What is the difference between system apps and privileged apps on Android?
So after some digging, it's clear that apps in priv-app are eligible for system permissions, the same way that old apps used to be eligible to claim system permissions by being in system-app. The only official Google documentation I could find on this came in the form of a commit message:
Commit hash: ccbf84f44c9e6a5ed3c08673614826bb237afc54
Some system apps are more system than others
"signatureOrSystem" permissions are no longer available to all apps
residing en the /system partition. Instead, there is a new
/system/priv-app directory, and only apps whose APKs are in that
directory are allowed to use signatureOrSystem permissions without
sharing the platform cert. This will reduce the surface area for
possible exploits of system- bundled applications to try to gain
access to permission-guarded operations.The ApplicationInfo.FLAG_SYSTEM flag continues to mean what it is says
in the documentation: it indicates that the application apk was
bundled on the /system partition. A new hidden flag FLAG_PRIVILEGED
has been introduced that reflects the actual right to access these
permissions.
Update: As of Android 8.0 priv-app has changed slightly with the addition of Privileged Permission Whitelisting. Beyond just being in priv-app, your app must also be added to a whitelist in order to gain various system permissions. Information on this can be found here: https://source.android.com/devices/tech/config/perms-whitelist
Difference between preinstalled and privileged protection level
The answer seems to be yes, as long as a privileged
app is part of the system image (i.e. pre-installed). The package manager will grant a preinstalled
permission to what it (internally) calls a system app, see grantSignaturePermission()
:
if (!allowed && (bp.protectionLevel
& PermissionInfo.PROTECTION_FLAG_PREINSTALLED) != 0
&& isSystemApp(pkg)) {
// Any pre-installed system app is allowed to get this permission.
allowed = true;
}
Internally, a system app is actually a pre-installed app (refactoring is limited to the public API, not in the source), see ActivityInfo
:
/**
* Value for {@link #flags}: if set, this application is installed in the
* device's system image.
*/
public static final int FLAG_SYSTEM = 1<<0;
// Many lines not shown
public boolean isSystemApp() {
return (flags & ApplicationInfo.FLAG_SYSTEM) != 0;
}
What is the difference between privapp-permissions.xml in system/etc/permissions and default-permissions.xml in system/etc/default-permissions?
- Every private permissions used by apps in /system/priv-app/ should be put in privapp-permissions.xml.
- The dangerous permissions used by apps in /system/ can be granted by default by system/etc/default-permissions.
private permissions are permissions declared in platfrom with system|signatured flags.
dangerous permissions are runtime permissions should be granted by users.
Get Android system permissions by putting app in /system/app?
As of Android 4.4, Privileged Apps must be put in /system/priv-app instead of /system/app. Once I moved my app there, it got the privilege as expected.
See here: AOSP Privileged vs System app
When i add app priv-app phone not booting
You haven't shared the Crash Stack here. Its difficult to tell.
I could see here that
Are you requesting any privileged permissions from the app side ? if yes, device will not boot until you whitelist those permissions in privileged permissions xml file which will be stored at either system/etc/permissions
Related Topics
Actionbarsherlock - How to Set the Padding of Each Actionbar's Icon
Place Imageview Over Button Android
How to Use the Gradle Build System for Android with Eclipse
Android Bluetoothdevice.Getname() Return Null
Android Saf (Storage Access Framework): Get Particular File Uri from Treeuri
Android: Programmatically Adding Buttons to a Layout
Camera Intent Not Working with Samsung Galaxy S3
Scan Android Sd Card for New Files
Android: Detect Orientation Changed
Urlconnection or Httpclient: Which Offers Better Functionality and More Efficiency
Editing Functionality of Host Card Emulation in Android
Android Imageview Adjusting Parent's Height and Fitting Width