If I call socket()
function in JNI C methods, the application will still fail with a permission error. And if I put a uses-permission line in AndroidManifest.xml, the problem is fixed.
So it seems Android permission check is not implemented in Dalvik virtual machine since I'm calling a native C function and still gets checked. I would like to know how where check is performed, in Android kernel, or the application is traced with something like ptrace
to intercept every system call, or any other way. Many thanks.
Android app permissions can give apps control of your phone and access to your camera, microphone, private messages, conversations, photos, and more. App permission requests pop up the first time an app needs access to sensitive hardware or data on your phone or tablet and are usually privacy-related.
Android apps must ask for permission to access sensitive resources on the phone, like the GPS, the camera, or the user's contacts data. When you say that an app can't access your location data, the operating system can prevent it from doing so because it runs the app in its own sandbox.
Any app that is capturing the screen via a MediaProjection and requests SYSTEM_ALERT_WINDOW is automatically granted the permission unless the user has explicitly denied the permission to the app.
The checks are performed by the Linux kernel, using group membership to determine access rights.
If you look in the zygote fork code in the VM you can see it using setgroups() to set the supplementary groups IDs. If you chase it around a bit in the app framework code you can see where it determines the permissions and passes them down to forkAndSpecialize().
Native code runs in the same sandbox that SDK apps use and are therefore subject to the same security model as SDK apps.
See Download the Android NDK:
If you write native code, your applications are still packaged into an .apk file and they still run inside of a virtual machine on the device. The fundamental Android application model does not change.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With