Can anyone please clarify on the Protection Levels for a permission? Below is my understanding:
"Protection levels - ‘signature’ and ‘systemOrsignature’ are same except for the below reason. In either case a system app is always having the permission. Suppose X is defining permission with Protection level systemOrsignature. And Y is a system app that is part of the system image, then Y has the permission. And if Z is another vendor app that has a same certificate/signature (if the developer (OEM) of X has shared it with vendor), then Z too has the permission, even if Z is not part of system image. So, this helps non-system apps that share OEM signature. " Also, Is there a way to prevent the system apps that dont have a permission in its Manifest from the access. To be clear: "Suppose X is defining permission with Protection level systemOrsignature. And Y is a system app that is part of the system image, then Y has the permission. " In this case is it possible to prevent Y from having the permission? Please clarify. On Monday, 16 March 2009 22:59:23 UTC+5:30, Guillaume Leterrier wrote: > > Hi, > > > > Looking at the following developer web link that describes the core > android permissions, > > > > http://developer.android.com/reference/android/Manifest.permission.html > > > > The list encompasses the permissions associated to the android protected > API available from the Android frameworks. > > > > However, I could not find any information related to the associated > protection level. > > I guess this would be very useful to know for the application developers > and get the web link updated. > > > > So, digging in the file „Frameworks\base\core\res\AndroidManifest.xml“, > one could find such data. > > > > Most of the permissions are defined as dangerous and few others as normal. > > The remaining others, related mostly to the system, are based on signature > protection. > > > > Questions: > > > > 1) > > > > Because the signature protection levels for the framework are defined in a > unique manifest XML file, > > > > - does it mean that there is no means to have different permissions > protected by different signature keys (but splitting the file and framework > API in groups)? > > > > 2) > > The android framework is stored under the file directory \system\framework\ > > > > - Is this directory considered as one Android package signed by the > current android system unique key? > > - For permissions protected by signature or signatureOrSystem, what key is > used for such protection verification? OEM/system key ? > > > > 3) > > > > - if the OEMs are modifying few framework permission signature rules ( > dangerous => signature... ), how the applications compatibility will be > ensured on the Android platform accross various OEM smartphones ? > > > > > > Guillaume > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
