On Mon, Mar 16, 2009 at 8:28 AM, F H <[email protected]> wrote:
> Is it intended that low level access to Surface Flinger is granted only to > components that a part of the system and not to applications developed using > the SDK and signed using an arbitrary certificate? Yes. > Is it the intention that an Android platform be signed with a certificate > unique to an android provider, Yes. > who if they wished could enable applications to be signed by the same > certificate. No, this would allow you to write third party applications that are either significant security vulnerabilities and/or break across platform releases. The platform certificate is intended to be exclusive to the device manufacturer, and something they keep private. > When an android system is built - where is the certificate that is used for > signing the system and does it need to be generated in a particular way > (e.g. does it need to be generated by some signing authority). No it can be generated the normal way you general one for an SDK developer. The development certs are here: http://android.git.kernel.org/?p=platform/build.git;a=tree;f=target/product/security;h=be33ff699f23419ffd2067daf5489f785551df70;hb=HEAD I don't know off-hand how you sign with your "real" certs; but a basic rule is that these are not checked in to any source repository but done as a separate step as part of making a final release image, and only accessible to a few select people. > Presumably applications that connect up to surface flinger are routed > through something that has the requisite permission. (Or is it that apps in > general do not use low-level access?). Applications do not get to use surface flinger. The window manager uses surface flinger, and provides the higher-level access that can be kept stable across releases. -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support. All such questions should be posted on public forums, where I and others can see and answer them. --~--~---------~--~----~------------~-------~--~----~ unsubscribe: [email protected] website: http://groups.google.com/group/android-porting -~----------~----~----~----~------~----~------~--~---
