Android Security Mechanism (1) uid, gid and pid, androidgid

Android Security Mechanism (1) uid, gid and pid, androidgid
1. Overview Android security mechanisms come from Linux and are based on Linux permission management. To understand Android security mechanisms, you need to understand the security mechanisms in linux, user permission management is the most basic component of the linux security mechanism.
2. in linux, a user UID indicates a given user. Users (UIDs) in Linux are divided into three categories: common users, root users, and system users.

Common users are all real users who use the Linux system. Such users can log on to the system using their usernames and passwords. Linux has extremely detailed permission settings. Generally, common users can only operate on their home directories, temporary directories of the system, or other authorized directories, and operate on files belonging to the user. Generally, the UID of a common user is greater than 500, because when a common user is added, the default user ID starts from 500.
The root user is the root user. Its ID is 0, also known as the super user. The root account has full control over the system: it can modify or delete any file and run any command. Therefore, root users are the most dangerous users in the system. root users can even delete all file systems while the system is running normally, resulting in irreparable disasters. Therefore, you must be very careful when using the root user to log on to the system.
A system user is a user that is required to run the system, but not a real user. For example, when running WebSite Services in RedHat or CentOS, you need to use apache as the System user to run the httpd process. When running MySQL database services, you need to use mysql as the System user to run the mysqld process. In RedHat or CentOS, the System user ID ranges from 1 ~ 499. The following example shows the processes currently run by the system. The first column is the users who run the process.
What is a group (GID? In fact, in Linux, each user belongs to at least one group. For example, each student uses a student ID as an identifier in the school, and each student belongs to a certain class. The student ID here is equivalent to UID, and the class is equivalent to GID. Of course, each student may also participate in some interest classes at the same time, and each interest class is also a different group. That is to say, each student belongs to at least one group or multiple groups at the same time. The same is true in Linux.

3. User management of processes in linux (relationship between PID and UID and GID) each process has real users, groups (uid and gid ), valid users, groups (euid, egid), saved setting users, groups (suid, sgid ), there are also users and group IDs used for file storage access in linux (fsuid and fsgid do not have these two fields for unix systems ). The functions of each type of user in the process are described as follows:

(1) Real users and groups (uid and gid): real owners of processes. Every time a user logs on to a shell terminal, the user will be the real owner of the logon process. Getuid is used to obtain the real user owner of a process. You can modify the real user owner of a process through setuid, seteuid, setresuid, and setreuid.

(2) Valid users and groups (euid and egid): Valid users and groups of processes. The permissions allowed for various operations performed by a process (process credentials) are determined based on the valid users of the process (in linux systems (kernel 2.4 or later) A new process permission management model, process capabilities, is introduced. process capabilities are used to determine the operations allowed by the process. [See "deep understanding of Linux kernel" table 20-3].) Geteuid is used to obtain valid users of a process. Valid users who modify a process can use setuid, seteuid, setresuid, setreuid, and seteuid.

(3) users and groups of the file system (fsuid and fsgid): users and groups used for file access. This is a new type of users and groups introduced in linux, the access to unix system files is determined by euid. Without a function, the fsuid of the process is obtained. All functions used to modify Valid users modify the fsuid at the same time. If you want to modify the fsuid separately, you can call setfsuid without modifying the euid.

(4) saved setting users and groups (suid and sgid): saved setting users and groups. Users and groups of this type in a process are mainly used to restore Valid users, it is observed that for non-superuser functions setuid, seteuid, setresuid, setreuid, and seteuid used to modify a valid user, a common precondition is that if the modified valid user is the original suid modify, with this, the process can modify the valid user to a new user, and then restore it to the original value (the original value is saved to the user who saves the settings ). Getresuid is used to obtain the real user, valid user, and saved setting user of the process.

4. UID, GID, and PID in the Android system

On Android, a user ID identifies an application. The application is assigned a user ID during installation. The user ID remains unchanged during the lifetime of the application on the device. Permission is about allowing or restricting applications (rather than users) to access device resources.
Android uses the sandbox concept to implement separation and permissions between applications to allow or deny an application to access device resources, such as files and directories, networks, sensors, and APIs. Therefore, Android uses some Linux utilities (such as process-level security, application-related users, group IDs, and permissions) to implement the operations that an application can perform.

Figure 1. Two Android applications, each in their own basic sandbox or process

Android applications run on their own Linux processes and are assigned a unique user ID. By default, applications running in the basic sandbox process are not assigned permissions, so such applications are restricted from accessing systems or resources, android applications can only request permissions through the manifest file of the application.

Different applications can run in the same process. For this method, you must first sign these applications with the same private key, and then assign them the same Linux User ID using the manifest file, this is done by defining the manifest attribute android: sharedUserId with the same value/name to share access to its data and code, as shown in Figure 2

Figure 2. Two Android applications run in the same process

5. Summary

On Android, an application has only one UID. Of course, multiple applications can share one UID.

A gid is equivalent to a set of permissions. a uid can be associated with multiple gids, indicating that the UID has multiple permissions.

A process is the sandbox of the host application. Generally, there is a UID and multiple GIDs in it. Each process can only access files within the UID's permission range and interfaces allowed by GIDs, constitute the basic security foundation of Android.

We will also introduce the Android permission mechanism, Android signature mechanism, and Selinux Android later.

6. References

1. http://blog.csdn.net/nuoline/article/details/8610811

2. http://book.51cto.com/art/201401/427710.htm

3. http://www.educity.cn/wenda/174474.html

4. http://www.cnblogs.com/zhiyinjixu/articles/2252371.html

My microblog albert Huang Shuying