--
You received this message because you are subscribed to the Google Groups "android-ndk" group.
To post to this group, send email to andro...@googlegroups.com.
To unsubscribe from this group, send email to android-ndk...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/android-ndk?hl=en.
On 12/18/2010 3:10 PM, Tez wrote:
> process isolation with unique uids is fine.
> but permissions are related to package manifests and are verified by
> checkPermission at the framework level.
> What would be the permission verification mechanism for native code
> that wants to perform a sensitive operation?
> (I think i;'ve missed a crucial part in my understanding somewhere)
The existence of checkPermission() doesn't contradict what Dianne said;
it's just a way to query at the application level what permissions are
set for you or for a package.
Imagine that the framework queries all possible permissions before
running your app, and then sets kernel flags on a structure passed as
part of some_kernel_exec_call() that enables, for that child process,
the permissions your application has requested. Then the kernel can
enforce those permissions, right? Which is what Dianne just told you?
I haven't looked to see how things work, but that's at least one path
those permissions could take from the framework into the kernel. There
could be others.
Tim
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNDTcPAAoJENSbqLBCyKKsdpAH/Ajwvtw3NW8xuRgkbzcbH0ba
+EPsaWtr1AH+x9skOwDXOKnBL5e181tGWTIRmwKnSk3h1RISihtsO73AoR8br/dv
luGDoFzMPlnkBQL7GndgPcIqMkvwyr45TWyiFSgfoZpmywpG7WkGO0EVHLHqyR3T
5J1hWJRb6uOYTUrekUdqBIk/zE0vxri4roFcAApCqBjhCutH+CQki8CkXn7Brx2R
zJdnTKOD3RLt8KDBlJ24m1C2g7SOwAniGMkrnbnXc3PoCjrp4hZUUbwpAjY549YA
0TX6yYN4eTVtHXWL6GU5MOlVk1hvjGpDwMlJw10PgjV134OS/upQdnhhCzh1wHU=
=+PDz
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups "android-ndk" group.
To post to this group, send email to andro...@googlegroups.com.
To unsubscribe from this group, send email to android-ndk...@googlegroups.com.
I believe permissions are checked in the VM to generate user-friendly exceptions that will tell the developer why they can't do something.
Otherwise, all you'll get is a simple EPERM error from the kernel, which won't be very helpful to understand the root cause of the problem.
To unsubscribe from this group, send email to android-ndk...@googlegroups.com.