Outils pour utilisateurs

Outils du site


Panneau latéral

android:permissions

Explorons les permissions des applications

Nous utiliserons:

Cherchons le chemin de l'application Word

$ pm list packages -f | grep word | sort | sed 's/package://'
/system/priv-app/Word_SamsungStub/Word_SamsungStub.apk=com.microsoft.office.word
Avec aapt explorons
$ /data/local/tmp/aapt-arm-pie d permissions /system/priv-app/Word_SamsungStub/Word_SamsungStub.apk
package: com.microsoft.office.word
permission: com.microsoft.office.word.permission.CONTENT_WRITE
uses-permission: name='android.permission.WRITE_EXTERNAL_STORAGE'
uses-permission: name='android.permission.INTERNET'
uses-permission: name='android.permission.ACCESS_NETWORK_STATE'
uses-permission: name='android.permission.GET_ACCOUNTS'
uses-permission: name='android.permission.MANAGE_ACCOUNTS'
uses-permission: name='android.permission.AUTHENTICATE_ACCOUNTS'
uses-permission: name='android.permission.USE_CREDENTIALS'
uses-permission: name='android.permission.ACCESS_WIFI_STATE'
uses-permission: name='android.permission.READ_USER_DICTIONARY'
uses-permission: name='android.permission.WRITE_USER_DICTIONARY'
uses-permission: name='android.permission.WAKE_LOCK'
uses-permission: name='android.permission.RECEIVE_BOOT_COMPLETED'
uses-permission: name='com.android.alarm.permission.SET_ALARM'
a/local/tmp/aapt-arm-pie d permissions /system/priv-app/Word_SamsungStub/Word_SamsungStub.apk
Avec appops
$ cmd appops get com.microsoft.office.word
READ_EXTERNAL_STORAGE: allow; time=+26m42s911ms ago
WRITE_EXTERNAL_STORAGE: allow; time=+26m42s911ms ago
RUN_IN_BACKGROUND: ignore; time=+7h41m45s554ms ago; rejectTime=+26m42s788ms ago
Et enfin avec dumpsys
$ dumpsys package com.microsoft.office.word | sed -n '/requested permissions/,/User 0/p'
    requested permissions:
      android.permission.WRITE_EXTERNAL_STORAGE
      android.permission.INTERNET
      android.permission.ACCESS_NETWORK_STATE
      android.permission.GET_ACCOUNTS
      android.permission.MANAGE_ACCOUNTS
      android.permission.AUTHENTICATE_ACCOUNTS
      android.permission.USE_CREDENTIALS
      android.permission.ACCESS_WIFI_STATE
      android.permission.READ_USER_DICTIONARY
      android.permission.WRITE_USER_DICTIONARY
      android.permission.WAKE_LOCK
      android.permission.RECEIVE_BOOT_COMPLETED
      com.android.alarm.permission.SET_ALARM
      android.permission.READ_EXTERNAL_STORAGE
    install permissions:
      android.permission.USE_CREDENTIALS: granted=true
      android.permission.MANAGE_ACCOUNTS: granted=true
      android.permission.SYSTEM_ALERT_WINDOW: granted=true
      android.permission.WRITE_SYNC_SETTINGS: granted=true
      android.permission.RECEIVE_BOOT_COMPLETED: granted=true
      com.android.alarm.permission.SET_ALARM: granted=true
      android.permission.AUTHENTICATE_ACCOUNTS: granted=true
      android.permission.INTERNET: granted=true
      com.microsoft.office.onenote.permission.CONTENT_READ: granted=true
      android.permission.ACCESS_NETWORK_STATE: granted=true
      android.permission.WRITE_USER_DICTIONARY: granted=true
      android.permission.READ_USER_DICTIONARY: granted=true
      android.permission.ACCESS_WIFI_STATE: granted=true
      com.android.launcher.permission.INSTALL_SHORTCUT: granted=true
      android.permission.WAKE_LOCK: granted=true
    User 0: ceDataInode=262342 installed=true hidden=false suspended=false stopped=false notLaunched=false enabled=0
Oui mais pour lister les packages qui autorisent une permission ? Scriptons:
# la permission voulue
permission="READ_SMS: granted=true"
# pour chaque package remonté alphabétiquement (sort) par pm list packages
# sed pour garder nom package
for app in $(pm list packages | sort | sed 's/package://;s/\.apk.*$/\.apk/')
do
# $tmp récupère le retour de dumpsys package
# 2> redirige STDERR vers /dev/null
# grep 1ère (-m1) occurence (READ_SMS: granted=true)
# et sed pour nettoyer fin de chaîne (true.*$)
tmp="$(dumpsys package "$app" 2> /dev/null | grep -m1 "$permission" | sed 's/true.*$/true/')"
# si $tmp non vide
if [ ! -z "$tmp" ]
then
# printons
printf "|%s|%s|\n" "$(printf "%s" "$app")" "$(printf "%s" "$tmp")" 
fi
done

