Android permission implementation, Android permission implementation

Android permission implementation, Android permission implementation

 

1. Permission

 

Each program is installed with a System ID, such as app_15, to protect data from being obtained by other applications. Android assigns different permissions to different users and groups, such as accessing the SD card and accessing the network. The underlying layer maps to Linux permissions.

 

2. Application permission

 

1) The application developer uses <uses-permission> In AndroidManifest. xml to specify the corresponding permissions and then map them to the underlying users and groups. By default, no special permissions are set. After AndroidManifest is granted the permission, the system will prompt the permission in the graphical interface when installing the program.

2) if a permission is missing (the permission used in the program is not known in AndroidManifest. xml), the program will print the error message requires <permission>

3) an application with the same user ID as a process can have the same permission as an existing user in the system, which must be in AndroidManifest. set sharedUserId in xml, such as android: sharedUserId = "android. uid. shared ", the role is to obtain system permissions, but such a program property can only be put into the build of the entire system (that is, the system software) to work, the sharing ID of the program must be the same signature

 

3. Android permission implementation

 

1) Layer 1: Set AndroidManifest. xml by the application, as shown in the following figure:

<Uses-permission android: name = "android. permission. INTERNET"/>

2) Layer 2: framework layer, permission group, frameworks/base/data/etc/platform. xml, for example:

<Permission name = "android. permission. INTERNET">

<Group gid = inet "/>

</Permission>

3) Layer 3: system layer, system permission, system/core/include/private/android_filesystem_config.h, for example:

# Define AID_INET 3003 set the SOCKET permission

......

{"Inet", AID_INET ,},

 

4. System Permissions

 

1) users with special permissions

A) The system uid 1000

B) radio uid 1001

2) view available system Permissions

$ Adb shell

# Pm list permissions

 

5. Determine permissions at the framework layer

 

1) source code implementation

Frameworks/base/services/Java/com/android/server/PackageManagerService. java

Frameworks/base/services/java/com/android/server/am/ActivityManagerService. java

2) how to view the permissions of an application on the system layer

A) when the application process is enabled, ActivityManagerService. java will output the permission of the application in logcat, as shown in:

I/ActivityManager (1730): Start proc com. anbdroid. phone for restart com. android. phone: pid = 2605 uid = 1000 gids = {3003, 3003}, that is, it has three permissions:,: Access Bluetooth and establish socket

B) Note: This print is output when the application is started for the first time. If the process already exists, you must first kill the corresponding process to ensure that the process is restarted.

C) for specific implementation, see:

Framewors/base/services/java/com/android/server/am/ActivityManagerService. java function startProcessLocked (), in which the set information is obtained using the mContext statement. getPackageManager (). getPackageGids (app.info. packageName );

 

6. Reference

 

Http://wenku.baidu.com/view/7754a4360b4c2e3f5727634e.html