"Android security mechanism analysis and application Practice" note, chapter 2nd

Android extends the user-and-authority mechanism of the Linux kernel security model, subtly porting the user isolation mechanism of a multiuser operating system to application isolation . In Linux, a user ID (UID) identifies a given user ; On Android, a uid identifies an application . Assigns a UID to an application when it is installed. The UID remains unchanged for the duration of the application on the device. Limited to allow or restrict access to device resources by applications, not users . This way, Android security is seamlessly connected to the Linux kernel's security model! Different applications belong to different users, so the application runs in its own separate process space, and the application that differs from the UID naturally forms resource isolation, thus forming an operating system-level application "sandbox."

Between application processes, the security between the application and the operating system is implemented by the standard process-level security mechanism of the Linux operating system. By default, applications cannot interact with each other, and applications running in the process sandbox are not assigned permissions and cannot access systems or resources. As a result, applications that run directly on the operating system, or applications running on Dalvik virtual machines, have the same security isolation and protection, and applications that are confined to their "sandbox" do not interfere with each other and minimize damage to the system and other applications. The "sandbox" mechanism for Android applications, such as applications that do not trust each other, are isolated from each other and run on their own:

In many cases, applications originating from the same developer or the same development agency have a trust relationship with each other. The Android system provides a so-called shared UID (shareduserid) mechanism that enables applications with trust relationships to run in the same process space . Typically, this trust relationship is determined by the application's digital signature and requires the application to use the same UIDin the manifest file . The application process space for shared UID (Application digital signature will be described in detail later):

When an application is installed, it is assigned a user flag (UID) to distinguish it from other applications and to protect its own data from other applications. Android based on different users and groups,

Assigning different permissions, such as accessing the network, accessing GPS data, and so on, these Android permissions are mapped to Linux user and group permissions at the bottom.

The level of protection for permissions is divided into normal, danderous, signature, and Signatureorsystem four, with different levels limiting the way the application authenticates when exercising this privilege.

Normal: As long as the application is available

Dangerous: Available at installation time by user confirmation

Signature and Signatureorsystem require the application to be a system user, such as an OEM manufacturer or ODM manufacturer, etc.

"Android security mechanism analysis and application Practice" note, chapter 2nd