[WIP] Enhanced privileged F-Droid
Work In Progress: Do not merge
This will implement an idea described here: https://gitlab.com/fdroid/fdroidclient/issues/375
Instead of installing the main FDroid.apk into the system, this will install a very small app into the system where the main FDroid app can send IPC calls to. The system app will then install the apk for the main FDroid app. This hopefully fixes many problems with the current approach of installing the whole FDroid.apk into system:
- only a small apk in system
- Updates are only applied to the main FDroid app
- After a rom update the FDroid app will not be gone, only the small app installed into system
- When the process of moving FDroid into system fails, previously FDroid was just gone.
This obviously needs security. My approach is:
-
- packageName must be "org.fdroid.fdroid"
-
- apk certificate is equal to apk certificate chosen in build.gradle
I decided against:
- certicate check only: Other apps are signed with the same certificate as FDroid, everyone could use the service
- sharedUserIds: Other apps are signed with the same certificate, thus everyone using the FDroid sharedUserId can use the service
- signature permission: same argument as above, and install order is crucial