be called when the process is first being brought
     * up and bound by the activity manager. There is only one thread in the process
     * at that time, so no locking is done.
     * 
     * @param cache the cache of service references
     * @hide
     */
    public static void initServiceCache( Map<String, IBinder> cache )
    {
        throw new RuntimeException( "Stub!" );
    }
}

Note that interfaces of these classes may change depending on the version of Android. In my case the version is 4.0.3. So if you have another version of Android and this code doesn't work you will have to check the source code for your particular version of OS.

Here's an example of using the service to grant permissions to all FTDI devices:

import java.util.HashMap;
import java.util.Iterator;

import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.hardware.usb.IUsbManager;
import android.hardware.usb.UsbDevice;
import android.hardware.usb.UsbManager;
import android.os.IBinder;
import android.os.ServiceManager;

public class LaunchReceiver extends BroadcastReceiver
{
    public void onReceive( Context context, Intent intent )
    {
        String action = intent.getAction();
        if( action != null && action.equals( Intent.ACTION_BOOT_COMPLETED ) )
        {
            try
            {
                PackageManager pm = context.getPackageManager();
                ApplicationInfo ai = pm.getApplicationInfo( YOUR_APP_PACKAGE_NAMESPACE, 0 );
                if( ai != null )
                {
                    UsbManager manager = (UsbManager) context.getSystemService( Context.USB_SERVICE );
                    IBinder b = ServiceManager.getService( Context.USB_SERVICE );
                    IUsbManager service = IUsbManager.Stub.asInterface( b );

                    HashMap<String, UsbDevice> deviceList = manager.getDeviceList();
                    Iterator<UsbDevice> deviceIterator = deviceList.values().iterator();
                    while( deviceIterator.hasNext() )
                    {
                            UsbDevice device = deviceIterator.next();
                            if( device.getVendorId() == 0x0403 )
                            {
                                service.grantDevicePermission( device, ai.uid );
                                service.setDevicePackage( device, YOUR_APP_PACKAGE_NAMESPACE );
                            }
                    }
                }
            }
            catch( Exception e )
            {
                trace( e.toString() );
            }
        }
    }
}

One more thing - you will have to add the following permission to your manifest (Lint might not like it but you can always change severity level in your project's properties): 

<uses-permission android:name="android.permission.MANAGE_USB" />
查看更多
0人赞 添加讨论(0) 举报
我想做一个坏孩纸
3楼-- · 2020-01-24 10:57

If you have access to the Android source code, here is the code you need to disable the permission dialog

https://gitlab.tubit.tu-berlin.de/justus.beyer/streamagame_platform_frameworks_base/commit/e97b62ed0d4050acacbf54781435686ea28edd73

The code update above creates a config option you can use, or instead you can hardcode it using the value true in-place of mDisablePermissionDialogs to disable the permission dialog.

In services/usb/java/com/android/server/usb/UsbSettingsManager.java

查看更多
0人赞 添加讨论(0) 举报
Deceive 欺骗
4楼-- · 2020-01-24 10:58

@d_d_t aswer is great, but it dosen't work on Android > 4.2.2. Use this interface:

public interface IUsbManager extends android.os.IInterface
{
/** Local-side IPC implementation stub class. */
public static abstract class Stub extends android.os.Binder implements android.hardware.usb.IUsbManager {
    private static final java.lang.String DESCRIPTOR = "android.hardware.usb.IUsbManager";

    /** Construct the stub at attach it to the interface. */
    public Stub()         {
        throw new RuntimeException( "Stub!" );
    }

    /**
     * Cast an IBinder object into an android.hardware.usb.IUsbManager
     * interface, generating a proxy if needed.
     */
    public static android.hardware.usb.IUsbManager asInterface( android.os.IBinder obj) {
        throw new RuntimeException( "Stub!" );
    }

    @Override
    public android.os.IBinder asBinder() {
        throw new RuntimeException( "Stub!" );
    }

