Shareduserid and signatures of Android permissions

One is the need for Android system source code in the environment with make to compile:
1. Add the android:shareduserid= "Android.uid.system" attribute to the manifest node in the application's androidmanifest.xml. 2. Modify the Android.mk file, add local_certificate: = Platform this line
3. Using the MM command to compile, the generated apk will have the ability to modify the system time.
LZ does not. MK compiles this method, so you have to refer to the second type:
1. Add android:shareduserid= "Android.uid.system" to this property. 2. Use eclipse to compile unsigned apk files, but this apk file is not available.
3. Use the target system's platform key to re-sign the apk file. This step is more troublesome, first find the key file, the location in my Android source directory is "Build/target/product/security", below the Platform.pk8 and Platform.x509.pem two files. Then use Android to provide the signapk tool to sign, signapk source code is under "build/tools/signapk", the use of "signapk Platform.x509.pem platform.pk8 input.apk output.apk ", the file name is best to use absolute path to prevent not found, you can also modify the source code to use directly. (The file above has been published in the previous post)
This way the last apk is the same as the first one.


Finally explain the principle, first add android:shareduserid= "Android.uid.system" this attribute. With the shared user ID, multiple apk with the same user ID can be configured to run in the same process. Then the UID of the program into a android.uid.system, that is, to let the program run in the system process, so that there is permission to modify the system time.
Just adding UID is not enough, if you install the APK at this time found unable to install, prompt signature does not match, because the program wants to run in the system process and the target system platform key, The second method mentioned above is the PLATFORM.PK8 and Platform.x509.pem two files. Using these two keys to sign the APK before it can actually be put into the system process. The first method adds Local_certificate: = Platform is actually signed with these two keys.
There is also a problem, that is, the generated programs can only be used in the original Android system or in their own compiled system, because such a system can get platform.pk8 and Platform.x509.pem two files. If the other company does not have the Android installed on the installation. Try the original Android key to sign, the program runs OK on the emulator, but put on the G3 to install the direct prompt "package ... has no signatures that match those in shared user Android.uid. System ", which also protects the security of the systems.
Finally, this Android:shareduserid attribute not only can put the APK into the system process, can also configure multiple apk run in a process, so that the data can be shared, it should be useful.Turn from:http://blog.csdn.net/hmg25/article/details/6447067

Recently doing something, coincidence encountered Shareduserid problem, so collected some information, save archive backup.

Installed in each APK file on the device, Android assigns a separate user space to each APK process, and the userid in the manifest is that the corresponding Linux user is assigned to a unified Linux User ID and creates a sandbox for it. To prevent the impact of other applications (or other applications that affect it). The user ID is assigned when the application is installed on the device, and it remains persistent in the device.

With the shared user ID, multiple apk with the same user ID can be configured to run in the same process. So by default, you can access arbitrary data with each other. It can also be configured to run into different processes while accessing the databases and files in the data directory of the other apk. Just like accessing the data of this program.

For an apk, there are three steps you must take if you want to use a shared UID:

1. Add the Android:shareduserid attribute to the manifest node.

2. Increase the definition of local_certificate in android.mk.

If you add the above attribute but do not define the corresponding local_certificate, the APK is not installed. Tip error is: Package com.test.MyTest have no signatures that match those in shared user Android.uid.system; ignoring! that is, only two application signatures with the same signature and the same Shareduserid label will be assigned the same user ID. For example, all media/download-related apk use Android.media as Shareduserid, then they must have the same signature media.

3, put the source of the APK into the packages/apps/directory, with mm to compile.

For example.

All apk that uses Android.uid.system as the shared UID in the system will first add android:shareduserid= "Android.uid.system" to the manifest node, Then add local_certificate: = platform in the android.mk. See Settings, etc.

All apk that uses android.uid.shared as the shared UID in the system will add android:shareduserid= "android.uid.shared" to the manifest node, Then add local_certificate to ANDROID.MK: = Shared. See launcher, etc.

All apk that uses Android.media as the shared UID in the system will add android:shareduserid= "Android.media" to the Manifest node and add Android.mk in Local_ CERTIFICATE: = media. Refer to Gallery, etc.

In addition, any file created by the app is assigned the user identity of the app and is not normally accessible by other packages. When passed Getsharedpreferences (string,int), Openfileoutput (string, int), or OpenOrCreate Database (string, int, Sqlitedatabase.cursorfactory) When creating a new file, developers can use the mode_world_readable and mode_world_riteable flags to allow other packages to read/write the file simultaneously or separately. When these flags are set, the file still belongs to its own application, but its global read/write and read/write permissions have been set so that any other application can see it.

About signatures:

The Build/target/product/security directory has four sets of default signatures for ANDROID.MK to compile apk use:

1, TestKey: normal apk, use by default.

2, platform: The APK completes some of the core functions of the system. After testing the access to the folders that exist in the system, the UID of the process in which the APK is compiled is system.

3. Shared: The APK needs to share data with the home/contacts process.

4. Media: This apk is a link in the Media/download system.

There is a local_certificate field in the application's android.mk, which specifies which key to sign with, unspecified default with TestKey.

For APK compiled with Eclipse, you can use Signapk.jar to manually sign the source code under BUILD/TOOLS/SIGNAPK, compiled in out/host/linux-x86/framework/ Signapk.jar can also be downloaded from the Internet. To use, take platform as an example: Java-jar./signapk Platform.x509.pem platform.pk8 input.apk output.apk (PLATFORM.X509.PEM Platform.pk8 obtained in build/target/product/security)

Shareduserid and signatures of Android permissions