Android:shareduserid and signatures of Android permissions

Description: This article was transferred from http://329716228.iteye.com/blog/1503160

Recently doing something, coincidence encountered Shareduserid problem, so collected some information, save archive backup.

Installed in each APK file on the device, Android assigns a separate user space to each APK process, and the userid in the manifest is that the corresponding Linux user is assigned to a unified Linux User ID and creates a sandbox for it. To prevent the impact of other applications (or other applications that affect it). The user ID is assigned when the application is installed on the device, and it remains persistent in the device.

With the shared user ID, multiple apk with the same user ID can be configured to run in the same process. So by default, you can access arbitrary data with each other. It can also be configured to run into different processes while accessing the databases and files in the data directory of the other apk. Just like accessing the data of this program.

For an apk, there are three steps you must take if you want to use a shared UID:

1. Add the Android:shareduserid attribute to the manifest node.

2. Increase the definition of local_certificate in android.mk.

If you add the above attribute but do not define the corresponding local_certificate, the APK is not installed. Tip error is: Package com.test.MyTest have no signatures that match those in shared user Android.uid.system; ignoring! that is, only two application signatures with the same signature and the same Shareduserid label will be assigned the same user ID. For example, all media/download-related apk use Android.media as Shareduserid, then they must have the same signature media.

3, put the source of the APK into the packages/apps/directory, with mm to compile.

For example.

All apk that uses Android.uid.system as the shared UID in the system will first add android:shareduserid= "Android.uid.system" to the manifest node, Then add local_certificate: = platform in the android.mk. See Settings, etc.

All apk that uses android.uid.shared as the shared UID in the system will add android:shareduserid= "android.uid.shared" to the manifest node, Then add local_certificate to ANDROID.MK: = Shared. See launcher, etc.

All apk that uses Android.media as the shared UID in the system will add android:shareduserid= "Android.media" to the Manifest node and add Android.mk in Local_ CERTIFICATE: = media. Refer to Gallery, etc.

In addition, any file created by the app is assigned the user identity of the app and is not normally accessible by other packages. When passed Getsharedpreferences (string,int), Openfileoutput (string, int), or OpenOrCreate Database (string, int, Sqlitedatabase.cursorfactory) When creating a new file, developers can use the mode_world_readable and mode_world_riteable flags to allow other packages to read/write the file simultaneously or separately. When these flags are set, the file still belongs to its own application, but its global read/write and read/write permissions have been set so that any other application can see it.

About signatures:

The Build/target/product/security directory has four sets of default signatures for ANDROID.MK to compile apk use:

1, TestKey: normal apk, use by default.

2, platform: The APK completes some of the core functions of the system. After testing the access to the folders that exist in the system, the UID of the process in which the APK is compiled is system.

3. Shared: The APK needs to share data with the home/contacts process.

4. Media: This apk is a link in the Media/download system.

There is a local_certificate field in the application's android.mk, which specifies which key to sign with, unspecified default with TestKey.

For APK compiled with Eclipse, you can use Signapk.jar to manually sign the source code under BUILD/TOOLS/SIGNAPK, compiled in out/host/linux-x86/framework/ Signapk.jar can also be downloaded from the Internet. To use, take platform as an example: Java-jar./signapk platform.x509.pem platform.pk8 input.apk output.apk   (PLATFORM.X509.PEM Platform.pk8 obtained in build/target/product/security)