1. Overview Android security comes from Linux, and based on Linux Rights Management, to understand the security mechanism of Android, need to learn from the Linux security mechanism to start, and the user's rights management is the most basic component of Linux security mechanism
2, Linux User (UID), group (GID), Process (PID) in Linux, a user UID labeled a given user. The user (UID) in Linux system is divided into 3 categories, that is, ordinary user, root user, System user.
A normal user is a real user who uses a Linux system, and such users can log in to the system using their username and password. Linux has a very detailed set of permissions, so in general, ordinary users can only operate in their home directory, System temp directory, or other authorized directory, and manipulate files belonging to that user. Usually the UID of the average user is greater than 500 because the system default User ID is numbered starting with 500 when a normal user is added.
Root user is the root user, whose ID is 0, also known as Superuser, and the root account has full control over the system: You can modify, delete any file, run any command. The root user is also the most dangerous user in the system, and the root user can even delete all file systems while the system is functioning, causing irreparable disaster. So in general, use the root user to log on to the system with great care.
A system user is a user that a system must have at run time, but does not refer to the actual consumer. For example, when running Web services under Redhat or CentOS, the system user Apache is required to run the httpd process, while running the MySQL database service requires the use of the system user MySQL to run the mysqld process. Under Redhat or CentOS, the system user's ID range is 1~499. The example given below shows the process currently running on the system, and the first column is the user who is running the process.
What is a group (GID)? In fact, under Linux, each user belongs to at least one group. For example: Each student in the school use the number to mark, and each student belongs to a class, where the school number is equivalent to the UID, and the class is the equivalent of GID. Of course, each student may also participate in a number of interest classes, and each interest class is also a different group. That is, each student belongs to at least one group and can belong to more than one group at a time. The same is true under Linux.
3, Linux process user management (PID and UID, GID relationship) each process has a real user, group (UID, GID), effective users, groups (Euid, Egid), save the settings of users, groups (Suid, Sgid), There are also users, group IDs (Fsuid, Fsgid for UNIX systems that are not in the two fields) specifically for file storage access in Linux. The functionality of each type of user in the process is now described:
(1) Real users, groups (UID, GID): The true owner of the process. Each time the user logs on to the shell terminal, the logged-on user is the true owner of the logon process. With Getuid to get the real user owner of the process, the real user owner of the modification process can be setuid, Seteuid, Setresuid, Setreuid.
(2) Effective users, groups (Euid, Egid): Effective users and groups of processes. The permissions allowed by the various operations performed by the process (process credentials) are judged by the effective user of the process (the Linux system (kernel 2.4 and above) introduces a new process rights management model (capabilities), The process capabilities is used to determine the various operations allowed by the processes [see in-depth understanding of the Linux kernel, table 20-3]). Through Geteuid to obtain the effective user of the process, the effective users of the modified process can be setuid, Seteuid, Setresuid, Setreuid, Seteuid.
(3) File system users, groups (Fsuid, Fsgid): For file access users, groups, this is a new class of Linux system users, groups, access to UNIX system files through the Euid to judge, no function to obtain the fsuid of the process, A function that modifies a valid user modifies fsuid at the same time, and if you want to modify fsuid independently without modifying Euid, you can call Setfsuid.
(4) Save settings for users, groups (Suid, Sgid): Saved settings for users, groups. The primary use of this type of user and group in a process is to restore a valid user and observe the functions setuid, Seteuid, Setresuid, Setreuid, and/or for non-superuser to modify valid users. Seteuid There is a general premise is that if the modified effective user is the original suid is allowed to modify, using this, the process can modify the valid user to a new user, and then revert to the original value (the original value saved in the Save settings of the user). Through Getresuid to get the real user of the process, the active user, the saved settings user.
4. UID, GID and PID in Android system
On Android, a user ID identifies an application. The application is assigned a user ID at installation time, and the user ID remains the same for the duration of the application on the device. Permissions are about allowing or restricting applications (not users) from accessing device resources.
Android uses the concept of sandbox to implement separation and permissions between applications to allow or deny an application access to a device's resources, such as files and directories, networks, sensors, and APIs. To do this, Android uses some Linux utilities (such as process-level security, application-related user and group IDs, and permissions) to implement the operations that the application is allowed to perform.
Figure 1. Two Android apps, each on their own basic sandbox or process
Android applications run on their own Linux processes and are assigned a unique user ID. By default, applications running in the basic sandbox process are not assigned permissions, so applications accessing systems or resources are restricted, and Android applications can only request permissions through the application's manifest file.
Different applications can run in the same process. For this method, you must first sign these applications with the same private key, and then you must use the manifest file to assign them the same Linux user ID, which is done by defining the manifest attribute Android:shareduserid with the same value/name. Thus sharing access to its data and code, as shown in 2
Figure 2. Two Android apps running on the same process
5. Summary
On Android, an application has only one UID, and of course multiple applications can share a UID.
A GID is equivalent to a set of permissions, a UID can be associated with multiple GID, indicating that the UID has multiple permissions
A process is the sandbox of the host application, which generally has a UID and multiple GID, each process can only access the UID of the permissions within the scope of the file and Gids allowed to access the interface, constitutes the most basic Android security Foundation.
Follow-up will also introduce Android permissions mechanism, Android signature mechanism, Selinux Android.
6. Reference documents
1, http://blog.csdn.net/nuoline/article/details/8610811
2, http://book.51cto.com/art/201401/427710.htm
3, http://www.educity.cn/wenda/174474.html
4, http://www.cnblogs.com/zhiyinjixu/articles/2252371.html
My Weibo Albert Huang Shuying.
Android security mechanism (1) UID, GID and PID