Hi, I tried to test the android ability of upgrading a system app with a new version, but I am facing some permission problems. It seems that, after the app is upgraded, it looses the capability of accessing permissions that are systemOrSignature. I am testing this on an engineering build that is signed with a debug certificate.
Below is a description of my test: Setup: 1) Three apps: APP_1 - signed with CERT_1 - provides some functionality that is protected by PERM_1 permission, that is systemOrSignature APP_2_V1 - signed with CERT_2 - version one that goes inside the system partition APP_2_V2 - signed with CERT_2 - version that is going to be installed to upgrade APP_2_V1 Both APP_2_V1 and APP_2_V2 use the PERM_1 permission to do some stuff on APP_1. ============= Test 1 ============= Objective: - Validate that APP_2_V1 is able to use the permission PERM_1. Setup: - Put APP_1 and APP_2_V1 on the system partition. Test: - execute APP_2_V1 and test the scenario that uses the PERM_1 permission. Result: - APP_2_V1 was able to access it fine. ============= Test 2 ============= Objective: - Validate that APP_2_V2 is able to use the permission PERM_1. Setup: - Put APP_1 and APP_2_V2 on the system partition. Test: - execute APP_2_V2 and test the scenario that uses the PERM_1 permission. Result: - APP_2_V2 was able to access it fine. ============= Test 3 ============= Objective: - Validate that when APP_2_V1 is upgraded from market with APP_2_V2, the new version will be able to use the PERM_1. Setup: - Put APP_1 and APP_2_V1 on the system partition Test: a - Get the APP_2_V2 apk and do a adb install -r b - Test the APP_2_V2 and see if it works Result: a - APP_2_V1 was correctly upgraded to APP_2_V2 after the adb install -r b - During the APP_2_V2 execution, the app was not able to use PERM_1 anymore c - If upgrade is uninstalled, PERM_1 works again on the APP_2_V1 Questions: 1) Shouldn't the system still give permission PERM_1 to APP_2_V2 after it is installed in a phone with a system partition that contains APP_2_V1? 2) If yes on question 1, is there any page that explains how to test this upgrade? Does market upgrade do anything different from "adb install -r"? 3) Do we need to put any specific thing on the app manifest to make this work? Thanks and Regards Felipe -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
