On Aug 9, 2011, at 1:05 PM, Thomas Hardjono wrote: > One of the things we need to learn about is the privilges-model used in > Android.
Well, it's actually pretty simple: each application is sandboxed in its own UID, and then sharing is explicitly and minimally re-enabled through rich, high-level IPC mechanisms (see: Binder, Service, AIDL, Intent, Content Provider, Manifest Permission, et c.). > We know that certain features of Kerberos 1.9 (eg. forwardable tickets > or proxiable tickets) may not be fully suitable for Android and the Dalvik > architecture. Well, I don't know about those features — I am a Kerberos newbie — but I am not sure that Dalvik/libcore is where this should go, and hence Dalvik's/libcore's strengths and weaknesses and design shouldn't enter into it. I think (but don't know; the only way to know is to try it) that you can provide Kerberos support for applications by shipping an APK with the client proxy and its IPC service, and then also providing a JAR or code blob with a library stub that third-party app developers can include. Then, apps call into that JAR for Kerberos operations; in turn, code in the JAR activates and talks to the local Kerberos proxy Service that came in the APK. At a broad conceptual level, the scenario is really no different from the Microsoft COM/DCOM design: "Is it a linked-in library, an in-process service, or an out-of-proc service (possibly actually on a remote machine)? Whatever, man! It's all the same." Of course, Android/Binder/et c. are way better designed than COM/DCOM, but the basic idea is well-known. I would argue that ultimately, if it meets quality standards, such an APK and JAR should be rolled into the official Android source tree and become a standard feature. But testing out the idea independently first, to see if it works and if people want it, makes perfect sense. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
