Adi GuN Adi GuN - 1 year ago 56
Android Question

How UID of an app determined during install in Android?

The following link gives a brief description about package installation process in android.

I'm curious to know how the UID of an app is determined during its installation based on set the permissions present in its manifest file.

Also there is the platform.xml (in /frameworks/base/data/etc directory for 4.0 ICS Source code)file which contains list of permissions with gid associated with them. The description says

The following tags are associating low-level group IDs with
permission names. By specifying such a mapping, you are saying
that any application process granted the given permission will
also be running with the given group ID attached to its process,
so it can perform any filesystem (read, write, execute) operations
allowed for that group.

In a similar way there is a list of high level permissions assigned to specific uid's as well.

My question is when an app is installed with permissions X,Y, Z how does its access specified is it from the mapping from this platform.xml

Also everytime the app is run does the mapping take place at every instant (that doesn't seem right from the initial design of android where the app permissions cannot be changed unless there is an update). So if that is the case where does it store saying this app should run with such and such access or such and such uid.

I hope I made my question clear, let me know if you need more information. I'm just trying to learn more on how the internals of the Android OS work.


Answer Source

The UID of an application does not depends on the set of the permissions. In general case, during the installation PackageManager assigns a unique UID to an applicatioin from a set [FIRST_APPLICATION_UID; LAST_APPLICATION_UID] (actually, this process has slightly changed with the indroduction of multiuser support):

The Android system assigns a unique user ID (UID) to each Android application and runs it as that user in a separate process.

What you are talking about is a limited set of GIDs (group ids) that is assigned to an application based on the permissions. For instance, to limit access of applications to network interface a special patch has been added to Linux kernel, which allows a process to create net sockets only if this process has a special hardcoded GID. Thus, during the installation of an application if a user accepts the permission "android.permission.INTERNET", PackageManager assigns a special GID to this application (based on the values in platform.xml file). During the launch of this application, a process of this app is setgid'ed with the value. Thus, the process of application obtains a right to create sockets.

Other permissions are enforced on Android Framework level.