tencent cloud

Cloud Log Service

Permissions Required for Network Detection Plugins

Download
Modo Foco
Tamanho da Fonte
Última atualização: 2026-06-22 21:57:39
This document details the permissions required by the network detector on platforms such as Android, iOS, Windows, and Unity, providing developers with a comprehensive reference for permission configuration.

Android Permission Declaration

Permissions Required by the Network Detection Plugin

Permissions
Description
android.permission.ACCESS_NETWORK_STATE
Obtain network status information (such as current network type, connection status, and so on)
android.permission.READ_PHONE_STATE
Read phone status information (such as device identifier, carrier information, and so on)
android.permission.INTERNET
Access the internet (perform network probe requests)
android.permission.CHANGE_NETWORK_STATE
Change network connection status
android.permission.WRITE_SETTINGS
Write system settings

Permissions Declared at the App Layer

Permissions
Description
android.permission.ACCESS_WIFI_STATE
Obtain Wi-Fi network status information.

Permissions Required by the CLS Producer SDK

Permissions
Description
android.permission.ACCESS_NETWORK_STATE
Obtain network status information (duplicate with the detection plugin).

Android Permissions Summary

To fully use the network detector feature, a total of six permissions are required.
No
Permissions
Permission Type
Description
Special Requirements
1
INTERNET
Normal permission
Core permission used to perform network detection (Ping, Traceroute, and so on) and report data.
None
2
ACCESS_NETWORK_STATE
Normal permission
Obtain current network connection status and type.
None
3
ACCESS_WIFI_STATE
Normal permission
Obtain Wi-Fi connection information.
None
4
READ_PHONE_STATE
Dangerous permission
Read device and carrier information.
Requires runtime dynamic permission request on Android 6.0+.
5
CHANGE_NETWORK_STATE
Normal permission
Change network connection status.
None
6
WRITE_SETTINGS
Dangerous permission
Write system settings.
Requires guiding users to the system settings page for manual authorization on Android 6.0+.
AndroidManifest.xml Declaration Example
<manifest xmlns:android="http://schemas.android.com/apk/res/android">
<!-- Core Network Permissions -->
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
<!-- Device Information Reading (Dangerous Permission, Requires Runtime Request) -->
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
<!-- Network State Change -->
<uses-permission android:name="android.permission.CHANGE_NETWORK_STATE" />
<!-- System Settings Write (Dangerous Permission, Requires Guiding Users to Manually Grant) -->
<uses-permission android:name="android.permission.WRITE_SETTINGS" />
</manifest>
Note:
READ_PHONE_STATE and WRITE_SETTINGS are dangerous permissions. For Android 6.0 (API 23) and later versions, user authorization must be dynamically requested at runtime.

iOS Permission Declaration

iOS allows apps to access the network by default, unlike Android which requires explicit declaration of the INTERNET permission. The following configurations are categorized into two sets based on the detection scenario.

Public Network Detection Edition (Detecting Internet Domains/IPs Only)

Permissions/Capabilities List

Key
Source
Required or Not
Description
NSAppTransportSecurity
Info.plist
Conditional
Configure only when there is an HTTP plaintext or non-standard TLS target; configuration can be omitted for pure HTTPS.

Info.plist Sample

Add it only when an ATS exception is required.
<key>NSAppTransportSecurity</key>
<dict>
<!-- Globally enabling is not recommended. It is advised to configure on a per-domain granular basis. -->
<key>NSAllowsArbitraryLoads</key>
<false/>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.0</string>
</dict>
</dict>
</dict>

Intranet Detection Edition (Scanning/Accessing Devices on the Same Network Segment)

Permissions/Capabilities List

Key
Source
Required or Not
Description
NSLocalNetworkUsageDescription
Info.plist
Required
Purpose description for local network access on iOS 14+, triggering a system dialog.
NSBonjourServices
Info.plist
Required only for Bonjour discovery.
Declare the Bonjour service types to be used.
NSAppTransportSecurity
Info.plist
Conditional
If HTTP or weak TLS is used, an ATS exception is still required.

Info.plist Sample

<key>NSLocalNetworkUsageDescription</key>
<string>Used for discovering and probing the network connectivity and latency of LAN devices.</string>

<!-- Required only for Bonjour scenarios -->
<key>NSBonjourServices</key>
<array>
<string>_http._tcp</string>
<string>_https._tcp</string>
<!-- Supplement according to the actual protocol -->
</array>

Optional: Reading Wi-Fi Information (SSID/BSSID)

If the detection logic relies on information such as Wi-Fi names, location permissions must be added.
<key>NSLocationWhenInUseUsageDescription</key>
<string>Used to obtain current network environment information to assist network probing.</string>
Note:
This scenario involves location authorization and system capability constraints, which must be confirmed according to the actual implementation.

iOS Permissions Summary

Module
Source File
Key/Capability
Required
Triggers Pop-up
Purpose Description
Network detection plugin
Info.plist
NSLocalNetworkUsageDescription
Yes (Local Network)
Yes
Local network detection
Network detection plugin
Info.plist
NSBonjourServices
No (Bonjour)
No
Local network service discovery
Network detection plugin
Info.plist
NSAppTransportSecurity
Conditional
No
HTTP/weak TLS compatibility
Application layer
Info.plist
NSLocationWhenInUseUsageDescription
No
Yes
Assist in reading Wi-Fi information
CLS SDK
No additional declarations
Default Networking Capability
Yes
No
Log reporting/connectivity request

Windows Permission Declaration

On the Windows platform, manifest-based permission declarations are not used. Permissions primarily depend on the runtime user permission level and system configuration.

