Is it possible to change file permissions on Android’s internal storage?

Is it possible to change file permissions on Android's internal storage? Техника

It can be tricky to grant advanced permissions to Android apps without rooting your phone. Here’s how you can use ADB to achieve it.

An Android Smartphone next to a Laptop

Most Android apps can easily ask for basic permissions like storage or camera access. However, some apps require system-level permissions to function properly.

While you can overcome this by rooting your phone, that’s a complicated and sometimes unnecessary process. Instead, you can grant advanced permissions using ABD commands.

In this article, we’re going to explain what ADB is and how to use it to grant permissions on Android.

What Is Android Debug Bridge (ADB)?

ADB is a command-line tool by which you can connect an Android device to a computer to perform those tasks that typically require root. You can use various useful ADB commands to uninstall system apps, install APK files, take system logs, grant additional permissions to apps, and more.

How to Grant Permissions Over ADB

Before using the commands, you need to set up an ADB connection with your device. Using Windows, Mac, or Linux makes almost no difference, as the ADB commands are the same for all operating systems.

Visit the Android Developers website and download the SDK Platform-Tools file for your operating system. It downloads as a ZIP file. Once it is done, browse to the folder where you saved the file and extract it.

download sdk platform tools for android

Open PowerShell or the Terminal

Open the platform-tools folder you just extracted. On Windows 10, hold Shift and right-click in the folder and select Open PowerShell window here, or on Windows 11, just right-click and select Open in Terminal.

If you’re on Linux or Mac, you have to open a Terminal in the same folder where the contents of the platform-tools folder are stored. To do this on a Mac, open the folder and go to Finder > Services > New Terminal at Folder in the menu bar.

Enable Developer Options and USB Debugging

Now, you need to enable Developer Options on your smartphone, if you haven’t already. To do so, go to Settings > About phone and tap on the Build number (seven times). If it asks for a password, enter your lock screen password.

With that done, go to Developer Options (found at Settings > System on most phones) and enable USB debugging. Tap OK if prompted by a pop-up. Finally, connect your phone to your computer using a USB cable.

Confirm the Device Connection

Type the command below in PowerShell or Terminal to check your device is successfully connected. On Linux and Mac, all commands must be preceded by a dot-slash (./)

adb devices
adb devices test

If you cannot see your device’s unique serial number after entering the above command, it means something is wrong from your side. This happens mainly when your PC can’t detect the ADB drivers on your device.

To fix this issue, download and install the universal drivers from the ClockworkMod website or download the latest version ADB installer from a post on the XDA forums.

Allow USB Debugging

If you’re using ADB commands for the first time, after step four, a popup will appear on your phone to ask if you want to Allow USB debugging. Select the checkbox that says Always allow from this computer and tap Allow.

Enter the ADB Commands

adb shell
setup adb shell

Finally, you can use this command to grant permissions to any app using ADB:

pm grant <package-name> <permission>

Replace <package-name> with the app’s package name and <permission> with the required permission. The package name is different to the app name, so if you don’t know what it is, you can download Package Name Viewer 2.0 and search for the app that needs advanced permission.

In our case, we are going to grant permission to the Battery Guru app.

In this example, com.paget96.batteryguru is the package name and Android.permission.PACKAGE_USAGE_STATS is the permission we want to grant. This searches for the BatteryGuru app and grants access to see usage and statistics.

pm grant com.paget96.batteryguru android.permission.PACKAGE_USAGE_STATS

Get More Control Over Android With ADB

No doubt, ADB is a great tool for a host of helpful things. Not only does it help you grant app permissions, but you can also back up your system data without root.

Once you delve into the power of ADB, you’ll begin to understand and enjoy the versatility of the Android environment.

On all operating systems based on Linux kernel — like Android is — it’s possible to set permissions on files (including directories) provided that filesystem supports UNIX permissions (uid, gid, mode). Common examples of such filesystems are ext4 and f2fs.

However Android’s internal (confusingly called external) storage which is accessible by installed apps at /sdcard, is not an actual but virtual / emulated filesystem exposing /data/media (which is a real filesystem) through sdcardfs. sdcardfs and its predecessor FUSE expose the emulated filesystem with a fixed set of uid, gid and mask (mode). So the commands chmod and chown have no impact, whether executed through CLI (adb shell or terminal emulator) or GUI (file explorer).

It’s possible to change permission bits of file on underlying actual filesystem, but accessing /data/media requires root access because only UID/GID 1023 (aid_media_rw) has read access to the directory. And still the permissions will remain same when viewed from emulated view /sdcard.

