PackageManagerService implements IPackageManager; the activity manager and package manager run in the same process, so ths ends up being a direct function call. The package manager keeps track of which permissions have been assigned and does the check.
2009/5/7 倪旭东 <[email protected]> > Hi, > After reading the PackageManagerService.java and > ActivityManagerService.java, I had a question; > In the ActivityManagerService.java, in the* checkComponentPermission()*method, > it calls the > *ActivityThread.getPackageManager().checkUidPermission(permission,uid)*, > However, the ActivityThread.getPackageManager() is a IPackmanager > Interface, and I cannot understand its *checkPermission method or > checkUidPermission method*, does it finish checking by communicating with > PackageManagerService via IPC? Since I didn't find some detail > implementation of checking permission method.Or it may relay parameters to > the PackageManagerService to do the job and get result? In such case, the > packages.xml files has effect on checking permission procedure. Is my > understanding correct? > Thanks. > > > regards, > Xudong > > 2009/5/6 Dianne Hackborn <[email protected]> > > packages.xml is the package manager's persistent state. Only the package >> manager should write it, and you are likely to break the system if you >> modify it yourself (or have your changes wiped away the next time the >> package manager writes it). If you want to know more about it, you can look >> at PackageManagerService.java. >> >> 2009/5/6 倪旭东 <[email protected]> >> >> Hi, >>> Still some questions: >>> 1. Does packages.xml (in /data/system ) has real effect in the check >>> procedure of "reference monitor"? I do some experiment on the emulator: >>> Modify some App's permissions' profile, it does not have effect of app's >>> execute. It is the problem of emulator or the acctual effect file is not >>> this one. >>> >>> 2. In the packages.xml file, the user-developed app's permissions are >>> list in every packages, >>> but for the system bulid-in app, such as phone, it does not provide the >>> related permissions, >>> How the system to determine its permissions. >>> >>> 3. Form the packmanager() we can get some information about permissions, >>> what is relationship between packages.xml. It reads it from this file? >>> >>> Thanks. >>> >>> regards, >>> xudong >>> >>> >>> >>> 2009/5/5 William Enck <[email protected]> >>> >>>> Xudong, >>>> >>>> On May 5, 2009, at 12:59 PM, 倪旭东 wrote: >>>> >>>> Thank you. I still have some questions: >>>> 1. After the installation, the app's related permissions files is saved >>>> in the same .apk file or saved in a system central file? >>>> >>>> >>>> Take a look at /data/system/packages.xml >>>> >>>> 2. At runtime, I learned that there is a "reference monitor" from the >>>> paper Understanding Android >>>> Security<http://ieeexplore.ieee.org/xpls/abs_all.jsp?isnumber=4768640&arnumber=4768655>to >>>> check the permission lable. Which is the source code for this "reference >>>> monitor", or it's a vitual concept. I wonder to know which parts of source >>>> code dealing with this function. Thanks. >>>> >>>> >>>> We described it more as a "virtual concept". There isn't code >>>> directly corresponding to a reference monitor, but the Activity Manager >>>> (frameworks/base/services/java/com/android/server/am/ActivityManagerService.java) >>>> is >>>> a good place to start looking. >>>> >>>> -Will >>>> >>>> -- >>>> William Enck >>>> PhD Candidate >>>> Department of Computer Science and Engineering >>>> The Pennsylvania State University >>>> [email protected] >>>> >>>> >>> >> >> >> -- >> Dianne Hackborn >> Android framework engineer >> [email protected] >> >> Note: please don't send private questions to me, as I don't have time to >> provide private support, and so won't reply to such e-mails. All such >> questions should be posted on public forums, where I and others can see and >> answer them. >> >> > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them.
