Logcat warnings about cross-user access

[Terrance]

I've noticed this being logged repeatedly against LogFox itself:

W PackageManager: getPackagesForUid: UID 10549 requires android.permission.INTERACT_ACROSS_USERS_FULL or android.permission.INTERACT_ACROSS_USERS or android.permission.INTERACT_ACROSS_PROFILES to access user 10.

I use Insular as an Android work profile which occupies UID 10. I'm not sure if LogFox is supposed to support accessing logs of work profiles -- there doesn't seem to be any UI for enabling this, and the system seems to prevent manually granting those permissions:

$ pm grant com.f0x1d.logfox android.permission.INTERACT_ACROSS_USERS

Exception occurred while executing 'grant':
java.lang.SecurityException: Package com.f0x1d.logfox has not requested permission android.permission.INTERACT_ACROSS_USERS

$ pm grant com.f0x1d.logfox android.permission.INTERACT_ACROSS_PROFILES

Exception occurred while executing 'grant':
java.lang.SecurityException: Permission android.permission.INTERACT_ACROSS_PROFILES requested by com.f0x1d.logfox is not a changeable permission type

$ pm grant com.f0x1d.logfox android.permission.INTERACT_ACROSS_USERS_FULL

Exception occurred while executing 'grant':
java.lang.SecurityException: Permission android.permission.INTERACT_ACROSS_USERS_FULL is managed by role

Supposedly this can also be enabled via AppOps, though the log messages still persist so I'm not sure if this actually did anything:

$ appops set 10549 INTERACT_ACROSS_PROFILES allow

[drogga]

A permission / AppOp can't be granted/allowed if it doesn't exist in the AndroidManifest file, they should be declared/added there first, this repo has 2, under /debug & /main, none of those are there and IDT LogFox is supported to read logs from other user accounts/profiles, if it does, it's by coincidence.
I guess it's possible that instances installed in different multi-user environments (Main<>Work profile) can create a sort of a bridge between them on the same device, for example - a few years ago I installed and granted Scoop {by TacoTheDank} to read logs and also did the same in VMOS (A.9), the non-virtualized one was also able to read the logs (crashes), the virtualized one grabbed/collected.

[RokeJulianLockhart]

#174 (comment)

@drogga, if remediating this is truly as simple as adding the permissions to the manifest (before executing those commands shall work), I'll try a PR. However, is it? If so, I'm surprised neither of you have.

I used Scoop before this too, and I'd like this to have feature parity in order to recommend it to those who continue to use it.

[drogga]

I'm just trying to help by pointing out why the commands didn't work, I didn't specifically wrote that they will if the permissions are bing added to the Manifest(s), it's all in theory and a guess, I haven't tried, nor I'm interested in doing so or testing, as I'm not looking for this functionality, that's why there's no PR, but you can try internally/locally, do the necessary testing and feel free to submit a PR if all is OK ;)
If you don't want to build from the source, or fully de/recompile the .apk, I guess you can use the MT Manager app for example to add the 3 permissions (needs an account to decompile XML, non-VIP one has ~200 lines limit, but there are mods of v2.14.5 that can easily do the job within a 2 ± min.), sign and do a clean install.

BTW - Wherever I created issue tickets, discussion topics, PRs or commented/participated/got involved - I'm subscribed (happens by default) and get notified when someone comments, so no need to tag/mention me, at least not properly by using a @, so I will appreciate if you don't - please @RokeJulianLockhart (I guess you haven't read the expandable text in my last comment in a created by you ticket in this repo, with number 177 - I'm not linking it on purpose). Thank You.

[RokeJulianLockhart]

BTW - Wherever I created issue tickets, discussion topics, PRs or commented/participated/got involved - I'm subscribed (happens by default) and get notified when someone comments, so no need to tag/mention me, at least not properly by using a @, so I will appreciate if you don't - please @RokeJulianLockhart (I guess you haven't read the expandable text in my last comment in a created by you ticket in this repo, with number 177 - I'm not linking it on purpose).

@drogga, I'm not going to be able to remember that I shouldn't tag specifically your account. I communicate with about 40 people a week, many via GitHub. If duplicate notifications are your rationale, that can be remediated: it doesn't occur to me. For context, like myself, a great many do not remain subscribed to threads that they participate in, so it is expected that when responding to someone, the responder tags the respondee.