Sometimes we need to use some system-related permissions in our applications, such as USB permissions. If the process of our own application and the system process are the same UID, we will have this permission by default and do not need to be granted by the user. In many cases It will be much more convenient. Most of the projects I've been working on recently use this permission. Modify the system time, call the hidden method, shut down and restart the system, install, upgrade and uninstall applications silently, etc. At the beginning, add the permission directly and run it. If an error is reported, no matter the simulator or the real machine, you will always get "Unable to open alarm driver: Permission denied" in logcat. This function requires root privileges or runs in a system process before it can be used.
After searching online for a long time, I found that there are two ways to solve it:
One is to compile with make in the environment of Android system source code:
1. Add the attribute android:sharedUserId="android.uid.system" to the manifest node in the AndroidManifest.xml of the application.
2. Modify the Android.mk file and add the line LOCAL_CERTIFICATE := platform
3. Use the mm command to compile, and the generated apk will have the authority to modify the system time.
This method cannot be compiled by .mk, so I have to refer to the second one:
1. Add the attribute android:sharedUserId="android.uid.system".
2. Use eclipse to compile the unsigned apk file, but this apk file cannot be used.
3. Use the platform key of the target system to re-sign the apk file.
This step is more troublesome, first find the key file, the location in my Android source code directory is "build/target/product/security",
The following two files are platform.pk8 and platform.x509.pem. Then use the Signapk tool provided by Android to sign,
The source code of signapk is under "build/tools/signapk", the usage is "signapk platform.x509.pem platform.pk8 input.apk output.apk",
The file name is best to use an absolute path to prevent it from being found, or you can modify the source code and use it directly. In this way, the final apk is the same as the first method.
Finally, explain the principle, first add the attribute android:sharedUserId="android.uid.system".
Through Shared User id, multiple APKs with the same User id can be configured to run in the same process.
Then match the UID of the program to android.uid.system, that is, let the program run in the system process, so that you have the authority to modify the system time.
It’s not enough to just add the UID. If the APK is installed at this time, it is found that it cannot be installed and the signature does not match.
The reason is that the program wants to run in the system process but also has the platform key of the target system, which is the two files platform.pk8 and platform.x509.pem mentioned in the second method above.
After signing with these two keys, the apk can actually be put into the system process. Adding LOCAL_CERTIFICATE := platform to the first method actually uses these two keys to sign.
There is also a problem, that is, the program generated in this way can only be used in the original Android system or a system compiled by yourself, because such a system can get the two files platform.pk8 and platform.x509.pem.
If the Android made by another company cannot even be installed. Try the key in the original Android to sign, the program runs on the emulator OK, but the installation on G3 directly prompts "Package ... has no signatures that match those in shared user android.uid.system", so it is also Protect the security of the system.
Finally, the android:sharedUserId attribute can not only put the apk in the system process, but also configure multiple APKs to run in one process.
Sharing data should be useful.
What is UID
As we all know, Pid is the process ID, Uid is the user ID, but Android is not the same as the computer. Each computer user has a Uid, which user starts the program, the Uid of this program is that user, and every program in Android There is a Uid. By default, Android will assign a Uid with a different general level to each program. If you call each other, only the Uid can be the same. This makes the shared data have a certain degree of security. Data cannot be obtained randomly between software.
Set your own application UID to the UID of the system process
There are three types of system process UID:
- android:sharedUserId="android.uid.system"
- android:sharedUserId="android.uid.shared"
- android:sharedUserId="android.media"
Let's take the first one here to experiment, and the other two implementations are the same.
Declare UID
First, we need to declare the UID of the application in the manifest:
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="cn.izis.chessdeskrobot"
android:sharedUserId="android.uid.system"
>
...
</manifest>
Signature packaging
The prerequisite for signature packaging is to have a system signature file, which is generally located in the build/target/product/security directory of the source code, and some manufacturers’ custom systems are placed in other directories. For example, the Nanopc3 I use is in the following directory, which can be global Search for it. At first, I also used the build directory, but it couldn't be installed after packaging. Later, I found that there was also a /(ㄒoㄒ)/~~ in the vendor directory:
Uploading... re-upload canceled Uploading... re-upload canceled
Signature file.png
Among them, android:sharedUserId="android.uid.system" corresponds to two files platform.pk8 and platform.x509.pem.
Here are three common ways to import system signatures:
- Re-sign the generated apk
- Re-sign the application's own signature file
- Compile from mk file
Already have apk
The apk file that has been generated can be re-signed with the following command through the signapk.jar file in the source code /out/host/linux-x86/framework directory.
java -jar signapk.jar platform.x509.pem platform.pk8 my.apk new.apk
Note that the four files signapk.jar, platform.x509.pem, platform.pk8, and my.apk must be in the same path when using this instruction, otherwise you need to change the path yourself.
Regenerate the signature
After generating your own key file, use the keytool-importkeypair tool to regenerate the signature using the following command:
keytool-importkeypair -k demo.jks -p 123456 -pk8 platform.pk8 -cert platform.x509.pem -alias demo
- demo.jks: signature file
- 123456: signature file password
- platform.pk8, platform.x509.pem: system signature file
- demo: signature file alias
The keytool-importkeypair tool can be downloaded from here .
Use mk file to compile in source environment
I haven't tested this method for the time being, because I don't know much about mk files. Under normal circumstances, it will not be used. After all, it is basically developed using ide tools. The above two methods are sufficient. If necessary, add it later.