Of course, modifications to /etc/fstab require root privileges. But
a single entry can
be used with much flexibility to (u)mount many different files on
different mount points, without any further editing of /etc/fstab.

Here are two very short (5 lines + comments) Bash scripts that will do the job:

#!/bin/sh
# usage: usmount device dir
# author: babou 2013/05/17 on https://unix.stackexchange.com/questions/32008/mount-an-loop-file-without-root-permission/76002#76002
# Allows normal user to mount device $1 on mount point $2
# Use /etc/fstab entry :
#       /tmp/UFS/drive /tmp/UFS/mountpoint  auto users,noauto 0 0
# and directory /tmp/UFS/
# Both have to be created (as superuser for the /etc/fstab entry)
rm -f /tmp/UFS/drive /tmp/UFS/mountpoint
ln -s `realpath -s $1` /tmp/UFS/drive
ln -s `realpath -s $2` /tmp/UFS/mountpoint
mount /tmp/UFS/drive || mount /tmp/UFS/mountpoint
# The last statement should be a bit more subtle
# Trying both is generally not useful.

and for dismounting

#!/bin/sh
# usage: usumount device dir
# author: babou 2013/05/17 on https://unix.stackexchange.com/questions/32008/mount-an-loop-file-without-root-permission/76002#76002
# Allows normal user to umount device $1 from mount point $2
# Use /etc/fstab entry :
#       /tmp/UFS/drive /tmp/UFS/mountpoint  auto users,noauto 0 0
# and directory /tmp/UFS/
# Both have to be created (as superuser for the /etc/fstab entry)
rm -f /tmp/UFS/drive /tmp/UFS/mountpoint
ln -s `realpath -s $1` /tmp/UFS/drive
ln -s `realpath -s $2` /tmp/UFS/mountpoint
umount /tmp/UFS/drive || umount /tmp/UFS/mountpoint
# One of the two umounts may fail because it is ambiguous
# Actually both could fail, with careless mounting organization :-)

This explanation was written before I realised I could simplify things to the two scripts above. I did not think of them right away partly because I have at hand a slightly more complex problem that they do not solve without some extra machinery. Thus my explanation may be a bit more intricate than it should, but I do not have the courage to rewrite it all from scratch.

First you add to /etc/fstab an entry such as:

/tmp/UFS/drive /tmp/UFS/mountpoint  auto users,noauto, 0 0

and use /tmp/UFS/drive as a symbolic link (or symlink) to whatever device or file
you wish to mount,
say a file containing the image of an ISO file system /home/johndoe/john-image-file.iso.

You also define /tmp/UFS/mountpoint as a symlink to the mount point you wish to use, say /mnt/iso.

You can then mount john-image-file.iso with the command :

$ mount /tmp/UFS/drive

This is sufficient on my Mageia Linux, since the use of loop devices
has now been made implicit, and no longer requires using -o loop explicitly. I do not know how general that is today. See
When mounting, when should I use a loop device?

This mounting appears in tables and commands :

$ df | tail -1
/dev/loop0       5,1G  5,1G     0 100% /mnt/iso
$ tail -1 /etc/mtab
/dev/loop0 /mnt/iso udf ro,nosuid,nodev,noexec,relatime,utf8 0 0
$ mount | tail -1
/home/johndoe/john-image-file.iso on /mnt/iso type udf (ro,nosuid,nodev,noexec,relatime,utf8)
$ tail -1 /proc/mounts
/dev/loop0 /mnt/iso udf ro,nosuid,nodev,noexec,relatime,utf8 0 0
$ tail -1 /proc/self/mountinfo
46 22 7:0 / /mnt/iso rw,nosuid,nodev,noexec,relatime - udf /dev/loop0 ro,utf8
$ tail -1 /proc/self/mountstats 
device /dev/loop0 mounted on /mnt/iso with fstype udf

The mounting operation could work for any file or drive and requires only to
make a symbolic link from /tmp/UFS/drive to that file or to the device for the drive. Of course, another name and location could be chosen for the symbolic link, as long as it never changes.

Dismounting the file relies in the same way on appropriate use of symbolic links. In the case of a normal device corresponding to some harware drive,
you just use the same links.

However, files containing the image of a file system are mounted via a special kind of device called a loop device, automatically allocated when you mount the file.

To dismount the file, you need to refer to the loop device, not the file.
Hence you need in /etc/fstab an entry that matches both the loop device
used in /etc/mtab, here /dev/loop0, and the mount point, here
/mnt/iso.

