Permission checking is performed through UIDs and PIDs. These values are provided to the ActivityManagerService (which has the entry point for checkPermission) through the Binder kernel module. As said above, each Android process has its uid and gid set given when zygote launches it. These gids are connected to permissions (eg: internet,bluetooth), but not all of them. For such type of permissions, just a gid check suffices. For other types, the PackageManagerService maintains a data structure that contains the set of given permissions. The requested permission is compared against this list.
Cheers, Earlence On Feb 18, 8:04 pm, Brian Carlstrom <[email protected]> wrote: > On Fri, Feb 18, 2011 at 8:48 AM, Jimmyz500 <[email protected]> wrote: > > Can someone help > > to explain the sequence of events when a particular app running as a > > Dalvik VM needs to check whether or not it has the permissions needed > > to do certain actions or to enforce permission settings? > > Dalvik VM in general on its own does not enforce permissions settings. > However, a special VM called the Zygote runs as root and receives requests > from the ActivityManager to start an application. Using > Zygote.forkAndSpecialize ( a native method with C implementation), the VM > sets the uid, gids, rlimits, etc. After that, the kernel is what is > restricting access, Dalvik is uninvolved. I think Control Groups (aka > cgroups) are the main mechanism there, but I haven't looked into the details > > -bri -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