    @Override
    public boolean onTransact(int code, android.os.Parcel data, android.os.Parcel reply, int flags) throws android.os.RemoteException {
        throw new RuntimeException( "Stub!" );
    }

    static final int TRANSACTION_getDeviceList = (android.os.IBinder.FIRST_CALL_TRANSACTION + 0);
    static final int TRANSACTION_openDevice = (android.os.IBinder.FIRST_CALL_TRANSACTION + 1);
    static final int TRANSACTION_getCurrentAccessory = (android.os.IBinder.FIRST_CALL_TRANSACTION + 2);
    static final int TRANSACTION_openAccessory = (android.os.IBinder.FIRST_CALL_TRANSACTION + 3);
    static final int TRANSACTION_setDevicePackage = (android.os.IBinder.FIRST_CALL_TRANSACTION + 4);
    static final int TRANSACTION_setAccessoryPackage = (android.os.IBinder.FIRST_CALL_TRANSACTION + 5);
    static final int TRANSACTION_hasDevicePermission = (android.os.IBinder.FIRST_CALL_TRANSACTION + 6);
    static final int TRANSACTION_hasAccessoryPermission = (android.os.IBinder.FIRST_CALL_TRANSACTION + 7);
    static final int TRANSACTION_requestDevicePermission = (android.os.IBinder.FIRST_CALL_TRANSACTION + 8);
    static final int TRANSACTION_requestAccessoryPermission = (android.os.IBinder.FIRST_CALL_TRANSACTION + 9);
    static final int TRANSACTION_grantDevicePermission = (android.os.IBinder.FIRST_CALL_TRANSACTION + 10);
    static final int TRANSACTION_grantAccessoryPermission = (android.os.IBinder.FIRST_CALL_TRANSACTION + 11);
    static final int TRANSACTION_hasDefaults = (android.os.IBinder.FIRST_CALL_TRANSACTION + 12);
    static final int TRANSACTION_clearDefaults = (android.os.IBinder.FIRST_CALL_TRANSACTION + 13);
    static final int TRANSACTION_setCurrentFunction = (android.os.IBinder.FIRST_CALL_TRANSACTION + 14);
    static final int TRANSACTION_setMassStorageBackingFile = (android.os.IBinder.FIRST_CALL_TRANSACTION + 15);
    static final int TRANSACTION_allowUsbDebugging = (android.os.IBinder.FIRST_CALL_TRANSACTION + 16);
    static final int TRANSACTION_denyUsbDebugging = (android.os.IBinder.FIRST_CALL_TRANSACTION + 17);
}

/* Returns a list of all currently attached USB devices */
public void getDeviceList(android.os.Bundle devices)
        throws android.os.RemoteException;

/*
 * Returns a file descriptor for communicating with the USB device. The
 * native fd can be passed to usb_device_new() in libusbhost.
 */
public android.os.ParcelFileDescriptor openDevice(
        java.lang.String deviceName) throws android.os.RemoteException;

/* Returns the currently attached USB accessory */
public android.hardware.usb.UsbAccessory getCurrentAccessory()
        throws android.os.RemoteException;

/*
 * Returns a file descriptor for communicating with the USB accessory. This
 * file descriptor can be used with standard Java file operations.
 */
public android.os.ParcelFileDescriptor openAccessory(
        android.hardware.usb.UsbAccessory accessory)
        throws android.os.RemoteException;

/*
 * Sets the default package for a USB device (or clears it if the package
 * name is null)
 */
public void setDevicePackage(android.hardware.usb.UsbDevice device,
        java.lang.String packageName, int userId)
        throws android.os.RemoteException;

/*
 * Sets the default package for a USB accessory (or clears it if the package
 * name is null)
 */
public void setAccessoryPackage(
        android.hardware.usb.UsbAccessory accessory,
        java.lang.String packageName, int userId)
        throws android.os.RemoteException;

/* Returns true if the caller has permission to access the device. */
public boolean hasDevicePermission(android.hardware.usb.UsbDevice device)
        throws android.os.RemoteException;

/* Returns true if the caller has permission to access the accessory. */
public boolean hasAccessoryPermission(
        android.hardware.usb.UsbAccessory accessory)
        throws android.os.RemoteException;

/*
 * Requests permission for the given package to access the device. Will
 * display a system dialog to query the user if permission had not already
 * been given.
 */
public void requestDevicePermission(android.hardware.usb.UsbDevice device,
        java.lang.String packageName, android.app.PendingIntent pi)
        throws android.os.RemoteException;

/*
 * Requests permission for the given package to access the accessory. Will
 * display a system dialog to query the user if permission had not already
 * been given. Result is returned via pi.
 */
public void requestAccessoryPermission(
        android.hardware.usb.UsbAccessory accessory,
        java.lang.String packageName, android.app.PendingIntent pi)
        throws android.os.RemoteException;

/* Grants permission for the given UID to access the device */
public void grantDevicePermission(android.hardware.usb.UsbDevice device,
        int uid) throws android.os.RemoteException;

