All geek questions in one place

How to find permission source in Unity Android

Note. This question is specific to Unity3D

I have a very clean Android manifest file in a Unity project in the Plugins/Android/ folder Plugins/Android/ without the <uses-permissions/> . I believe that some permissions in the final APK are taken from the Android Player settings for the READ_EXTERNAL_STORAGE example. In my Gear VR project, I see the following lines added to the final manifest, which can be accessed in Temp/StagingArea/ :

 <uses-permission android:name="android.permission.RECORD_AUDIO" /> <uses-feature android:name="android.hardware.microphone" android:required="false" />

Now it definitely comes from one of the plugins that I have in my project (I have many plugins).

My application deviates from Oculus saying

Your application requests excessive user permissions for use by the user. permissions wrong.

I found a workaround here , but I do not want to do something that could lead to rejection of the application again.

So,

Is there any way to find out where this permission comes from?

How do I know if there is any code in my scripts that forces unity to include this permission?

thanks

+5
source share
3 answers

Unity will add you on-the-fly permissions during build, as indicated by eriQue of Unity Technologies , to prevent code malfunctioning and unexpected behavior.

You can use a tool like Apk-decompiler to take a look at your new manifest and what permissions it uses. Based on this, you can look for specific functions that these permissions can call.

Some functions, such as isGeniune , will require several permissions, as they will use verification on an external server.

Alternatively, you can also replace the manifest in the decompiled APK, manually change the manifest with the assigned one, and resign. This is another grumbling job, but with proper error logging it can speed up the process of tracking problematic functions.

Update

As I mentioned in the comments below. Unable to pinpoint functions. But a quick checklist can't hurt, but it will take some work

  • Do you use any external services?

Many external services, think about google, twitter, facebook api and tools require additional permissions. Usually these are storage / network related, but depending on the purpose of the / api tool this can be much more.

Try creating an APK with / without apis tools to see if there are any differences.

  • Do you use unity ads?

Unity ads use 3 permissions on their own, and older versions may even use 5. If you use your ads, you will have to take it for granted.

  • Have you disabled unity statistics?

Ever looked at these fantasy stats Unity seems to be able to provide? Well, if you didnโ€™t turn it off, you are likely to participate in it too.

This data requires several permissions, since the phone will be analyzed at the hardware level, as well as in the statistics provided.

  • Are you really using all your requirements for api / tool / assets?

You may have included some api tools, tools, or any third-party DLL that may or may not include code that requires dependency. Just as it often does not undergo 100% disinfection, and may include resolution requirements that are not related to their functionality, or required functionality.

Say that some advertising services may want to access users โ€™microphones. But since you are not using your OMG voice response analysis features, this permission is not required for you.

These permissions can be removed manually, as I previously described in my answer. Or through some form of automation, for example publish a published script editor .

SPECIFIC QUESTION:

RECORD_AUDIO allows passing into the android manifest file if there is a microphone library call in any of the script in the project. It does not matter if the script exists in the scene or not. In this particular case, if the Oculus Platform SDK is imported into the project (this is a store requirement), there are several scripts that use the Microphone library, therefore, if you do not use any audio recording function, for example, voice input, simply delete the following files in OculusPlatform/Scripts section: MicrophoneInput.cs, IMicrophone.cs, MicrophoneInputNative.cs

+2
source

@ mx-d is correct. I just want to add another way to fix this: in the build settings, you can mark the Google Android Project , which will generate the Android Studio project. From there, you can use the Android Studio manifest merge tool to override permissions.

Question # 1: the only way to find which library throws extra permission is to delete the libraries one by one, create the project, and check the .apk manifest. Unfortunately, unity is not as flexible as Android Studio.

Question # 2: You cannot add permissions to Unity using code (unless it sets up a script editor specifically designed for stitching manifest files)

+1
source

Easy way

I think this simpler approach applies if your Unity project is built using gradle . If this is not the case, here is another reason to upgrade.

Also, a big cry in an article called " Hey, where did these permissions come from? )

  1. Create your own project
  2. Open the file /path/to/my/project/Temp/gradleOut/build/outputs/logs/manifest-merger-release-report.txt
  3. Profit!
  4. Locate the file with the name of your permission and it will show you where it came from.

Here is the part of the file where I am looking for WRITE_EXTERNAL_STORAGE permission.

 uses-permission#android.permission.WRITE_EXTERNAL_STORAGE ADDED from /Users/clinton/Projects/<<ProjectName>>/Temp/gradleOut/src/main/AndroidManifest.xml:7:3-79 MERGED from [gradleOut:IronSource:unspecified] /Users/clinton/Projects/<<ProjectName>>/Temp/gradleOut/IronSource/build/intermediates/bundles/default/AndroidManifest.xml:13:5-81 android:name ADDED from /Users/clinton/Projects/<<ProjectName>>/Temp/gradleOut/src/main/AndroidManifest.xml:7:20-76

Hard way

Three permissions are added to your project.

