diff options
author | Christopher Tate <ctate@google.com> | 2013-05-08 15:25:41 -0700 |
---|---|---|
committer | Christopher Tate <ctate@google.com> | 2013-06-17 12:47:35 -0700 |
commit | ccbf84f44c9e6a5ed3c08673614826bb237afc54 (patch) | |
tree | 854e35665f7754b3b0d1b4aaadc7b4927c3ea9ce /packages | |
parent | 4ffa23379f95771fcdc63a2e35586b7e2c0b23a5 (diff) | |
download | frameworks_base-ccbf84f44c9e6a5ed3c08673614826bb237afc54.zip frameworks_base-ccbf84f44c9e6a5ed3c08673614826bb237afc54.tar.gz frameworks_base-ccbf84f44c9e6a5ed3c08673614826bb237afc54.tar.bz2 |
Some system apps are more system than others
"signatureOrSystem" permissions are no longer available to all apps
residing en the /system partition. Instead, there is a new /system/priv-app
directory, and only apps whose APKs are in that directory are allowed
to use signatureOrSystem permissions without sharing the platform cert.
This will reduce the surface area for possible exploits of system-
bundled applications to try to gain access to permission-guarded
operations.
The ApplicationInfo.FLAG_SYSTEM flag continues to mean what it is
says in the documentation: it indicates that the application apk was
bundled on the /system partition. A new hidden flag FLAG_PRIVILEGED
has been introduced that reflects the actual right to access these
permissions.
At some point the "system" permission category will be
renamed to "privileged".
Bug 8765951
Change-Id: I6f0fd9cdb9170e076dfc66d83ecea76f8dd7335d
Diffstat (limited to 'packages')
-rw-r--r-- | packages/BackupRestoreConfirmation/Android.mk | 1 | ||||
-rw-r--r-- | packages/DefaultContainerService/Android.mk | 2 | ||||
-rw-r--r-- | packages/ExternalStorageProvider/Android.mk | 1 | ||||
-rw-r--r-- | packages/FusedLocation/Android.mk | 1 | ||||
-rw-r--r-- | packages/InputDevices/Android.mk | 1 | ||||
-rw-r--r-- | packages/Keyguard/Android.mk | 2 | ||||
-rw-r--r-- | packages/Keyguard/test/Android.mk | 3 | ||||
-rw-r--r-- | packages/SettingsProvider/Android.mk | 1 | ||||
-rw-r--r-- | packages/SharedStorageBackup/Android.mk | 1 | ||||
-rw-r--r-- | packages/Shell/Android.mk | 1 | ||||
-rw-r--r-- | packages/SystemUI/Android.mk | 1 | ||||
-rw-r--r-- | packages/VpnDialogs/Android.mk | 2 |
12 files changed, 16 insertions, 1 deletions
diff --git a/packages/BackupRestoreConfirmation/Android.mk b/packages/BackupRestoreConfirmation/Android.mk index e775b44..b84c07f 100644 --- a/packages/BackupRestoreConfirmation/Android.mk +++ b/packages/BackupRestoreConfirmation/Android.mk @@ -23,6 +23,7 @@ LOCAL_SRC_FILES := $(call all-java-files-under, src) LOCAL_PACKAGE_NAME := BackupRestoreConfirmation LOCAL_CERTIFICATE := platform +LOCAL_PRIVILEGED_MODULE := true include $(BUILD_PACKAGE) diff --git a/packages/DefaultContainerService/Android.mk b/packages/DefaultContainerService/Android.mk index 56b8005..9961168 100644 --- a/packages/DefaultContainerService/Android.mk +++ b/packages/DefaultContainerService/Android.mk @@ -11,6 +11,8 @@ LOCAL_REQUIRED_MODULES := libdefcontainer_jni LOCAL_CERTIFICATE := platform +LOCAL_PRIVILEGED_MODULE := true + include $(BUILD_PACKAGE) include $(call all-makefiles-under,$(LOCAL_PATH)) diff --git a/packages/ExternalStorageProvider/Android.mk b/packages/ExternalStorageProvider/Android.mk index 32752b8..db825ff 100644 --- a/packages/ExternalStorageProvider/Android.mk +++ b/packages/ExternalStorageProvider/Android.mk @@ -7,5 +7,6 @@ LOCAL_SRC_FILES := $(call all-subdir-java-files) LOCAL_PACKAGE_NAME := ExternalStorageProvider LOCAL_CERTIFICATE := platform +LOCAL_PRIVILEGED_MODULE := true include $(BUILD_PACKAGE) diff --git a/packages/FusedLocation/Android.mk b/packages/FusedLocation/Android.mk index 318782f..7406eaf4 100644 --- a/packages/FusedLocation/Android.mk +++ b/packages/FusedLocation/Android.mk @@ -23,5 +23,6 @@ LOCAL_JAVA_LIBRARIES := com.android.location.provider LOCAL_PACKAGE_NAME := FusedLocation LOCAL_CERTIFICATE := platform +LOCAL_PRIVILEGED_MODULE := true include $(BUILD_PACKAGE) diff --git a/packages/InputDevices/Android.mk b/packages/InputDevices/Android.mk index 37f2428..095655c 100644 --- a/packages/InputDevices/Android.mk +++ b/packages/InputDevices/Android.mk @@ -23,6 +23,7 @@ LOCAL_JAVA_LIBRARIES := LOCAL_PACKAGE_NAME := InputDevices LOCAL_CERTIFICATE := platform +LOCAL_PRIVILEGED_MODULE := true include $(BUILD_PACKAGE) diff --git a/packages/Keyguard/Android.mk b/packages/Keyguard/Android.mk index bc86a44..f6f441d 100644 --- a/packages/Keyguard/Android.mk +++ b/packages/Keyguard/Android.mk @@ -24,6 +24,8 @@ LOCAL_PACKAGE_NAME := Keyguard LOCAL_CERTIFICATE := platform +LOCAL_PRIVILEGED_MODULE := true + LOCAL_PROGUARD_FLAG_FILES := proguard.flags include $(BUILD_PACKAGE) diff --git a/packages/Keyguard/test/Android.mk b/packages/Keyguard/test/Android.mk index d011df4..15059c6 100644 --- a/packages/Keyguard/test/Android.mk +++ b/packages/Keyguard/test/Android.mk @@ -20,8 +20,9 @@ LOCAL_SRC_FILES := $(call all-java-files-under, src) LOCAL_PACKAGE_NAME := KeyguardTest -# Remove this to verify permission checks are working correctly +# Remove these to verify permission checks are working correctly LOCAL_CERTIFICATE := platform +LOCAL_PRIVILEGED_MODULE := true # LOCAL_PROGUARD_FLAG_FILES := proguard.flags diff --git a/packages/SettingsProvider/Android.mk b/packages/SettingsProvider/Android.mk index a2ea554..da929ae 100644 --- a/packages/SettingsProvider/Android.mk +++ b/packages/SettingsProvider/Android.mk @@ -9,6 +9,7 @@ LOCAL_JAVA_LIBRARIES := telephony-common LOCAL_PACKAGE_NAME := SettingsProvider LOCAL_CERTIFICATE := platform +LOCAL_PRIVILEGED_MODULE := true include $(BUILD_PACKAGE) diff --git a/packages/SharedStorageBackup/Android.mk b/packages/SharedStorageBackup/Android.mk index 1d4f4da..a213965f 100644 --- a/packages/SharedStorageBackup/Android.mk +++ b/packages/SharedStorageBackup/Android.mk @@ -25,6 +25,7 @@ LOCAL_PROGUARD_FLAG_FILES := proguard.flags LOCAL_PACKAGE_NAME := SharedStorageBackup LOCAL_CERTIFICATE := platform +LOCAL_PRIVILEGED_MODULE := true include $(BUILD_PACKAGE) diff --git a/packages/Shell/Android.mk b/packages/Shell/Android.mk index fc4c0f5..5bd48c6 100644 --- a/packages/Shell/Android.mk +++ b/packages/Shell/Android.mk @@ -9,5 +9,6 @@ LOCAL_STATIC_JAVA_LIBRARIES := android-support-v4 LOCAL_PACKAGE_NAME := Shell LOCAL_CERTIFICATE := platform +LOCAL_PRIVILEGED_MODULE := true include $(BUILD_PACKAGE) diff --git a/packages/SystemUI/Android.mk b/packages/SystemUI/Android.mk index 015c0cc..fc70f7a 100644 --- a/packages/SystemUI/Android.mk +++ b/packages/SystemUI/Android.mk @@ -10,6 +10,7 @@ LOCAL_JAVA_LIBRARIES := services telephony-common LOCAL_PACKAGE_NAME := SystemUI LOCAL_CERTIFICATE := platform +LOCAL_PRIVILEGED_MODULE := true LOCAL_PROGUARD_FLAG_FILES := proguard.flags diff --git a/packages/VpnDialogs/Android.mk b/packages/VpnDialogs/Android.mk index ac84125..4c80a26 100644 --- a/packages/VpnDialogs/Android.mk +++ b/packages/VpnDialogs/Android.mk @@ -22,6 +22,8 @@ LOCAL_MODULE_TAGS := optional LOCAL_CERTIFICATE := platform +LOCAL_PRIVILEGED_MODULE := true + LOCAL_SRC_FILES := $(call all-java-files-under, src) LOCAL_PACKAGE_NAME := VpnDialogs |