AOSP特权VS系统的应用 [英] AOSP Privileged vs System app
问题描述
因此,在4.3有系统的应用程序的一个概念。被放置在系统/应用程序的apk分别获得系统权限。作为4.4,有特权的应用程序的一个新概念。特权应用程序存储在系统/私法应用程序内,似乎要区别对待。如果你看一下在AOSP源$ C $ C,PackageManagerService下,你会看到新的方法,如
So in 4.3 there was a concept of System applications. Apks that were placed in System/app were given system privileges. As of 4.4, there is a new concept of Privileged app. Privileged apps are stored in system/priv-app and seem to be treated differently. If you look in the AOSP Source code, under PackageManagerService, you will see new methods such as
static boolean locationIsPrivileged(File path) {
try {
final String privilegedAppDir = new File(Environment.getRootDirectory(), "priv-app")
.getCanonicalPath();
return path.getCanonicalPath().startsWith(privilegedAppDir);
} catch (IOException e) {
Slog.e(TAG, "Unable to access code path " + path);
}
return false;
}
所以这里的情况下,这些不同的例子。
So here is an example of a situation where these differ.
public final void addActivity(PackageParser.Activity a, String type) {
...
if (!systemApp && intent.getPriority() > 0 && "activity".equals(type)) {
intent.setPriority(0);
Log.w(TAG, "Package " + a.info.applicationInfo.packageName + " has activity "
+ a.className + " with priority > 0, forcing to 0");
}
...
这会影响那些没有被定义为系统应用程序的任何活动的优先级。这似乎意味着无法将活动添加到包管理器谁的优先级高于0,除非你是一个系统的应用程序。这并不preclude特权的应用程序,据我可以告诉(这里那里有大量的逻辑,我可能是错的。)
This affects the priority of any activities that are not defined as system applications. This seems to imply you can not add an activity to the package manager who's priority is higher than 0, unless you are a system app. This does NOT preclude privileged apps as far as I can tell (theres a lot of logic here, i may be wrong.)
我的问题是这究竟意味着什么呢?如果我的应用程序的特权,但不系统,有什么区别会不会使?在PackageManagerService可以看到系统和特权的应用程序之间的各种不同的东西,他们是不完全一样。应该有一些背后的特权思想的应用程序,否则他们会只是说:
My question is what exactly does this imply? If my app is privileged, but not system, what difference will that make? In PackageManagerService you can find various things that differ between system and privileged apps, they are not exactly the same. There should be some kind of ideology behind privileged apps, otherwise they would have just said:
if locationIsPrivileged: app.flags |= FLAG_SYSTEM
和已经完成它。这是一个全新的概念,我想知道这些类型的应用程序的人谁是做AOSP开发为4.4之间的区别是很重要的。
and been done with it. This is a new concept, and I think it would be important to know the difference between these kinds of apps for anyone who is doing AOSP development as of 4.4.
推荐答案
所以,一些挖后,很明显,在私法应用程序内的应用程序有资格获得系统权限,同样的方式,旧的应用程序使用,才有资格要求系统权限通过系统的应用程序之中。唯一的官方的谷歌文档,我能找到在此之前的提交信息的形式: 提交哈希:ccbf84f44c9e6a5ed3c08673614826bb237afc54
So after some digging, it's clear that apps in priv-app are eligible for system permissions, the same way that old apps used to be eligible to claim system permissions by being in system-app. The only official Google documentation I could find on this came in the form of a commit message: Commit hash: ccbf84f44c9e6a5ed3c08673614826bb237afc54
某些系统的应用比其他人更系统
Some system apps are more system than others
signatureOrSystem权限将不再适用于所有的应用程序 居住在恩/系统分区。相反,有一个新的 /系统/私法-app目录中,只有应用服务的的APK是在 目录中允许使用signatureOrSystem权限,而不 共享平台证书。这将减少表面积 的系统 - 捆绑的应用程序可能的攻击来试图以 访问权限守卫的操作。
"signatureOrSystem" permissions are no longer available to all apps residing en the /system partition. Instead, there is a new /system/priv-app directory, and only apps whose APKs are in that directory are allowed to use signatureOrSystem permissions without sharing the platform cert. This will reduce the surface area for possible exploits of system- bundled applications to try to gain access to permission-guarded operations.
在ApplicationInfo.FLAG_SYSTEM标志仍然意味着它是什么说 在文档中:表示该应用程序的apk是 捆绑在/系统分区。一个新的隐藏标志FLAG_PRIVILEGED 已经引入了反映访问这些实际的右 权限。
The ApplicationInfo.FLAG_SYSTEM flag continues to mean what it is says in the documentation: it indicates that the application apk was bundled on the /system partition. A new hidden flag FLAG_PRIVILEGED has been introduced that reflects the actual right to access these permissions.
这篇关于AOSP特权VS系统的应用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