# En inline
for app in $(pm list packages | sort | sed 's/package://;s/\.apk.*$/\.apk/') ; do tmp="$(dumpsys package "$app" 2> /dev/null | grep -m1 "$permission" | sed 's/true.*$/true/')" ; if [ ! -z "$tmp" ]; then printf "|%s|%s|\n" "$(printf "%s" "$app")" "$(printf "%s" "$tmp")" ; fi ; done
Ce qui donnera:

PackageConcerné
android android.permission.READ_SMS: granted=true
com.android.bluetooth android.permission.READ_SMS: granted=true
com.android.calllogbackup android.permission.READ_SMS: granted=true
com.android.contacts android.permission.READ_SMS: granted=true
com.android.inputdevices android.permission.READ_SMS: granted=true
com.android.keychain android.permission.READ_SMS: granted=true
com.android.location.fused android.permission.READ_SMS: granted=true
com.android.mms.service android.permission.READ_SMS: granted=true
com.android.phone android.permission.READ_SMS: granted=true
com.android.providers.blockednumber android.permission.READ_SMS: granted=true
com.android.providers.contacts android.permission.READ_SMS: granted=true
com.android.providers.settings android.permission.READ_SMS: granted=true
com.android.providers.telephony android.permission.READ_SMS: granted=true
com.android.providers.userdictionary android.permission.READ_SMS: granted=true
com.android.server.telecom android.permission.READ_SMS: granted=true
com.android.settings android.permission.READ_SMS: granted=true
com.android.stk android.permission.READ_SMS: granted=true
com.android.stk2 android.permission.READ_SMS: granted=true
com.android.systemui android.permission.READ_SMS: granted=true
com.android.wallpaperbackup android.permission.READ_SMS: granted=true
com.dsi.ant.server android.permission.READ_SMS: granted=true
com.mobeam.barcodeService android.permission.READ_SMS: granted=true
com.samsung.SMT android.permission.READ_SMS: granted=true
com.samsung.aasaservice android.permission.READ_SMS: granted=true
com.samsung.android.MtpApplication android.permission.READ_SMS: granted=true
com.samsung.android.SettingsReceiver android.permission.READ_SMS: granted=true
com.samsung.android.app.accesscontrol android.permission.READ_SMS: granted=true
com.samsung.android.app.advsounddetector android.permission.READ_SMS: granted=true
com.samsung.android.app.aodservice android.permission.READ_SMS: granted=true
com.samsung.android.app.appupdater android.permission.READ_SMS: granted=true
com.samsung.android.app.assistantmenu android.permission.READ_SMS: granted=true
com.samsung.android.app.colorblind android.permission.READ_SMS: granted=true
com.samsung.android.app.filterinstaller android.permission.READ_SMS: granted=true
com.samsung.android.app.scrollcapture android.permission.READ_SMS: granted=true
com.samsung.android.authservice android.permission.READ_SMS: granted=true
com.samsung.android.clipboarduiservice android.permission.READ_SMS: granted=true
com.samsung.android.communicationservice android.permission.READ_SMS: granted=true
com.samsung.android.contacts android.permission.READ_SMS: granted=true
com.samsung.android.coreapps android.permission.READ_SMS: granted=true
com.samsung.android.dlp.service android.permission.READ_SMS: granted=true
com.samsung.android.fingerprint.service android.permission.READ_SMS: granted=true
com.samsung.android.fmm android.permission.READ_SMS: granted=true
com.samsung.android.hmt.vrsvc android.permission.READ_SMS: granted=true
com.samsung.android.incallui android.permission.READ_SMS: granted=true
com.samsung.android.lool android.permission.READ_SMS: granted=true
com.samsung.android.messaging android.permission.READ_SMS: granted=true
com.samsung.android.mhdrservice android.permission.READ_SMS: granted=true
com.samsung.android.personalpage.service android.permission.READ_SMS: granted=true
com.samsung.android.quickassist android.permission.READ_SMS: granted=true
com.samsung.android.securitylogagent android.permission.READ_SMS: granted=true
com.samsung.android.sm android.permission.READ_SMS: granted=true
com.samsung.android.sm.provider android.permission.READ_SMS: granted=true
