Android "Application Framework" Docs/Tuts -

Android "Application Framework" Docs/Tuts -

can point me tutorials related android application framework development? here particularly talking "application framework" (second layer top in android architecture) & not app development.

i interested in: what happens after app calls system/framework api? how os check if app has particular permission? component in "application framework" handles checking? java classes responsible it?

i play these java classes & create observations.

p.s.: assuming permission-model implemented in "application framework" layer. right me if wrong.

there limited resources framework development far aware, of available spread out on different blogs , mailing lists. started recommend open source project site, source.android.com. contains limited documentation on how things @ to the lowest degree provides setup working open source project. there official mailing lists related platform , framework level development. different rom-projects may have useful info on sites such cyanogenmod wiki.

then reply specific question how permissions implemented in framework. there no specific component handles checks, each service provider in framework need perform permission check before allowing service phone call go through. there 2 of import pieces involved in such check, bundle manager in scheme server , binder ipc mechanism. bundle manager os component handles installation of applications. parse androidmanifest.xml file @ installation, prompt user permissions , maintain registry of permissions specific app holds. based on thought each application runs own linux user id. each uid there list of permissions.

the sec part binder inter-process communication mechanism. binder object oriented way of performing ipc implements security features. of import 1 related permissions makes possible receiving end of ipc phone call check uid of caller. service protected permission have binder interface , 2 things every request receives. first phone call binder uid of caller , phone call scheme server providing uid , permission check if has been granted. if check ok go on , execute service phone call otherwise raise security exception.

if take in source code, starting simple phone call vibrator service. (all code below copyright android open source project under apache 2.0 license).

public void vibrate(long milliseconds, ibinder token) { if (mcontext.checkcallingorselfpermission(android.manifest.permission.vibrate) != packagemanager.permission_granted) { throw new securityexception("requires vibrate permission"); }

the implementation framework level permissions checks belongs context class , more have contextimpl.java file where

@override public int checkcallingorselfpermission(string permission) { if (permission == null) { throw new illegalargumentexception("permission null"); } homecoming checkpermission(permission, binder.getcallingpid(), binder.getcallinguid()); } @override public int checkpermission(string permission, int pid, int uid) { if (permission == null) { throw new illegalargumentexception("permission null"); } seek { homecoming activitymanagernative.getdefault().checkpermission( permission, pid, uid); } grab (remoteexception e) { homecoming packagemanager.permission_denied; } }

this phone call through binder activitymanagerservice end in:

/** * public entry point permissions checking, method * can enforce semantic requesting check on null global * permission automatically denied. (internally null permission * string used when calling {@link #checkcomponentpermission} in cases * when uid-based security needed.) * * can called or without global lock held. */ public int checkpermission(string permission, int pid, int uid) { if (permission == null) { homecoming packagemanager.permission_denied; } homecoming checkcomponentpermission(permission, pid, uid, -1, true); } /** * can called or without global lock held. */ int checkcomponentpermission(string permission, int pid, int uid, int owninguid, boolean exported) { // might performing operation on behalf of indirect binder // invocation, e.g. via {@link #opencontenturi}. check , adjust // client identity accordingly before proceeding. identity tlsidentity = scalleridentity.get(); if (tlsidentity != null) { slog.d(tag, "checkcomponentpermission() adjusting {pid,uid} {" + tlsidentity.pid + "," + tlsidentity.uid + "}"); uid = tlsidentity.uid; pid = tlsidentity.pid; } // root, scheme server , our own process everything. if (uid == 0 || uid == process.system_uid || pid == my_pid) { homecoming packagemanager.permission_granted; } // if there uid owns whatever beingness accessed, has // blanket access regardless of permissions requires. if (owninguid >= 0 && uid == owninguid) { homecoming packagemanager.permission_granted; } // if target not exported, nobody else can it. if (!exported) { slog.w(tag, "permission denied: checkcomponentpermission() owninguid=" + owninguid); homecoming packagemanager.permission_denied; } if (permission == null) { homecoming packagemanager.permission_granted; } seek { homecoming appglobals.getpackagemanager() .checkuidpermission(permission, uid); } grab (remoteexception e) { // should never happen, if does... deny! slog.e(tag, "packagemanager dead?!?", e); } homecoming packagemanager.permission_denied; }

the phone call bundle manager checkuidpermission perform lookup match uid tables of granted permissions. if want go on tracing source relevant file packagemanagerservice.java.

if doing study sense free dive right in code in frameworks/base/ in open source project. files mentioned above in there. follow build instructions , should able test changes using emulator. if not want modify core framework files take @ sample in /device/sample on how framework extensions. said of permission related apis available application level may successful having application provides service , own permission checking on that.

android android-source android-framework