Android 上的系统应用和特权应用有什么区别? [英] What is the difference between system apps and privileged apps on Android?
问题描述
所以在 4.3 中有系统应用程序的概念.放置在 /system/app 中的 APK 被授予系统权限.从 4.4 开始,出现了特权应用"的新概念.特权应用程序存储在 /system/priv-app 目录中,似乎被区别对待.如果您查看 AOSP 源代码,在 PackageManagerService 下,您会看到新的方法,例如
So in 4.3 there was a concept of System applications. APKs that were placed in /system/app were given system privileges. As of 4.4, there is a new concept of "privileged app". Privileged apps are stored in /system/priv-app directory and seem to be treated differently. If you look in the AOSP Source code, under PackageManagerService, you will see new methods such as
static boolean locationIsPrivileged(File path) {
try {
final String privilegedAppDir = new File(Environment.getRootDirectory(), "priv-app")
.getCanonicalPath();
return path.getCanonicalPath().startsWith(privilegedAppDir);
} catch (IOException e) {
Slog.e(TAG, "Unable to access code path " + path);
}
return false;
}
这里有一个例子说明了这些不同的情况.
So here is an example of a situation where these differ.
public final void addActivity(PackageParser.Activity a, String type) {
...
if (!systemApp && intent.getPriority() > 0 && "activity".equals(type)) {
intent.setPriority(0);
Log.w(TAG, "Package " + a.info.applicationInfo.packageName + " has activity "
+ a.className + " with priority > 0, forcing to 0");
}
...
这会影响任何未定义为系统应用程序的活动的优先级.这似乎暗示您不能向优先级高于 0 的包管理器添加活动,除非您是系统应用程序.据我所知,这并不不排除特权应用程序(这里有很多逻辑,我可能是错的.).
This affects the priority of any activities that are not defined as system applications. This seems to imply you can not add an activity to the package manager whose priority is higher than 0, unless you are a system app. This does not preclude privileged apps as far as I can tell (there is a lot of logic here, I may be wrong.).
我的问题是这到底意味着什么?如果我的应用程序有特权,而不是系统,那会有什么不同?在 PackageManagerService 中,您可以找到系统应用程序和特权应用程序之间的各种不同之处,它们并不完全相同.特权应用背后应该有某种意识形态,否则他们只会说:
My question is what exactly does this imply? If my app is privileged, but not system, what difference will that make? In PackageManagerService you can find various things that differ between system and privileged apps, they are not exactly the same. There should be some kind of ideology behind privileged apps, otherwise they would have just said:
if locationIsPrivileged: app.flags |= FLAG_SYSTEM
并完成它.这是一个新概念,我认为对于从 4.4 开始进行 AOSP 开发的任何人来说,了解这些类型的应用之间的区别非常重要.
and been done with it. This is a new concept, and I think it would be important to know the difference between these kinds of apps for anyone who is doing AOSP development as of 4.4.
推荐答案
所以经过一番挖掘,很明显 priv-app 中的应用程序有资格获得系统权限,就像以前的旧应用程序有资格申请系统权限一样通过在系统应用程序中.我能找到的唯一官方 Google 文档以提交消息的形式出现:提交哈希:ccbf84f44c9e6a5ed3c08673614826bb237afc54
So after some digging, it's clear that apps in priv-app are eligible for system permissions, the same way that old apps used to be eligible to claim system permissions by being in system-app. The only official Google documentation I could find on this came in the form of a commit message: Commit hash: ccbf84f44c9e6a5ed3c08673614826bb237afc54
某些系统应用比其他应用更系统
Some system apps are more system than others
signatureOrSystem"权限不再适用于所有应用驻留在/system 分区.取而代之的是一个新的/system/priv-app 目录,并且只有 APK 位于该目录中的应用允许目录使用 signatureOrSystem 权限,而无需共享平台证书.这将减少表面积系统捆绑应用程序的可能利用以试图获得访问权限保护操作.
"signatureOrSystem" permissions are no longer available to all apps residing en the /system partition. Instead, there is a new /system/priv-app directory, and only apps whose APKs are in that directory are allowed to use signatureOrSystem permissions without sharing the platform cert. This will reduce the surface area for possible exploits of system- bundled applications to try to gain access to permission-guarded operations.
ApplicationInfo.FLAG_SYSTEM 标志继续表示它所说的内容在文档中:它表明应用程序 apk 是捆绑在/system 分区上.一个新的隐藏标志 FLAG_PRIVILEGED已经引入,反映了访问这些的实际权利权限.
The ApplicationInfo.FLAG_SYSTEM flag continues to mean what it is says in the documentation: it indicates that the application apk was bundled on the /system partition. A new hidden flag FLAG_PRIVILEGED has been introduced that reflects the actual right to access these permissions.
更新:自 Android 8.0 起,priv-app 略有变化,添加了特权权限白名单.除了只是在 priv-app 中,您的应用程序还必须添加到白名单以获得各种系统权限.关于这方面的信息可以在这里找到:https://source.android.com/devices/tech/config/perms-whitelist
Update: As of Android 8.0 priv-app has changed slightly with the addition of Privileged Permission Whitelisting. Beyond just being in priv-app, your app must also be added to a whitelist in order to gain various system permissions. Information on this can be found here: https://source.android.com/devices/tech/config/perms-whitelist
这篇关于Android 上的系统应用和特权应用有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
