[android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
As Dianne already guessed, my intentions are semi-misguided. I am a researcher in the field of mobile malware, which is why I asked (and nope, this ain't my real name ;) ). Just to be sure I wanted some confirmation for my guesses. If all goes well, the result of my current work will be some change proposals for future Android releases. Something in between the current state and SEAndroid - but less intrusive to the existing code base and the user experience as compared to SEAndroid. The primary objective is some hardening of the Android platform against malware which is capable of acquiring root privileges. Still, this is going to take a while and the results are still not 100% certain. Anyways, thanks a mountain for clearing things up for me! -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
Great, thanks,
kris
On Mon, Jun 25, 2012 at 12:15 AM, Chris Stratton cs07...@gmail.com wrote:
On Jun 24, 10:12 pm, Kristopher Micinski krismicin...@gmail.com
wrote:
But an interesting one. I've finally managed to find the code that
skips writing out the permissions for system apps.
Would you mind pointing out which portion of the codebase this is?
The following code within void writePackageLPr() of
platform_frameworks_base / services / java / com / android / server /
pm / Settings.java seems responsible for system packages not getting
their permissions dumped to the packages.xml file (unless they use a
shared userid, in which case a different function does dump those out)
if ((pkg.pkgFlags ApplicationInfo.FLAG_SYSTEM) == 0) {
serializer.startTag(null, perms);
if (pkg.sharedUser == null) {
// If this is a shared user, the permissions will
// be written there. We still need to write an
// empty permissions list so permissionsFixed will
// be set.
for (final String name : pkg.grantedPermissions) {
serializer.startTag(null, item);
serializer.attribute(null, name, name);
serializer.endTag(null, item);
}
}
serializer.endTag(null, perms);
}
(This code used to be located elsewhere, the pm/ directory seems to be
a reorganization)
--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
On 25 Jun., 02:26, Dianne Hackborn hack...@android.com wrote: Why do you care if there is a perms tag? Because I figured that is what controls which Permissions can be used by apps. At least for apps stored in user space (/data/app/) this seems to be true. As stated here, you can revoke permissions granted at installation by editing the packages.xml file: http://elinux.org/Android_Security#Changing_application_security_permissions_after_installation applications in the system image must still explicitly request the permissions they need, and they have to follow the rules as anyone else: What do you mean by explicitely request? List them in their AndroidManifest.xml? The only exception is the signatureOrSystem permission type, which means the permission can be granted to an app signed with the same cert (whether it is in the system image or a third party app), *or* to any app installed on the system image. There are a handful of such permissions, but it isn't the common case. Does this only apply for all permissions protected by signatureOrSystem, or does this also apply to permissions with a lower protection level such as dangerous? I.e., is there a relation regarding protection level strictness like: signature signatureOrSystem dangerous normal? So that apps in /system/app/ will be granted permissions with a protection level equal to or below signatureOrSystem? If the above does not hold, will system apps just not be granted dangerous protection level permissions? Because as far as I can judge from my packages.xml, many system apps there make use of dangerous permissions. As for why there are no permissions stored in packages.xml: there is no need, because they can just be re-evaluated each boot when scanning the packages. Then why are they stored for user apps (stored in /data/app/)? If you use the package manager APIs to find out the permissions that are held by each app, you will see that the system applications are granted the permissions they request as per the rules. Again: What dou you mean by request? Putting them in your AndroidManifest.xml? Because for all apps I wrote, I never explicitely requested any permission in my code. Only through the Manifest file. Chris Stratton: Yes, but wanting to understand how things work is an endemic amongst engineers. Exactly :D Sorry if this is the wrong group, I was referred here by someone else. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
On Sun, Jun 24, 2012 at 6:37 PM, Chris Stratton cs07...@gmail.com wrote: On Jun 24, 8:26 pm, Dianne Hackborn hack...@android.com wrote: Why do you care if there is a perms tag? What is stored in packages.xml is an implementation detail; Yes, but wanting to understand how things work is an endemic amongst engineers (though this probably is the wrong group to discuss it) If you are going to post to a group for developing third party applications, asking for details on the implementation of the platform that are irrelevant to writing third party apps, I think it is worth explaining why you are wanting that information. :) Very often people ask for this type of information for very misguided purposes. If it is just curiosity, well okay, though as you say this is the wrong group for such curiosity. But an interesting one. I've finally managed to find the code that skips writing out the permissions for system apps. So apparently the effective permission database is actually held in memory and created on each android runtime start by processing the apk's. What remains interesting is why permissions for any apps get written out... The permissions for third party applications that you have installed are saved, because those are the ones that you saw and confirmed when installing it. This is not relevant for built-in applications. -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
