User IDs and File Access
Each Android package (.apk) file installed on the device is given its own unique Linux user ID, creating a sandbox for it and preventing it from touching other applications (or other applications from touching it). This user ID is assigned to it when the application is installed on the device, and remains constant for the duration of its life on that device.
用户IDs和文件存取
每一个Android应用程序(.apk文件)都会在安装时就分配一个独有的Linux用户ID,这就为它建立了一个沙盒,使其不能与其他应用程序进行接触(也不会让其它应用程序接触它)。这个用户ID会在安装时分配给它,并在该设备上一直保持同一个数值。
Because security enforcement happens at the process level, the code of any two packages can not normally run in the same process, since they need to run as different Linux users. You can use the sharedUserId attribute in the AndroidManifest.xml's manifest tag of each package to have them assigned the same user ID. By doing this, for purposes of security the two packages are then treated as being the same application, with the same user ID and file permissions. Note that in order to retain security, only two applications signed with the same signature (and requesting the same sharedUserId) will be given the same user ID.
由于安全性限制措施是发生进程级,所以两个package中的代码不会运行在同一个进程当中,他们要作为不同的Linux用户出现。我们可以通过使用AndroidManifest.xml文件中的manifest标签中的sharedUserId属性,来使不同的package共用同一个用户ID。通过这种方式,这两个package就会被认为是同一个应用程序,拥有同一个用户ID(实际不一定),并且拥有同样的文件存取权限。注意:为了保持安全,只有当两个应用程序被同一个签名签署的时候(并且请求了同一个sharedUserId)才会被分配同样的用户ID.
Any data stored by an application will be assigned that application's user ID, and not normally accessible to other packages. When creating a new file with getSharedPreferences(String, int), openFileOutput(String, int), or openOrCreateDatabase(String, int, SQLiteDatabase.CursorFactory), you can use the MODE_WORLD_READABLE and/or MODE_WORLD_WRITEABLE flags to allow any other package to read/write the file. When setting these flags, the file is still owned by your application, but its global read and/or write permissions have been set appropriately so any other application can see it.
所有存储在应用程序中的数据都会赋予一个属性-该应用程序的用户ID,这使得其他package无法访问这些数据。当通过这些方法getSharedPreferences(String, int), openFileOutput(String, int), or openOrCreateDatabase(String, int, SQLiteDatabase.CursorFactory)来创建一个新文件时,你可以通过使用MODE_WORLD_READABLE and/or MODE_WORLD_WRITEABLE标志位来设置是否允许其他package来访问读写这个文件。当设置这些标志位时,该文件仍然属于该应用程序,但是它的global read and/or write权限已经被设置,使得它对于其他任何应用程序都是可见的。
分享到:
相关推荐
NULL 博文链接:https://tojaoomy.iteye.com/blog/1523880
controlling special permissions, encrypting file systems, and much moreMaster the art of securing a Linux environment with this end-to-end practical guideBook Description This book has extensive ...
Script complex GPMC operations with PowerShell, including linking, backup, restore, permissions changes, and more Create a "change management" system with Advanced Group Policy Management (AGPM v4) ...
Permissions
Explaining the Android security model and architecture, the book describes Android permissions, including Manifest permissions, to help readers analyze applications and understand permission ...
NTFS权限管理.超好用工具.Permissions Tools ,可以快速更改共享文件夹或子文件夹权限,包括继承和非继承。还可以复制权限,批量粘帖权限。神一样的NTFS权限管理工具。
Chapter 4: Permissions and Security Chapter 5: Managing Scope Chapter 6: Performance Optimization Chapter 7: Scalable Dynamic Lists Chapter 8: Parameter Sniffing Chapter 9: Dynamic PIVOT and UNPIVOT ...
Application Security for the Android Platform by Jeff Six (英文版 完全文字版, 文件大小 5.51...4. Component Security and Permissions 5. Protecting Stored Data 6. Securing Server Interactions 7. Summary
We introduce theAndroid ...effectiveness and efficiency by modularizing different security models from related work, such as dynamic permissions, inlined reference monitoring, and type enforcement
Laravel开发-permissions Laravel权限处理程序
Elenkov describes Android security architecture from the bottom up, delving into the implementation of major security-related components and subsystems, like Binder IPC, permissions, cryptographic ...
Windows7 Permissions zh-CN最高权限获取工具,删除正在运行的病毒文件和垃圾软件文件。
This sample shows runtime permissions available in Android M and above. It shows how to check and request permissions at runtime, handle backwards compatibility using the support library and how to ...
Chapter 1: The Android Security Model – the Big Picture 7 Installing with care 7 Android platform architecture 9 Linux kernel 9 Middleware 11 Dalvik virtual machine 11 Application layer 11 Android ...
Android 6.0 permissions Demo
Safeguard files and directories with permissions and attributes Create, manage, and protect storage devices: both local and networked Automate system security 24/7 by writing and scheduling scripts ...
4.Permissions and Security 5.Managing Scope 6.Performance Optimization 7.Scalable Dynamic Lists 8.Parameter Sniffing 9.Dynamic Pivot and Unpivot 10.Solving Common Problems 11.Applications of Dynamic ...
烧瓶许可 Flask-Permissions是一个简单的Flask权限扩展,可与。 尽管这不是严格的要求,但它也可以与配合使用。安装使用PIP可以快速轻松地安装: pip install Flask-Permissions入门导入Flask,Flask-SQLAlchemy,...
此存储库包含Permissions API的某些源,Permissions API是Web应用程序能够管理权限的接口。 最新的编辑草稿位于
文件描述:RequiredPermissions.dll 文件大小:188K