Why setWifiEnabled() throws setWifiEnabled for WRITE_SETTINGS permission (stack trace below)?
java.lang.SecurityException: Permission Denial: writing com.android.providers.settings.SettingsProvider uri content://settings/system from pid=25173, uid=10148 requires android.permission.WRITE_SETTINGS
at android.os.Parcel.readException(Parcel.java:1332)
at android.os.Parcel.readException(Parcel.java:1286)
at android.net.wifi.IWifiManager$Stub$Proxy.setWifiEnabled(IWifiManager.java:1156)
at android.net.wifi.WifiManager.setWifiEnabled(WifiManager.java:971)
This permission is not mentioned in Android documentation.
Should WRITE_SETTINGS permission be added to the manifest?
Yes, setWifiEnabled() will write data to Android setting database, so it requires WRTITE_SETTINGS permission.
Related
We have referred to this MSDN article for help on locking down the hardware buttons on our device.
The article is pretty straightforward and I managed to generate a prov.xml file with the help of our manufacture however when we try and upload our app to the Windows Store we get the following error:
Package acceptance validation error: File WindowsPhoneReservedAppInfo.xml is invalid: The 'Id' attribute is invalid - The value 'ID_CAP_ENTERPRISE_SHARED_DATA' is invalid according to its datatype 'http://schemas.microsoft.com/phone/2013/windowsphonereservedappinfo:ST_SoftwareCapability' - The Enumeration constraint failed.
I would have thought we would be required to include the WindowsPhoneReservedAppInfo.xml as described in the article above so that when we download the app we can lockdown the hardware buttons.
It's worth noting that if you don't have this file and attempt to lockdown you get the following error:
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
For anyone interested in the code that does the lockdown here it is (although the code works I just thought I would try and give a bit of context):
Dim _GUID As Guid = Windows.Embedded.DeviceLockdown.DeviceLockdownProfile.GetCurrentLockdownProfile()
If Windows.Embedded.DeviceLockdown.DeviceLockdownProfile.GetLockdownProfileInformation(_GUID).Name <> "Associate" Then
For Each G As Guid In Windows.Embedded.DeviceLockdown.DeviceLockdownProfile.GetSupportedLockdownProfiles()
If (Windows.Embedded.DeviceLockdown.DeviceLockdownProfile.GetLockdownProfileInformation(G).Name.Equals("Associate", StringComparison.CurrentCultureIgnoreCase)) Then
Await Windows.Embedded.DeviceLockdown.DeviceLockdownProfile.ApplyLockdownProfileAsync(G)
End If
Next
End If
Catch ex As Exception
End Try
We use the role Associate in the prov.xml file. The prov.xml file does lockdown the device as we want it too and that only works if we have the WindowsPhoneReservedAppInfo.xml file as described in the MSDN article so I can't understand why we can't upload to the Windows Store.
Does anyone have any ideas on how I should be uploading our app to the Windows Store?
I've spoken with our manufacturer and they have said this:
I have a strong feeling this cannot be used in a store app due to Microsoft rules…. So it looks like you can only use this in an Enterprise signed application (Which you then side load onto the device or download using a MDM).
That being the case I will have to look into MDM.
I'm new to Google Cloud Dataflow, as is probably obvious from my questions below.
I've got a dataflow application written and can get it to run without issue using my personal credentials both locally and on a GCE instance. However, I can't seem to crack the proper steps to get it to run using the compute engine instance's service credentials or service credentials I've created using the API & AUTH section of the console. I always get a 401 not authorized error when I run.
Here's what I've tried...
1) Created virtual machine granting access rights to storage, datastore, sql and compute engine. My understanding is that this supposedly created a CI specific services account that is the server's default credentials. These should be used the same way a user's authentication is used when an app is run on this instance. Here's where I get a 401. My question is... Where can I see this service account that was supposedly created? Or do I just rely that it exists somewhere?
2) Created service credentials in API & Auth portion of developer's console. Then used cloud auth activate-service-account and activated that account by pointing the command at the credentials json file I downloaded. Kind of like the OAUTH round trip when you use gcloud auth login. Here I also get the 401.
3) This last thing was using the service credentials from step 2 separate from the GCE instance and then create an object that implements the CredentialFactory interface and pass it off to the PipelineOptions. However, when it runs the app crashes now with an error saying that it is looking for a method, fromOptions, that isn't in the CredentialFactory interface. How the options were configured, what the credentials factory looked like and the stack trace from this follows.
