System applications gain their permissions without user interaction because they have been signed with the same key as the platform.
android:sharedUserId="android.uid.system" - can be used in manifest
In my case I have no access to the platform keys because the rom is stock from big Sam Api 27+. This bring me to my issue. How to proceed?
Would disabling signature verification give my service the permissions required? Another solution would be to unpack the rom with its .images and unsign and resign each app inside system with my own but this is a very clumsy solution because I'm not sure what is being signed when the AOSP modified rom is created.
Device is rootable but only to allow modifications not as an end goal, that would defeat the purpose.
I'm looking for pointers, where to dive in. Perhaps somebody came across this problem once.
/// Removing dm-verity did not work. It was a silly attempt considering this verification only checks if the system's integrity has changed. Re-signing every apk inside /system/app/ did not work. It made my android unable to boot. Most likely cause is that some other files signature I haven't changed.
The solution lies in modifying the signature verification method inside the services.jar
The services.jar have a PackageManagerService.smali with a CompareSignature method.
.method static compareSignatures
.locals 7
const/4 v0, 0x0
return v0
.end method
Upon modifying this method and repacking it back to my device, I created an application to test and it was granted the permissions above. The most important feature to this is the system permissions that I have access now. All the features that have the "Not for use by third-party applications." from here https://android.izzysoft.de/applists/perms
This is the only method I have found to be working so far without rooting. My test device was a Samsung Galaxy S4 5.0.1 I do not know if it works on newer devices.