> I have an app on my Android device (ES File Explorer) that appears to > have unfettered access to the entire filesystem. I doubt that is possible unless your phone is rooted. All crucial files are protected by standard file permissions.
-Earlence On Jun 18, 8:06 pm, Charles Clancy <[email protected]> wrote: > On 6/17/2011 3:41 PM, Chris Palmer wrote: > > > > >> The Android kernel binder driver just exposes /dev/binder interface that is > >> readable and writable by all apps -- everything can talk to everything. > > Yes, but as on the internet, the message recipient can decide whether > > or not it wants to act on the request. In the case of Android, the > > kernel allows a Binder message recipient to learn the UID and GID of > > the caller; the recipient can then invoke the Android framework to > > determine if the caller is authorized to make the call. For example: > > Also, as on the Internet, it's up to the individual apps to protect > themselves, rather than the infrastructure providing systemic > safeguards. Apps are responsible for inbound filtering of IPC (much > like firewalls protecting individual hosts/networks). While that is > important, an complementary approach would be for the framework to > perform outbound filtering of IPC. > > I have an app on my Android device (ES File Explorer) that appears to > have unfettered access to the entire filesystem. What protection does > the OS itself have against system calls? -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
