Notice that I seemingly contradicted myself in my response to the question and to Mark. I should point out that Mark's answer is completely correct: people have a hard time with it, but I don't think it's impossible (and a number of people have done such things for similar uses of reflection, not necessarily permissions, however..) :-)
kris On Sun, Feb 26, 2012 at 5:10 AM, Kristopher Micinski <[email protected]> wrote: > On Thu, Feb 23, 2012 at 6:57 AM, Raja Nagendra Kumar > <[email protected]> wrote: >> Hi, >> >> Looking for some inputs why Android explicitly expects all the >> permissions need to be declared in Android Manifest file.. >> >> Can Android Run time introspect at run time or during compile time and >> prepare such info based on the API used by the application... >> >> Can it made redundant..through automatic application introspection.. >> >> Basically looking for why android is designed for explicit permissions >> declaration.. when it can be automatically discovered at compiler time >> or at run time.. >> > > There are a number of reasons. The first is just simplicity. > Integrating a good enough static analysis to make permissions > inference technically feasible would be possible, but perhaps not that > useful. Consider a situation where a programmer uses an API call > which maps to some permission, but this call is in a piece of code > which can never be executed. The fact that it's dead code may be > highly nontrivial to ascertain. Another difficulty lies in the fact > that permissions don't always map onto calls: sometimes they map to > content providers, guards on intents, etc... So it's not really > possible without doing some very heavy static analysis to determine > the possible range of inputs to these intents is. Unfortunately > static analysis may be inherently imprecise to the point that you'd > have to assume that all permissions (which gate content providers) > were required when someone did a query to a content provider, for > instance. > > In other words, the idea that you can statically determine permissions > is inherently incorrect: while it's probably technically possible, > it's a nontrivial area of static analysis and an active topic of > research.. > > Kris -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
