On 25 Jun., 02:26, Dianne Hackborn <hack...@android.com> wrote: > Why do you care if there is a <perms> tag? Because I figured that is what controls which Permissions can be used by apps. At least for apps stored in "user space" (/data/app/) this seems to be true. As stated here, you can revoke permissions granted at installation by editing the packages.xml file: http://elinux.org/Android_Security#Changing_application_security_permissions_after_installation
> applications in the system image must still explicitly request the > permissions they need, and they have to follow the rules as anyone else: What do you mean by "explicitely request"? List them in their AndroidManifest.xml? > The only > exception is the "signatureOrSystem" permission type, which > means the > permission can be granted to an app signed with the same > cert (whether it is in the system image or a third party app), *or* to any > app installed on the system image. There are a handful of such > permissions, but it isn't the common case. Does this only apply for all permissions protected by "signatureOrSystem", or does this also apply to permissions with a "lower" protection level such as "dangerous"? I.e., is there a relation regarding protection level strictness like: signature > signatureOrSystem > dangerous > normal? So that apps in /system/app/ will be granted permissions with a protection level equal to or below "signatureOrSystem"? If the above does not hold, will system apps just not be granted "dangerous" protection level permissions? Because as far as I can judge from my packages.xml, many system apps there make use of "dangerous" permissions. > As for why there are no permissions stored in packages.xml: there is no > need, because they can just be re-evaluated each boot when scanning the > packages. Then why are they stored for user apps (stored in /data/app/)? > If you use the package manager APIs to find out the permissions that are > held by each app, you will see that the system applications are granted the > permissions they request as per the rules. Again: What dou you mean by "request"? Putting them in your AndroidManifest.xml? Because for all apps I wrote, I never explicitely requested any permission in my code. Only through the Manifest file. Chris Stratton: > Yes, but wanting to understand how things work is an endemic amongst > engineers. Exactly :D Sorry if this is the wrong group, I was referred here by someone else. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en