I would be happy to utilize any of the above 3 methods to make use of service credentials, if I could get any of them to work. Any insight you can provide on what I'm doing wrong, steps I'm leaving out, other unexplored options would be greatly appreciated. The documentation is a little dis-jointed. If there is a clear step by step guide a link to that would be sufficient. What I've found so far on my own has been of little assistance.
If I can provide any additional information please let me know.
Here's some code that may be helpful and the stack trace I get when the code runs using the credential factory.
Options setup code looks like this:
GcrDataflowPipelineOptions options = PipelineOptionsFactory.fromArgs(args)
.withValidation()
.as(GcrDataflowPipelineOptions.class);
options.setKind("Counties");
options.setCredentialFactoryClass(GoogleCredentialProvider.class);
GoogleCredentialProvider.java
Notice the json file I downloaded as part of creating the services account (renamed) is what's loaded as a resource from my apps class path.
public class GoogleCredentialProvider implements CredentialFactory {
#Override
public Credential getCredential() throws IOException, GeneralSecurityException {
final String env = System.getProperty("gcr_dataflow_env", "local");
Properties props = new Properties();
ClassLoader loader = this.getClass().getClassLoader();
props.load(loader.getResourceAsStream(env + "-gcr-dataflow.properties"));
final String credFileName = props.getProperty("gcloud.dataflow.service.account.file");
InputStream credStream = loader.getResourceAsStream(credFileName);
GoogleCredential credential = GoogleCredential.fromStream(credStream);
return credential;
}
}
Stacktrace:
java.lang.RuntimeException: java.lang.RuntimeException: Unable to find factory method com.scotcro.gcr.dataflow.components.pipelines.GoogleCredentialProvider#fromOptions
at com.google.cloud.dataflow.sdk.runners.dataflow.BasicSerializableSourceFormat.evaluateReadHelper(BasicSerializableSourceFormat.java:268)
at com.google.cloud.dataflow.sdk.io.Read$Bound$1.evaluate(Read.java:123)
at com.google.cloud.dataflow.sdk.io.Read$Bound$1.evaluate(Read.java:120)
at com.google.cloud.dataflow.sdk.runners.DirectPipelineRunner$Evaluator.visitTransform(DirectPipelineRunner.java:684)
at com.google.cloud.dataflow.sdk.runners.TransformTreeNode.visit(TransformTreeNode.java:200)
at com.google.cloud.dataflow.sdk.runners.TransformTreeNode.visit(TransformTreeNode.java:196)
at com.google.cloud.dataflow.sdk.runners.TransformHierarchy.visit(TransformHierarchy.java:99)
at com.google.cloud.dataflow.sdk.Pipeline.traverseTopologically(Pipeline.java:208)
at com.google.cloud.dataflow.sdk.runners.DirectPipelineRunner$Evaluator.run(DirectPipelineRunner.java:640)
at com.google.cloud.dataflow.sdk.runners.DirectPipelineRunner.run(DirectPipelineRunner.java:354)
at com.google.cloud.dataflow.sdk.runners.DirectPipelineRunner.run(DirectPipelineRunner.java:76)
at com.google.cloud.dataflow.sdk.Pipeline.run(Pipeline.java:149)
at com.scotcro.gcr.dataflow.app.GcrDataflowApp.run(GcrDataflowApp.java:65)
at com.scotcro.gcr.dataflow.app.GcrDataflowApp.main(GcrDataflowApp.java:49)
Caused by: java.lang.RuntimeException: Unable to find factory method com.scotcro.gcr.dataflow.components.pipelines.GoogleCredentialProvider#fromOptions
at com.google.cloud.dataflow.sdk.util.InstanceBuilder.buildFromMethod(InstanceBuilder.java:224)
at com.google.cloud.dataflow.sdk.util.InstanceBuilder.build(InstanceBuilder.java:161)
at com.google.cloud.dataflow.sdk.options.GcpOptions$GcpUserCredentialsFactory.create(GcpOptions.java:180)
at com.google.cloud.dataflow.sdk.options.GcpOptions$GcpUserCredentialsFactory.create(GcpOptions.java:175)
