Only apks in /system/priv-app can use "system"-level permissions. Prior to Kitkat, all apks on the system partition could use those permissions.
This change gives the manufacturer more control over access to sensitive permissions by bundled software.
--
christopher tate
android framework engineer
What's the difference of /system/app/ and /system/priv-app in Kitkat? Which app should be put in /system/priv-app ??
--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-platfo...@googlegroups.com.
To post to this group, send email to android-...@googlegroups.com.
Visit this group at http://groups.google.com/group/android-platform.
For more options, visit https://groups.google.com/groups/opt_out.
whatever...
1. What makes an app as "system" or "privileged" apps? Does the
a. OEM signing and android.uid.system mandatory, or
b. Just putting inside the /system/app and /system/priv-app is enough.
2. What's the difference between the system (/system/app) and privileged (/system/priv-app)?
3. Do they share the same or different uid?
4. Basic principle in introducing priv-app, when system app concept was already present?
5. What does OR means in "SignatureORSystem"? Why can't it just be "System"?
My understanding so far:
1. "SignatureOrSystem" permissions are only granted to apps present inside /system/priv-app and whitelisted in /etc/permissions. It need not be OEM signed or contains an android.uid.system.
2. "Signature" permissions are only be granted if an app is OEM signed (for pre-defined permissions). It need not be inside /system/priv-app or contains android.uid.system.
3. Declaring android.uid.system in Manifest does not make an app as a system app.
It's more of a reverse, only apps already satisfying system privilege conditions can ask for android.uid.system.
4. If an app is needed for a device to work but, doesn't hold any sensitive permissions then it can be placed in /system/app.
If it holds the sensitive permissions then it's placed inside /system/priv-app.
5. Apps inside /system/priv-app and whitelisted in /etc/permission is implicitly granted system privilege.
6. Apps inside /system/app is just like 3rd party apps unless it's OEM signed. (except the uninstallation part)
When you say "directly by modifying settings db" do you really mean you are opening the settings database via SQL yourself, independently of the OS's settings provider, or do you mean you're using the correct Settings API for making the change? Nothing but the settings provider should ever write to its underlying data store.Assuming you're talking about using the Settings API to write the Settings.Secure.LOCATION_MODE datum, the ability to do that is protected by the "android.permission.WRITE_SECURE_SETTINGS" permission, which is traditionally "signature or system" and in KK is "signature|system|development". It's that specific use of "system" that I mean when I wrote '"system"-level permission.'Your apk will *not* be granted the WRITE_SECURE_SETTINGS permission if it is bundled in /system/app. As of KK, it is only eligible for "system" permissions if it is bundled in /system/priv-app.--christopher tateandroid framework engineer
On Wed, Dec 4, 2013 at 9:09 AM, siva ramakrishna kv <kra...@gmail.com> wrote:
Hi Chrostopher,Thanks for the clarification.I just want to get more clarity on this, when you say "system" -level permission. For ex: i have a system app in which i am enabling the gps directly by modifying settings db. Will this behavior get effected if i keep my apk in /system/app folder?thanks in advanceSiva ramakrishna
On Mon, Dec 2, 2013 at 11:06 PM, Christopher Tate <ct...@google.com> wrote:
Only apks in /system/priv-app can use "system"-level permissions. Prior to Kitkat, all apks on the system partition could use those permissions.
This change gives the manufacturer more control over access to sensitive permissions by bundled software.
--
christopher tate
android framework engineer
On Dec 2, 2013 8:52 AM, "Yong" <ito...@gmail.com> wrote:
--What's the difference of /system/app/ and /system/priv-app in Kitkat? Which app should be put in /system/priv-app ??
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-...@googlegroups.com.
To post to this group, send email to android-...@googlegroups.com.
Visit this group at http://groups.google.com/group/android-platform.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-...@googlegroups.com.
To post to this group, send email to android-...@googlegroups.com.
Visit this group at http://groups.google.com/group/android-platform.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-...@googlegroups.com.