Design of Role-Based RBAC access control logic for Android Access Control

Source: Internet
Author: User

The Android system has many functions for permission check. The "checkuidpermission" in "packagemanagerservice. Java" is the underlying permission check function. The "checkuidpermission" function first finds the approved permission set "grantedpermission" based on the process's "uid ", then, determine whether the requested permission name "permname" is in "grantedpermission. As shown in, this topic designs the function "permset", which performs joint queries on the permission table and user table, and returns the corresponding permission set "permset" according to "uid ", RBAC then checks whether the requested permission name permname is in "permset". If not, the error code is returned.

1. Key Method Design

After a mobile phone user customizes the security policy using the security policy tool, the permtorole and uidtorole tables are formed. Now you need to know that a uid is given, what is the permission set authorized by the user? The following method is designed:

/*

* Return permissions set associated withuid

* @ Uid: The UID of app

**/

Public hashset <string> permissionsset (stringuid );

This method uses the operation object to jointly query the permission table and user table, searches for related permissions based on the UID, and returns the hashset <string> type variable. Because hashset uses a red/black tree as the storage structure, the query efficiency is high. This design reduces the time overhead of RBAC control logic decision-making.

2. Modify checkuidpermission

To implement RBAC access control, you must modify the checkuidpermission method. First, find the relevant permission set based on the UID parameter, as shown below:

If (rbacdebug. RBAC = true ){

Permset = permissionsset (string. valueof (UID ));

}

After Android approves the permission, add the RBAC Control Code as follows:

If (rbacdebug. RBAC = true ){

If (permset. isempty () = true | permset. Contains (permname) = true ){

Return packagemanager. permission_granted;

}

Else {

Return packagemanager. permission_denied;

}

}

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.