Thanks a lot. 2009/5/7 Dianne Hackborn <[email protected]>
> PackageManagerService implements IPackageManager; the activity manager and > package manager run in the same process, so ths ends up being a direct > function call. The package manager keeps track of which permissions have > been assigned and does the check. > > 2009/5/7 倪旭东 <[email protected]> > > Hi, >> After reading the PackageManagerService.java and >> ActivityManagerService.java, I had a question; >> In the ActivityManagerService.java, in the* >> checkComponentPermission()*method, >> it calls the >> *ActivityThread.getPackageManager().checkUidPermission(permission,uid)*, >> However, the ActivityThread.getPackageManager() is a IPackmanager >> Interface, and I cannot understand its *checkPermission method or >> checkUidPermission method*, does it finish checking by communicating with >> PackageManagerService via IPC? Since I didn't find some detail >> implementation of checking permission method.Or it may relay parameters to >> the PackageManagerService to do the job and get result? In such case, the >> packages.xml files has effect on checking permission procedure. Is my >> understanding correct? >> Thanks. >> >> >> regards, >> Xudong >> >> 2009/5/6 Dianne Hackborn <[email protected]> >> >> packages.xml is the package manager's persistent state. Only the package >>> manager should write it, and you are likely to break the system if you >>> modify it yourself (or have your changes wiped away the next time the >>> package manager writes it). If you want to know more about it, you can look >>> at PackageManagerService.java. >>> >>> 2009/5/6 倪旭东 <[email protected]> >>> >>> Hi, >>>> Still some questions: >>>> 1. Does packages.xml (in /data/system ) has real effect in the check >>>> procedure of "reference monitor"? I do some experiment on the emulator: >>>> Modify some App's permissions' profile, it does not have effect of app's >>>> execute. It is the problem of emulator or the acctual effect file is not >>>> this one. >>>> >>>> 2. In the packages.xml file, the user-developed app's permissions are >>>> list in every packages, >>>> but for the system bulid-in app, such as phone, it does not provide the >>>> related permissions, >>>> How the system to determine its permissions. >>>> >>>> 3. Form the packmanager() we can get some information about permissions, >>>> what is relationship between packages.xml. It reads it from this file? >>>> >>>> Thanks. >>>> >>>> regards, >>>> xudong >>>> >>>> >>>> >>>> 2009/5/5 William Enck <[email protected]> >>>> >>>>> Xudong, >>>>> >>>>> On May 5, 2009, at 12:59 PM, 倪旭东 wrote: >>>>> >>>>> Thank you. I still have some questions: >>>>> 1. After the installation, the app's related permissions files is saved >>>>> in the same .apk file or saved in a system central file? >>>>> >>>>> >>>>> Take a look at /data/system/packages.xml >>>>> >>>>> 2. At runtime, I learned that there is a "reference monitor" from the >>>>> paper Understanding Android >>>>> Security<http://ieeexplore.ieee.org/xpls/abs_all.jsp?isnumber=4768640&arnumber=4768655>to >>>>> check the permission lable. Which is the source code for this "reference >>>>> monitor", or it's a vitual concept. I wonder to know which parts of source >>>>> code dealing with this function. Thanks. >>>>> >>>>> >>>>> We described it more as a "virtual concept". There isn't code >>>>> directly corresponding to a reference monitor, but the Activity Manager >>>>> (frameworks/base/services/java/com/android/server/am/ActivityManagerService.java) >>>>> is >>>>> a good place to start looking. >>>>> >>>>> -Will >>>>> >>>>> -- >>>>> William Enck >>>>> PhD Candidate >>>>> Department of Computer Science and Engineering >>>>> The Pennsylvania State University >>>>> [email protected] >>>>> >>>>> >>>> >>> >>> >>> -- >>> Dianne Hackborn >>> Android framework engineer >>> [email protected] >>> >>> Note: please don't send private questions to me, as I don't have time to >>> provide private support, and so won't reply to such e-mails. All such >>> questions should be posted on public forums, where I and others can see and >>> answer them. >>> >>> >> > > > -- > Dianne Hackborn > Android framework engineer > [email protected] > > Note: please don't send private questions to me, as I don't have time to > provide private support, and so won't reply to such e-mails. All such > questions should be posted on public forums, where I and others can see and > answer them. > >
