signatureOrSystem permissions on custom ROM

2019-08-07 07:21发布

问题:

I'm wondering about how is a signatureOrSystem permissions enforced on custom ROMs.

Docs say:

A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificates as those in the system image.

Where is this certificate? In case I'm using a custom ROM, say CyanogenMod, can I obtain their certificate, which I'm assuming is freely available, and sign my application so that it could use such a permission (only with that ROM of course)?

Thanks ;)

回答1:

For CygenMod the platform key is here: https://github.com/CyanogenMod/android_build/tree/gingerbread/target/product/security.

As of Android 4.4 putting the app in "/system/priv-app" will also enable granting of permissions marked as "signatureOrSystem" regardless of what key the app is signed with. In theory older androids would do the same for an app on "/system". However, I was not able to get this to work.

As of Android 5.1 all apps in /system/priv-app may have to be in subfolder with their name to work.

Notice: The special handling of "/system/priv-app" is currently an undocumented feature.