So everytime the phone startup, the package manager service scan all packages(.apk) files, and from these files it gets the related permissions and store them in the packages.xml. At runtime checking procedure, the package manager acctually does not need to read the permissions from the packages.xml files, since all the imformation has been saved in the memory (packagemanager class), it will check related permissions and make decision.
If above understanding is true, is the following conclustion correct? 1. The ultimate permissions are saved in each app's .apk files, and package manager will load them into packages.xml files. 2. packages.xml does not have effect of permission checking. Since it is be re-written every time when the phone restarts. So whcich system procedure uses this packages.xml files? Thanks. xudong 2009/5/8 Dianne Hackborn <[email protected]> > The package manager always re-writes the file after reading it for the > first time, since it does a full scan of all packages at that point and may > have updated some of its state. > > > 2009/5/7 倪旭东 <[email protected]> > >> Hi, >> There's something interesting of the /data/system/packages.xml, I find >> that its last modified time is always the time of the phone power on. It >> means that everytime I trun on my phone and the packages.xml file will be >> created, so how the system to get all the information of packages to create >> the packages.xml file? >> Thanks. >> >> regards, >> xudong >> >> >> 2009/5/7 Dianne Hackborn <[email protected]> >> >> PackageManagerService implements IPackageManager; the activity manager and >>> package manager run in the same process, so ths ends up being a direct >>> function call. The package manager keeps track of which permissions have >>> been assigned and does the check. >>> >>> 2009/5/7 倪旭东 <[email protected]> >>> >>> Hi, >>>> After reading the PackageManagerService.java and >>>> ActivityManagerService.java, I had a question; >>>> In the ActivityManagerService.java, in the* >>>> checkComponentPermission()*method, >>>> it calls the >>>> *ActivityThread.getPackageManager().checkUidPermission(permission,uid)* >>>> , >>>> However, the ActivityThread.getPackageManager() is a IPackmanager >>>> Interface, and I cannot understand its *checkPermission method or >>>> checkUidPermission method*, does it finish checking by communicating >>>> with PackageManagerService via IPC? Since I didn't find some detail >>>> implementation of checking permission method.Or it may relay parameters to >>>> the PackageManagerService to do the job and get result? In such case, the >>>> packages.xml files has effect on checking permission procedure. Is my >>>> understanding correct? >>>> Thanks. >>>> >>>> >>>> regards, >>>> Xudong >>>> >>>> 2009/5/6 Dianne Hackborn <[email protected]> >>>> >>>> packages.xml is the package manager's persistent state. Only the >>>>> package manager should write it, and you are likely to break the system if >>>>> you modify it yourself (or have your changes wiped away the next time the >>>>> package manager writes it). If you want to know more about it, you can >>>>> look >>>>> at PackageManagerService.java. >>>>> >>>>> 2009/5/6 倪旭东 <[email protected]> >>>>> >>>>> Hi, >>>>>> Still some questions: >>>>>> 1. Does packages.xml (in /data/system ) has real effect in the check >>>>>> procedure of "reference monitor"? I do some experiment on the emulator: >>>>>> Modify some App's permissions' profile, it does not have effect of >>>>>> app's execute. It is the problem of emulator or the acctual effect file >>>>>> is >>>>>> not this one. >>>>>> >>>>>> 2. In the packages.xml file, the user-developed app's permissions are >>>>>> list in every packages, >>>>>> but for the system bulid-in app, such as phone, it does not provide >>>>>> the related permissions, >>>>>> How the system to determine its permissions. >>>>>> >>>>>> 3. Form the packmanager() we can get some information about >>>>>> permissions, what is relationship between packages.xml. It reads it from >>>>>> this file? >>>>>> >>>>>> Thanks. >>>>>> >>>>>> regards, >>>>>> xudong >>>>>> >>>>>> >>>>>> >>>>>> 2009/5/5 William Enck <[email protected]> >>>>>> >>>>>>> Xudong, >>>>>>> >>>>>>> On May 5, 2009, at 12:59 PM, 倪旭东 wrote: >>>>>>> >>>>>>> Thank you. I still have some questions: >>>>>>> 1. After the installation, the app's related permissions files is >>>>>>> saved in the same .apk file or saved in a system central file? >>>>>>> >>>>>>> >>>>>>> Take a look at /data/system/packages.xml >>>>>>> >>>>>>> 2. At runtime, I learned that there is a "reference monitor" from the >>>>>>> paper Understanding Android >>>>>>> Security<http://ieeexplore.ieee.org/xpls/abs_all.jsp?isnumber=4768640&arnumber=4768655>to >>>>>>> check the permission lable. Which is the source code for this >>>>>>> "reference >>>>>>> monitor", or it's a vitual concept. I wonder to know which parts of >>>>>>> source >>>>>>> code dealing with this function. Thanks. >>>>>>> >>>>>>> >>>>>>> We described it more as a "virtual concept". There isn't code >>>>>>> directly corresponding to a reference monitor, but the Activity Manager >>>>>>> (frameworks/base/services/java/com/android/server/am/ActivityManagerService.java) >>>>>>> is >>>>>>> a good place to start looking. >>>>>>> >>>>>>> -Will >>>>>>> >>>>>>> -- >>>>>>> William Enck >>>>>>> PhD Candidate >>>>>>> Department of Computer Science and Engineering >>>>>>> The Pennsylvania State University >>>>>>> [email protected] >>>>>>> >>>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Dianne Hackborn >>>>> Android framework engineer >>>>> [email protected] >>>>> >>>>> Note: please don't send private questions to me, as I don't have time >>>>> to provide private support, and so won't reply to such e-mails. All such >>>>> questions should be posted on public forums, where I and others can see >>>>> and >>>>> answer them. >>>>> >>>>> >>>> >>> >>> >>> -- >>> Dianne Hackborn >>> Android framework engineer >>> [email protected] >>> >>> Note: please don't send private questions to me, as I don't have time to >>> provide private support, and so won't reply to such e-mails. All such >>> questions should be posted on public forums, where I and others can see and >>> answer them. >>> >>> >> > > > -- > Dianne Hackborn > Android framework engineer > [email protected] > > Note: please don't send private questions to me, as I don't have time to > provide private support, and so won't reply to such e-mails. All such > questions should be posted on public forums, where I and others can see and > answer them. > >
