Managing Application Permissions

The Android platform is built on a Linux kernel and leverages its built-in system security as part of the Android security model. Each Android application exists in its own virtual machine and operates within its own Linux user account (see Figure 5.6).

Applications that want access to shared or privileged resources on the handset must declare those specific permissions in the Android manifest file. This security mechanism ensures that no application can change its behavior on-the-fly or perform any operations without the user's permission.

Because each application runs under a different user account, each application has its own private files and directories, just as a Linux user would.

Android applications can access their own private files and databases without any special permissions. However, if an application needs to access shared or sensitive resources, it must declare those permissions using the <uses-permission> tag within the Android manifest file. These permissions are managed on the Permissions tab of the Android manifest file resource editor.

ANDROID PLATFORM SECURITY MODEL

Android Application #1

"DroidWars" com.androidbook.DroidWars

DALVIK Virtual Machine

Android Application #2

"Chippy's Revenge!" com.androidbook.Chipmunk

DALVIK Virtual Machine

Linux User

"com.androidbook.Dro

Linux User

"com.androidbook.Dro

Linux User

"com.androidbook.Chipmunk"

App Files and Databases

Linux Operating System

App Files and Databases

Linux Operating System

Android Platform Security Enforcement

Contacts, Calendars, Owner Information, Phone Data, etc.

Access Handset Hardware

Phone Dialer, WiFi, Bluetooth, Camera, Audio, Telephony, Device Sensors, etc.

FIGURE 5.6

Simplified Android platform architecture from a security perspective.

TVy It Yourself

To give your application permission to access the built-in camera, use the following steps:

1. Open the Droid1 project in Eclipse.

2. Open the Android manifest file and click the Permissions tab of the resource editor.

3. Click the Add button and choose Uses Permission. The Name attribute for the permission is shown in the right side of the screen as a drop-down list.

4. Choose android.permission.CAMERA from the drop-down list.

5. Save the manifest file. Switch to the AndroidManifest.xml tab to see what the new XML looks like.

You have now registered the camera permission. Your application will be able to access the camera without security exceptions.

During the application installation process, the user is shown exactly what permissions the application uses. The user must agree to install the application after reviewing these permissions.

Table 5.2 lists some of the most common permissions used by Android applications.

TABLE 5.2 Common Permissions Used by Android Applications Permission Category

Useful Permissions

Location-based services

Accessing contact database

Accessing calendars

Changing general phone settings

Making calls

Sending and receiving messages

Using network sockets Accessing audio settings

Accessing network settings

Accessing Wi-Fi settings

Accessing phone hardware

Account services android.permission.ACCESS_COARSE_LOCATION android.permission.ACCESS_FINE_LOCATION

android.permission.READ_CONTACTS android.permission.WRITE_CONTACTS android.permission.READ_CALENDAR android.permission.WRITE_CALENDAR

android.permission.SET_ORIENTATION

android.permission.SET_TIME_ZONE

android.permission.SET_WALLPAPER

android.permission.CALL_PHONE

android.permission.CALL_PRIVILEGED

android.permission.READ_SMS

android.permission.RECEIVE_MMS

android.permission.RECEIVE_SMS

android.permission.RECEIVE_WAP_PUSH

android.permission.SEND_SMS

android.permission.WRITE_SMS

android.permission.INTERNET

android.permission.RECORD_AUDIO android.permission.MODIFY_AUDIO_SETTINGS android.permission.ACCESS_NETWORK_STATE android.permission.CHANGE_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.BLUETOOTH

android.permission.CAMERA

android.permission.FLASHLIGHT

android.permission.VIBRATE

android.permission.BATTERY_STATS

android.permission.GET_ACCOUNTS android.permission.MANAGE_ACCOUNTS

Permission Category Useful Permissions

Synchronization android.permission.READ_SYNC_SETTINGS

android.permission.READ_SYNC_STATS android.permission.WRITE_SYNC_SETTINGS

For a complete list of the permissions used by Android applications, see the android.Manifest.permission class documentation.

Some permissions are not enforced yet by the Android system. An application should still request these permissions anyway, for compatibility reasons.

WOut!

Applications can define and enforce their own permissions. This can be critically important for certain types of applications, such as banking and commerce applications.

ByWay

0 0

Post a comment