Created
August 11, 2021 08:27
-
-
Save tonykwok/2e551d7967d6ebc14c0ba7a5f4a5e53e to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @see https://android.googlesource.com/platform/frameworks/base/+/ccbf84f44c9e6a5ed3c08673614826bb237afc54 | |
| Some system apps are more system than others | |
| "signatureOrSystem" permissions are no longer available to all apps | |
| residing en the /system partition. Instead, there is a new /system/priv-app | |
| directory, and only apps whose APKs are in that directory are allowed | |
| to use signatureOrSystem permissions without sharing the platform cert. | |
| This will reduce the surface area for possible exploits of system- | |
| bundled applications to try to gain access to permission-guarded | |
| operations. | |
| The ApplicationInfo.FLAG_SYSTEM flag continues to mean what it is | |
| says in the documentation: it indicates that the application apk was | |
| bundled on the /system partition. A new hidden flag FLAG_PRIVILEGED | |
| has been introduced that reflects the actual right to access these | |
| permissions. | |
| At some point the "system" permission category will be | |
| renamed to "privileged". | |
| Bug 8765951 | |
| Change-Id: I6f0fd9cdb9170e076dfc66d83ecea76f8dd7335d |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment