Android is a multi-process system, in which each application (and parts of the system) runs in its own process. Most security between applications and the system is enforced at the process level through standard Linux facilities, such as user and group IDs that are assigned to applications. Additional finer-grained security features are provided through a "permission" mechanism that enforces restrictions on the specific operations that a particular process can perform, and per-URI permissions for granting ad-hoc access to specific pieces of data.
Android是一个多进程系统,在这个系统中,应用程序(或者系统的部分)会在自己的进程中运行。系统和应用之间的安全性是通过Linux的facilities(工具,功能)在进程级别来强制实现的,比如会给应用程序分配user ID和Group ID。更细化的安全特性是通过"Permission"机制对特定的进程的特定的操作进行限制,而"per-URI permissions"可以对获取特定数据的access专门权限进行限制。
Security Architecture
A central design point of the Android security architecture is that no application, by default, has permission to perform any operations that would adversely impact other applications, the operating system, or the user. This includes reading or writing the user's private data (such as contacts or e-mails), reading or writing another application's files, performing network access, keeping the device awake, etc.
安全架构
Android安全架构中一个中心思想就是:应用程序在默认的情况下不可以执行任何对其他应用程序,系统或者用户带来负面影响的操作。这包括读或写用户的私有数据(如联系人数据或email数据),读或写另一个应用程序的文件,网络连接,保持设备处于非睡眠状态。
An application's process is a secure sandbox. It can't disrupt other applications, except by explicitly declaring the permissions it needs for additional capabilities not provided by the basic sandbox. These permissions it requests can be handled by the operating in various ways, typically by automatically allowing or disallowing based on certificates or by prompting the user. The permissions required by an application are declared statically in that application, so they can be known up-front at install time and will not change after that.
一个应用程序的进程就是一个安全的沙盒。它不能干扰其它应用程序,除非显式地声明了"permissions",以便它能够获取基本沙盒所不具备的额外的能力。它请求的这些权限"permissions"可以被各种各样的操作处理,如自动允许该权限或者通过用户提示或者证书来禁止该权限。应用程序需要的那些"permissions"是静态的在程序中声明,所以他们会在程序安装时就被知晓,并不会再改变。
Application Signing
All Android applications (.apk files) must be signed with a certificate whose private key is held by their developer. This certificate identifies the author of the application. The certificate does not need to be signed by a certificate authority: it is perfectly allowable, and typical, for Android applications to use self-signed certificates. The certificate is used only to establish trust relationships between applications, not for wholesale control over whether an application can be installed. The most significant ways that signatures impact security is by determining who can access signature-based permissions and who can share user IDs.
所有的Android应用程序(.apk文件)必须用证书进行签名认证,而这个证书的私钥是由开发者保有的。该证书可以用以识别应用程序的作者。该证书也不需要CA签名认证(注:CA就是一个第三方的证书认证机构,如verisign等)。Android应用程序允许而且一般也都是使用self-signed证书(即自签名证书)。证书是用于在应用程序之间建立信任关系,而不是用于控制程序是否可以安装。签名影响安全性的最重要的方式是通过决定谁可以进入基于签名的permisssions,以及谁可以share 用户IDs。
分享到:
相关推荐
NULL 博文链接:https://tojaoomy.iteye.com/blog/1523880
controlling special permissions, encrypting file systems, and much moreMaster the art of securing a Linux environment with this end-to-end practical guideBook Description This book has extensive ...
Script complex GPMC operations with PowerShell, including linking, backup, restore, permissions changes, and more Create a "change management" system with Advanced Group Policy Management (AGPM v4) ...
Permissions
Explaining the Android security model and architecture, the book describes Android permissions, including Manifest permissions, to help readers analyze applications and understand permission ...
NTFS权限管理.超好用工具.Permissions Tools ,可以快速更改共享文件夹或子文件夹权限,包括继承和非继承。还可以复制权限,批量粘帖权限。神一样的NTFS权限管理工具。
Chapter 4: Permissions and Security Chapter 5: Managing Scope Chapter 6: Performance Optimization Chapter 7: Scalable Dynamic Lists Chapter 8: Parameter Sniffing Chapter 9: Dynamic PIVOT and UNPIVOT ...
烧瓶许可 Flask-Permissions是一个简单的Flask权限扩展,可与。 尽管这不是严格的要求,但它也可以与配合使用。安装使用PIP可以快速轻松地安装: pip install Flask-Permissions入门导入Flask,Flask-SQLAlchemy,...
Application Security for the Android Platform by Jeff Six (英文版 完全文字版, 文件大小 5.51...4. Component Security and Permissions 5. Protecting Stored Data 6. Securing Server Interactions 7. Summary
We introduce theAndroid ...effectiveness and efficiency by modularizing different security models from related work, such as dynamic permissions, inlined reference monitoring, and type enforcement
permissions2 - 一个Go库用于跟踪用户,登录和权限,使用安全cookies和 bcrypt。
Laravel开发-permissions Laravel权限处理程序
Elenkov describes Android security architecture from the bottom up, delving into the implementation of major security-related components and subsystems, like Binder IPC, permissions, cryptographic ...
Windows7 Permissions zh-CN最高权限获取工具,删除正在运行的病毒文件和垃圾软件文件。
This sample shows runtime permissions available in Android M and above. It shows how to check and request permissions at runtime, handle backwards compatibility using the support library and how to ...
Chapter 1: The Android Security Model – the Big Picture 7 Installing with care 7 Android platform architecture 9 Linux kernel 9 Middleware 11 Dalvik virtual machine 11 Application layer 11 Android ...
Android 6.0 permissions Demo
Safeguard files and directories with permissions and attributes Create, manage, and protect storage devices: both local and networked Automate system security 24/7 by writing and scheduling scripts ...
4.Permissions and Security 5.Managing Scope 6.Performance Optimization 7.Scalable Dynamic Lists 8.Parameter Sniffing 9.Dynamic Pivot and Unpivot 10.Solving Common Problems 11.Applications of Dynamic ...
与模型无关的权限的实现 快速开始 安装django-global-permissions: pip install django-global-permissions 添加到已安装的应用程序: INSTALLED_APPS += ( 'global_permissions' ,) 如果要在管理界面中创建...