AOSP Privileged vs System app

最新推荐文章于 2024-01-19 18:32:06 发布
最新推荐文章于 2024-01-19 18:32:06 发布
阅读量1.9k 收藏 1
点赞数
分类专栏: android system

http://stackoverflow.com/questions/19868138/aosp-privileged-vs-system-app




7 down vote favorite
7

So in 4.3 there was a concept of System applications. Apks that were placed in System/app were given system privellages. As of 4.4, there is a new concept of Privellaged app. Privellaged apps are stored in system/priv-app and seem to be treated differently. If you look in the AOSP Source code, under PackageManagerService, you will see new methods such as

static boolean locationIsPrivileged(File path) {
    try {
        final String privilegedAppDir = new File(Environment.getRootDirectory(), "priv-app")
                .getCanonicalPath();
        return path.getCanonicalPath().startsWith(privilegedAppDir);
    } catch (IOException e) {
        Slog.e(TAG, "Unable to access code path " + path);
    }
    return false;
}

So here is an example of a situation where these differ.

public final void addActivity(PackageParser.Activity a, String type) {
...
if (!systemApp && intent.getPriority() > 0 && "activity".equals(type)) {
                intent.setPriority(0);
                Log.w(TAG, "Package " + a.info.applicationInfo.packageName + " has activity "
                        + a.className + " with priority > 0, forcing to 0");
            }
...

This affects the priority of any activities that are not defined as system applications. This seems to imply you can not add an activity to the package manager who's priority is higher than 0, unless you are a system app. This does NOT preclude privileged apps as far as I can tell (theres a lot of logic here, i may be wrong.)

My question is what exactly does this imply? If my app is privellaged, but not system, what difference will that make? In PackageManagerService you can find various things that differ between system and privileged apps, they are not exactly the same. There should be some kind of ideology behind privileged apps, otherwise they would have just said:

if locationIsPrivilleged: app.flags |= FLAG_SYSTEM

and been done with it. This is a new concept, and I think it would be important to know the difference between these kinds of apps for anyone who is doing AOSP development as of 4.4.

android  android-source
share | improve this question
  add comment

2 Answers

up vote 6 down vote accepted

So after some digging, it's clear that apps in priv-app get system privileges, the same way that old apps used to get system privileges by being in system-app. The only official Google documentation I could find on this came in the form of a commit message:

Commit hash: ccbf84f44c9e6a5ed3c08673614826bb237afc54

Some system apps are more system than others

"signatureOrSystem" permissions are no longer available to all apps residing en the /system partition. Instead, there is a new /system/priv-app directory, and only apps whose APKs are in that directory are allowed to use signatureOrSystem permissions without sharing the platform cert. This will reduce the surface area for possible exploits of system- bundled applications to try to gain access to permission-guarded operations.

The ApplicationInfo.FLAG_SYSTEM flag continues to mean what it is says in the documentation: it indicates that the application apk was bundled on the /system partition. A new hidden flag FLAG_PRIVILEGED has been introduced that reflects the actual right to access these permissions.

share | improve this answer
 
 
stackoverflow.com/a/19813031/1306452 –   Andrew T.  Jan 28 at 20:22
 
So if from 4.4, only /system/priv-app applications can get SignatureOrSystem permissions, what's the implication for privileges of apps that are kept in /system/app/ ? Thanks. –   Jake Feb 22 at 12:12 
 
More specifically, what's the purpose of /system/app/ folder in 4.4 ? Thanks. –   Jake  Feb 22 at 12:18 
1  
@Jake Apps put in system/app are typically things that you might want to have less permissions. for instance, you probably don't want your email client or random vendor bloatware to be able to change your system security settings. –   Andrew T.  Feb 22 at 18:19
2  
Apps in system/app have no special permissions. They don't differ from 3rd party apps unless they are signed with the system key (hence SigOrSystem check). As for the methods that helped, theres a variety. I started grepping for priv-app, and then followed that to PackageManagerService which now refers to Privilleged packages. –   Andrew T.  Feb 23 at 5:10


