|
|
|
Modern Operating Systems by Herbert Bos and Andrew S. Tanenb...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf
Showing 871-872 out of 1137
Modern Operating Systems by Herbert Bos and Andrew...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Modern Operating Systems by Herbert...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Page 871
840
CASE STUDY 1: UNIX, LINUX, AND ANDROID
CHAP. 10
access that data, which is what we want since the pictures there may be sensitive
data to the user.
After the user has taken a picture, she may want to email it to a friend.
Email
is a separate application, in its own sandbox, with no access to the pictures in the
camera application.
How can the email application get access to the pictures in the
camera application’s sandbox?
The best-known form of access control in Android is application permissions.
Permissions are specific well-defined abilities that can be granted to an application
at install time.
The application lists the permissions it needs in its manifest, and
prior to installing the application the user is informed of what it will be allowed to
do based on them.
Figure 10-63 shows how our email application could make use of permissions
to access pictures in the camera application.
In this case, the camera application
has associated the
READ
PICTURES
permission with its pictures, saying that any
application holding that permission can access its picture data.
The email applica-
tion declares in its manifest that it requires this permission.
The email application
can now access a URI owned by the camera, such as
content://pics/1
; upon receiv-
ing the request for this URI, the camera app’s content provider asks the package
manager whether the caller holds the necessary permission.
If it does, the call suc-
ceeds and appropriate data is returned to the application.
Package manager in system_server process
Camera app process
PicturesProvider
Authority: "pics"
ComposeActivity
Email app process
Receive
data
Open
content://pics/1
Check
Allow
Email package UID
Granted permissions
READ_CONTACTS
READ_PICTURES
INTERNET
Browser package UID
Granted permissions
INTERNET
Figure 10-63.
Requesting and using a permission.
Permissions are not tied to content providers; any IPC into the system may be
protected by a permission through the system’s asking the package manager if the
caller holds the required permission.
Recall that application sandboxing is based
Page 872
SEC. 10.8
ANDROID
841
on processes and UIDs, so a security barrier always happens at a process boundary,
and permissions themselves are associated with UIDs.
Given this, a permission
check can be performed by retrieving the UID associated with the incoming IPC
and asking the package manager whether that UID has been granted the correspon-
ding permission.
For example, permissions for accessing the user’s location are
enforced by the system’s location manager service when applications call in to it.
Figure 10-64 illustrates what happens when an application does not hold a per-
mission needed for an operation it is performing.
Here the browser application is
trying to directly access the user’s pictures, but the only permission it holds is one
for network operations over the Internet.
In this case the PicturesProvider is told
by the package manager that the calling process does not hold the needed
READ
PICTURES
permission, and as a result throws a SecurityException back to
it.
Package manager in system_server process
Camera app process
PicturesProvider
Authority: "pics"
Security
exception
Open
content://pics/1
Check
Browser app process
BrowserMainActivity
Deny
Email package UID
Granted permissions
READ_CONTACTS
READ_PICTURES
INTERNET
Browser package UID
Granted permissions
INTERNET
Figure 10-64.
Accessing data without a permission.
Permissions provide broad, unrestricted access to classes of operations and
data. They work well when an application’s functionality is centered around those
operations, such as our email application requiring the
INTERNET
permission to
send and receive email. However, does it make sense for the email application to
hold a
READ
PICTURES
permission? There is nothing about an email application
that is directly related to reading your pictures, and no reason for an email applica-
tion to have access to all of your pictures.
There is another issue with this use of permissions, which we can see by re-
turning to Fig. 10-55. Recall how we can launch the email application’s Com-
poseActivity to share a picture from the camera application.
The email application
Ace your assessments! Get Better Grades
Browse thousands of Study Materials & Solutions from your Favorite Schools
Concordia University
Concordia_University
School:
Operating_Systems
Course:
Great resource for chem class. Had all the past labs and assignments
Leland P.
Santa Clara University
Introducing Study Plan
Using AI Tools to Help you understand and remember your course concepts better and faster than any other resource.
Find the best videos to learn every concept in that course from Youtube and Tiktok without searching.
Save All Relavent Videos & Materials and access anytime and anywhere
Prepare Smart and Guarantee better grades
Know more
Students also viewed documents
lab 18.docx
lab_18.docx
Course
Course
3
Module5QuizSTA2023.d...
Module5QuizSTA2023.docx.docx
Course
Course
10
Week 7 Test Math302....
Week_7_Test_Math302.docx.docx
Course
Course
30
Chapter 1 Assigment ...
Chapter_1_Assigment_Questions.docx.docx
Course
Course
5
Week 4 tests.docx.do...
Week_4_tests.docx.docx
Course
Course
23
Week 6 tests.docx.do...
Week_6_tests.docx.docx
Course
Course
106