at com.google.cloud.dataflow.sdk.options.ProxyInvocationHandler.getDefault(ProxyInvocationHandler.java:288)
at com.google.cloud.dataflow.sdk.options.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:127)
at com.sun.proxy.$Proxy42.getGcpCredential(Unknown Source)
at com.google.cloud.dataflow.sdk.io.DatastoreIO$Source.getDatastore(DatastoreIO.java:335)
at com.google.cloud.dataflow.sdk.io.DatastoreIO$Source.createReader(DatastoreIO.java:320)
at com.google.cloud.dataflow.sdk.io.DatastoreIO$Source.createReader(DatastoreIO.java:186)
at com.google.cloud.dataflow.sdk.runners.dataflow.BasicSerializableSourceFormat.evaluateReadHelper(BasicSerializableSourceFormat.java:259)
... 13 more
java.lang.RuntimeException: java.lang.RuntimeException: Unable to find factory method com.scotcro.gcr.dataflow.components.pipelines.GoogleCredentialProvider#fromOptions
2015-07-03 09:55:42,519 | main | DEBUG | co.sc.gc.da.ap.GcrDataflowApp | destroying
at com.google.cloud.dataflow.sdk.runners.dataflow.BasicSerializableSourceFormat.evaluateReadHelper(BasicSerializableSourceFormat.java:268)
at com.google.cloud.dataflow.sdk.io.Read$Bound$1.evaluate(Read.java:123)
at com.google.cloud.dataflow.sdk.io.Read$Bound$1.evaluate(Read.java:120)
at com.google.cloud.dataflow.sdk.runners.DirectPipelineRunner$Evaluator.visitTransform(DirectPipelineRunner.java:684)
at com.google.cloud.dataflow.sdk.runners.TransformTreeNode.visit(TransformTreeNode.java:200)
at com.google.cloud.dataflow.sdk.runners.TransformTreeNode.visit(TransformTreeNode.java:196)
at com.google.cloud.dataflow.sdk.runners.TransformHierarchy.visit(TransformHierarchy.java:99)
at com.google.cloud.dataflow.sdk.Pipeline.traverseTopologically(Pipeline.java:208)
at com.google.cloud.dataflow.sdk.runners.DirectPipelineRunner$Evaluator.run(DirectPipelineRunner.java:640)
at com.google.cloud.dataflow.sdk.runners.DirectPipelineRunner.run(DirectPipelineRunner.java:354)
at com.google.cloud.dataflow.sdk.runners.DirectPipelineRunner.run(DirectPipelineRunner.java:76)
at com.google.cloud.dataflow.sdk.Pipeline.run(Pipeline.java:149)
at com.scotcro.gcr.dataflow.app.GcrDataflowApp.run(GcrDataflowApp.java:65)
at com.scotcro.gcr.dataflow.app.GcrDataflowApp.main(GcrDataflowApp.java:49)
Caused by: java.lang.RuntimeException: Unable to find factory method com.scotcro.gcr.dataflow.components.pipelines.GoogleCredentialProvider#fromOptions
at com.google.cloud.dataflow.sdk.util.InstanceBuilder.buildFromMethod(InstanceBuilder.java:224)
at com.google.cloud.dataflow.sdk.util.InstanceBuilder.build(InstanceBuilder.java:161)
at com.google.cloud.dataflow.sdk.options.GcpOptions$GcpUserCredentialsFactory.create(GcpOptions.java:180)
at com.google.cloud.dataflow.sdk.options.GcpOptions$GcpUserCredentialsFactory.create(GcpOptions.java:175)
at com.google.cloud.dataflow.sdk.options.ProxyInvocationHandler.getDefault(ProxyInvocationHandler.java:288)
at com.google.cloud.dataflow.sdk.options.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:127)
at com.sun.proxy.$Proxy42.getGcpCredential(Unknown Source)
at com.google.cloud.dataflow.sdk.io.DatastoreIO$Source.getDatastore(DatastoreIO.java:335)
at com.google.cloud.dataflow.sdk.io.DatastoreIO$Source.createReader(DatastoreIO.java:320)
at com.google.cloud.dataflow.sdk.io.DatastoreIO$Source.createReader(DatastoreIO.java:186)
at com.google.cloud.dataflow.sdk.runners.dataflow.BasicSerializableSourceFormat.evaluateReadHelper(BasicSerializableSourceFormat.java:259)
... 13 more
You likely do not have the proper credentials. When you execute a Dataflow job from GCE, The service account attached to the instance will be used for validation by DataFlow.
