Tv Input Framework (TIF) documentaition says:
Only system TV Inputs are eligible to receive InputEvents, and only if they have the RECEIVE_INPUT_EVENT system permission. The TV Input is responsible to determine which InputEvents to consume and should allow the TV App to handle the keys it does not need to consume.
This RECEIVE_INPUT_EVENT seems to be a system permission.
Trying to enable it via adb fails:
$ adb shell pm grant com.example.mytvinput \
com.android.tv.permission.RECEIVE_INPUT_EVENT
Operation not allowed: java.lang.SecurityException: Permission
com.android.tv.permission.RECEIVE_INPUT_EVENT is not a changeable permission type
Android Open Source Project (AOSP) sources indicate that RECEIVE_INPUT_EVENT permission is signatureOrSystem type, which in turn is defined by Android Permission documentation as:
A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificate as the application that declared the permission.
How to develop an overlay to Android Tv Input Service that is consuming input (e.g. HbbTv)?
Do I have to compile the developed Tv Input into an android image in order to develop it?
You should install your application in /system/priv-app.
/system/priv-app is a special place for applications wanting more permissions than others .
Step-by-step
To start an emulator with writable system partition, you should use -writable-system flag.
./emulator -writable-system -avd Oreo_Android_TV_1080p_API_26
Next remount /system partition with
adb root
adb remount
Next move your application to /system/priv-app and reboot
adb shell mv /data/app/com.example.myinput /system/priv-app/com.example.myinput
Sources
Android Emulator Command Line doc, explaining -writable-service flag
What is the difference between system apps and privileged apps on Android?
Related
error message as below
[getToken] Error/Exception: {"nativeStackAndroid":[],"userInfo":null,"message":"907122036: no
right","code":"907122045","line":2568,"column":45,"sourceURL":"http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.huaweipush.letsapp&modulesOnly=false&runModule=true"}
[getToken] Error/Exception: {"nativeStackAndroid":[],"userInfo":null,"message":"907122036: no right","code":"907122045","line":2568,"column":45,"sourceURL":"http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=com.huaweipush.letsapp&modulesOnly=false&runModule=true"}
The error code indicates that the Push Kit are not enabled. As a result, have no permission to obtain the token. How to enable the Push Kit, pls refer to the this docs.
Sign in to AppGallery Connect and click My projects.
Find and click the desired project in the project list, and click the app for which you need to set Push Kit parameters.
Go to Project settings > Manage APIs and enable Push Kit.
Go to Grow > Push Kit and click Enable now. In the dialog box that is displayed, click OK.
Enable the precise messaging function.
Here below is some checkpoints for the above issue.
First ensure you have enabled the push kit in AppGallery Console
Please check whether you are providing correct app id or not:
String appId = AGConnectServicesConfig.fromContext(MainActivity.this).getString("client/app_id");
pushtoken = HmsInstanceId.getInstance(MainActivity.this).getToken(appId, "HCM");
It is recommended that the getToken method be called in the onCreate method of the first Activity class after app startup. Implement the corresponding listeners for getToken API and observe the logs.
Device: Non-Huawei phones must have HMS Core (APK) installed (which can be downloaded from HUAWEI AppGallery). There is no restriction on Huawei phones.
Network: The phone is connected to the network and the connection is stable.
EMUI version: EMUI 4.0 and EMUI 4.1 (for some devices), and EMUI 5.0 or later It is recommended that you use a device running EMUI 5.0 or later.
I've run into problems trying to run the Azure Storage Emulator on a newly installed computer.
At first it was returning
Cannot create database 'AzureStorageEmulatorDb56' : The database 'AzureStorageEmulatorDb56' does not exist. Supply a valid database name. To see available databases, use sys.databases..
However, when I ran sqllocaldb i I could see that there was a DB named 'AzureStorageEmulatorDb56'.
I eventually ran the command
AzureStorageEmulator init -server localhost -forcecreate
which returned
Granting database access to user AzureAD\[username elided].
Database access for user AzureAD\[username elided] was granted.
Initialization successful. The storage emulator is now ready for use.
The storage emulator was successfully initialized and is ready to use.
which looks promising.
However, when I right-click the emulator's icon in the system try and select "Start Storage Emulator" nothing happens. And if I then look in the log files I can see an error log (Error20-Jul-18-11-07.log) which contains...
7/20/2018 11:06:36 AM [Error] [ActivityId=00000000-0000-0000-0000-000000000000] Input string was not in a correct format.
