APK file:
Just like a zip file and can be unzipped as a zip file
Written in java, may include some native libs in C/C++
Structure:
assets applications assets
lib so files
META-INF Signature information
res resources not compiled into resources.arsc
AndroidManifest.xml Android global configuration file
classes.dex classes compiled in the dex file format
resources.arsc precompiled resources, such as binary XML for example
The structure of the manifest file(Some important elements will be introduced in detail later):
<?xml version="1.0" encoding="utf-8"?>
<manifest>
<uses-permission />
<permission />
<permission-tree />
<permission-group />
<instrumentation />
<uses-sdk />
<uses-configuration />
<uses-feature />
<supports-screens />
<compatible-screens />
<supports-gl-texture />
<application>
<activity>
<intent-filter>
<action />
<category />
<data />
</intent-filter>
<meta-data />
</activity>
<activity-alias>
<intent-filter> . . . </intent-filter>
<meta-data />
</activity-alias>
<service>
<intent-filter> . . . </intent-filter>
<meta-data/>
</service>
<receiver>
<intent-filter> . . . </intent-filter>
<meta-data />
</receiver>
<provider>
<grant-uri-permission />
<meta-data />
<path-permission />
</provider>
<uses-library />
</application>
</manifest>
|
Android file system
Generally, two types of file system:
External storage
Also known as SD cards. Any data written to SD cards, lacks Linux permission-based access control. Thus, any file written to external storage is accessible by any app on the device
Internal storage
Including Shared Preferences, SQLite Databases and app private data.
Android will create an app-specific directory under the path /data/data/app_package_name. This directory is configured such that the associated app’s UID is the owner and only the owner permissions are set; no other UIDs have access to it.
Some useful path:
/data/data/app_package_name app-specific directory
/data/app user installed apk files
/data/system/packages.xml information about apk, including permissions
/system/app system apk files
Android architecture
Architecture diagram:
2014/7/14 10:54 - Screen Clipping
Security Architecture
Based on Linux kernel
A user-based permissions model (user/group ID)
Process isolation (sandboxing)
Extensible mechanism for secure IPC
Mandatory application sandbox for all applications
Secure inter-process communication
Content Providers, Intents, Binder/IPC, local sockets, or the file system
Application signing
Based on Java's JAR specification
Application-defined and user-granted permissions
Apps statically declare permissions they need (use)
No support for dynamic (run-time) granting of permissions
Android permissions
API permissions:
API permissions include those that are used for controlling access to high level functionality within the Android API/framework.
More information can be get by visiting https://developer.android.com/reference/android/Manifest.permission.html
File system permissions:
Unix/Linux-like permissions, with distinct UID/GID.
The standard way that Android lays out the filesystem on a device is to create an app-specific directory under the path /data/data/app_package_name.The app can only get access to it's own data storage path.
There are four important caveats to this setup:
Because file isolation is based on UIDs, apps that are configured to run with the same UIDs can access each other’s files.
A user who accesses the Linux kernel using the root UID will be able to bypass any permissions on any file, allowing access to any data stored by any app.
Any data written to external storage, such as SD cards, lacks Linux permission-based access control. Thus, any file written to external storage is accessible by any app on the device (or off the device and capable of accessing the storage media).
As the developer, you can specify different permissions on files
IPC permissions:
Permissions used to communication between app components(Will be introduced in detail later)
Android main components
AndroidManifest.xml
The control file that tells the system what to do with all the top-level components (specifically activities, services, broadcast receivers, and content providers) in an application. This also specifies which permissions are required.
Activity
An Activity is analogous to a single screen displayed on the device to a user that is composed of what the user actually sees.
Broadcast Receiver
A Broadcast Receiver is a type of component that listens for system messages called Intents.
Services
A Service is an Android component that is designed for background processing.
Content Provider
A Content Provider is a component designed to share data across apps.
Intent
An Intent is a messaging object you can use to request an action from another app component.
