[SifJar]

Sounds like they do this: https://lineage.microg.org/#faq7

> Moreover, to further strengthen the security of our ROM, we modified the signature spoofing permission so that only system privileged apps can obtain it, and no security threat is posed to our users.

[amluto]

Sure, but did they submit a patch like that to Lineage OS? As far as I can tell, they didn't.

[larma]

The patch was submitted, it's unfortunately not visible to the public: https://review.lineageos.org/194562

[petecox]

It seems like such a small one method change, in the context of forking an entire distro.

I wonder if PackageManagerService is hard coded in many places, rather than using XML dependency injection. If the latter then may it be possible to override the method in a subclass, e.g. MicroGPackageManagerService and distribute the change via a once-only installable zip?

That way Lineage OS doesn't need to break security, only downstream.