Did you do this when creating your machines?
create a service account for the instance on GCE?
https://cloud.google.com/compute/docs/authentication#using
Set the required scopes for using Dataflow such as storage, compute,
and bigquery? https://www.googleapis.com/auth/cloud-platform
When using KeePass with the GoogleSync plugin (to sync the keypass db with Google Drive), I somehow messed up my config and received this message on every sync attempt:
Error occurred while sending a direct message or getting the response
I think what I actually did was try to switch my Google API credentials (from one API key to another)
The user config saves a Google auth key. In my case I changed the API credentials I wanted to use, but it could become corrupted in other ways and there doesn't seem to be a mechanism in KeePass/GoogleSync to rectify it.
Exit KeePass
Delete (or backup to a different name) the file %LOCALAPPDATA%\Dominik_Reichl\KeePass[...]\[version]\user.config
Restart KeePass and it'll regenerate it with the correct config
Found my reference here:
http://sourceforge.net/p/kp-googlesync/discussion/general/thread/5dc763ba/
I am trying to transfer ownership of files to Super Administrator. The essential part of the code is shown below. The same code works if I transfer ownership of a document that I own. But in this case the original owner is another user in the same domain. [EDIT] I know there is a "transfer-ownership-of-files-from-1-user-to-another" in admin panel, but this is needed for a case when multiple files/folders, from multiple owners needs to be transferred programmatically. [/EDIT]
So the simple scenario is:
user#domain.com owns a file
the ownership needs to be transferred to the admin#domain.com (Super Administrator). The code is running in AppEngine in Java Servlet. And the Super Administrator is authenticated with OAuth.
However it throws (500 OK) exception always in line update.execute(); (showed in the end).
Is this operation impossible even for a Super Admin?
Thanks for any tips!
try {
Drive service = getDriveService();
Permission newPerm = new Permission();
newPerm.setValue("admin#domain.com");
newPerm.setType("user");
newPerm.setRole("writer");
newPerm = service.permissions().insert(fileId, newPerm).execute();
newPerm.setRole("owner");
Update update = service.permissions().update(fileId, newPerm.getId(), newPerm);
update.setTransferOwnership(true);
update.execute();
} catch (IOException e) {
e.printStackTrace();
log.severe(e.getMessage());
}
The exception thrown looks like:
SEVERE: 500 OK
{
"code" : 500,
"errors" : [ {
"domain" : "global",
"message" : "Internal Error",
"reason" : "internalError"
} ],
"message" : "Internal Error"
}
I finally got this working at least partly. Thanks #ZigMandel for the "impersonation" hint! Now I followed this Domain-wide Delegation of Authority carefully. And used the GoogleCredential created using "Service account"-key. With this credential I can impersonate the Drive API operations like adding permissions and transferring ownership to Admin, for example.
The problem that still remains is that with current Drive API it is impossible to programmatically determine the owner email address, which is needed for impersonated credential creation. Now I need to find a workaround for this. Anyway the fundamental idea works now. Thanks!
You wont be able to do it from apps script.
Can be done from appengine. Ive done it but its beyond of the scope to explain here. Involves using the drive api on behalf of the file owner and adding the oauth permissions at the domain level.
I want to get URLStream from MJPG, but I have received Error #2048: Security sandbox violation error in release version.
What I'm trying to do:
Security.allowDomain("*");
Security.allowInsecureDomain("*");
var stream:URLStream = new URLStream();
//receiving this error event in onStreamSecurityError handler:
//Error #2048: Security sandbox violation: {swf} cannot load data from {url}
stream.addEventListener(SecurityErrorEvent.SECURITY_ERROR, onStreamSecurityError);
//load method have no loader context option
stream.load(new URLRequest("http://anydomain.com/mjpg/video.mjpg"));
Setting up crossdomain.xml is not the solution cause the application should able to load a stream from any remote server.
As I remember with flash.display.Loader class I set up LoaderContext and application domain. After that flex app can load resources from any domain. But I don't know what to do with URLStream.
Do you have any solution or a workaround of the Error #2048 ?
It's not possible. You can't remotely grant access to another domain, because it's not yours to grant. The allowDomain() function doesn't do that, it does it the other way around:
Lets SWF files in the identified domains access objects and variables in the SWF file that contains the allowDomain() call.
If your SWF is on domain a.com, and you're adding the line Security.allowDomain("b.com") in it, than grants access to a SWF on domain b.com to your SWF. It does not grant you access to domain b.com.
You can find more detailed info on this in the documentation of allowDomain()
AJAX won't let you do that either, or better put, the browser's won't let you. They're all playing by the same rules.
In order to overcome this, you must proxy the request through a server side script sitting on the same domain as your SWF. It can be in PHP with curl, or whatever you find easier. This video explains how and why.