thinkinwm
关注
专栏目录
android 预置 app,AOSP 预置 APP
weixin_42512913的博客
05-28 1025
Android 系统预置 APP 是做 Framework 应用开发经常经常会遇到的工作,预置 APP 分为两种,一种是直接预置 APK,一种是预置带有源码的 APP。预置 apk示例说明以 Shadowsocks.apk 示例,在 AOSP/packages/apps 新建名为 Shadowsocks 的文件,放入 Shadowsocks.apk,再新建 Android.mk,内容如下:LOCA...
Android系统应用
yangshuangyue的博客
01-19 6778
系统应用 Android 随附一套用于电子邮件、短信、日历、互联网浏览和联系人等的核心应用。平台随附的应用与用户可以选择安装的应用一样,没有特殊状态。因此第三方应用可成为用户的默认网络浏览器、短信 Messenger 甚至默认键盘(有一些例外,例如系统的“设置”应用)。 系统应用可用作用户的应用,以及提供开发者可从其自己的应用访问的主要功能。例如,如果您的应用要发短信,您无需自己构建该功能,可以改为调用已安装的短信应用向您指定的接收者发送消息。 系统应用安装位置 Android系统应用通常放在/sys
什么是Privileged app
lyf's blog
10-14 2893
Android Privileged app和 System app问题So in 4.3 there was a concept of System applications. Apks that were placed in System/app were given system privellages. As of 4.4, there is a new concept of Privell
Android-进阶教程-权限-安装时权限-签名权限-signature|privileged
深度安全实验室
02-23 756
PackageManagerService.java - OpenGrok cross reference for /frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java 第一类privileged app: 特定uid的app 7082 t.traceBegin("addSharedUsers"); 7083 mSettings.addSharedUs
Android 6.0 应用权限(二) -- 与系统权限一起工作(Working with System Permissions)
mashaolong的专栏
05-10 968
这篇文档描述了应用开发者如何使用安卓提供的安全特性。更通用的安卓安全总结在AOSP中提供。安卓升级到6.0(targetSdkLevel 23)后,对应用权限的要求更加严格,从之前的应用安装前权限检查改为新的运行时检查机制,如果未做调整,就容易产生安全异常。SecurityException. 本文译自安卓官方文档,希望给应用开发的朋友带来帮助,上下两篇,这是第二篇。
Android 权限管理
xiaowang_lj的博客
12-31 5627
android权限管理分为两种:SDK=23:1、普通权限、声明即可直接赋予,不会在设置中显示给用户;2、危险权限和特殊权限,需要声明且发送请求用户授权的intent,可自由开关每个权限;
Android-权限-system app/privilege app/signatureOrSystem
深度安全实验室
03-04 1569
Android 权限
aosp中第三方apk预置到system/app
05-31
AOSP 中,可以将第三方 APK 预置到系统分区的 /system/app 目录下,使其成为系统应用。这样可以确保这些应用在出厂时就被预装在设备上,并且不容易被用户删除。 要将 APK 预置到 /system/app 目录下,可以按照...
aosp中用android.bp预置第三方apk到system/app
05-31
AOSP 中,可以使用 Android.bp 文件来预置第三方 APK 到 /system/app 目录中。这种方法相对于使用 Android.mk 文件更加简洁和灵活。 以下是将 APK 预置到 /system/app 目录的步骤: 1. 将 APK 文件放到 AOSP 源...
Android SystemUI的客制化 (2)
poulwalker的博客
04-27 1023
将Android SystemUI转换为Android Studio项目的好处是显而易见的。首先,将Android SystemUI移植到Android Studio环境中可以提高开发效率。Android Studio是谷歌官方推出的IDE开发工具,目前已经成为Android开发的标准工具。使用Android Studio进行开发可以获得更好的代码提示和自动补全功能,同时也能获得更丰富的插件支持。其次,将Android SystemUI转换为Android Studio项目可以使得代码更加清晰易懂。
Android 权限的一些细节
热门推荐
Abracadabra的专栏
11-15 3万+
Android 权限的一些细节0x01 哪些app属于system app?为了区分privilege app和system app,这里先说明system app是什么,避免之后的讨论概念混乱。
/system/app 和 /system/priv-app 有什么区别?
DIDO222的专栏
07-01 2633
