Troubles installing programmatically an app with INSTALL_PACKAGES permission from /system/app

Zorb picture Zorb · Nov 15, 2011 · Viewed 8.5k times · Source

I'm trying to install programmatically an app without user interaction and i'm getting this error

 SecurityException: Neither user 10057 nor current process has android.permission.INSTALL_PACKAGES

My installer is located in /system/app on rooted phone, "Install non market apps" is checked , the installer has permission

<uses-permission android:name="android.permission.INSTALL_PACKAGES"/>

This is my call function

 private void puk(Context context) throws IllegalArgumentException, IllegalAccessException, InvocationTargetException{

    String fileName = PAKAGE_FILE_NAME ;
    String dir_type = Environment.DIRECTORY_DOWNLOADS;

    File dir= Environment.getExternalStoragePublicDirectory(dir_type);
    java.io.File file = new java.io.File(dir ,fileName);
    Uri packageUri = Uri.fromFile(file);

    PackageManager pm = context.getPackageManager();

    Class<? extends PackageManager> o = pm.getClass();
    Method[] allMethods=o.getMethods();

    for (Method m : allMethods) {
        if (m.getName().equals("installPackage")) { 
            Log.e(TAG, "installing the app.." );
            m.invoke(pm,new Object[] { packageUri, null, 1, "com.mic.zapp"});
            break;
        }
    }

}  

I'm getting this error

 11-15 02:46:23.320: W/System.err(10848): java.lang.reflect.InvocationTargetException
 11-15 02:46:23.330: W/System.err(10848):   at java.lang.reflect.Method.invokeNative(Native Method)
 11-15 02:46:23.330: W/System.err(10848):   at java.lang.reflect.Method.invoke(Method.java:507)
 11-15 02:46:23.330: W/System.err(10848):   at com.mic.pvtapi.PvtApiReflectActivity.puk(PvtApiReflectActivity.java:56)
 11-15 02:46:23.330: W/System.err(10848):   at com.mic.pvtapi.PvtApiReflectActivity.onCreate(PvtApiReflectActivity.java:28)
 11-15 02:46:23.330: W/System.err(10848):   at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1047)
 11-15 02:46:23.330: W/System.err(10848):   at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:1722)
 11-15 02:46:23.330: W/System.err(10848):   at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:1784)
 11-15 02:46:23.330: W/System.err(10848):   at android.app.ActivityThread.access$1500(ActivityThread.java:123)
 11-15 02:46:23.330: W/System.err(10848):   at android.app.ActivityThread$H.handleMessage(ActivityThread.java:939)
 11-15 02:46:23.330: W/System.err(10848):   at android.os.Handler.dispatchMessage(Handler.java:99)
 11-15 02:46:23.330: W/System.err(10848):   at android.os.Looper.loop(Looper.java:130)
 11-15 02:46:23.330: W/System.err(10848):   at android.app.ActivityThread.main(ActivityThread.java:3835)
 11-15 02:46:23.330: W/System.err(10848):   at java.lang.reflect.Method.invokeNative(Native Method)
 11-15 02:46:23.330: W/System.err(10848):   at java.lang.reflect.Method.invoke(Method.java:507)
 11-15 02:46:23.330: W/System.err(10848):   at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:847)
 11-15 02:46:23.330: W/System.err(10848):   at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:605)
 11-15 02:46:23.330: W/System.err(10848):   at dalvik.system.NativeStart.main(Native Method)
 11-15 02:46:23.330: W/System.err(10848): Caused by: java.lang.SecurityException: Neither user 10057 nor current process has android.permission.INSTALL_PACKAGES.
 11-15 02:46:23.340: W/System.err(10848):   at android.os.Parcel.readException(Parcel.java:1322)
 11-15 02:46:23.340: W/System.err(10848):   at android.os.Parcel.readException(Parcel.java:1276)
 11-15 02:46:23.340: W/System.err(10848):   at android.content.pm.IPackageManager$Stub$Proxy.installPackage(IPackageManager.java:2037)
 11-15 02:46:23.340: W/System.err(10848):   at android.app.ContextImpl$ApplicationPackageManager.installPackage(ContextImpl.java:2613)

I have readed that ti is possible to gain INSTALL_PAKAGES permissions in two ways: signing the app with firmware's key or putting the app in the firmware. My app is runng from /system/app so it has to gain privileges.

Some one know what is wrong and give me some hints? Thanks

EDIT:

One step forward, two steps backward

i'we added new permission to the app

 <permission 
        android:name="com.mic.pvtapi.permission.INS_AP"
    android:label="etichetta_perm"
    android:protectionLevel="signatureOrSystem" />

<uses-permission android:name="com.mic.pvtapi.permission.INS_AP"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>

no more error

Neither user 10057 nor current process has android.permission.INSTALL_PACKAGES

but the new one

     11-15 19:43:58.895: I/ActivityManager(1838): Displayed com.mic.pvtapi/.PvtApiReflectActivity: +421ms
 11-15 19:43:58.955: D/dalvikvm(4008): GC_EXPLICIT freed 3K, 51% free 2681K/5379K, external 0K/0K, paused 132ms
 11-15 19:43:58.955: W/ActivityManager(1838): No content provider found for: 
 11-15 19:43:58.955: E/PackageManager(1838): Couldn't create temp file for downloaded package file.
 11-15 19:43:58.955: W/dalvikvm(1838): threadid=13: thread exiting with uncaught exception (group=0x40018560)
 11-15 19:43:58.965: E/AndroidRuntime(1838): *** FATAL EXCEPTION IN SYSTEM PROCESS: PackageManager
 11-15 19:43:58.965: E/AndroidRuntime(1838): java.lang.NullPointerException
 11-15 19:43:58.965: E/AndroidRuntime(1838):    at com.android.server.PackageManagerService$FileInstallArgs.createCopyFile(PackageManagerService.java:5247)
 11-15 19:43:58.965: E/AndroidRuntime(1838):    at com.android.server.PackageManagerService$FileInstallArgs.copyApk(PackageManagerService.java:5255)
 11-15 19:43:58.965: E/AndroidRuntime(1838):    at com.android.server.PackageManagerService$InstallParams.handleStartCopy(PackageManagerService.java:5051)
 11-15 19:43:58.965: E/AndroidRuntime(1838):    at com.android.server.PackageManagerService$HandlerParams.startCopy(PackageManagerService.java:4902)
 11-15 19:43:58.965: E/AndroidRuntime(1838):    at com.android.server.PackageManagerService$PackageHandler.doHandleMessage(PackageManagerService.java:516)
 11-15 19:43:58.965: E/AndroidRuntime(1838):    at com.android.server.PackageManagerService$PackageHandler.handleMessage(PackageManagerService.java:461)
 11-15 19:43:58.965: E/AndroidRuntime(1838):    at android.os.Handler.dispatchMessage(Handler.java:99)
 11-15 19:43:58.965: E/AndroidRuntime(1838):    at android.os.Looper.loop(Looper.java:130)
 11-15 19:43:58.965: E/AndroidRuntime(1838):    at android.os.HandlerThread.run(HandlerThread.java:60)
 11-15 19:43:58.975: I/Process(1838): Sending signal. PID: 1838 SIG: 9
 11-15 19:43:59.005: I/ServiceManager(1637): service 'SurfaceFlinger' died   

make my phone crash, freez and reboot

Answer

weidongxu picture weidongxu · Apr 9, 2015

Refer to signatureOrSystem permissions on custom ROM

Basically,

  1. add the required <uses-permission>
  2. push apk to /system/priv-app

Done (well, at least works for me).

You do not need to add android:protectionLevel="signatureOrSystem" or android:sharedUserId="android.uid.system". You could sign with any certification.