On Mon, Jun 25, 2012 at 7:27 AM, Jason Meyer jasonmeyer...@yahoo.de wrote: On 25 Jun., 02:26, Dianne Hackborn hack...@android.com wrote: Why do you care if there is a perms tag? Because I figured that is what controls which Permissions can be used by apps. At least for apps stored in user space (/data/app/) this seems to be true. As stated here, you can revoke permissions granted at installation by editing the packages.xml file: http://elinux.org/Android_Security#Changing_application_security_permissions_after_installation I would strongly disagree with that wording. The file is used to retain information across boots. It is a dump of the current in-memory state that needs to be retained across boots. It doesn't control anything, except what the platform will think it last state was the next time you reboot. Modifying it only has an impact if you do this between stopping and restarting the platform. Also changing what is listed there is not in my mind revoking the permission, it is making the platform think the last time the user went through the install UI of the app that this was not a permission shown and approved by them. applications in the system image must still explicitly request the permissions they need, and they have to follow the rules as anyone else: What do you mean by explicitely request? List them in their AndroidManifest.xml? Yes. The only exception is the signatureOrSystem permission type, which means the permission can be granted to an app signed with the same cert (whether it is in the system image or a third party app), *or* to any app installed on the system image. There are a handful of such permissions, but it isn't the common case. Does this only apply for all permissions protected by signatureOrSystem, or does this also apply to permissions with a lower protection level such as dangerous? I.e., is there a relation regarding protection level strictness like: signature signatureOrSystem dangerous normal? So that apps in /system/app/ will be granted permissions with a protection level equal to or below signatureOrSystem? normal == any app requesting the permission can get it, it will not normally be shown to the user. dangerous == any app requesting the permission can get it, it will be shown to the user when installing the app. signature == app requesting the permission must be signed by the same cert as the one that declared the permission. signatureOrSystem == same as signature, and also any apps installed on the system image can get the permission. I wouldn't try to put these in a strict hierarchy. As for why there are no permissions stored in packages.xml: there is no need, because they can just be re-evaluated each boot when scanning the packages. Then why are they stored for user apps (stored in /data/app/)? Because those are the permissions the user saw and approved. Users do have to see and approve permissions for system applications. If you use the package manager APIs to find out the permissions that are held by each app, you will see that the system applications are granted the permissions they request as per the rules. Again: What dou you mean by request? Putting them in your AndroidManifest.xml? Because for all apps I wrote, I never explicitely requested any permission in my code. Only through the Manifest file. You request a permission with uses-permission in your manifest. http://developer.android.com/guide/topics/security/permissions.html#permissions -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
Hey everyone, I checked back all the details you gave me. However, my findings are still not satisfactory. The shared UID bit turned out to be true - for some of the packages stored in /system/app/, but unfortunately not for all. System apps with a shared user ID usually get their permissions defined in a section distinct for every shared user ID. There one can also find the perms block related to that specific shared user ID. One example would be android.uid.shared, which is used by many Android OS apps. However, there are apps which do not have a shared user ID, but a user ID of their own - and still come without a perms block. One example is the /system/app/FileManager.apk package, which is preinstalled on my testing device. Every single system app not making use of a shared user ID lacks a perms block. ... so for those, I'm back to square one ;) I still don't know where their permissions are stored, and it's definitely not in the packages.xml file. Are permissions for those just granted at will, without checking the packages.xml file? Could maybe an Android dev from Google provide a statement on this matter? -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
On Jun 24, 10:34 am, Jason Meyer jasonmeyer...@yahoo.de wrote: However, there are apps which do not have a shared user ID, but a user ID of their own - and still come without a perms block. One example is the /system/app/FileManager.apk package, which is preinstalled on my testing device. That does not sound like a standard Android component - is it a vendor app or are you using a custom ROM? Can you post the full packages.xml block relating to it? -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