com.samsung.android.svcagent android.permission.READ_SMS: granted=true
com.samsung.android.themecenter android.permission.READ_SMS: granted=true
com.samsung.android.universalswitch android.permission.READ_SMS: granted=true
com.samsung.android.voicewakeup android.permission.READ_SMS: granted=true
com.samsung.clipboardsaveservice android.permission.READ_SMS: granted=true
com.samsung.crane android.permission.READ_SMS: granted=true
com.samsung.sec.android.application.csc android.permission.READ_SMS: granted=true
com.samsung.ucs.agent.boot android.permission.READ_SMS: granted=true
com.sec.android.AutoPreconfig android.permission.READ_SMS: granted=true
com.sec.android.Preconfig android.permission.READ_SMS: granted=true
com.sec.android.RilServiceModeApp android.permission.READ_SMS: granted=true
com.sec.android.app.DataCreate android.permission.READ_SMS: granted=true
com.sec.android.app.SecSetupWizard android.permission.READ_SMS: granted=true
com.sec.android.app.apex android.permission.READ_SMS: granted=true
com.sec.android.app.bluetoothtest android.permission.READ_SMS: granted=true
com.sec.android.app.camera.plb android.permission.READ_SMS: granted=true
com.sec.android.app.factorykeystring android.permission.READ_SMS: granted=true
com.sec.android.app.hwmoduletest android.permission.READ_SMS: granted=true
com.sec.android.app.parser android.permission.READ_SMS: granted=true
com.sec.android.app.personalization android.permission.READ_SMS: granted=true
com.sec.android.app.safetyassurance android.permission.READ_SMS: granted=true
com.sec.android.app.servicemodeapp android.permission.READ_SMS: granted=true
com.sec.android.app.simsettingmgr android.permission.READ_SMS: granted=true
com.sec.android.app.sysscope android.permission.READ_SMS: granted=true
com.sec.android.app.wfdbroker android.permission.READ_SMS: granted=true
com.sec.android.app.wlantest android.permission.READ_SMS: granted=true
com.sec.android.cover.ledcover android.permission.READ_SMS: granted=true
com.sec.android.diagmonagent android.permission.READ_SMS: granted=true
com.sec.android.easyonehand android.permission.READ_SMS: granted=true
com.sec.android.emergencylauncher android.permission.READ_SMS: granted=true
com.sec.android.emergencymode.service android.permission.READ_SMS: granted=true
com.sec.android.gallery3d android.permission.READ_SMS: granted=true
com.sec.android.omc android.permission.READ_SMS: granted=true
com.sec.android.preloadinstaller android.permission.READ_SMS: granted=true
com.sec.android.providers.security android.permission.READ_SMS: granted=true
com.sec.android.uibcvirtualsoftkey android.permission.READ_SMS: granted=true
com.sec.android.wallpapercropper2 android.permission.READ_SMS: granted=true
com.sec.app.RilErrorNotifier android.permission.READ_SMS: granted=true
com.sec.automation android.permission.READ_SMS: granted=true
com.sec.bcservice android.permission.READ_SMS: granted=true
com.sec.enterprise.mdm.services.simpin android.permission.READ_SMS: granted=true
com.sec.epdg android.permission.READ_SMS: granted=true
com.sec.factory android.permission.READ_SMS: granted=true
com.sec.factory.camera android.permission.READ_SMS: granted=true
com.sec.ims android.permission.READ_SMS: granted=true
com.sec.imslogger android.permission.READ_SMS: granted=true
com.sec.imsservice android.permission.READ_SMS: granted=true
com.sec.modem.settings android.permission.READ_SMS: granted=true
com.sec.phone android.permission.READ_SMS: granted=true
com.sec.sve android.permission.READ_SMS: granted=true
com.sec.usbsettings android.permission.READ_SMS: granted=true
com.sem.factoryapp android.permission.READ_SMS: granted=true
com.wssnps android.permission.READ_SMS: granted=true
com.wssyncmldm android.permission.READ_SMS: granted=true


Ici nous tapons sur l'ensemble des packages, pour filtrer par user utiliser pm list packages -3, possible d'intercaler un grep regex aussi.

Aller plus loin

android/permissions.txt · Dernière modification: 2019/03/10 21:44 de xanatos