There's also an Info20-Jul-18-11-07.log file which contains
7/20/2018 11:06:36 AM [Info] [ActivityId=00000000-0000-0000-0000-000000000000] Starting Service: Blob
7/20/2018 11:06:36 AM [Info] [ActivityId=00000000-0000-0000-0000-000000000000] Stopping Service: Blob
Can anyone explain what's going wrong and how I can get the local storage emulator up and running?
Try to disable logging, there seems to be a bug in the 5.5 release:
https://github.com/Azure/azure-storage-net/issues/728
I am doing a Project on LAN of an internet cafe. I have a scenario in which 9 nodes and a server is attached with a switch. I have a "reboot and restore" application hosted on a server. So when a client node reboots the particular application on server auto runs and restore the settings on client node.
I want to know which application server will be used for particular store and reboot application with auto start settings?
Look, as for as Auto Star feature is concerned, You can add (to my experience) any application to the startup calls of Windows (assuming you are a windows user)....and the procedure is not that tough,
go to start -> program -> start up ( The idea is to open this folder for you required user)
paste a shortcut of your application executable in to it..
when next time, windows will login, it will load all the applications present in this folder ( and others coming from different Registery Entries ) and thus your application will become Autostart..
and the other thing, I saw a few cafes / offices using an application named "freeze". what this application does is, it creates a snap of user settings, and each time when system is logged in, this application loads and restore that snap shop of user settings...thus, you are able to have predefined settings always applied to such scenarios as yours..
Hopes this helps..
I am getting this error while connecting to IBM MQ. I know that this is because of privileges, but is there any way just to check the connection with IBM MQ?
Please suggest.
The 2035 suggests that your connection is getting to the QMgr. If you had the wrong channel name, host or port you would get back a 2059. The 2035 means that the connection made it to the listener, found a channel of the name that was requested and attempted a connection.
If you want to test past this point it will be necessary to either authorize the ID that you are using to connect or to put an authorized ID in the MCAUSER attribute of the channel.
For a detailed explanation of how the WMQ security works on client channels, see the WMQ Base Hardening presentation at http://t-rob.net/links.
If you enable authorization messages then the 2035 will show up in the event queue. Then you can look at the message and see what ID was used to connect and what options were used too. The 2035 might be because you asked for set authority on the queue manager or something else you aren't supposed to have. The authorization messages wil show you that.
You can also resolve this By setting mcauser('mqm') .. i was able to overcome 2035 error.
Define channel (channel1) chltype (svrconn) trptype (tcp) mcauser(‘mqm’)
Esp thanx to my SENIOR Bilal Ahmad (PSE)
You have to check the privileges with an MQ administrator.
You can use dspmqaut to check the grant.
Below is the sample to give user poc access to Queue Manager QM1 and Queue LQ1
# check the access right of user POC to QM1
dspmqaut -m QM1 -n LQ1 -t q -p poc
# if you want to give access, you should use
setmqaut -m QM1 -n LQ1 -t q -p poc <access Types>
# eg (put everything - in the real live scenario, choose only what you want to grant) :
setmqaut -m QM1 -n LQ1 -t q -p poc +put +get +browse +inq +set +crt +dlt +chg +dsp +passid +setid +setall +clr
Then dont forget to restart QM1 with
endmqm -i QM1
strmqm QM1
Finally, you should be able to proceed without error 2035.
I have been struggling with this for ages too. Eventually I found this solution. (If you can call turning off authentication a solution.)
I am using version
- IBM Websphere 9.1.0.201807091223
From IBM's website they advise turning connection authentication off!!!
Resolving the problem Disable channel authentication
You will need to disable connection authentication, at least
temporarily. There are known issues in FTM for Check with regard to
using MQ connection authorization. These problems are actively being
addressed and fixes will appear in a future fix pack. The target is
fixpack 3.0.0.8.
Steps to disable connection authentication: Open MQ command console
and type runmqsc ALTER
AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS)
CHCKCLNT(NONE) CHCKLOCL(NONE) Restart the queue manager for this
change to take effect.
Source http://www-01.ibm.com/support/docview.wss?uid=swg21962081
On this topic if you are using MQSeries 9.1 in a test or development environment you can disable channel authentication with the following approach :
. Launch MQ command line utility with the following :
runmqsc (for example runmqsc QM1)
. Disable authentication for all channels with the following command
ALTER QMGR CHLAUTH (DISABLED)
For a Q/Q-manager running on Windows, you may have to create the user on the Q/Q-manager machine [i.e. create a user on the Q-machine to match the user on the Q-client machine], and then add that user to the 'mqm' group on that machine.