转载自:https://cn.apkjam.com/system-app.html 关于目录 关于进程 关于 System App 关于 Privileged App 关于目录 /system/priv-app中包括 Launcher,SystemUI, SettingsProvider 等,均是系统的核心应用,这些应用能使用系统级的权限,4.4 之前的所有/system/app下的软件都能使用系统级的权限。 Google 这样做是把内置到系统的应用也做个级别的区别。 放到/syst...
Android系统应用开发
了凡
08-27 5493
Android系统应用开发 android:sharedUserId=“android.uid.system” 在AndroidMainfest.xml中添加 android:sharedUserId="android.uid.system" 。通过sharedUserId属性,相同User id的apk配置运行在同一进程中,把程序的User id配置成android.uid.system,也就是让程序运行在系统进程中,这样程序就有权限来读写系统配置。 Android push apk to /system
/system/app 和 /system/priv-app 有什么区别?
w2064004678的博客
11-18 1万+
关于目录 /system/priv-app中包括 Launcher,SystemUI,SettingsProvider 等,均是系统的核心应用,这些应用能使用系统级的权限,4.4 之前的所有/system/app下的软件都能使用系统级的权限,Google 这样做是把内置到系统的应用也做个级别的区别。 放到/system/priv-app下的应用比放到/system/app下的应用可以声明获得更多的权限。在Android中每个应用都有自己的权限声明,比如要使用系统限制的权限(例如andro...
android cta 权限,[Android][Framework]PackageManagerService处理应用权限流程
weixin_30069911的博客
05-31 839
app种类1、system app (有ApplicationInfo.FLAG_SYSTEM标记)2、privileged app (有ApplicationInfo.FLAG_SYSTEM和ApplicationInfo.PRIVATE_FLAG_PRIVILEGE两个标记)system appsystem app 定义很明了,就是在PMS初始化安装app的时候赋予了ApplicationIn...
Android系统目录priv-appapp 详解
最新发布
wenzhi的博客
01-19 3177
Android4.4增加了/system/priv-app/目录,那么它与/system/app/目录有什么差别?本文主要从定义,作用,具体效果等方面进行分析。有一些是网上没有介绍到的内容。如果只是知道 priv-app 目录比 app目录权限大一点,但是不了解具体区别的可以看看。(1)普通应用。只用到了普通权限,比如上网权限等等。(2)system/app 系统应用,用来可以限制无法手动卸载,对系统权限没有要求的情况,无法调用系统api。
system apk
xiaowang_lj的博客
10-13 1572
shared uid为"android.uid.system","android.uid.phone","android.uid.log","android.uid.nfc","android.uid.bluetooth","android.uid.shell"的app被赋予了privileged的权限。直观的(但不准确严谨)说,普通的system app就是/system/app目录中的app,特权的system app就是/system/priv-app目录中的app
Android系统的system/app和system/priv-app
yzpbright的博客
02-09 8851
Android 4.4起引入了/system/priv-app目录概念,那么它和原来的/system/app目录有什么区别呢? 一句话答案: 只有在/system/priv-app目录下的app或者和这个目录下的app相同签名的app才可以使用android:protectionLevel=signatureOrSystem中的权限 Android官方文档解释 “signatureOrSystem” 级别。 android有4种权限: normal:低风险权限,只要申请了就可以使用(在AndroidM
android预置apk,覆盖原生apk
prettyice的专栏
11-18 1万+
今天碰到一个问题,提示下面这个权限拿不到。这个问题我觉得应该是有共性的。             android:permissionGroup="android.permission-group.SYSTEM_TOOLS"         android:protectionLevel="signature|system" /> 原因查了下,发现
aosp如何引用系统app编译的jar
05-24
要将系统应用程序编译为jar文件并在AOSP中使用,可以按照以下步骤进行操作: 1. 编译系统应用程序,并将其打包为jar文件。可以使用以下命令: ``` make <app_name>.jar ``` 2. 将生成的jar文件复制到AOSP源代码树...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值