On the Android platform, how can an application obtain system permissions and how to use the platform key to sign the apk?

In Android, many functions can be called only by system programs or programs with root permissions. Otherwise, an "Permission denied" exception occurs. Therefore, if you want to call such functions during development, you must grant the program root permission. The following are two specific implementation methods: method 2 and method 1 have never been used.

Note: Neither method is applicable to all android systems.

Method 1: use make to compile the Android system source code:

Add the android: sharedUserId = "android. uid. system" attribute to the manifest node in AndroidManifest. xml of the application.
Modify the Android. mk file and add LOCAL_CERTIFICATE: = platform.
Use the mm command to compile the generated apk with the permission to modify the system time.
Method 2:
Similarly, add the android: sharedUserId = "android. uid. system" attribute.
Use eclipse to compile the apk file, but this apk file cannot be used.
Open the apk file with the compression software and delete the CERT. SF and CERT. RSA files under the META-INF directory. (I skipped this step (it was originally unintentional and later found that it was also mentioned below). The result is the same)
Use the platform key of the target system to re-sign the apk file. This step is troublesome. First, find the key file. The location in the Android source code directory is "build \ target \ product \ security". The following two files are platform. pk8 and platform. x509.pem. Then, use the Signapk tool provided by Android for signature. The source code of signapk is under "build \ tools \ signapk" and its usage is "signapk platform. x509.pem platform. pk8 input.apk output.apk ", it is best to use an absolute path for the file name to prevent it from being found. You can also modify the source code to use it directly.
<In this case, the final apk is the same as the first method>
First, add the android: sharedUserId = "android. uid. system" attribute. With the Shared User id, multiple APK with the same User id can be configured to run in the same process. Then, assign the UID of the program to android. uid. system, that is, to allow the program to run in the system process, so that you have the permission to call the functions that require system permissions. It is not enough to add the UID. If the APK cannot be installed at this time, the system prompts that the signature is inconsistent because the program wants to run in the system process and the platform key of the target system is required, the platform mentioned in the second method above. pk8 and platform. x509.pem files. After these two keys are signed, the apk can be put into the system process. Adding LOCAL_CERTIFICATE: = platform to the first method is actually using the two keys for signature.
One problem is that the generated program can only be used in the original Android system or a self-compiled system, because such a system can get the platform. pk8 and platform. x509.pem files. If other companies do not even install Android. Try the original Android key for signature. The program runs OK on the simulator, but the prompt "Package... has no signatures that match those in shared user android. uid. system ", which also protects the system security.
Finally, the android: sharedUserId attribute can not only put the apk in the system process, but also configure multiple APK to run in one process to share data, it should be very useful.

 

Application debugging annotation:

1. signapk. jar: signapk executable file in out/host/linux-x86/framework/signapk. jar;

2. signapk usage: run in the out/host/linux-x86/framework/directory

Java-jar signapk. jar platform. x509.pem platform. pk8 input.apk output.apk;
Platform. x509.pem must be earlier than platform. pk8; otherwise, an error is returned.

Input.apkis the API to sign, and output.apk is the signed apk. In this way, if your code has a function that requires the platform permission, it will be unobstructed.
Of course, the platform. pk8 and platform. x509.pem files may be different in different systems,
Therefore, this method is not applicable to all android systems. Www.2cto.com

3. there are four keys in build \ target \ product \ security \: platform, shared, testkey, and media. They have been verified, such as android. uid. system, should use shared key, such as android. uid. phone;

4. According to the netizen verification, do not need to delete the META-INF directory under the CERT. SF and CERT. RSA two files, direct signapk can be.
　　

Author: centralperk