I am not sure if it's a standard Android component, and indeed I guess it's not. Still, the possibility exists. However, other system apps show the same behavior regarding their packages.xml entries. Anyway, here's the whole block: package name=com.android.filemanager codePath=/system/app/ FileManager.apk flags=1 ts=1314087422000 version=1 userId=10036 sigs count=1 cert index=1/ /sigs /package I would guess that a file manager would typically at least have WRITE_EXTERNAL_STORAGE permission. Another example: The Google-provided Youtube app, also a system app as it's installed in /system/app/: package name=com.google.android.youtube codePath=/system/app/ YouTube.apk flags=1 ts=1314087422000 version=2106 userId=10031 sigs count=1 cert index=9/ /sigs /package No shared user ID, no perms block. Still, I would guess it would need INTERNET permission. One last example, which would usually require RECORD_AUDIO permission: package name=com.android.soundrecorder codePath=/system/app/ SoundRecorder.apk flags=1 ts=1314087422000 version=8 userId=10043 sigs count=1 cert index=1 key=30.../ /sigs /package -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
Why do you care if there is a perms tag? What is stored in packages.xml is an implementation detail; all you should really care about is that applications in the system image must still explicitly request the permissions they need, and they have to follow the rules as anyone else: they can get permissions that are not protected, but can only be granted signature permissions where they are signed with the same cert. The only exception is the signatureOrSystem permission type, which means the permission can be granted to an app signed with the same cert (whether it is in the system image or a third party app), *or* to any app installed on the system image. There are a handful of such permissions, but it isn't the common case. As for why there are no permissions stored in packages.xml: there is no need, because they can just be re-evaluated each boot when scanning the packages. It wouldn't make sense for the user to explicitly grant permissions to each application that is pre-installed on the device, so they can just be given whatever permissions they ask (as long as they are allowed to hold the permission as per above). If you use the package manager APIs to find out the permissions that are held by each app, you will see that the system applications are granted the permissions they request as per the rules. How much of this is cached in packages.xml or elsewhere across boots, or evaluated at each boot, is an implementation detail. On Sun, Jun 24, 2012 at 7:34 AM, Jason Meyer jasonmeyer...@yahoo.de wrote: Hey everyone, I checked back all the details you gave me. However, my findings are still not satisfactory. The shared UID bit turned out to be true - for some of the packages stored in /system/app/, but unfortunately not for all. System apps with a shared user ID usually get their permissions defined in a section distinct for every shared user ID. There one can also find the perms block related to that specific shared user ID. One example would be android.uid.shared, which is used by many Android OS apps. However, there are apps which do not have a shared user ID, but a user ID of their own - and still come without a perms block. One example is the /system/app/FileManager.apk package, which is preinstalled on my testing device. Every single system app not making use of a shared user ID lacks a perms block. ... so for those, I'm back to square one ;) I still don't know where their permissions are stored, and it's definitely not in the packages.xml file. Are permissions for those just granted at will, without checking the packages.xml file? Could maybe an Android dev from Google provide a statement on this matter? -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
On Jun 24, 8:26 pm, Dianne Hackborn hack...@android.com wrote: Why do you care if there is a perms tag? What is stored in packages.xml is an implementation detail; Yes, but wanting to understand how things work is an endemic amongst engineers (though this probably is the wrong group to discuss it) How much of this is cached in packages.xml or elsewhere across boots, or evaluated at each boot, is an implementation detail. But an interesting one. I've finally managed to find the code that skips writing out the permissions for system apps. So apparently the effective permission database is actually held in memory and created on each android runtime start by processing the apk's. What remains interesting is why permissions for any apps get written out... -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
But an interesting one. I've finally managed to find the code that skips writing out the permissions for system apps. So apparently the effective permission database is actually held in memory and created on each android runtime start by processing the apk's. What remains interesting is why permissions for any apps get written out... Would you mind pointing out which portion of the codebase this is? Thanks, kris -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
On Sun, Jun 24, 2012 at 10:12 PM, Kristopher Micinski krismicin...@gmail.com wrote: But an interesting one. I've finally managed to find the code that skips writing out the permissions for system apps. So apparently the effective permission database is actually held in memory and created on each android runtime start by processing the apk's. What remains interesting is why permissions for any apps get written out... Would you mind pointing out which portion of the codebase this is? Thanks, kris (I also realize that this is off topic for android-developers, however, I would be interested and appreciative of a pointer to it...) kris -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
On Jun 24, 10:12 pm, Kristopher Micinski krismicin...@gmail.com
wrote:
But an interesting one. I've finally managed to find the code that
skips writing out the permissions for system apps.
Would you mind pointing out which portion of the codebase this is?
