On Tue, Nov 15, 2011 at 10:36 AM, Anh <[email protected]> wrote:
> The process that controls keyboard / touch screen can simulate user > actions. Basically that process can do all the things that the real > user can do. > > Am I correct? No, my point that an IME is user installable, it will get assigned a uid at install time, therefore it won't be system, so it won't be in the same process as systemui. I gave an example of something that system can't do (read from an SD card). so for example, the system can't install a certificate from the SD card. there is an app that does that (certinstaller) and it sends the data to settings because that has access to the keystore, which the certinstaller does not. the keystore itself runs as a keystore uid, and uses the callers uid to partition the storage. You need to think of things as more of a set of cooperating processes with points of interaction rather than try to point to one thing and saying it represents the user. I though someone recently shared some links on this lists with descriptions of how the android security model works, I'd hoped they'd chime in with them again, I didn't see them in a quick search. Note I don't consider myself an expert, but I've had to work on part of the system such as the certinstaller, settings, keystore etc that have made it clear to me that I needed to stop thinking of a uid as having anything to do with a user. -bri -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
