On Dec 31, 2016 01:43, "peng fei" <fionapeng...@gmail.com> wrote:
In Android, APPs use the JAVA API to request access sensitive resources, such as short messages , network and location information, etc. In order to access sensitive resources, APPs need to use binder to communicate with system service. For example,APPs use Java API *android.net <http://android.net>.ConnectivityManager.getActiveNetworkInfo() *to request access network. To implement this, It firstly need to use binder to connect to system service *ConnectivityManager*. Now I am wonder if I can use SEAndroid to control the binder transmission between APPs and system services ? In theory yes, in practice no. System service is one process that cutting off access to causes the applications to misbehave and crash. Things like intent firewall and granular app permissions (forget the correct name for this) are better mechanisms for controlling access to these resources. Also, for many things middlemaned by system server, the kernel sees two separate binder transactions, one to system server and one from system server to another process. That makes controlling access from the kernel difficult and makes modifying system server to control it more attractive. I am looking forward to your answer. Thanks advance! _______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.