Why was ro.control_privapp_permissions invented?

[satur9nine]

I read the article at https://source.android.com/devices/tech/config/perms-whitelist about ro.control_privapp_permissions and I understand how it works but I am left wonder why it exists? The docs say "device implementers had little control over which signature|privileged permissions could be granted to privileged apps". However they have plenty control, for apps they build themselves they can simply delete the permissions from the manifest. For apps which come from Google such as GMS it would seem futile for an OEM to decide they don't want to grant certain permissions, I'm sure Google wouldn't accept that. So what's the point? This lets OEMs include shoddy prebuilt apps into their system image and just give them a few permissions and hope they run properly?

[Colin Cross]

From https://android.googlesource.com/platform/frameworks/base/+/d072d1415452abffd55a5742e3fef5abdaadf791, "Only devices with ro.control_privapp_permission=enforce will pass CTS tests.", so this is probably to ease the transition and bringup of new devices.  You can set your device to log, collect the missing permissions from logcat, add them to the whitelist, and then switch to enforce.

On Tue, Aug 7, 2018 at 2:01 PM satur9nine <satur...@gmail.com> wrote:

I read the article at https://source.android.com/devices/tech/config/perms-whitelist about ro.control_privapp_permissions and I understand how it works but I am left wonder why it exists? The docs say "device implementers had little control over which signature|privileged permissions could be granted to privileged apps". However they have plenty control, for apps they build themselves they can simply delete the permissions from the manifest. For apps which come from Google such as GMS it would seem futile for an OEM to decide they don't want to grant certain permissions, I'm sure Google wouldn't accept that. So what's the point? This lets OEMs include shoddy prebuilt apps into their system image and just give them a few permissions and hope they run properly?

--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-platfo...@googlegroups.com.
To post to this group, send email to android-...@googlegroups.com.
Visit this group at https://groups.google.com/group/android-platform.
For more options, visit https://groups.google.com/d/optout.

[satur9nine]

I understand the "what" and the "how" of this feature but what I don't understand is the "why". Why was the existing permissions system not good enough that it needed this additional feature? The git commit message does not provide the answer to "why".

Jacob