Android Maintains application permissions in the android filesystem:
1. File where all permissions assigned to a application(3rd party or system apps) will be stored in
/data/system/packages.xml
PackageManagerService.java
mSettings.writeLP() method writes the permissions to the above location
2. File where all the packages are displayed as list with packagename, path and uid is
/data/system/packages.list
eg: com.android.providers.downloads 10010 0 /data/data/com.android.providers.media
3. Granting of permissions during install is done by
PackageManagerService.grantPermissionsLP()
4. Usually during Package Installation, installer determines whether or not to grant the requested permission by checking the authorities that signed the applications certificates and, in some cases, asking the user
5. Protection-Level for permissions:
-> Normal
-> Dangerous
-> Signature
-> signatureorsystem
6. All built-in permissions such as INTERNET, RECEIVE_SMS etc... falls under Normal Protection level.
7. Dangerous: dangerous permissions requested by an application is displayed to the user and require confirmation before proceeding.
8. Built-in permissions with respective gids are maintained by the android system in
/etc/permissions/platform.xml:
eg: <permission name = "android.permission.INTERNET">
<group gid="camera" />
</permission>
<assign-permission name="android.permission.SEND_SMS" uid="shell" />
library: /system/framework/android.test.runner.jar
/system/framework/javax.obex.jar
9. PackageManager pm = getPackageManager();
-> readPermissions(): Reads for gids from /etc/permissions/platform.xml for a particular permissions(INTERNET, SEND_SMS) which is included in the AndroidManifest file of an application.
-> mSettings.readLP(): ReadPermissions from /data/system/packages.xml
10. Android grant permission by assigning the application process having eg:INTERNET permission to gid="inet".
Note: Gid's assigned to an application can do the operations assigned to it by the android system so "inet" gid assigned to an application can access INTERNET from your android device
11. During application launch time the gids will be assigned to the application process ie when it is fork() you can see the same in dalvik/vm/native/dalvik_system_Zygote.c under forkAndSpecializeCommon() method.
1. File where all permissions assigned to a application(3rd party or system apps) will be stored in
/data/system/packages.xml
PackageManagerService.java
mSettings.writeLP() method writes the permissions to the above location
2. File where all the packages are displayed as list with packagename, path and uid is
/data/system/packages.list
eg: com.android.providers.downloads 10010 0 /data/data/com.android.providers.media
3. Granting of permissions during install is done by
PackageManagerService.grantPermissionsLP()
4. Usually during Package Installation, installer determines whether or not to grant the requested permission by checking the authorities that signed the applications certificates and, in some cases, asking the user
5. Protection-Level for permissions:
-> Normal
-> Dangerous
-> Signature
-> signatureorsystem
6. All built-in permissions such as INTERNET, RECEIVE_SMS etc... falls under Normal Protection level.
7. Dangerous: dangerous permissions requested by an application is displayed to the user and require confirmation before proceeding.
8. Built-in permissions with respective gids are maintained by the android system in
/etc/permissions/platform.xml:
eg: <permission name = "android.permission.INTERNET">
<group gid="camera" />
</permission>
<assign-permission name="android.permission.SEND_SMS" uid="shell" />
library: /system/framework/android.test.runner.jar
/system/framework/javax.obex.jar
9. PackageManager pm = getPackageManager();
-> readPermissions(): Reads for gids from /etc/permissions/platform.xml for a particular permissions(INTERNET, SEND_SMS) which is included in the AndroidManifest file of an application.
-> mSettings.readLP(): ReadPermissions from /data/system/packages.xml
10. Android grant permission by assigning the application process having eg:INTERNET permission to gid="inet".
Note: Gid's assigned to an application can do the operations assigned to it by the android system so "inet" gid assigned to an application can access INTERNET from your android device
11. During application launch time the gids will be assigned to the application process ie when it is fork() you can see the same in dalvik/vm/native/dalvik_system_Zygote.c under forkAndSpecializeCommon() method.
No comments:
Post a Comment