Ok, granted it will be _very_ fragile if compared to the current
situation.
But this is for a research paper, and in our "android system", if we
standardize the protocol to include such information, it won't be so
fragile, right? Note that I am not proposing to modify Parcel to
include such information, instead, I intent to have
binder_transaction_data include this information? Would this be an
acceptable method of implementation?
Maybe a little background information would help. We are trying to
solve the transitive permissions problem. Eg: If process A has the
permission to access location and provides a method to read that
value. Process B has been granted this permission on A and reads the
location value. However, Process B does NOT protect its methods and
freely provides this location to anyone who asks for it. As such, a
malicious app who has been granted internet access can send location
information out.
Our idea is to have an "IPC call stack" at the callee's point so that
it can know who has initiated a particular IPC request.
-Earlence