Cryptography Reference
In-Depth Information
other directories in the platform are accessible for all applications without restric-
tions.
10.2.5 Android
The base system of Android is a Linux derivative with numerous security features;
consequently, we focus on Android's application security mechanisms in the
following [EOM09a, SFK+10].
Each application in Android has its own user and group ID, which is reflected at
the file system level. Files inherit these IDs and regular file access is limited to the
application which generated the corresponding file, either during installation or
during deployment.
Applications follow a component-based model: The interaction between compo-
nents is mainly realized using so-called intents. These intents are labelled messages
which are processed by Android and forwarded to the appropriate recipients. The
system core controls if applications are able to generate or receive (consume) spe-
cific intents, i.e. if they are allowed to offer their service to specific tasks, process
data, or perform certain actions. Reasoning about these labelled messages and
components allows the system to interfere with the inter-component communica-
tion. Developers must therefore specify access rights for the single components of
their applications. This specification is part of the application's manifest, an XML
file that basically specifies the security policy of an application: Firstly, it declares
which messages, resources, or components are accessible and how they can be
accessed. This includes hiding of components from the outside, i.e. the visibility of
components to other applications can be withdrawn. Second, the manifest also
specifies which messages, resources, or components the application needs or wants
to access.
Permissions to intents are assigned through labels: An application which is
assigned a particular permission label can access the respective intents. In contrast,
permissions for content providers additionally distinguish read and write permis-
sions. Content providers can be referenced by their authority string, a URI. An
intent can extend this URI by specifying the record more precisely, e.g. by table or
attribute names. If the target application is not able to access the resource specified
in this way, because the content provider is not accessible, Android offers the
possibility to specify URI permissions. They allow a developer to grant permis-
sions within an intent. The application receiving this intent will obtain read or
write permissions on the record specified through the URI.
Similarly, also services can have permission labels: They simply allow the starting,
stopping, and binding to a service. As soon as an application controls a service in
this manner, it also has access to the interfaces it offers, either to query its internal
state or to change its action. Android offers special methods to allow for the
Search WWH ::
Custom Search