/* Grants permission for the given UID to access the accessory */
public void grantAccessoryPermission(
        android.hardware.usb.UsbAccessory accessory, int uid)
        throws android.os.RemoteException;

/*
 * Returns true if the USB manager has default preferences or permissions
 * for the package
 */
public boolean hasDefaults(java.lang.String packageName, int userId)
        throws android.os.RemoteException;

/* Clears default preferences and permissions for the package */
public void clearDefaults(java.lang.String packageName, int userId)
        throws android.os.RemoteException;

/* Sets the current USB function. */
public void setCurrentFunction(java.lang.String function,
        boolean makeDefault) throws android.os.RemoteException;

/* Sets the file path for USB mass storage backing file. */
public void setMassStorageBackingFile(java.lang.String path)
        throws android.os.RemoteException;

/*
 * Allow USB debugging from the attached host. If alwaysAllow is true, add
 * the the public key to list of host keys that the user has approved.
 */
public void allowUsbDebugging(boolean alwaysAllow,
        java.lang.String publicKey) throws android.os.RemoteException;

/* Deny USB debugging from the attached host */
public void denyUsbDebugging() throws android.os.RemoteException;
}

And modify the code adding user id:

...
service.setDevicePackage( usbDevice, YOUR_APP_PACKAGE_NAMESPACE, ai.uid ); 
....
查看更多
0人赞 添加讨论(0) 举报
我只想做你的唯一
5楼-- · 2020-01-24 11:00

I had the same problem, the permission popup appear everytime i plug the USB cable, to solve it i just added the filter in the manifest and the xml file for VID and PID, just make sure you've setup USB device filtering as suggested in the SO link above or as documented here, and you put the good VID and PID. It was my problem, i didn't put the VID and PID that match to my device

查看更多
0人赞 添加讨论(0) 举报
再贱就再见
6楼-- · 2020-01-24 11:02

i had the same problem with the popup window and nobody to click on it. But i found a different solution (for rooted devices). The popup gets generated by android in the class UsbPermissionActivity (and that UsbPermissionActivity is started by the UsbSettingsManager). Look at the Android Sourcecode to see whats going on. The good thing here is, we can manipulate the bytecode of the UsbPermissionActivity to accept all UsbDevices. You need the tool Smali/Baksmali to do so. https://code.google.com/p/smali/

  1. Locate the file SystemUI.apk on your device
  2. Copy it to your computer with adb pull path/to/SystemUI.apk
  3. Unzip the apk
  4. Disassemble the classes.dex file with java -jar baksmali.jar classes.dex

  5. Find the file UsbPermissionActivity and inside of it find the line that says

    invoke-virtual {p0}, Lcom/android/systemui/usb/UsbPermissionActivity;->setupAlert()V

  6. Change this by commenting it out and adding two new lines

#invoke-virtual {p0}, Lcom/android/systemui/usb/UsbPermissionActivity;->setupAlert()V const/4 v0, 0x1 iput-boolean v0, p0, Lcom/android/systemui/usb/UsbPermissionActivity;->mPermissionGranted:Z invoke-virtual {p0}, Lcom/android/systemui/usb/UsbPermissionActivity;->finish()V

  1. Assemble it with java -jar smali.jar -o classes.dex out
  2. Replace the original classes.dex and zip everything again to SystemUI.apk
  3. Replace the original SystemUI.apk on your device with adb push services.jar path/to/SystemUI.apk or if that doesnt work with a filemanager ap
查看更多
0人赞 添加讨论(0) 举报
干净又极端
7楼-- · 2020-01-24 11:03

Android is really not designed to support this kind of usage out of the box. Personally, for non-interactive usage, I'd be tempted to consider using the USB serial driver in the linux kernel and skipping the android USB apis. But you'd have to be in a position to seriously modify the android installation - change the kernel configuration and/or load a module, create device files and set their permissions or owners, possibly add a unix group and android permission for apps allowed to access it.

Or you can look through the android source and disable the user confirmation; but if you do not have a from-source android build for the device, this may be trickier than the linux-level idea, since adapting open source android to run on a vendor device can be non-trivial (unless someone already offers a from-source build that is sufficiently functional for the device in question)

Indicentally, root/su access does not apply to applications themselves - it only means that an application which knowns how to run whatever tool your root hack left behind, can start up a helper program that runs as root, but the application itself does not and cannot. Using root to install the app on the system partition might get you some atypical android permissions, but you'd have to check if there are any which would help you with the usb.

查看更多
0人赞 添加讨论(0) 举报
1 2 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)