Steps:
Ensure that the domain user that is being used to create the Q CLIENT [i.e. the user that the Q-client app is running under] also exists on the box with the Q/Q-manager. You may be able to just create a local user on the Q/Q-manager box [, or you may have to do some more complicated creation of an Active Directory user - I can't help you there].
On the Q/Q-manager box, add the user you have just created [or the existing one, if it already exists] to the mqm group. [On a Windows server box you will need to use the Microsoft Management Console (1. 'mmc' from the command line, 2. File > Add/Remove SnapOn > Local Users & Groups, 3. add user to group)]. The 'mqm' group should already exist on the Q/Q-manager machine.
Error MQRC 2035 basically means that your application has been able to connect to the queue manager, however due to certain absence of permissions/authorizations, it was unable to put/get/publish/subscribe messages.
To resolve this, at first, try these steps in order to disable the authorizations from queue manager and channel. Use this only if it isn't a production queue manager.
Always check the queue manager logs. It tells you exactly where you need to look into, and resolve the issue.
In this case, generally, you can issue the following commands after doing a runmqsc on the queue manager :
ALTER QMGR CHLAUTH(DISABLED)
Then set the chckclnt object(under authinfo) to optional
DISPLAY QMGR CONNAUTH
DISPLAY AUTHINFO(name-from-above) ALL //name from the first commands
ALTER AUTHINFO(name-from-above) AUTHTYPE(IDPWOS) ADOPTCTX(YES)
ALTER AUTHINFO(name-from-above) AUTHTYPE(IDPWOS) CHCKCLNT(OPTIONAL)
REFRESH SECURITY TYPE(CONNAUTH)
SET CHLAUTH('*') TYPE(BLOCKUSER) ACTION(REMOVEALL)
This helps remove any blocks that the channel is creating against any user.
SET CHLAUTH(your channel name) TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(CHANNEL)
This should resolve your issue, since we have disabled every authorization that an application has to pass in order to do anything on a queue manager.
Now, in case you are using a production queue manager, NEVER remove authorizations.
Go, and right click on any QM that you have configured in your MQ explorer. Go to the QM authority, and authority records. Click on create new user, and give the same name as the username your application is using. Select all the checkboxes, then copy from the space below all the commands that are given. Namely, setmqaut. Edit with your queue manager name, and issue them!
----Never give up, the answer is where you have not looked yet--------
Is it possible to give asp.net read permission to the certificate store?
If yes , how?
If no... do I need to set the permission manually per certificate file?
If yes where are these files physically on the HDD?
Generally you give permissions to A certificate. I use a method like this to find the custom made cert and grant permissions. If you are using a cert issued by a public entity like Verisign, Thawte, etc, this is probably unnecessary.
FindPrivateKey.exe My LocalMachine –n "CN=<certificate issuer>"
...will find certificates on the local machine in the personal store for a particular issuer.
Note: If FindPrivateKey is not on your local machine,
download the WCF samples, including the FindPrivateKey tool, at
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=21459
FindPrivateKey returns the location of the private key for the certificate, similar to
"C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machinekeys\4d657b73466481beba7b0e1b5781db81_c225a308-d2ad-4e58-91a8-6e87f354b030".
Run the following command line to assign read only access permissions to the process identity of the ASP.NET/WCF Service
cacls.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machinekeys\4d657b73466481beba7b0e1b5781db81_c225a308-d2ad-4e58-91a8-6e87f354b030" /E /G "NT AUTHORITY\NETWORK SERVICE":R
NOTE: If you are running Microsoft Windows® XP, give the certificate permissions for the ASPNET identity instead of the NT Authority\Network Service identity, because the IIS process runs under the ASPNET account in Windows XP.
Certificates are viewable from the MMC snap in for Certificates. Open MMC, choose File --> Add/Remove Snap in, click the add button and choose certificates. From here you will need to choose the appropriate store (usually Computer Account - Local Computer for ASP.NET items) to manage and then you can view/admin the certs.
Please take a good hard look at the different command line options, and make sure that you have a clear understanding of what certificates are and how they work before granting any permissions.
The network service account that asp.net run under by default doesn't have access to the local machine personal certificates. Grant access by the following:
Repost from Sohnee # forums.asp.net
Step 1 - if you don't already have it
installed - get WinHttpCertCfg
Step 2 - if you already have the
certificate installed on the machine
and you just need to grant access to
Network Services:
WinHttpCertCfg.exe -g -c LOCAL_MACHINE\MY -s "IssuedToName" -a "NetworkService"
Don't really like answering my own questions, but one simple way to get rid of this error is just to give network service full access to the c:\drive, and propagate permissions down.
You'll shoot me down I know, telling me how bad this is - but it works.