Enhanced privileged F-Droid
This will implement an idea described here: https://gitlab.com/fdroid/fdroidclient/issues/375
Approach
Instead of installing the main FDroid.apk into the system, this will only install a very small app into the system.
The main FDroid app can communicate with this small privileged app via AIDL IPC, e.g., call installPackage()
or deletePackage()
.
The actual hidden AOSP API is now only used inside the system app.
This hopefully fixes many problems with the current approach of installing the whole FDroid.apk into system:
- Only a small apk in system partition
- When a rom updates and eventually removes all system apps, only the system app will be gone, not the main FDroid app
- Previously, when the process of moving FDroid into system fails, FDroid was just gone.
Security
- My approach is to use protectionLevel signature. Thus both apks need to be signed with the same key.
- Does not use sharedUserIds: http://java-hamster.blogspot.de/2010/05/androids-shareduserid.html
Folder structure
There are now two apps inside this repo and one library.
- F-Droid: main app
- F-Droid-Privileged: privileged app
- privileged-api-lib: contains the AIDL interfaces that are shared by both apps
Android Studio should happily import the root directory with everything in it. On my installation, syntax errors are shown where the AIDL interfaces are used. This is because the AIDL files are inside the lib and thus the auto-generated java files are not correctly recognized by Android Studio. However, building works fine!