The Rigol apps are chown'd root:root.
How did you determine this? I couldn't see any evidence anywhere that Rigol's applications run under root. All files they create are owned by the system.
The manifest only states to use shared user id of "android.uid.system". This is for perms reasons, and, apps with same shared uid can share data. I am not sure what data is shared between the Rigol apps and others. However, to get that level of shared user perms of "system" (inherited) the app's MUST be signed with same private key that signed the droid (rom).
Yes, I know. This is discussed throughout the last few pages of the topic
I think that Rigol's applications do not exchange any common data with each other. At least I didn't see any signs of it.
You can perhaps replace that shared uid in manifest for all the Rigol apps, but from there I am not sure what breaks or not. The app-priv logging switch should log perms requests that fail, allowing you to see what the issue is after moving app away from shared uid of "system".
Probably, replacing the user ID android.uid.system with any other one in the webcontrol application will lead to its inoperability, because it requires access to system resources that are only allowed to applications under the system account. I'm not sure about the launcher application, but it is possible that it will not be able to work under a non-system account.
ssh in
ls -al /system/app/Webcontrol/Webcontrol.apk
ls -al /system/app/Launcher/Launcher.apk
ls -al /system/app/Sparrow/Sparrow.apk
does it show root root ? owner:group it belongs to. They are all rw r r (644) perms too.
This does not mean the apk runs as that uid or gid.
However the apk runs (natively, vm, etc), the uid that starts it or calls it up into another running process (like vm in vm host process), that's the uid the apk runs as.
If a.jar is nobody:nobody and I am in as root, I can call java -jar a.jar to run that jar file.
In std Linux, if the APK's are root:root and 644, then we can say "system" uses the read permission to read in the APK.
***************************************
Then do
ps |grep scope
ps |grep launcher
ps |grep webcontrol
notice all those apk packages are running as "system" user. The "system" user loaded and ran those APK's.
And it all makes sense, the actual
running APK is not in /system/app or priv-app
Notice the APK directories in /data/app
/data/app/com.rigol.launcher-1/
ls -al /data/app/com.rigol.launcher-1/base.apk
BAM, it's chown'd system:system
I believe the pm install copies the APK and parks it in /data/app as "system" user. From there uid 1000 does whatever it wants with that file (apk). It's also possible that the base.apk gets to /data/app/ during boot (need to verify).
The base.apk has been altered, md5's of the base apk and their corresponding apk in /system/app/ are not the same. I need to copy out the base.apk and take a look at it, compare, etc.
base.apk is smaller by about 105B on my ntfs filesystem. Looking inside the apk's side-by-side, no obvious diffs, each carries the same signature too.
Something got goofy on my DHO, after reinstalll of the Rigol signed Sparrow, it no longer shows as a system app "
adb shell cmd package list packages -s"