No, that is totally wrong. The packages.xml is the package manager's current state of each application. It isn't ignored.
Please have a look through the code in PackageManagerService; it's only one file (okay a fairly big one), and if you want to know exactly how this stuff works you want to know that code. 2009/5/8 倪旭东 <[email protected]> > So everytime the phone startup, the package manager service scan all > packages(.apk) files, and from these files it gets the related permissions > and store them in the packages.xml. At runtime checking procedure, the > package manager acctually does not need to read the permissions from the > packages.xml files, since all the imformation has been saved in the memory > (packagemanager class), it will check related permissions and make decision. > > If above understanding is true, is the following conclustion correct? > 1. The ultimate permissions are saved in each app's .apk files, and package > manager will load them into packages.xml files. > 2. packages.xml does not have effect of permission checking. Since it is be > re-written every time when the phone restarts. So whcich system procedure > uses this packages.xml files? > > Thanks. > xudong > > 2009/5/8 Dianne Hackborn <[email protected]> > > The package manager always re-writes the file after reading it for the >> first time, since it does a full scan of all packages at that point and may >> have updated some of its state. >> >> >> 2009/5/7 倪旭东 <[email protected]> >> >>> Hi, >>> There's something interesting of the /data/system/packages.xml, I find >>> that its last modified time is always the time of the phone power on. It >>> means that everytime I trun on my phone and the packages.xml file will be >>> created, so how the system to get all the information of packages to create >>> the packages.xml file? >>> Thanks. >>> >>> regards, >>> xudong >>> >>> >>> 2009/5/7 Dianne Hackborn <[email protected]> >>> >>> PackageManagerService implements IPackageManager; the activity manager >>>> and package manager run in the same process, so ths ends up being a direct >>>> function call. The package manager keeps track of which permissions have >>>> been assigned and does the check. >>>> >>>> 2009/5/7 倪旭东 <[email protected]> >>>> >>>> Hi, >>>>> After reading the PackageManagerService.java and >>>>> ActivityManagerService.java, I had a question; >>>>> In the ActivityManagerService.java, in the* checkComponentPermission() >>>>> *method, it calls the >>>>> *ActivityThread.getPackageManager().checkUidPermission(permission,uid) >>>>> *, >>>>> However, the ActivityThread.getPackageManager() is a IPackmanager >>>>> Interface, and I cannot understand its *checkPermission method or >>>>> checkUidPermission method*, does it finish checking by communicating >>>>> with PackageManagerService via IPC? Since I didn't find some detail >>>>> implementation of checking permission method.Or it may relay parameters >>>>> to >>>>> the PackageManagerService to do the job and get result? In such case, the >>>>> packages.xml files has effect on checking permission procedure. Is my >>>>> understanding correct? >>>>> Thanks. >>>>> >>>>> >>>>> regards, >>>>> Xudong >>>>> >>>>> 2009/5/6 Dianne Hackborn <[email protected]> >>>>> >>>>> packages.xml is the package manager's persistent state. Only the >>>>>> package manager should write it, and you are likely to break the system >>>>>> if >>>>>> you modify it yourself (or have your changes wiped away the next time the >>>>>> package manager writes it). If you want to know more about it, you can >>>>>> look >>>>>> at PackageManagerService.java. >>>>>> >>>>>> 2009/5/6 倪旭东 <[email protected]> >>>>>> >>>>>> Hi, >>>>>>> Still some questions: >>>>>>> 1. Does packages.xml (in /data/system ) has real effect in the check >>>>>>> procedure of "reference monitor"? I do some experiment on the emulator: >>>>>>> Modify some App's permissions' profile, it does not have effect of >>>>>>> app's execute. It is the problem of emulator or the acctual effect file >>>>>>> is >>>>>>> not this one. >>>>>>> >>>>>>> 2. In the packages.xml file, the user-developed app's permissions are >>>>>>> list in every packages, >>>>>>> but for the system bulid-in app, such as phone, it does not provide >>>>>>> the related permissions, >>>>>>> How the system to determine its permissions. >>>>>>> >>>>>>> 3. Form the packmanager() we can get some information about >>>>>>> permissions, what is relationship between packages.xml. It reads it from >>>>>>> this file? >>>>>>> >>>>>>> Thanks. >>>>>>> >>>>>>> regards, >>>>>>> xudong >>>>>>> >>>>>>> >>>>>>> >>>>>>> 2009/5/5 William Enck <[email protected]> >>>>>>> >>>>>>>> Xudong, >>>>>>>> >>>>>>>> On May 5, 2009, at 12:59 PM, 倪旭东 wrote: >>>>>>>> >>>>>>>> Thank you. I still have some questions: >>>>>>>> 1. After the installation, the app's related permissions files is >>>>>>>> saved in the same .apk file or saved in a system central file? >>>>>>>> >>>>>>>> >>>>>>>> Take a look at /data/system/packages.xml >>>>>>>> >>>>>>>> 2. At runtime, I learned that there is a "reference monitor" from >>>>>>>> the paper Understanding Android >>>>>>>> Security<http://ieeexplore.ieee.org/xpls/abs_all.jsp?isnumber=4768640&arnumber=4768655>to >>>>>>>> check the permission lable. Which is the source code for this >>>>>>>> "reference >>>>>>>> monitor", or it's a vitual concept. I wonder to know which parts of >>>>>>>> source >>>>>>>> code dealing with this function. Thanks. >>>>>>>> >>>>>>>> >>>>>>>> We described it more as a "virtual concept". There isn't code >>>>>>>> directly corresponding to a reference monitor, but the Activity Manager >>>>>>>> (frameworks/base/services/java/com/android/server/am/ActivityManagerService.java) >>>>>>>> is >>>>>>>> a good place to start looking. >>>>>>>> >>>>>>>> -Will >>>>>>>> >>>>>>>> -- >>>>>>>> William Enck >>>>>>>> PhD Candidate >>>>>>>> Department of Computer Science and Engineering >>>>>>>> The Pennsylvania State University >>>>>>>> [email protected] >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Dianne Hackborn >>>>>> Android framework engineer >>>>>> [email protected] >>>>>> >>>>>> Note: please don't send private questions to me, as I don't have time >>>>>> to provide private support, and so won't reply to such e-mails. All such >>>>>> questions should be posted on public forums, where I and others can see >>>>>> and >>>>>> answer them. >>>>>> >>>>>> >>>>> >>>> >>>> >>>> -- >>>> Dianne Hackborn >>>> Android framework engineer >>>> [email protected] >>>> >>>> Note: please don't send private questions to me, as I don't have time to >>>> provide private support, and so won't reply to such e-mails. All such >>>> questions should be posted on public forums, where I and others can see and >>>> answer them. >>>> >>>> >>> >> >> >> -- >> Dianne Hackborn >> Android framework engineer >> [email protected] >> >> Note: please don't send private questions to me, as I don't have time to >> provide private support, and so won't reply to such e-mails. All such >> questions should be posted on public forums, where I and others can see and >> answer them. >> >> > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them.