$ umount /tmp/UFS/drive
$ umount /dev/loop0
$ umount /mnt/iso
$ umount /tmp/UFS/mountpoint

Since the two symlinks are needed only when the commands are issued,
they can be changed dynamically. So our single /etc/fstab entry
allows mounting any number of files, and umounting them in any
order, without root privileges.

Firstly you need to understand what are app permissions and why it’s important to check all the permissions before installing an app. Well, here is a short description of app permission. Let me ask a question first. Have you ever seen a list with permissions when you install an app? Probably yes, because every time you install an application it will require to get access to some functions of the device.

This may sound as normal but there are many cases that apps require to get access on much more functions than its needed. That’s why it’s recommended always to read carefully all app requirements. If you found something suspicious contact the developer and ask why the app need those requirements.

So if you grant access to any app you can’t ever control what data and apps it can get access to. So without your notice someone can steal your contacts, read your messages and much more. The only way to prevent an app from accessing all it requirements, is to not install it in the first place.

Developers have found a solution to this problem, they have created different mods that allow you to revoke different permissions for individual apps. All this mods are very useful but they require root access. You still don’t have to worry. A new app developed by UU Safe has solved this problem. You can manage app permissions without having to root your phone.

UU purifier allows you to manage app permissions without root

The app named as UU AppPurifier, is easy to use and very helpful in the same time. It takes any of the installed apps and inject a wrapper into their code which allows you to disable certain permissions. The only requirement of this app is to enable “Unknown Sources” under Settings > Security.

The app can be downloaded on Play Store. Search it by name and install the app. When you open the app for the first time it will ask you to review the app license agreement. Just accept them and the main menu of the app will be open. You will see a big circle button which says Purify. Tap on the Purify button and a window with all the installed app will appear.

Select the app you want to revoke any special permission and press “Purify” button at the bottom of the screen. App purifier will ask you to uninstall the original copy of the app and then install the modified copy. It will inject a wrapper into the apk that provide a permission management for that app. Remember if you allow the AppPurifier to uninstall the original copy and replace it, all the app data will lost.

Once the app is uninstalled another system window will appear and asks you to re-install this app. You can repeat the uninstall/re-install process for every app you want to modify. When all the apps you selected have been purified, you will be taken to another window to manage permissions.

To revoke app permissions simply select one the modified apps and you will see another window appearing when you can easily revoke app permissions. When you finish modifying app’s permissions tap OK from the bottom of the screen. You can choose to modify any other app. If you are done just tap on “Set all”.

You have successfully changed app’s permissions. They no longer can access the permissions you already revoked. Now you are safe. You can protect your sensitive data against unauthorized third-party peoples.

How To Change App Permissions On Android M Without Root

Have you ever thought that you are very limited when you install an app on Android . When you install an app, Android put you in a tough choice. You will have to choose either to accept all the app permissions or not to install it at all. But why are those app permissions? Are they really needed for the app to work normally? In most of the cases permissions are needed for the app to work because it needs to get access to some data on your phone to fully work. But it might happen sometimes that the app requires to access too much on your phone.

Developers have found different ways to change app permissions on Android but all of them require to mess up with system files. To do that you will need to root your phone and as a result your warranty will be voided. It’s very important to manage well app permissions. There are many cases when an application requires to access much more than it need to work. I have seen different apps requiring to access camera or even the ability so send messages without noticing. It has no sense why it should do that without your notice.

Android M Permissions

How To Enable And Disable Android M App Permissions

  • Go to Settings -> Applications
  • Find the app you want to change permissions and tap on it.
  • Tap on permissions and a list with the app permissions will appear.
  • Tap on those permissions you want to disable.

My parent working directory is /cam/local/edence/empus

drwxr-xr-x 12 n i_ad 4096 Oct 31  2014 14.15
dr-xr-xr-x 12 n i_ad 4096 Feb 13  2015 14.22-s053
dr-xr-xr-x 12 n i_ad 4096 Sep  9  2015 15.12-s063
dr-xr-xr-x 12 n i_ad 4096 Mar 15  2016 15.21

My query is: Is it possible to create a new directory named(16.26) under the present working directory without root permission.I tried the command(mkdir 16.26) but it fails?

mkdir: cannot create directory ‘16.26’: Permission denied

asked Sep 19, 2016 at 10:34

sago's user avatar

Depends on the kind of permissions that are set for /cam/local/edence/empus.

