On Tue, Nov 9, 2010 at 12:46 AM, Clint Gibler <[email protected]>wrote:
> In both ActivityManagerService and PackageManagerService I've mainly > just seen checks if a given gid or uid has a specific permission > string. What I want to know is how Android knows which permission > string to check for. Somewhere before the low-level "does uid/gid X > have permission Y" check there needs to be something that says, "Ah, > the app is trying to do X. What permission does it need for X to > complete?" and then from there the user or group can be verified to > contain that permission. This is what I would like to find. > Well it depends. The security overview document describes all of the places that application code (which is largely platform code as well) would decide to enforce a permission and which it should be: http://developer.android.com/guide/topics/security/security.html Also as William says, there are permissions that are associated with gids so the enforcement from the platform's perspective is implicitly based on a particular app being run with a particular gid that the kernel is enforcing, and also the protected-broadcast facility which is a quick and dirty hack to secure a spread of system-level broadcasts. -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
