On Tue, Mar 17, 2009 at 7:56 AM, guillaume leterrier (Teleca Germany) < [email protected]> wrote:
> "A permission that the system is to grant only to packages in the > Android system image or that are signed with the same certificates." > > Could someone really clarify what is called the "system image". Could > someone list or clarify what encompasses the term system image for > this protection? Is it only packages that are located under directory / > system/ or more? It's the .apks under /system/app. > The Framework core package is installed under /System/, Fwiw, this is irrelevant. > and /frameworks/base/core/res/AndroidManifest.xml includes API that > are either protected by signature or SignatureorSystem. > > So, for the framework protected APIs, a Signature and > SignatureorSystem protection make no protection difference? Huh? It means what it says: for someone to be granted the permission, they must either be signed with the same certificate as the one who declared the permission (in this case the framework in the path you supply, which is signed with the core platform certificate), or they must be installed in the system image. > Indeed, as far as I understood, all packages under /system are all > currently signed by the same key? No they aren't. Google's applications are signed by Google with Google's own certificate, things like AmazonMP3 that are bundled with the G1 are signed with their vendor's certificate, and there are a number of other core certificates in the platform itself (media, one for apps, etc) that are used, to isolate the different entities from each other. > I guess the OEM must be the authority controlling this key and what > gets installed under /system? A key doesn't get installed in /system. But yes, the OEM must do the final signing of their .apks with certificates owned by that OEM. > The distinction Signature and SignatureorSystem would only become > effective, if some package stored under /system/ are not signed by the > same key as the framework package? Correct, and very few applications are signed with the platform certificate. > In such case, these packages may be granted system permissions, but > not to the framework API protected by the only "signature" scheme. > Correct. -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support. All such questions should be posted on public forums, where I and others can see and answer them.
