Introduction to Android security mechanism and android Mechanism

Introduction to Android security mechanism and android Mechanism

Reprinted please indicate the source:

Http://blog.csdn.net/yujun411522/article/details/46753935
This article is from: [yujun411522 blog]

The Android system is developed based on the Linux kernel. Therefore, the Android system not only retains and inherits the security mechanism of the Linux operating system, but also has unique security features at all levels of its system architecture.

1. Linux kernel layer security mechanismThis part of the function relies on the Implementation of Linux, mainly file system access control, familiar with the linux File System know that it involves user, group, other and read (r), write (w) and execution (x. In this way, each file has three basic permission sets, which allow, restrict, and deny access by users, user groups, and other users. Generally, only users whose uid is "system" or "root" have the permission to access the Android system file, and applications can only access the corresponding file by applying for the Android permission, therefore, Android uses the autonomous access control mechanism of kernel-layer Linux and the Dalvik Virtual Machine in runtime to implement the "sandbox" mechanism of Android. 2. Android "sandbox" MechanismAt the beginning of its design, Anroid was positioned as a multi-task processing system, that is, the system can run multiple programs at the same time, which is a real multi-task system, in addition, each app runs in an independent DVM, which does not affect each other. This mechanism is called sandbox. Android sandbox is essentially designed to isolate different applications and processes. By default, applications do not have the permission to access system resources or other application resources. Each APP and system process is assigned a unique and fixed User Id, which corresponds to the uid of the kernel-layer process. Each APP runs in its own Dalvik Virtual Machine and has its own address space and resources. Processes running on the Dalvik virtual machine must exist based on the kernel-layer Linux process. Therefore, Android uses the Dalvik Virtual Machine and Linux File Access control to implement the sandbox mechanism, if any application wants to access system resources or other application resources, it must declare permissions or share uid (sharedUserId, after setting this attribute, you will have the opportunity to run in the specified process and have specific permissions ). 3. Permission check mechanism for AndroidIn actual app development, you must have applied for system permission in the AndroidMainfest file, including network access, telephone, and external storage. Android is a "permission separation" system. Any application is using limited resources (such as network, phone, SMS, Bluetooth, address book, and SdCard) of Android) before that, you must submit an application to the Android system in the form of an XML file. The application can use the corresponding resources only after the Android system approves the application, permissions are mapped to Java APIs. When an Android application has the corresponding permissions, it can call the API to complete the corresponding functions. An API call can be divided into three steps: first, the application will call the API in the public library after obtaining the corresponding permissions; second, A public API calls an API called the API proxy (RPC stub). Third, RPCstub passes the request to the system service in the form of IPC binding, and the system service process completes the specific functions, permission check occurs precisely in system services and system processes. Permission check includes not only static checks during installation, but also dynamic checks during APP running. Dynamic Check means that the system service or system component called by the APP during operation must undergo authorization check. Dynamic check does not occur in the APP itself, but in the process of system services or system components. Before Android, the permission check mechanism of Android can be bypassed because of a vulnerability in the permission check mechanism, that is, the caller does not need to have the relevant permissions of the caller, in Android4.0, the function "checkUidPermission" is used not only to determine whether the permission should be granted to the corresponding process, but also the function "checkCallingPermission" is used to check whether the caller has the corresponding permission. Therefore, the Android permission mechanism cannot be bypassed. However, the Android permission mechanism has some drawbacks that cannot be ignored, which are manifested in the following aspects: First, once the permission is granted to the application, this permission will be valid during the life of the application, and the user cannot be deprived of the permission. Second, the permission mechanism lacks flexibility, or all permissions required by the application are granted, third, the permission mechanism is not secure enough to prevent malicious software from directly calling the C library through JNI technology to obtain system services. 4. Android digital signature mechanismWhen the final version is released, the App requires a digital signature. You can use keytool + jarsigner or use the tool provided by eclipse. Android requires that every application installed in the system be signed by a digital certificate, and the private key of the digital certificate is stored in the hands of the program developer. Android uses a digital certificate to identify the author of an application and establish a trust relationship between the application, instead of deciding which applications the end user can install. This digital certificate does not need to be authenticated by an authoritative Digital Certificate Signing Authority. It is only used to authenticate the application package.
All applications installed on the Android system must have a digital certificate that identifies the trust relationship between the application author and the application. Android does not install an application without a digital certificate. If the protection level of a permission is signature, only applications with the same digital certificate as the program where the permission is located can obtain the permission. If the protection level of a permission is signatureOrSystem, the Android system grants the permission to applications with the same digital signature or Android package class.

Copyright Disclaimer: This article is an original article by the blogger and cannot be reproduced without the permission of the blogger.