Permission Requirements for Each Module

Probe Module
Permission Requirements
Socket Type
Description
Ping(ICMP)
Administrator permission required.
SOCK_RAW
Creating a RAW Socket requires administrator permission.
TCPPing
Normal user permission sufficient.
SOCK_STREAM
Standard TCP connection.
HTTP detection
Normal user permission sufficient.
Standard HTTP connection
No special permission required.
DNS detection
Normal user permission sufficient.
Standard UDP connection
No special permission required.
MTR(ICMP)
Administrator permission required.
SOCK_RAW
Creating a RAW Socket requires administrator permission.
MTR(TCP/UDP)
Administrator permission required.
SOCK_RAW + SIO_RCVALL
Requires RAW IP Socket and SIO_RCVALL permissions.
Detailed Description of Administrator Permissions
Function
Permission Requirements
Description
Create RAW Socket.
Administrator permission
socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)
Create RAW IP Socket.
Administrator permission
socket(AF_INET, SOCK_RAW, IPPROTO_IP)
Enable SIO_RCVALL.
Administrator permission
To receive all IP packets (including ICMP Time Exceeded)
Error Manifestations When Permissions Are Insufficient
Scenario
Error Code
Description
Ping RAW Socket creation failure.
PERMISSION_DENIED = -4
Returns a permission denied error code.
MTR SIO_RCVALL enable failure.
error=10013(WSAEACCES)
The log shows: [mtr] FAILED: SIO_RCVALL failed, error=10013.

Other Must-Knows

Must-Knows
Description
Firewall Settings
Some firewalls (especially third-party ones) may block RAW Sockets. Even with administrator permission, you need to manually configure an allow rule.
SQLite Storage
Ensure that the directory where the database file resides has write permissions. Note the UAC permission issue on Windows.
DLL Deployment
Ensure that cls_network_detect.dll, cls_log_sdk.dll, and sqlite3.dll are located in a searchable path and that the program architecture is consistent (it is recommended to unify to x64).

Alternative Solutions Without Administrator Privileges

If administrator permissions cannot be obtained in the application scenario, the following alternative solutions can be adopted:
Alternative
Description
Use TCPPing to replace Ping.
TCPPing uses a standard SOCK_STREAM connection and does not require administrator privileges.
Use HTTP detection.
Standard HTTP connection, which can be executed by a regular user.
Use DNS detection.
UDP standard connection, which can be executed by a regular user.
Abandon MTR route tracing.
The MTR feature heavily relies on RAW Socket and cannot run under regular permissions.

Unity Permission Declaration

The permissions required by the Unity network detector depend on the target platform on which it actually runs. Unity itself does not introduce an additional, independent permission system. The specific details are as follows:
Android Platform: When a Unity project is built as an Android application, its permission declarations align with those of native Android. See Android Permission Declarations.
iOS Platform: When a Unity project is built as an iOS application, its permission declarations align with those of native iOS. See iOS Permission Declarations.
Windows Platform: When a Unity project is built as a Windows desktop application, its permission requirements align with those of native Windows. See Windows Permission Declarations.
Summary: No separate declaration is required for the Unity network detector's permissions. Simply refer to the permission configuration of the target runtime environment's corresponding platform.

Appendix: Cross-Platform Permission Comparison Overview

Detection Feature
Android
iOS
Windows
Ping(ICMP)
INTERNET
Default Networking Capability
Administrator permission required
TCPPing
INTERNET
Default Networking Capability
Normal user permission sufficient
HTTP detection
INTERNET
ATS Configuration (As Needed)
Normal user permission sufficient
DNS detection
INTERNET
Default Networking Capability
Normal user permission sufficient
MTR route tracing
INTERNET
Default Networking Capability
Administrator permission required
Local network detection
ACCESS_NETWORK_STATE
NSLocalNetworkUsageDescription
Normal user permission sufficient (firewall must allow)
Network status obtaining
ACCESS_NETWORK_STATE / ACCESS_WIFI_STATE
No additional permissions required
No additional permissions required
Data reporting (CLS)
INTERNET / ACCESS_NETWORK_STATE
Default Networking Capability
Normal user permission sufficient


Ajuda e Suporte

Esta página foi útil?

comentários