没有合适的资源?快使用搜索试试~ 我知道了~
首页Android安全与权限.pdf
资源详情
资源评论
资源推荐
Security and premission
Android is a multi-process system, in which each application (and parts of the system) runs in its own
process. Most security between applications and the system is enforced at the process level through
standard Linux facilities, such as user and group IDs that are assigned to applications. Additional
finer-grained security features are provided through a "permission" mechanism that enforces restrictions
on the specific operations that a particular process can perform, and per-URI permissions for granting
ad-hoc access to specific pieces of data.
Android 是一个多进程系统,在这个系统中,应用程序(或者系统的部分)会在自己的进程中运行。系统
和应用之间的安全性是通过 Linux 的 facilities(工具,功能)在进程级别来强制实现的,比如会给应用程
序分配 user ID 和 Group ID。更细化的安全特性是通过"Permission"机制对特定的进程的特定的操作进行
限制,而"per-URI permissions"可以对获取特定数据的 access 专门权限进行限制。
Security Architecture
A central design point of the Android security architecture is that no application, by default, has
permission to perform any operations that would adversely impact other applications, the operating
system, or the user. This includes reading or writing the user's private data (such as contacts or e-mails),
reading or writing another application's files, performing network access, keeping the device awake, etc.
安全架构
Android 安全架构中一个中心思想就是:应用程序在默认的情况下不可以执行任何对其他应用程序,系统
或者用户带来负面影响的操作。这包括读或写用户的私有数据(如联系人数据或 email 数据),读或写另一
个应用程序的文件,网络连接,保持设备处于非睡眠状态。
An application's process is a secure sandbox. It can't disrupt other applications, except by explicitly
declaring the permissions it needs for additional capabilities not provided by the basic sandbox. These
permissions it requests can be handled by the operating in various ways, typically by automatically
allowing or disallowing based on certificates or by prompting the user. The permissions required by an
application are declared statically in that application, so they can be known up-front at install time and will
not change after that.
一个应用程序的进程就是一个安全的沙盒。它不能干扰其它应用程序,除非显式地声明了"permissions",
以便它能够获取基本沙盒所不具备的额外的能力。它请求的这些权限"permissions"可以被各种各样的操作
处理,如自动允许该权限或者通过用户提示或者证书来禁止该权限。应用程序需要的那些"permissions"是
静态的在程序中声明,所以他们会在程序安装时就被知晓,并不会再改变。
Application Signing
All Android applications (.apk files) must be signed with a certificate whose private key is held by their
developer. This certificate identifies the author of the application. The certificate does not need to be
signed by a certificate authority: it is perfectly allowable, and typical, for Android applications to use
self-signed certificates. The certificate is used only to establish trust relationships between applications,
not for wholesale control over whether an application can be installed. The most significant ways that
signatures impact security is by determining who can access signature-based permissions and who can
share user IDs.
所有的 Android 应用程序(
.apk 文件)必须用证书进行签名认证,而这个证书的私钥是由开发者保有的。
该证书可以用以识别应用程序的作者。该证书也不需要 CA 签名认证(注:CA 就是一个第三方的证书认证
机构,如 verisign 等)。Android 应用程序允许而且一般也都是使用 self-signed 证书(即自签名证书)。证
书是用于在应用程序之间建立信任关系,而不是用于控制程序是否可以安装。签名影响安全性的最重要的
方式是通过决定谁可以进入基于签名的 permisssions,以及谁可以 share 用户 IDs。
User IDs and File Access
Each Android package (.apk) file installed on the device is given its own unique Linux user ID, creating a
sandbox for it and preventing it from touching other applications (or other applications from touching it).
This user ID is assigned to it when the application is installed on the device, and remains constant for the
duration of its life on that device.
用户 IDs 和文件存取
每一个 Android 应用程序(.apk 文件)都会在安装时就分配一个独有的 Linux 用户 ID,这就为它建立了一
个沙盒,使其不能与其他应用程序进行接触(也不会让其它应用程序接触它)。这个用户 ID 会在安装时分
配给它,并在该设备上一直保持同一个数值。
Because security enforcement happens at the process level, the code of any two packages can not
normally run in the same process, since they need to run as different Linux users. You can use the
sharedUserId attribute in the AndroidManifest.xml's manifest tag of each package to have them assigned
the same user ID. By doing this, for purposes of security the two packages are then treated as being the
same application, with the same user ID and file permissions. Note that in order to retain security, only
two applications signed with the same signature (and requesting the same sharedUserId) will be given
the same user ID.
由于安全性限制措施是发生进程级,所以两个 package 中的代码不会运行在同一个进程当中,他们要作为
不同的 Linux 用户出现。我们可以通过使用 AndroidManifest.xml 文件中的 manifest 标签中的 sharedUserId
属性,来使不同的 package 共用同一个用户 ID。通过这种方式,这两个 package 就会被认为是同一个应
用程序,拥有同一个用户 ID(实际不一定),并且拥有同样的文件存取权限。注意:为了保持安全,只有
当两个应用程序被同一个签名签署的时候(并且请求了同一个 sharedUserId)才会被分配同样的用户 ID.
