2

Following this discussion, I've signed a system app I'm working on using a specific device's proprietary platform certificates which I received from the manufacturer. I signed it as follows:

java -jar out/host/linux-x86/framework/signapk.jar \
     build/target/product/security/platform.x509.pem \
     build/target/product/security/platform.pk8 \
     Launcher-unsigned.apk \
     Launcher-unsigned.apk
zipalign -f 4 Launcher-signed.apk Launcher.apk

My launcher has various permissions:

<uses-permission 
    android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
[snip]
<uses-permission
    android:name="android.permission.SET_PREFERRED_APPLICATIONS"
    tools:ignore="ProtectedPermissons" />

And I included in the manifest:

<manifest [...]
    android:sharedUserId="android.uid.system" >

Where previously my app would succeed in writing the SD-card, but fail setting a preferred application (my code similar to this), it now no longer throws a SecurityException, but instead writing to the SD-card throws a FileNotFoundException with a message that permission was denied.

What could be happening that my app gets some protected permissions, but loses some others?

Community
  • 1
  • 1
Paul Lammertsma
  • 37,593
  • 16
  • 136
  • 187
  • 1
    Look at logcat (from PackageManager iirc) while installation. It will tell you what permissions are not granted. Maybe there is some info. – zapl Dec 20 '12 at 14:43
  • Great suggestion. Pushing the platform signed app to `/system/app/` reveals nothing strange in logcat, I'm afraid. (Pushing the non-platform signed app shows "Not granting permission android.permission.SET_PREFERRED_APPLICATIONS" as would be expected.) – Paul Lammertsma Dec 20 '12 at 22:28

1 Answers1

4

Ricardo Cerqueira (CyanogenMod developer) was so kind to respond to me privately via Google+:

The system user, by design, can NOT write external storage. It's actually the only user forbidden to do so.

Paul Lammertsma
  • 37,593
  • 16
  • 136
  • 187