The following code within void writePackageLPr() of
platform_frameworks_base / services / java / com / android / server /
pm / Settings.java seems responsible for system packages not getting
their permissions dumped to the packages.xml file (unless they use a
shared userid, in which case a different function does dump those out)
if ((pkg.pkgFlags ApplicationInfo.FLAG_SYSTEM) == 0) {
serializer.startTag(null, perms);
if (pkg.sharedUser == null) {
// If this is a shared user, the permissions will
// be written there. We still need to write an
// empty permissions list so permissionsFixed will
// be set.
for (final String name : pkg.grantedPermissions) {
serializer.startTag(null, item);
serializer.attribute(null, name, name);
serializer.endTag(null, item);
}
}
serializer.endTag(null, perms);
}
(This code used to be located elsewhere, the pm/ directory seems to be
a reorganization)
--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
Thanks for your quick reply, Mark. Nonetheless, I am still wondering: Does that mean that an app stored as APK in /system/app/ can use any permission which is = signatureOrSystem? Or can only permissions == signatureOrSystem be made use of? (the latter is definitely not the case, see below) As I already mentioned, every app in /data/system/packages.xml which was stored in /system/app/ had NO perms-Block. Not a single one. And I highly doubt that preinstalled apps such as the Phone App only utilize signatureOrSystem-Permissions. For example, the android.permission.CALL_PHONE has a protectionLevel of dangerous and is used by the preinstalled Phone app. However, this permission is not denoted in /data/system/packages.xml for the Phone app. Hence, I suspect that any app stored in /system/app/ is granted any permission equal to or below signatureOrSystem level. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
On Mon, Jun 18, 2012 at 9:48 AM, Jason Meyer jasonmeyer...@yahoo.de wrote: Nonetheless, I am still wondering: Does that mean that an app stored as APK in /system/app/ can use any permission which is = signatureOrSystem? Well, sure, if they request it, just like any other SDK app. As I already mentioned, every app in /data/system/packages.xml which was stored in /system/app/ had NO perms-Block. Not a single one. And I highly doubt that preinstalled apps such as the Phone App only utilize signatureOrSystem-Permissions. For example, the android.permission.CALL_PHONE has a protectionLevel of dangerous and is used by the preinstalled Phone app. However, this permission is not denoted in /data/system/packages.xml for the Phone app. I have no idea what the perms block is. That sounds like a firmware detail, which is out of scope for this list. The Phone app requests CALL_PHONE like any other SDK application would: https://github.com/android/platform_packages_apps_phone/blob/master/AndroidManifest.xml Hence, I suspect that any app stored in /system/app/ is granted any permission equal to or below signatureOrSystem level. Only if they ask for them, like any other SDK application. -- Mark Murphy (a Commons Guy) http://commonsware.com | http://github.com/commonsguy http://commonsware.com/blog | http://twitter.com/commonsguy _The Busy Coder's Guide to Android Development_ Version 3.7 Available! -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
On Jun 17, 1:34 pm, Jason Meyer jasonmeyer...@yahoo.de wrote: after doing a bit of research I've gotten very curious: Where are the permissions stored which were granted to apps installed in /system/app? I checked out my phone's packages.xml file (located in /data/system/ packages.xml). User apps stored in /data/app/ have perms, but none of the APK files stored in /system/app has a perms block. I haven't checked exhaustively, but it would appear that they are using the sharedUserID mechanism (even if only one app package is doing the sharing). The pemissions for shared user ID's are listed in their own sections, probably found towards the end of packages.xml Non-system apps which use a sharedUserID seem to also get their permissions relocated to the shared UserID section of packages.xml with none listed under the package itself - which is logical, since the permissions then go with the userid rather than the individual app package. Permissions defined by system apps (for use by other apps) seem to be in individual files under /etc/permissions -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
Nonetheless, I am still wondering: Does that mean that an app stored as APK in /system/app/ can use any permission which is = signatureOrSystem? Well, sure, if they request it, just like any other SDK app. I am not quite sure what you mean by request it. As far as I know, there is no API request call or method to grant a certain permission. If by request you mean the requesting done on installation: nope, this does not apply, as apps in /system/app/ are usually preinstalled. Hence, no market app requesting permissions to be granted by the user. I have no idea what the perms block is. That sounds like a firmware detail, which is out of scope for this list. Nope, it's not a firmware detail. Every app which is installed via the Market app (e.g., from the Google Play Store) is processed in the three following steps: 1) Download of the APK file 2) Placing of APK file in /data/app/ 3) Insertion of the app's permissions in /data/system/packages.xml inside a perms-block The perms-block in packages.xml specifies which permissions were granted to an app installed from an app market. However, no perms-blocks exist for apps stored in /system/app/, which is exactly what I'm curious about ;) Only if they ask for them, like any other SDK application. What exactly do you mean by asking? AFAIK API calls under protection by certain permissions are controlled automatically and implicitly for clearance. There is not explicit/expressed request. At least I haven't carried out one in any of my apps programmed thus far, and it worked. Or do you mean by asking the Manifest file? It isn't checked on every app's start up, to my knowledge. That's what the packages.xml file is for. I haven't checked exhaustively, but it would appear that they are using the sharedUserID mechanism (even if only one app package is doing the sharing). I'm going to check into this and report back, thanks. However, every system app sharing the same user ID and thus getting extensive permissions seems a bit... risky. Permissions defined by system apps (for use by other apps) seem to be in individual files under /etc/permissions Going to check that out too. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
On Mon, Jun 18, 2012 at 12:35 PM, Jason Meyer jasonmeyer...@yahoo.de wrote: Well, sure, if they request it, just like any other SDK app. I am not quite sure what you mean by request it. As far as I know, there is no API request call or method to grant a certain permission. By uses-permission in the manifest, just like any other SDK app. I have no idea what the perms block is. That sounds like a firmware detail, which is out of scope for this list. Nope, it's not a firmware detail. Every app which is installed via the Market app (e.g., from the Google Play Store) is processed in the three following steps: 1) Download of the APK file 2) Placing of APK file in /data/app/ 3) Insertion of the app's permissions in /data/system/packages.xml inside a perms-block Steps 2 and 3 are firmware details, in my use of the term. Only if they ask for them, like any other SDK application. What exactly do you mean by asking? By uses-permission in the manifest, just like any other SDK app. -- Mark Murphy (a Commons Guy) http://commonsware.com | http://github.com/commonsguy http://commonsware.com/blog | http://twitter.com/commonsguy _The Busy Coder's Guide to Android Development_ Version 3.7 Available! -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
Re: [android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
Also, please remember that this list is for the Android SDK. Questions regarding the perms block and kin belong elsewhere -- visit http://source.android.com, click on the Community tab, and you will see other Google Groups of greater relevance to discussion of what is happening in the firmware. On Mon, Jun 18, 2012 at 12:44 PM, Mark Murphy mmur...@commonsware.com wrote: On Mon, Jun 18, 2012 at 12:35 PM, Jason Meyer jasonmeyer...@yahoo.de wrote: Well, sure, if they request it, just like any other SDK app. I am not quite sure what you mean by request it. As far as I know, there is no API request call or method to grant a certain permission. By uses-permission in the manifest, just like any other SDK app. I have no idea what the perms block is. That sounds like a firmware detail, which is out of scope for this list. Nope, it's not a firmware detail. Every app which is installed via the Market app (e.g., from the Google Play Store) is processed in the three following steps: 1) Download of the APK file 2) Placing of APK file in /data/app/ 3) Insertion of the app's permissions in /data/system/packages.xml inside a perms-block Steps 2 and 3 are firmware details, in my use of the term. Only if they ask for them, like any other SDK application. What exactly do you mean by asking? By uses-permission in the manifest, just like any other SDK app. -- Mark Murphy (a Commons Guy) http://commonsware.com | http://github.com/commonsguy http://commonsware.com/blog | http://twitter.com/commonsguy _The Busy Coder's Guide to Android Development_ Version 3.7 Available! -- Mark Murphy (a Commons Guy) http://commonsware.com | http://github.com/commonsguy http://commonsware.com/blog | http://twitter.com/commonsguy Android Training... At Your Office: http://commonsware.com/training -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
[android-developers] Re: Permissions for System Apps (not in /data/system/packages.xml?)
On Jun 18, 12:35 pm, Jason Meyer jasonmeyer...@yahoo.de wrote: Well, sure, if they request it, just like any other SDK app. I am not quite sure what you mean by request it. The uses-permission is in their AndroidManifest.xml just as it would be for a non-system app. See for example: https://github.com/android/platform_packages_apps_browser/blob/master/AndroidManifest.xml If by request you mean the requesting done on installation: nope, this does not apply, as apps in /system/app/ are usually preinstalled. Hence, no market app requesting permissions to be granted by the user. They may be pre-installed, but they are still processed by something at build and/or runtime. I have no idea what the perms block is. That sounds like a firmware detail, which is out of scope for this list. Nope, it's not a firmware detail. From Mark's perspective it is an implementation detail of the android system (what would be the 'firmware' on a simpler device, though that's term is by custom used for simpler components such as a radio driver on something with a full operating system like android) and thus off topic for the androd-developers group, which, though not obvious from the name, is defined to be for SDK-level development only. Or do you mean by asking the Manifest file? It isn't checked on every app's start up, to my knowledge. That's what the packages.xml file is for. The PackageManager creates the packages.xml file by processing the information found in the app manifests. I haven't checked exhaustively, but it would appear that they are using the sharedUserID mechanism (even if only one app package is doing the sharing). However, every system app sharing the same user ID and thus getting extensive permissions seems a bit... risky. They don't. There are a number of distinct sharedUserIDs involved, some having only one app package. -- You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
