On Fri, Mar 2, 2012 at 12:52 AM, Harsha Joshi <[email protected]> wrote: > hi > i am developing a native library. Proving a JNI wrapper and then a > java API library on top of it for app developers. > > However i want to control the permissions as to who has to access it. > Basically i want to verify that only specific applications are able to > load this library. > > How to achieve this in android ICS. > > I understand that in Android end of the day the user is key who allows > whether to grant an access or not. Can i create a new permission that > is called out whenever an application is trying to use thsi library.? > > Any help is appreciated? You need to include a white list of digital signatures. When a program attempts to load your shared object (DSO), you fail the load if the program is not approved.
*nix is a bit different than Windows. Windows has a DLLMain, and a certain amount of startup processing can be performed (such as locating the disk image for the binary loading the DLL and verifying a digital signature). *nix, on the other hand, does not provide an equivalent DllMain entry point. I believe you will need to use GCC's __attribute__((constructor)) on a global object; and have the global object perform the startup verification. If verification fails, throw an exception. I ran into a similar problem when I needed to find a place for start up self test code in a shared object (DSO) on Linux. The module was FIPS conforming, so a start up self test was a requirement. See "Linux SO equivalent of Windows DllMain in DLL," http://groups.google.com/group/comp.os.linux.development.system/browse_thread/thread/6b1daccb3b059051. Jeff -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
