1. Overview
Android is a system that separates permissions. This is the use of Linux existing rights management mechanism, by assigning a different UID and GID for each application, so that private data and access between different application (native and Java layer through this sandbox mechanism, Can achieve the purpose of isolation. At the same time, Android also expands on this basis, providing the permission mechanism, which is primarily used to provide permission segmentation and access control for some specific operations that application can perform, while providing a per-uri permission mechanism to Some specific blocks of data are accessed in a ad-hoc manner
2, Android permission mechanism a permission mainly contains three aspects of information: the name of the permission, the permission group belonging to, and the level of protection. A permission group refers to different sets of permissions that are divided into functions. Each permission group contains a number of specific permissions, such as Android.permission.SEND_SMS, Android.permission.CALL_PHONE, and so on, which are related to charges in the Cost_money group. The Android privilege level is divided into normal,dangerous,signature,signatureorsystem,system,development, and the different levels of protection represent how the program authenticates when it uses this permission. The permissions of normal can be used only if the permission of the dangerous is applied and the user's confirmation is required at installation.
Signature requires a signature to give permission,
Signatureorsystem requires a signature or system-level application (placed in the/system/app directory) to give permission.
System-level applications (placed under the/system/app directory) can be granted permissions, and system permissions are described in Frameworks/base/core/res/androidmanifest.xml.
The permissions information for the package is specified primarily through a number of tags in the androidmanifest.xml. such as <permission> tags, <permission-group> tags <permission-tree> labels. If the package needs to request a permission, it needs to be specified using the <use-permission> tag.
3. Permission interface provided by Android 3.1, CheckpermissionThe following set of interfaces is primarily used to check whether a call (or another package or itself) has permission to access a permission. Parameter PID and UID can be specified, if not specified, then the framework through Binder to obtain the caller's UID and PID information, to be populated. The return value is packagemanager.permission_granted or packagemanager.permission_denied
public int checkpermission (String permission, int pid, int uid)//check if a UID and PID have permission permissions
public int checkcallingpermission (String permission)//checks if the caller has permission permission, and returns if the caller is himself packagemanager.permission_ DENIED
public int checkcallingorselfpermission (String permission)//check yourself or other callers for permission permissions
The following group, like above, throws an exception and prints a message if it encounters a check that does not pass.
public void Enforcepermission (string permission, int pid, int uid, string message)
public void Enforcecallingpermission (string permission, String message)
public void Enforcecallingorselfpermission (string permission, String message)
3.2, CheckuripermissionAdd read or write access to the content Uri for a package.
public void Granturipermission (String topackage, URI uri, int modeflags)
public void Revokeuripermission (URI uri, int modeflags)
Check if the package for a PID and UID has read and write access to the URI, and the return value indicates whether it is granted.
public int checkuripermission (URI uri, int pid, int uid, int modeflags)
public int checkcallinguripermission (URI uri, int modeflags)
public int checkcallingorselfuripermission (URI uri, int modeflags)
public int checkuripermission (URI uri, String readpermission,string writepermission, int pid, int uid, int modeflags)
Check if the package for a PID and UID has read and write access to the URI, throws an exception if it fails, and prints the message.
public void Enforceuripermission (URI uri, int pid, int uid, int modeflags, String message)
public void Enforcecallinguripermission (URI uri, int modeflags, String message)
public void Enforcecallingorselfuripermission (URI uri, int modeflags, String message)
public void Enforceuripermission (URI uri, string readpermission, String writepermission,int pid, int uid, int modeflags, S Tring message)
Where check begins, only checks are done. Enforce start, not only check, do not have permission to throw an exception.
4, the Authority mechanism Realization Analysis 4.1, CheckPermission1. If the incoming permission name is called NULL, then the packagemanager.permission_denied is returned.
2. Determine if the caller UID meets the requirements.
1) If the UID is 0, it is the process of root permission and the permission is not controlled.
2) If the UID is the UID of the system server process, the description is System server and the permissions are not controlled.
3) If the Activitymanager process itself, the permissions do not control.
4) returns packagemanager.permission_denied if the caller UID is inconsistent with the Req UID passed in by the parameter.
3. If you pass the 2 check, then call Packagemanagerservice.checkuidpermission, determine whether the UID has the appropriate permissions, analysis is as follows.
1) First it finds the list of permissions for the UID (that is, the package) by calling GETUSERIDLP, going to the PackageManagerService.Setting.mUserIds array, and depending on the UID. Once found, the corresponding permission is indicated.
2) If not found, then go to Packagemanagerservice.msystempermissions to find. This information is read from the/system/etc/permissions/platform.xml when it is started. This records some of the system-level application UID corresponding to the permission.
3) returns the result.
4.2, CheckUriPermission1. If the UID is 0, the description is the root user, then the permissions are not controlled.
2. Otherwise, in the Activitymanagerservice maintained mgranteduripermissions this table to find whether this UID contains this permission, if you have to check the request is read or write permissions.
5, summarized the above describes the UID and GID based Android security mechanism, using Linux access control, control file and device access. The Android permission privilege mechanism is an important complement to Android security, which controls the application's access to the system interface or external interface. Follow up on Android signature mechanism and SELinux Android
6. Reference Documents1, http://dengzhangtao.iteye.com/blog/1990138
2, HTTP://WWW.IBM.COM/DEVELOPERWORKS/CN/OPENSOURCE/OS-CN-ANDROID-SEC/3, http://www.cnblogs.com/senix/archive/ 2013/01/15/2853733.html
Android security mechanism (2) Android permission permissions control mechanism
