It does work, Market relies on it working to do its self-updates. There isn't nearly enough information here to help you. There is a lot of text, but all of the information it contains seems to boil down to: "I have app A and app B, which both use a signatureOrSystem permission. If I have app A on the system image, and then update it with app B, then app B doesn't keep the permission."
If that is really your scenario, all I can say is that this does work. There are a huge number of variabilities in exactly what you are doing and configuring things that could cause problems. On Tue, Feb 22, 2011 at 3:49 PM, Felipe <[email protected]> wrote: > Upgrading system apks through market and retaining permissions > > Hi, > > I tried to test the android ability of upgrading a system app with a > new version, but I am facing some permission problems. It seems that, > after the app is upgraded, it looses the capability of accessing > permissions that are systemOrSignature. I am testing this on an > engineering build that is signed with a debug certificate. > > Below is a description of my test: > > Setup: > > 1) Three apps: > APP_1 - signed with CERT_1 - provides some functionality that is > protected by PERM_1 permission, that is systemOrSignature > > APP_2_V1 - signed with CERT_2 - version one that goes inside the > system partition > > APP_2_V2 - signed with CERT_2 - version that is going to be installed > to upgrade APP_2_V1 > > APP_2_* (V1 and V2) use the PERM_1 permission to do some stuff > > ============= > Test 1 > ============= > Objective: > - Validate that APP_2_V1 is able to use the permission PERM_1. > > Setup: > - Put APP_1 and APP_2_V1 on the system partition. > > Test: > - execute APP_2_V1 and test the scenario that uses the PERM_1 > permission. > > Result: > - APP_2_V1 was able to access it fine. > > ============= > Test 2 > ============= > Objective: > - Validate that APP_2_V2 is able to use the permission PERM_1. > > Setup: > - Put APP_1 and APP_2_V2 on the system partition. > > Test: > - execute APP_2_V2 and test the scenario that uses the PERM_1 > permission. > > Result: > - APP_2_V2 was able to access it fine. > > ============= > Test 3 > ============= > Objective: > - Validate that when APP_2_V1 is upgraded from market with APP_2_V2, > the new version will be able to use the PERM_1. > > Setup: > - Put APP_1 and APP_2_V1 on the system partition > > Test: > a - Get the APP_2_V2 apk and do a adb install -r > b - Test the APP_2_V2 and see if it works > > Result: > a - APP_2_V1 was correctly upgraded to APP_2_V2 after the adb install > -r > b - During the APP_2_V2 execution, the app was not able to use PERM_1 > anymore > c - If upgrade is uninstalled, PERM_1 works again on the APP_2_V1 > > > Questions: > 1) Shouldn't the system still give permission PERM_1 to APP_2_V2 after > it is installed in a phone with a system > partition that contains APP_2_V1? > > 2) If yes on question 1, is there any page that explains how to test > this upgrade? Does market upgrade do anything > different from "adb install -r"? > > Thanks and Regards > > Felipe > > > ---------- Forwarded message ---------- > From: Dan Zhang <[email protected]> > Date: Oct 20 2010, 3:53 pm > Subject: signatureOrSystem premissions > To: Android Security Discussions > > > Are there any known flaws or hacks that can install native apps on > devices > without formal approval by Android? In other words, what protections > make > the process to prevent unapproved self-installation of native apps > like > Maps, Youtube robust? > > thanks > > > > > > > > > > > > > ---------- Forwarded message ---------- > > From: Dianne Hackborn <[email protected]> > > Date: Jul 7, 1:50 am > > Subject: signatureOrSystem premissions > > To: Android Security Discussions > > > Correct, for signatureOrSystem, if you are installed in the system > > image, > > then you will be granted the permission regardless of your signing > > cert. > > > On Wed, Jul 7, 2010 at 12:38 AM, Dan Hein <[email protected]> wrote: > > > A clarifying question, just to make sure I understand completely. > > > > So in the scenario described above, the developer would sign the > > > pre-installed app with his or her own developer certificate, correct? > > > Likewise, updates to the pre-installed app would be signed with the > same > > > certificate? In other words, the developer's