Explaining granting permission for other users/profiles (like work profile or private space)

[rugk]

STR

I have some users:

$ adb shell pm list users
Users:
	UserInfo{0:*****:4c13} running
	UserInfo{10:Arbeitsprofil:1030} running
	UserInfo{12:Private space:1090}

The current suggested command has two issues:

• it does not care for users in any way
• it also has a typo, as it does not quote the command the added addition && am force-stop com.dp.logcatapp, so this will likely not be run in the context of adb?
  I could not find it in the source here however for some reason?

About the typo

adb shell pm grant com.dp.logcatapp android.permission.READ_LOGS && am force-stop com.dp.logcatapp is shown in the app GUI (not copied though with that big button, which is also strange, IMHO?):

About users

adb shell pm grant com.dp.logcatapp android.permission.READ_LOGS does not seem to grant the permission to secondary users/work profile users.

The pm help though shows:

  grant [--user USER_ID] [--all-permissions] PACKAGE PERMISSION
  revoke [--user USER_ID] [--all-permissions] PACKAGE PERMISSION
    These commands either grant or revoke permissions to apps.  The permissions
    must be declared as used in the app's manifest, be runtime permissions
    (protection level dangerous), and the app targeting SDK greater than Lollipop MR1.
    Flags are:
    --user: Specifies the user for which the operation needs to be performed
    --all-permissions: If specified all the missing runtime permissions will
       be granted to the PACKAGE or to all the packages if none is specified.

Thus, I expected this to work (see my user listing above):

$ adb shell pm grant --user 10 com.dp.logcatapp android.permission.READ_LOGS

Exception occurred while executing 'grant':
java.lang.SecurityException: Shell does not have permission to access user 10
 com.android.server.am.ActivityManagerService.handleIncomingUser:13819 android.app.ActivityManager.handleIncomingUser:5283 com.android.server.pm.PackageManagerShellCommand.translateUserId:3954 
	at com.android.server.am.UserController.handleIncomingUser(UserController.java:2893)
	at com.android.server.am.ActivityManagerService.handleIncomingUser(ActivityManagerService.java:13819)
	at android.app.ActivityManager.handleIncomingUser(ActivityManager.java:5283)
	at com.android.server.pm.PackageManagerShellCommand.translateUserId(PackageManagerShellCommand.java:3954)
	at com.android.server.pm.PackageManagerShellCommand.runGrantRevokePermission(PackageManagerShellCommand.java:2664)
	at com.android.server.pm.PackageManagerShellCommand.onCommand(PackageManagerShellCommand.java:316)
	at com.android.modules.utils.BasicShellCommandHandler.exec(BasicShellCommandHandler.java:97)
	at android.os.ShellCommand.exec(ShellCommand.java:38)
	at com.android.server.pm.PackageManagerService$IPackageManagerImpl.onShellCommand(PackageManagerService.java:6687)
	at android.os.Binder.shellCommand(Binder.java:1143)
	at android.os.Binder.onTransact(Binder.java:945)
	at android.content.pm.IPackageManager$Stub.onTransact(IPackageManager.java:4693)
	at com.android.server.pm.PackageManagerService$IPackageManagerImpl.onTransact(PackageManagerService.java:6671)
	at android.os.Binder.execTransactInternal(Binder.java:1411)
	at android.os.Binder.execTransact(Binder.java:1350)

Note the user ID seems to be correct, as for a non-existant user ID it reports a different (though strange) error:

$ adb shell pm grant --user 9999 com.dp.logcatapp android.permission.READ_LOGS
Failure [package not found]
Error: package not found

System

Device: Fairphone 4 (FP4)
OS: Android 15, CalyxOS 6.6.23
source: F-Droid
version: v2.2.1
Build-ID: BP1A.250405.007.25606230

[rugk]

#69 and #64 seems to suggest disabling some "Permission monitoring" setting in the developer options, but I actually cannot find that anywhere…

BTw doing this via wifi adb debugging, but this should not matter.

[darshanparajuli]

This is interesting. I definitely have not tested this on a multi-user environment.

$ adb shell pm grant --user 9999 com.dp.logcatapp android.permission.READ_LOGS
Failure [package not found]
Error: package not found

It seems like this error is for when the app is not installed for a particular user.

As for the other error with SecurityException, I'm not really sure. I also don't see "Disable permission monitoring" option on my device. Please post if you find anything. It definitely sounds like a system-level restriction.

[Go-rom]

Thank you, @rugk, for this information.

I granted read permission to my work profile with success.
I simply typed :
adb shell pm list users then adb shell pm grant --user 11 com.dp.logcatapp android.permission.READ_LOGS

I use a non-rooted phone (Galaxy S22) running Android 14 and Shelter.