On Wed, May 11, 2011 at 6:03 AM, patrick Immling <[email protected]>wrote:
> Is the android keystore pass-protected?
>
yes, the UI enforces a 8 character minimum password. try it yourself.
Can any application access the key from the keystore?
>
there are UID based restrictions, so arbitrary apps cannot access arbitrary
keys. some system services like VPN and WiFi have access to system keys
>
> Is there any security associated with the access to keys on android?
>
the same table that defines the UID access also limits which operations are
restricted to what types of users.
>From frameworks/base/cmds/keystore/keystore.c:
static struct user {
uid_t uid;
uid_t euid;
uint32_t perms;
} users[] = {
{AID_SYSTEM, ~0, ~GET},
{AID_VPN, AID_SYSTEM, GET},
{AID_WIFI, AID_SYSTEM, GET},
{AID_ROOT, AID_SYSTEM, GET},
{~0, ~0, TEST | GET | INSERT | DELETE | EXIST | SAW},
};
The whole file is only about 500 lines, I suggest just reading it over to
get an idea of how it works.
-bri
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-security-discuss?hl=en.