certificate never > changes. > > > > The app derives special privilege as a by-product of originally being > > > included in /system by the handset manufacturer; not because of the > > > particular certificate used to sign said app. > > > > Is my understanding correct? > > > > Thanks, > > > Dan > > > > On Thu, Jun 10, 2010 at 7:43 PM, Dianne Hackborn <[email protected] > > >wrote: > > > >> A new application needs to be signed with the same certificate as the > > old > > >> one to be able to update it. > > > >> On Thu, Jun 10, 2010 at 3:43 PM, Pragati Ogal Rai < > > [email protected]>wrote: > > > >>> Consider a scenario where an app is pre-installed by the > manufacturer. > > >>> Now the developer can create an updated app and puts it on the market > > >>> signed with developer's own certificate. The users of the pre- > > >>> installed app can upgrade it. This is all good. But what if someone > > >>> else besides the original developer (read hacker) place their app > with > > >>> the same name in Android Market. Can users still upgrade their pre- > > >>> installed app and get around SystemOrSignature permissions. > > > >>> On Jun 4, 4:14 pm, Dianne Hackborn <[email protected]> wrote: > > >>> > An application signed with a platform cert can't be placed on > Market, > > >>> > because each device has its own platform cert. > > > >>> > An application developer that wants to use these permissions needs > to > > >>> be > > >>> > working with a device manufacturer to have the app pre-installed; > > given > > >>> > that, you can just be pre-installed on the system image and thus be > > >>> granted > > >>> > this type of permission without needing to be signed with a special > > >>> cert. > > >>> > (This also means you can place your app, signed with your own > cert, > > on > > >>> > Market, and deliver updates to it even to devices that are > > >>> pre-installed, > > >>> > like Google Maps does. When the update is applied, you can > continue > > to > > >>> have > > >>> > whatever permissions you were originally granted as an app > > >>> pre-installed in > > >>> > the system. Of course users could still install your app on a > device > > >>> where > > >>> > it wasn't pre-installed, so such an app needs to be able to run in > > some > > >>> way > > >>> > in situations where it doesn't get the permission.) > > > >>> > On Fri, Jun 4, 2010 at 1:45 PM, ivan <[email protected]> wrote: > > >>> > > Hello, > > > >>> > > I'm writing an extensive application that's going to require the > > >>> > > downloading of media content. > > > >>> > > I've learned a little about the DownloadProvider that requires > > >>> > > signatureOrSystem permissions. > > > >>> > > I'm assuming to be signed by the system signature one must > > negotiate > > >>> > > with Google and the OEM (or something like that). > > > >>> > > Is this correct? > > > >>> > > Can someone please explain the process of creating an application > > >>> with > > >>> > > signatureOrSystem permissions that can access the > DownloadProvider? > > >>> > > Please note that this is an application meant for Google Market. > > > >>> > > Thanks. > > > >>> > -- > > >>> > Dianne Hackborn > > >>> > Android framework engineer > > >>> > [email protected] > > > >>> > Note: please don't send private questions to me, as I don't have > time > > >>> to > > >>> > provide private support, and so won't reply to such e-mails. All > > such > > >>> > questions should be posted on public forums, where I and others can > > see > > >>> and > > >>> > answer them.- Hide quoted text - > > > >>> > - Show quoted text - > > > >> -- > > >> Dianne Hackborn > > >> Android framework engineer > > >> [email protected] > > > >> Note: please don't send private questions to me, as I don't have time > to > > >> provide private support, and so won't reply to such e-mails. All such > > >> questions should be posted on public forums, where I and others can > see > > and > > >> answer them. > > > -- > > Dianne Hackborn > > Android framework engineer > > [email protected] > > > Note: please don't send private questions to me, as I don't have time > > to > > provide private support, and so won't reply to such e-mails. All such > > questions should be posted on public forums, where I and others can > > see and > > answer them. > > -- > regards > > Dan Zhang > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
