4.22.2009

android permission

我試著建立一個假的character device.
然後想讓它可以被使用在 Android emulator上。

首先, 我在.config 檔加了CONFIG_MODULES,並重編譯了Android Kernel
然後, 我寫了個module 來控制"/dev/mydev"(它扮演著一個 80char 的buffer),並跨平台組譯成arm 架構。

我ran了emulator ,然後將 busybox 放進去(用來建立/dev/mydev 透過 mknod),並用insmod 載入module

目前,透過使用 open/close/write/等.. shell 和 common activities 都可以對它互動

我想要建一個特別的permission給這個device,然後人不能透過 common Activities 來讀取它。
有任何的文件/提醒/連結嘛?

我知道Android 有一個特別的HAL,但沒有文件。

I'm trying to create a fake character device.
I want to make it usable within the provided Android emulator.

Firstly, I recompiled the Android Kernel editing the .config file,
adding CONFIG_MODULES.
Then, I wrote a module managing "/dev/mydev" (it acts as a 80 char
buffer) and crosscompiled it for arm architecture.
I ran the emulator and pushed busybox (for creating the /dev/mydev
with mknod) and loaded the module with insmod.


Now, both shell and common activities can interact with it, by using
standard open/close/write/etc...


I would like to create a specific permission for that device and make
it not readable from common Activities.
Is there some documentation/hints/links?


I know Android has a specific HAL but there's no documentation.




就application style permissions來說,你一般要做的就是去define一個新的gid, 就是你的device 會被發布的gid(如此它就不會被讀/寫),
加一個entry 在 \frameworks\base\data\etc\permissions.xml 去對映到 permission string,
然後加一個item在 frameworks/base/core/res/AndroidManifest.xml 來描述這個permission.
gid 的group 是被defined 在user space, 有個 system/init 來defines 這些standard groups.

For application style permissions, what you generally do is define a new gid
that your device is published under (so it is not world readable/writeable),
add an entry to etc/permissions.xml mapping that gid to a permission string,
and add an item in the frameworks AndroidManifest.xml describing that
permission.

The meaning of groups is purely defined by user space. There is a
system/init header that defines the standard groups.

No comments: