systemOrSignature protection level

Question

There seems to be some conflicting information about the "systemOrSignature" protection level.

If I have a preinstalled system app included with the image by the OEM, but signed by me, my app will have this protection level, correct? This is different than "signature" protection level which requires the OEM's signature.

If so, will my application be granted this permission? android.permission.INSTALL_PACKAGES

By default this seems to be set to systemOrSignature level protection, but most answers on stackoverflow indicate that the OEM signature will be required, e.g.:

Install apps silently, with granted INSTALL_PACKAGES permission

Troubles installing programmatically an app with INSTALL_PACKAGES permission from /system/app

Answer 1

If I have a preinstalled system app included with the image by the OEM, but signed by me, my app will have this protection level, correct?

That's what's supposed to happen.

If so, will my application be granted this permission? android.permission.INSTALL_PACKAGES

Based on the current source code, yes:

<permission android:name="android.permission.INSTALL_PACKAGES"
    android:label="@string/permlab_installPackages"
    android:description="@string/permdesc_installPackages"
    android:protectionLevel="signature|system" />

Bear in mind that the rules around any given permission can change over time.

By default this seems to be set to systemOrSignature level protection, but most answers on stackoverflow indicate that the OEM signature will be required

Your second link says that being installed on firmware is sufficient, which lines up with the current source code.

Also, sometimes answers and comments on SO will use a bit of shorthand. Since you can tell what you need by looking at the source code, you can always validate for yourself whether a given permission is signature-only or not.