AOSP Privileged vs System app
来源:互联网 发布:战舰世界2017岛风数据 编辑:程序博客网 时间:2024/05/21 19:30
http://stackoverflow.com/questions/19868138/aosp-privileged-vs-system-app
So in 4.3 there was a concept of System applications. Apks that were placed in System/app were given system privellages. As of 4.4, there is a new concept of Privellaged app. Privellaged apps are stored in system/priv-app and seem to be treated differently. If you look in the AOSP Source code, under PackageManagerService, you will see new methods such as
static boolean locationIsPrivileged(File path) { try { final String privilegedAppDir = new File(Environment.getRootDirectory(), "priv-app") .getCanonicalPath(); return path.getCanonicalPath().startsWith(privilegedAppDir); } catch (IOException e) { Slog.e(TAG, "Unable to access code path " + path); } return false;}
So here is an example of a situation where these differ.
public final void addActivity(PackageParser.Activity a, String type) {...if (!systemApp && intent.getPriority() > 0 && "activity".equals(type)) { intent.setPriority(0); Log.w(TAG, "Package " + a.info.applicationInfo.packageName + " has activity " + a.className + " with priority > 0, forcing to 0"); }...
This affects the priority of any activities that are not defined as system applications. This seems to imply you can not add an activity to the package manager who's priority is higher than 0, unless you are a system app. This does NOT preclude privileged apps as far as I can tell (theres a lot of logic here, i may be wrong.)
My question is what exactly does this imply? If my app is privellaged, but not system, what difference will that make? In PackageManagerService you can find various things that differ between system and privileged apps, they are not exactly the same. There should be some kind of ideology behind privileged apps, otherwise they would have just said:
if locationIsPrivilleged: app.flags |= FLAG_SYSTEM
and been done with it. This is a new concept, and I think it would be important to know the difference between these kinds of apps for anyone who is doing AOSP development as of 4.4.
2 Answers
So after some digging, it's clear that apps in priv-app get system privileges, the same way that old apps used to get system privileges by being in system-app. The only official Google documentation I could find on this came in the form of a commit message:
Commit hash: ccbf84f44c9e6a5ed3c08673614826bb237afc54
Some system apps are more system than others
"signatureOrSystem" permissions are no longer available to all apps residing en the /system partition. Instead, there is a new /system/priv-app directory, and only apps whose APKs are in that directory are allowed to use signatureOrSystem permissions without sharing the platform cert.This will reduce the surface area for possible exploits of system- bundled applications to try to gain access to permission-guarded operations.
The ApplicationInfo.FLAG_SYSTEM flag continues to mean what it is says in the documentation: it indicates that the application apk was bundled on the /system partition.A new hidden flag FLAG_PRIVILEGED has been introduced that reflects the actual right to access these permissions.
- AOSP Privileged vs System app
- 什么是Privileged app
- aosp app 精简列表
- A practical approach to the AOSP build system
- Privileged instruction
- System.DateTime? vs System.DateTime
- POSIX Vs System V
- POSIX Vs System V
- system/priv-app和system/app
- android 系统软件 /system/app
- /system/app apk裁剪
- Firefox OS system app
- /system/app apk裁剪
- adb apk system/app
- Zygote & System Server & app
- android system app 开发
- System.out.write VS System.out.print()
- APP VS WEB
- java程序:一个排序好的数组,增加一个数插入到合适的位置保存到另外个数组,输出
- 经纬财富:鄂尔多斯套单形成的表现与解套技巧
- no-ip类似花生壳的动态IP
- c和c++的输入输出
- ios - UITableViewController 笔记
- AOSP Privileged vs System app
- Swap Nodes in Pairs
- asp.net identity
- HDU1506 Largest Rectangle in a Histogram (动规)
- HTML字符实体
- 多线程队列的算法优化 转载Parallel Labs
- 软件开发部门经理岗位职责
- (HDU 2680、HDU 1599、hdu2066,POJ 1125)n元最短路问题
- Discuz-x3使用手册--目录结构