On Mon, Oct 12, 2009 at 9:22 AM, skyhigh <skyhigh1...@gmail.com> wrote:
> After doing some more testing I have found that using a shared user ID > is not needed to access the other package's databases. > > If you call Context.createPackageContext(<other_package_name>, > Context.CONTEXT_IGNORE_SECURITY) then you can access the other > package's databases even if there is no shared user ID, as long as you > signed both packages with the same key. > Um, I am pretty sure this does not work. If the two apps do not have a shared user ID, then the system is going to assign them different user IDs, and from most perspectives -- certainly filesystem access -- they are two unrelated applications. The only way one could access files in another is if the other makes those files world readable (and in that case it doesn't matter what the apps are signed with, -anyone- can access those files). What the call you show here does let you do is load one application's coe into another's process. In this case certificates are ignored (it is VERY VERY dangerous to do), and the other application's code will be running in your own process, as you. It thus can now access your own files... but it can't access its files, because it isn't running as itself, it is running as you. -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
