Android program Security System

Recently, during the android porting processProgram(APK) permission issues. I have recently learned a little about this and want to share it with you.

The android framework is built based on the Linux kernel, so the android security system is also built based on the Linux security architecture. In Linux security system, users and groups play an important role. All resources in Linux have different access attributes for different users and user groups. If you are not familiar with the concepts of users and groups in Linux, Please study basic Linux knowledge first.

In Android, the system creates a user and group for each application (APK. This user and group are restricted users. They cannot access system data, but can only access their own files and directories. Of course, they cannot access data of other applications. This design can protect the private data of applications as much as possible and enhance the security and robustness of the system.

However, some applications need to access some system resources. For example, the setting program needs to access wiffi and create and delete files in the system. How can we achieve this? Android can obtain the system permission through a certain channel. To obtain system user permissions, perform the following steps:

1. Add the Android: shareduserid = "android. uid. System" attribute to the manifest node in androidmanifest. xml of the application.
2. Modify the Android. mk file and add local_certificate: = platform.
3. Use the MM command to compile the generated APK and you will have the permission to modify the system time.

Generally, System User Permissions are sufficient. system users can create and delete files in the system and access devices. However, in some cases, system permissions are insufficient. For example, to set the IP address of the NIC, The ifconfig Command requires the root permission. I can say with certainty that applications under Android do not have the root permission. But what if my application requires root permission? You can only find a way to go around. Take my problem as an example. Set the IP address of the NIC. The command below for root permission is:

Ifconfig eth0 192.168.1.188
 

This command does not work under the permissions of common users or system users, but does not return failures or exceptions. I personally think this is an android bug. How can this function be implemented? I have come up with two methods.

1. When the system starts, the INIT process creates a background process with the root user permission. It is used to listen to requests of applications in the system (which can be implemented using socket) and complete on behalf of them. In this way, the application can execute the root user permission task.

2. Implement a virtual device. The function of this device is to help the application execute the corresponding commands in kernel mode. The Linux kernel does not have the permission. The execution is successful.

When I solve the problem of setting the NIC IP address, select the latter. The design is relatively simple.

If you search online, you will find manyArticleThis section describes how to grant root permissions to Android applications. Don't trust them if you don't want to waste time, because those channels won't be able to get the root permission at all.

My subsequent blog post "get root permissions for Android apps" explains how to get root permissions for apps (APK) in the first way.

Author:Simon_fu

Http://my.unix-center.net /~ Simon_fu /? P = 531