Access Control Patterns in Android Open Source Project

ratazze 8 views 7 slides Jul 09, 2024
Slide 1
Slide 1 of 7
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7

About This Presentation

Access Control Patterns in AOSP

Size: 49.01 KB
Language: en
Added: Jul 09, 2024
Slides: 7 pages

Slide Content

Access Control Patterns in AOSP Paul Ratazzi July-September 2015

Access Control Pattern Code or data structures that assign powers to subjects or adjudicate subjects’ requests for access to objects.

Purposes Gain insight into security architecture Learn ‘proper’ way of adding new features, services, etc. Identify problems, missing controls Find better/best way to fix problems, improve Quickly evaluate vendor customizations or new features Predict where controls should be

Breakdown Access control involves Subject Object Decision Look for places where: Subjects are identified Decisions are made Grant/deny results are returned

Subject Identification Binder.getCallingUid () Many derivatives, e.g. getCallingUserId () Binder.getCallingPid () GID (method TBD) GID-controlled resources such as BT, Internet, etc. Package name (method TBD)

Decision Making and Result Return Use of checkPermission () and related methods to verify manifest permissions Compare current user to calling user DESCRIPTOR check across proxy-stub interface (Parcel class) Permission bypass for system (1000) and root (0) uid s System-only (calling uid == 1000) protected actions Calling app vs. package name check SELinux checks (kernel)

Code Example: Permission Bypass for system/root ( ActivityManagerService.getIntentSender () ) if ( callingUid != 0 && callingUid != Process.SYSTEM_UID ) { int uid = AppGlobals.getPackageManager () . getPackageUid ( packageName , UserHandle.getUserId ( callingUid )); if (! UserHandle.isSameApp ( callingUid , uid )) { String msg = "Permission Denial: getIntentSender () from pid =" + Binder.getCallingPid () + ", uid =" + Binder.getCallingUid () + ", (need uid =" + uid + ")" + " is not allowed to send as package " + packageName ; Slog.w (TAG, msg ); throw new SecurityException ( msg ); } }
Tags
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 8
  • Slides 7
  • Age 512 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
30 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
27 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
29 views
View More in This Category