  1. They are listed in the Android manifest file.
  2. They are listed in the library (.aar file).
  3. Unity adds permission when you use a specific function. (Added)

My examples use command-line tools on a Mac. I do not know the equivalents of Windows, but there you can find and run unix tools (using the linux subsystem for Windows 10, cygwin, custom binaries, etc.),

1. Find all permissions used in (uncompressed) Android Manifests.

 cd /path/to/my/project/Assets grep -r "uses-permission" --include "AndroidManifest.xml" .

This will detect all files with the name AndroidManifest in the current folder ( . ) Or in any of its subfolders ( -r says that it searches recursively) and spits out any line with the words "use-permission".

In my current project, I get the output something like this:

 ./Plugins/Android/AndroidManifest.xml: <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" /> ./Plugins/Android/AndroidManifest.xml: <uses-permission android:name="android.permission.INTERNET" /> ./Plugins/Android/AndroidManifest.xml: <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" /> ./Plugins/Android/AndroidManifest.xml: <uses-permission ./Plugins/Android/IronSource/AndroidManifest.xml: <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" /> ./Plugins/Android/IronSource/AndroidManifest.xml: <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />

2. Find the permissions required for Android libraries

Your project probably contains android libraries (.aar files) and java archives (.jar files). Some Android libraries contain the android manifest and specify the permissions required to use the library. (I donโ€™t think that .jar files actually do this, but .aar files do not work at all). Both .aar and .jar files are .zip files with a different extension and specific metadata in specific places.

Find them by running:

 find . -iname "*.?ar" -print -exec zipgrep "uses-permission" "{}" "AndroidManifest.xml" ";" 2> /dev/null

Here is what it does. It finds any file (in the current folder ( . ) And its subfolders) has the extension (something) ar, thus .jar or .aar ( -name "*.?ar" ). It displays the name of the archive file ( -print ). Then it starts zipgrep ( -exec ). Zipgrep is invited to search for any files in the archive ( {} ) called "AndroidManifest.xml" and display any line with the words "use-permission". Then we pass the errors to the bucket bit ( 2>/dev/null ), so we do not see many errors in archives that do not have an Android manifest in them.

An example output is as follows:

 ./OneSignal/Platforms/Android/onesignal-unity.aar AndroidManifest.xml: <uses-permission android:name="android.permission.INTERNET" /> AndroidManifest.xml: <uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" /> AndroidManifest.xml: <uses-permission android:name="android.permission.WAKE_LOCK" /> AndroidManifest.xml: <uses-permission android:name="android.permission.VIBRATE" /> ... ./Plugins/Android/android.arch.core.common-1.1.0.jar ./Plugins/Android/android.arch.core.runtime-1.1.0.aar ./Plugins/Android/android.arch.lifecycle.common-1.1.0.jar ... ./Plugins/Android/com.google.android.gms.play-services-gcm-11.8.0.aar AndroidManifest.xml: <uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" /> AndroidManifest.xml: <uses-permission android:name="android.permission.INTERNET" /> ./Plugins/Android/com.google.android.gms.play-services-gcm-license-11.8.0.aar ./Plugins/Android/com.google.android.gms.play-services-iid-11.8.0.aar AndroidManifest.xml: <uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" /> AndroidManifest.xml: <uses-permission android:name="android.permission.INTERNET" /> ./Plugins/Android/com.google.android.gms.play-services-iid-license-11.8.0.aar ...

File names begin with periods. Thus, I can see, for example, that singleignal-unity.aar sets several permissions, several .jar files were searched without any permissions inside them, and some game service libraries set permissions.

If I needed to change the library, I could rename .aar to .zip, extract it, edit, compress and rename. (It is not necessary to intelligently change permissions within the library, but it is possible.)

3. Unity Adds Permission

I had nothing to add; as said above, if you use the microphone API, Unity will add you permission to make your application work.

However, since then I realized that you can do the following:

  • display build settings for Android
  • check the box "Export project"
  • Export the project by marking the location
  • go to /my/project/export/src/main/AndroidManifest.xml. This is what Unity emits for the Android manifest (before google tools do all the merging).
  • compare it (using your favorite diff tool) with Assets / plugins / Android / AndroidManifest.xml; differences come from Oneness.
+1
source

Source: https://habr.com/ru/post/1260702/

More articles:


All Articles