The Package Manager service is a central service in the Android system and is one of the most important. It manages all the packages in the system and is central to platform security. It maintains a mapping between user/group identifiers and higher-level permission strings. In this recipe, we will see how permissions are managed and granted by the Package Manager service. As you may know, the fundamental aspect of the Android Security Model is the permissions system. This system is managed by the PackageManagerService
class.
The source code of the Package Manager service is located at ANDROID_SRC/frameworks/base/services/java/com/android/server/
. Open up the file named PackageManagerService.java
in your favorite code editor.
Built-in permission UID mappings are stored on the filesystem at
/system/etc/permissions/platform.xml
. This is loaded into the Package Manager service into the following variable:final SparseArray<HashSet<String>> mSystemPermissions = new SparseArray<HashSet<String>>();
The service maintains user application permissions in the filesystem at
/data/system/packages.xml
. Fire up the emulator and drop into anadb
shell. We will inspect the contents of thepackages.xml
file. Obtain a copy with the following command:adb pull /data/system/packages.xml
Open up the file in a text editor and search for the term "packt":
<package name="com.packtclient" codePath="/system/app/PacktLibraryClient.apk" nativeLibraryPath="/data/data/com.packtclient/lib" flags="1" ft="1389a1a82a8" it="13879fbb780" ut="1389a1b8ae2" version="10" userId="10010"> <sigs count="1"> <cert index="1" /> </sigs> </package>
Here we notice that
PacktLibraryClient
has been assigned auserId
of10010
.
The Package Manager service stores and manages all configuration data in XML files with proper Linux permissions on these files. Internally, the service makes use of XML pull parsers to read and process these files. This service is interrogated by other services, most notably the Activity Manager service, as to whether a package possesses a certain permission or not.
Whenever you make changes to this service, please rethink your design carefully and only if there is no other way to accomplish the task, run the unit tests.
To run these tests, run the following command in a terminal (as always, I assume you have set up a build environment by including build/envsetup.sh
):
mmm frameworks/base/tests/AndroidTests
Then start the emulator and execute this in a terminal over ADB:
adb install -r -f out/target/product/passion/data/app/AndroidTests.apk
Finally drop into an adb
shell and execute:
adb shell am instrument -w -e class com.android.unit_tests.PackageManagerTests com.android.unit_tests/android.test.InstrumentationTestRunner
The unit tests are part of the Compatibility Test Suite (CTS). The CTS is part of the Android compatibility program. The aim is to achieve standardization among Android vendor implementations. The interested reader is referred to an overview of the compatibility program at http://source.android.com/compatibility/overview.html. Details on the CTS itself may be found at http://source.android.com/compatibility/cts-intro.html.