Right now you don’t seem to have write permissions for that directory.

answered Sep 19, 2016 at 10:39

Seth's user avatar

1 gold badge18 silver badges34 bronze badges

newgrp command works fine for above query

answered Sep 20, 2016 at 3:42

sago's user avatar

1 silver badge3 bronze badges

What would be the best way to do this? I guess the backup job will need to connect as root to , but I don’t want to enable root ssh access on the servers.

thanks for any tips,

ps, all servers are running UBUNTU Server 12.04 LTS and are behind a university firewall.

asked Oct 9, 2012 at 0:20

olilarkin's user avatar

answered Oct 9, 2012 at 1:44

UtahJarhead's user avatar

2 gold badges13 silver badges15 bronze badges

If you just don’t have root ssh access, but have sudo(8) rights on the machine, you can do it.

rsync -a -e "ssh" --rsync-path="sudo rsync" localdir/ username@remote.example.com:/remotedir

See this answer for details and more options of doing it.

Community's user avatar

answered Mar 13, 2015 at 19:32

Matija Nalis's user avatar

Matija Nalis

15 silver badges24 bronze badges

Android «permanent» superuser permission for an app?

You can use my Library which does this.

Also, if you don’t want to use the library the source is available so you can just rip out my code and use it in your application.

Here is a link to the source:

try {
        process p= Runtime.getRuntime().exec(su);
    }
catch (IOException e) {
      e.printStackTrace();
   }

Yes, no need to mention that the device has to be already rooted!!!

Manage Android App Permissions Without Root Access

How to grant root access without SuperSU

I want to be able to bypass this step and let my app get root permission programmatically without having to click on the «Grant» button on the SuperSu dialog.

If you own the device then you can change the «Default access» to «Grant» in SuperSu settings. You can also change this on a per-app basis.

@WorkerThread
public static boolean tryChangingSuperSuDefaultAccess(Context context) throws Exception {
  String packageName = context.getPackageName();
  PackageManager pm = context.getPackageManager();
  // Get the preferences for SuperSu
  Context packageContext = context.createPackageContext("eu.chainfire.supersu", 0);
  SharedPreferences superSuPrefs = PreferenceManager.getDefaultSharedPreferences(packageContext);
  File superSuPrefsFile = getSharedPreferencesFile(superSuPrefs);
  // Copy SuperSu preferences to our app's shared_prefs directory
  SharedPreferences preferences = PreferenceManager.getDefaultSharedPreferences(context);
  File directory = getSharedPreferencesFile(preferences).getParentFile();
  File destination = new File(directory, "eu.chainfire.supersu.xml");
  int uid = pm.getApplicationInfo(context.getPackageName(), 0).uid;
  destination.getParentFile().mkdirs();
  Shell.SU.run("cp \"" + superSuPrefsFile + "\" \"" + destination + "\"");
  Shell.SU.run("chmod 0660 \"" + destination + "\"");
  Shell.SU.run("chown " + uid + " " + uid + " \"" + destination + "\"");
  // Now we can edit the shared preferences
  superSuPrefs = context.getSharedPreferences("eu.chainfire.supersu", Context.MODE_PRIVATE);
  SharedPreferences.Editor editor = superSuPrefs.edit();
  editor.putString(String.format("config_%s_notify", packageName), "no"); // disable SuperSu notifications
  editor.putString(String.format("config_%s_access", packageName), "grant"); // Set access to grant for this app
  // noinspection all
  editor.commit();
  // Copy the edited shared preferences back
  return Shell.SU.run("cp \"" + destination + "\" \"" + superSuPrefsFile + "\"").isSuccessful();
}
private static File getSharedPreferencesFile(SharedPreferences preferences)
    throws NoSuchFieldException, IllegalAccessException {
  Field field = preferences.getClass().getDeclaredField("mFile");
  if (!field.isAccessible()) field.setAccessible(true);
  return (File) field.get(preferences);
}

How to ask for root permission

Launch the Settings Application
Enable Developer Mode
Go Back to the Main Settings Menu
Scroll All the Way Down and Tap on the ‘Developer Options’ Option
Scroll Down and Tap on the ‘Root Access’ Option
Tap on the ‘Apps Only’ or ‘Apps and ADB’ Option

How to execute a command that requires root permission without sudo?

setcap CAP_NET_ADMIN+ep /usr/sbin/traceroute

While

traceroute

is running you can see its capabilities with

pscap

. This does not affect the UID/EUID of the process.

I don’t know how to do that but AFAIK it is possible, too, to use AppArmor (and probably SELinux) to run a process with certain capabilities. The main task is, of course, to limit the available capabilities.

Дополнительно:  What is the Default Username and Password?
Оцените статью
Master Hi-technology
Добавить комментарий