Any data stored by an application will be assigned that application's user ID, and not normally accessible
to other packages. When creating a new file with getSharedPreferences(String, int),
openFileOutput(String, int), or openOrCreateDatabase(String, int, SQLiteDatabase.CursorFactory), you
can use the MODE_WORLD_READABLE and/or MODE_WORLD_WRITEABLE flags to allow any other
package to read/write the file. When setting these flags, the file is still owned by your application, but its
global read and/or write permissions have been set appropriately so any other application can see it.
所有存储在应用程序中的数据都会赋予一个属性-该应用程序的用户 ID,这使得其他 package 无法访问这些
数据。当通过这些方法 getSharedPreferences(String, int), openFileOutput(String, int), or
openOrCreateDatabase(String, int, SQLiteDatabase.CursorFactory)来创建一个新文件时,你可以通过使
用 MODE_WORLD_READABLE and/or MODE_WORLD_WRITEABLE 标志位来设置是否允许其他
package 来访问读写这个文件。当设置这些标志位时,该文件仍然属于该应用程序,但是它的 global read
and/or write 权限已经被设置,使得它对于其他任何应用程序都是可见的。
A basic Android application has no permissions associated with it, meaning it can not do anything that
would adversely impact the user experience or any data on the device. To make use of protected
features of the device, you must include in your AndroidManifest.xml one or more <uses-permission>
tags declaring the permissions that your application needs.
一个基本的 Android 程序通常是没有任何 permissions 与之关联的,这就是说它不能做任何扰乱用户或破
坏数据的勾当。那么为了使用设备被保护的 features,我们就必须在 AndroidManifest.xml 添加一个或多个
<uses-permission> 标签,用以声明你的应用程序需要的 permissions.
下面是个例子,不翻译啦!
For example, an application that needs to monitor incoming SMS messages would specify:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.android.app.myapp" >
<uses-permission android:name="android.permission.RECEIVE_SMS" />
</manifest>
At application install time, permissions requested by the application are granted to it by the package
installer, based on checks against the signatures of the applications declaring those permissions and/or
interaction with the user. No checks with the user are done while an application is running: it either was
granted a particular permission when installed, and can use that feature as desired, or the permission
was not granted and any attempt to use the feature will fail without prompting the user.
应用程序按照的时候,应用程序请求的 permissions 是通过 package installer 来批准获取的。package
installer 是通过检查该应用程序的签名和/或用户的交换结果来确定是否给予该程序 request 的权限。在用
户使用过程中不会去检查权限,也就是说要么在安装的时候就批准该权限,使其按照设计可以使用该权限;
要么就不批准,这样用户也就根本无法使用该 feature,也不会有任何提示告知用户尝试失败。
Often times a permission failure will result in a SecurityException being thrown back to the application.
However, this is not guaranteed to occur everywhere. For example, the sendBroadcast(Intent) method
checks permissions as data is being delivered to each receiver, after the method call has returned, so
you will not receive an exception if there are permission failures. In almost all cases, however, a
permission failure will be printed to the system log.
很多时候, 一个 permission failure 会导致一个 SecurityException 被抛回该应用程序. 但是 Android 并不保
证这种情况会处处发生。例如,当数据被 deliver 到每一个 receiver 的时候,sendBroadcast(Intent) 方法
会去检查 permissions,在这个方法调用返回之后,你也不会收到任何 exception。几乎绝大多数情况,一个
permission failure 都会打印到 log 当中。
The permissions provided by the Android system can be found at Manifest.permission. Any application
may also define and enforce its own permissions, so this is not a comprehensive list of all possible
permissions.
Android 系统定义的权限可以在 Manifest.permission 中找到。任何一个程序都可以定义并强制执行自己独
有的 permissions,因此 Manifest.permission 中定义的 permissions 并不是一个完整的列表(即有肯能有
自定义的 permissions)
。
A particular permission may be enforced at a number of places during your program's operation:
一个特定的 permission 可能会在程序操作的很多地方都被强制实施:
At the time of a call into the system, to prevent an application from executing certain functions.
剩余14页未读,继续阅读
ecosystems
- 粉丝: 164
- 资源: 14
上传资源 快速赚钱
- 我的内容管理 收起
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
会员权益专享
最新资源
- c++校园超市商品信息管理系统课程设计说明书(含源代码) (2).pdf
- 建筑供配电系统相关课件.pptx
- 企业管理规章制度及管理模式.doc
- vb打开摄像头.doc
- 云计算-可信计算中认证协议改进方案.pdf
- [详细完整版]单片机编程4.ppt
- c语言常用算法.pdf
- c++经典程序代码大全.pdf
- 单片机数字时钟资料.doc
- 11项目管理前沿1.0.pptx
- 基于ssm的“魅力”繁峙宣传网站的设计与实现论文.doc
- 智慧交通综合解决方案.pptx
- 建筑防潮设计-PowerPointPresentati.pptx
- SPC统计过程控制程序.pptx
- SPC统计方法基础知识.pptx
- MW全能培训汽轮机调节保安系统PPT教学课件.pptx
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论0