Sorry if I seem slow, I'm gonna try to get this together piece by piece. So ActivityManagerSerivice and PackageManagerService are system services, permission from user processes are sent through IPC to checkPermission() in these services, no context switch needed. As for the system permissions defined in platform.xml such as "bluetooth", "internet", etc, processes can be granted permissions based on GID checking in the filesystem.
Thanks! -J On Mar 11, 4:07 am, Dianne Hackborn <[email protected]> wrote: > On Thu, Mar 10, 2011 at 10:02 PM, Jimmyz500 <[email protected]> wrote: > > Would I be able to find a list of which permissions (internet, > > bluetooth, etc...) are tied to the Linux gids? > > Are the permissions that are tied to the GIDs the following list or a > > subset of this list? > >http://developer.android.com/reference/android/Manifest.permission.html > > They are declared in system/etc/permissions/framework.xml I believe. > > > As for the other type of permissions, > > application component access by ActivityManagerService -> Is this for > > something like accessing user content providers? > > apks by PackageManagerService -> like Google Maps asks for permissions > > for "android.permission.ACCESS_GPS" during install? > > You have a lot of things mixed up here. The location manager is not a > content provider. Permissions can be used to protect lots of things -- > components declared in a manifest, incoming IPC calls, etc. > > > I am trying to find the separation between permission checks done by > > UID/GID checks and the other types by PackageManagerService. > > It depends. > > > I think if PackageManagerService gets involved, a context switch has > > to happen, and that's expensive, where if it's just GID check, no > > context switch is needed. > > If you are getting hung up on context switches at this point, you are way > deep into premature optimization. > > I am having trouble figuring out exactly what you are trying to do, so I'm > not sure how much useful information I can give you. > > -- > Dianne Hackborn > Android framework engineer > [email protected] > > Note: please don't send private questions to me, as I don't have time to > provide private support, and so won't reply to such e-mails. All such > questions should be posted on public forums, where I and others can see and > answer them. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
