Sandbox and Permissions models - TairinySimeonato/Android-App-Auditing GitHub Wiki

1. Sandbox model

Linux kernel enforces permissions using users and groups.
This permission model is inherited from Linux and enforces access to file system entries, as well as other Android specific resources.
Processes running as separate users cannot interfere with each other, such as sending signals or accessing another's memory space.
Key concepts: standard Linux process isolation,unique user ids for most processes, and highly restricted file system permissions.
Android defines a map of names to unique identifiers, known as 'Android IDs' or 'AIDs'
Definitions for AIDs are at system/core/include/private/android_filesystem_config.h
Android enables supplementary groups to enable processes to access shared or protected resources.

This model is enforced by Android runtime.
This model is exposed to users when they install apps.
This model limits the abilities of android apps.
The permissions are extracted from the manifest file at install time by PackageManager and stored in /data/system/packages.xml
The permission rights defined in the package are enforced in one of two ways:
- the check is performed at the time a given method invocation and is enforced runtime OR
- check is enforced at a lower level within the OS by a library or the kernel itself.
Divided in : API permissions, file system permissions, and IPC permissions.

2.1 API Permissions

API permissions include those that are used for controlling access tp high-level functionality within the Android framework, and in some cases, 3rd party frameworks.

2.2 File system Permissions

Android's application sandbox is heavily supported by Unix file system permissions.

2.3 IPC Permissions

IPC permissions are those that relate directly to communication between app components, though there are some overlap with API permissions. This permission set applies to the major Android apps components that are built upon Android's Binder IPC mechanism.