51CTO expert column Li Yang talks about Android Security Framework

BKJIA exclusive Article: This article introduces "Android Security Framework overview" to us ": the central idea of the Android security structure is that "applications cannot perform any operations that negatively affect other applications, systems, or users by default." Developers can only learn about the Android security architecture to design a smoother user experience during use.

1.What permissions does Android have?

Based on the user experience, the permissions of Android can be roughly divided into the following three categories:

(1)Android mobile phone owner permission: After the user buys Android mobile phone (such as Samsung GT-i9000), the user does not need to enter any password, has the permission to install general application software, use applications, etc;

(2)Android root permission: This permission is the highest permission for the Android system. You can perform any operations on files and data in all systems. You do not have this permission by default when you leave the factory. You need to use z4Root and other software to obtain the permission. However, you are not encouraged to perform this operation because you may lose the original warranty of your mobile phone. Similarly, if you upgrade the root permission of your Android phone, you will be able to use the mobile phone with the Android root permission without entering any password.

(3)Android Application Permissions: Android provides a wide range of sdks (Software development kit) that developers can develop Android applications based on. The application needs to have the corresponding access permission to the Android system resources. This permission is called the Android Application permission, which is set during application design, it takes effect upon initial installation of the Android system. It is worth noting that if the application is designed with a higher permission than the Android mobile phone owner, the application cannot run. For example, if the mobile phone does not obtain the Android root permission, the Root Explorer cannot be run because the Android root permission is required to run the application.

2.Component Model of Android)

The Android system includes four components.

(1)ActivityActivity is an interface in which various controls can be placed. For example, the Task Manager interface and the Root Explorer interface;

(2)Service: A service is a function module running in the background. Such as file downloads and music playing programs;

(3)Content Provider: It is a standard interface for data sharing between apps on the Android platform. It represents data in a way similar to URI (Universal Resources Identification), such as: content: // contacts/people/1101;

(4)Broadcast Receiver er: The concept associated with this component is Intent, which is an abstract description of actions and is responsible for message transmission between programs between components. The Broadcast Receiver component provides a mechanism to Broadcast Intent as a message and respond to it by all programs interested in it. For example, to enable the function of playing music after a system is started, you can define Intent as android. intent. action. BOOT_COMPLETED, which is Broadcast by the Broadcast explorer component. Media Player in the system receives this information and then plays the video.

As mentioned above, the relationships between the four components are as follows:

3.Android secure access settings

Each Android apk (Android Package) Package contains an AndroidMainifest. xml file. In addition to listing the library used for running the application program and running dependencies, the file also lists the system access required by the application in detail. The basic format of this file is as follows:

 
 

  
  
<?xml version="1.0" encoding="utf-8"?> 
  
  
<manifest xmlns:android="http://schemas.android.com/apk/res/android" 
  
  
     package="cn.com.fetion.android" 
  
  
     android:versionCode="1" 
  
  
     android:versionName="1.0.0"> 
  
  
   <application android:icon="@drawable/icon" android:label="@string/app_name"> 
  
  
       <activity android:name=".welcomActivity" 
  
  
                  android:label="@string/app_name"> 
  
  
            <intent-filter> 
  
  
                <action android:name="android.intent.action.MAIN" /> 
  
  
                <category android:name="android.intent.category.LAUNCHER" /> 
  
  
            </intent-filter> 
  
  
        </activity> 
  
  
   </application> 
  
  
  <uses-permission android:name="android.permission.SEND_SMS"></uses-permission> 
  
  
</manifest> 
 
 

For example, in the Italic part in the description of the above file, the purpose of this file is to show that the software has the function of sending text messages. Android defines 106 permission types for developers. For details, see http://developers.androidcn.com/reference/android/manifest.permission.html.

Dr. Li graduated from the Institute of Computing Science and Technology of the Chinese Emy of sciences. He has been engaged in research and development of computer network information security for more than 10 years. He has presided over and participated in a number of key national projects, as well as the research and development of information security systems and enterprise information security systems. With R & D experience in Linux system application, management, security, and kernel, he is good at network security technology, protocol analysis, Linux system security technology, Linux system and network management, and Linux kernel development.

Bkjia.com exclusive, not reprinted without authorization! For reprinted by the partner media, please indicate the source of the original article! If you want to discuss Android security architecture and other topics with instructor Li Yang, or contribute to BKJIA mobile development channel, please send an email to zhousn # bkjia.com to change "#" to "@")]