ActivityManagerService implements the API to check permissions. It generally relies on PackageManagerService to determine whether a particular UID has been granted a permission. PermissionController is unrelated; this is for some native code to call back into the higher-level framework to ask it to do permission checks.
On Tue, Oct 26, 2010 at 11:21 AM, Clint Gibler <[email protected]>wrote: > Hello, > > I would like to correlate series of API calls with the permissions > required > for the code to execute properly. A simple example of this would be > seeing: > > Cursor c = getContentResolver().query(Contacts.CONTENT_URI, ...); > > and knowing it requires READ_CONTACTS. Many cases will require > considering several statements rather than one and possibly tracking > the > values of variables that get passed into the API calls. > > There are two ways I was thinking about gaining this information: > 1. Reviewing the source of existing applications and examining both > the > permissions they require and the specific code that exercises that > functionality. However, this is limited to the permissions used in > applications of which I have the source. True, I could create > prototypes > that use every permission, but that would be very time intensive. > Furthermore, a greater problem is that there are a large number of > ways and API calls that require a given permission. This approach > would not be a good way to capture all the ways an application can > (for example) read the contacts. > > 2. As permissions need to be enforced to work, I thought there might > be > some place in the Android source that checks if an app should be > allowed > to complete the current API call based on its permissions. Previous > threads > pointed me towards ActivityManagerService.java. However, the > PermissionController class defined in it does not seem to contain the > correlation > information I seek. checkPermission() and other functions appear to > primarily > check the uid and pid of the current application against a permission > string, > there's no <this function> with <these args> needs <this permission>, > as I > would like. > > Is there a better / more complete way of finding out this correlation > that I > haven't considered? > > Thanks for your time, > Clint Gibler > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<android-security-discuss%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
