Android APK Application runtime permissions and Linux File system permissions for .

APK The permissions at run time are Dalvik Authorized , File system permissions are Linux Kernel authorization .

1)Linux File system permissions for

For example /system/app One of them apk

-rwxr-xr-x system    system     2646964 2013-03-13 10:26 Mp3Player.apk

Represents the corresponding user / User group / Other users' access to this file , It has nothing to do with the permissions this file has to run .

The above example can only illustrate system The user has read and write permissions for this file ;system Users of the group have read to this file , Executive authority ; Others only have execute permissions on this file . and apk What can be done after running , It's not about this . It's not looking apk File system belongs to system/system Users and user groups , perhaps root/root Users and user groups , I think apk have system or root jurisdiction

2)APK Permission to run

Android Some permissions of the system are based on signature . such as :system The level of authority has a special corresponding signature , Wrong signature , You can't get permission . Default generated APK It's a document debug Signed .

the other one APK Running permission rules are based on UserID Process level security mechanism of .Android For each package installed on the device (APK) Assign unique linux
userID To achieve , The name is "app_" Add a number . different UserID, Running in different processes , therefore apk By default, they cannot access each other .

Android Authority is operating at the process level , That is to say, one apk It is not possible for the child process started by an application to exceed the permissions of its parent process ( Namely apk Permissions for ),
Even if you run an app alone, you have permission to do something , But if it is made up of a apk Called , Then the authority will be limited .Android By assigning a parent process to a child process UserID To achieve this mechanism .