Scribd Logo
Importer

Bienvenue sur Scribd !

  • Application Permissions

    Transféré par

    Muhammad Tariq
    127 vues48 pages
    The document discusses application permissions in Android. It explains that Android uses a permission model to restrict access to sensitive data and operations. Applications must declare the permissions they need, and the system prompts users for consent during installation. Some key points covered include: - Android sandboxes each app and requires explicit sharing of resources between apps. - Permissions protect access to user data, hardware features, and costly operations. - The <uses-permission> tag declares permissions an app needs in the manifest file. - Apps can also define custom permissions to restrict access to their own components and functions.

    Description originale:

    Titre original

    Application Permissions (1).pptx

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PPTX, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    The document discusses application permissions in Android. It explains that Android uses a permission model to restrict access to sensitive data and operations. Applications must declare the permissions they need, and the system prompts users for consent during installation. Some key points covered include: - Android sandboxes each app and requires explicit sharing of resources between apps. - Permissions protect access to user data, hardware features, and costly operations. - The <uses-permission> tag declares permissions an app needs in the manifest file. - Apps can also define custom permissions to restrict access to their own components and functions.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPTX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    127 vues48 pages

    Application Permissions

    Transféré par

    Muhammad Tariq
    The document discusses application permissions in Android. It explains that Android uses a permission model to restrict access to sensitive data and operations. Applications must declare the permissions they need, and the system prompts users for consent during installation. Some key points covered include: - Android sandboxes each app and requires explicit sharing of resources between apps. - Permissions protect access to user data, hardware features, and costly operations. - The <uses-permission> tag declares permissions an app needs in the manifest file. - Apps can also define custom permissions to restrict access to their own components and functions.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPTX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 48

    Modern Application Development

    (Android Platform)

    Application Permissions

    Tahir Farooq
    FAST-NU
    This Lecture
    • The Application Permissions
    Android security architecture
    • No application, by default, has permission to
    perform any operations that would adversely
    impact other applications, the operating system, or
    the user.

    Keeping device awake


    reading or writing the user's private data
    (such as contacts or emails)

    reading or writing another application's files,


    performing network access
    Android security architecture
    • Each Android application operates in a process
    sandbox
    • Apps must explicitly share resources and data.
    Android security architecture
    • They do this by declaring the permissions they need
    for additional capabilities not provided by the basic
    sandbox.
    Android security architecture

    • Applications statically declare the permissions they


    require, and the Android system prompts the user
    for consent at the time the application is installed

    • Android has no mechanism for granting


    permissions dynamically (at run-time)
    Permissions
    • Android permissions
    – Data, Resources, Operations
    • Defining & using application permissions
    • Component permissions & permissions related APIs
    Permissions
    • Android protects resources, data & operations with
    permissions
    • Used to limit access to:
    – User information – e.g, contacts
    – Cost-sensitive API’s – e.g., SMS/MMS
    – System resources – e.g., Camera

    permission" mechanism enforces restrictions on the specific


    operations that a particular process can perform
    (developer.android.com)
    Permissions

    • Permissions are represented as strings


    • In AndroidManifest.xml, apps declare the
    permissions
    – They use themselves
    – They require of other components
    Using Permissions

    Asking for User Permissions in AndroidManifest

    <manifest … >
    <uses-permission android:name="android.permission.CAMERA”/>
    <uses-permission android:name="android.permission.INTERNET”/>
    <uses-permission android:name=“android.permission.ACCESS_FINE_LOCATION”/>

    </manifest >

    http://developer.android.com/reference/android/Manifest.permission.html
    ~ 150 permissions
    • Which of the following describe situations where
    permissions might be used?
    To restrict access to costly operations.
    To restrict access to device hardware features.
    To restrict access to user data.
    To restrict application loading to devices that run a specific
    version of Android.
    • Which of the following describe situations where
    permissions might be used?
    √ To restrict access to costly operations.
    √ To restrict access to device hardware features.
    √ To restrict access to user data.
    × To restrict application loading to devices that run a specific
    version of Android.
    • Which XML tag does an application use to specify
    permissions that the device's user must grant to the
    application before that application can run on the
    user's device.
    – android:permission.
    – <permission>
    – <uses-permission>
    – <define-permission>
    • Which XML tag does an application use to specify
    permissions that the device's user must grant to the
    application before that application can run on the
    user's device.
    × android:permission.
    × <permission>
    √ <uses-permission>
    × <define-permission>
    Defining Permissions
    • Apps can also define and enforce their own
    permissions
    – Other Applications must get your permission
    • Suppose your application performs a
    privileged/dangerous operation
    • You might not want to allow just any application to
    invoke yours
    • So you can define & enforce your own permission
    Permission Format Card Example
    • Simple Application that performs a (just pretend)
    dangerous action
    – Formatting External Memory Card
    Define & Enforce Permission
    • IF you don’t want just anyone to run
    – PermissionExampleBoom
    • Define & enforce an application-specific permission
    App 1 App 2

    Start Activity 2
    Intent Intent

    <manifest … >
    <manifest … > <permission
    android:name=“SpecialPermission”
    <uses-permission android:name=“SpecialPermission”/> android:label=“SpecialPermission”
    android:description=“SpecialPermission”/>


    </manifest > <uses-permission android:name=“SpecialPermission”/>

    </manifest >
    • Which XML tag or attribute is used to specify an
    application-specific permission that an application
    requires of any other application that wants to
    interact with it?
    – android:permission
    – <permission>
    – <uses-permission>
    – <define-permission>
    • Which XML tag or attribute is used to specify an
    application-specific permission that an application
    requires of any other application that wants to
    interact with it?
    × android:permission
    √ <permission>
    × <uses-permission>
    × <define-permission>
    Component Level Permissions
    • Individual components can set their own
    permissions, restricting which other components
    can access them

    • Component permissions take precedence over


    application-level permissions
    Activity Permissions
    • Restricts which components can start the
    associated activity
    • Checked within execution of startActivity()
    startActivityForResult()
    • Throws SecurityException on permissions failure
    Service Permissions
    • Restricts which components can start or bind to the
    associated service
    • Checked within execution of
    – Context.startService()
    – Context.stopService()
    – Context.bindService()
    • Throws SecurityException on permissions failure
    Broadcast Permissions
    • Restricts which components can send & receive
    broadcasts
    • Permissions checked in multiple places
    • More on this when we discuss BroadcastReceivers
    Content Provider Permissions
    • Restrict which components can read & write the
    data in a ContentProvider
    • More on this when we discuss ContentProviders
    • Which Exception is thrown if one Activity tries to
    start another Activity for which it does not have the
    appropriate permissions? See:
    http://developer.android.com/guide/topics/security
    /permissions.html for more information.
    – AccessControlException.
    – SecurityException.
    – NullPointerException.
    – ClassCastException.
    • Which Exception is thrown if one Activity tries to
    start another Activity for which it does not have the
    appropriate permissions?
    – AccessControlException.
    √ SecurityException.
    – NullPointerException.
    – ClassCastException.
    Example
    More Information

    • http://developer.android.com/guide/topics/security/permissions.html

    Vous aimerez peut-être aussi