问题
If I call socket() function in JNI C methods, the application will still fail with a permission error. And if I put a uses-permission line in AndroidManifest.xml, the problem is fixed.
So it seems Android permission check is not implemented in Dalvik virtual machine since I'm calling a native C function and still gets checked. I would like to know how where check is performed, in Android kernel, or the application is traced with something like ptrace to intercept every system call, or any other way. Many thanks.
回答1:
The checks are performed by the Linux kernel, using group membership to determine access rights.
If you look in the zygote fork code in the VM you can see it using setgroups() to set the supplementary groups IDs. If you chase it around a bit in the app framework code you can see where it determines the permissions and passes them down to forkAndSpecialize().
回答2:
Native code runs in the same sandbox that SDK apps use and are therefore subject to the same security model as SDK apps.
See Download the Android NDK:
If you write native code, your applications are still packaged into an .apk file and they still run inside of a virtual machine on the device. The fundamental Android application model does not change.
来源:https://stackoverflow.com/questions/5154853/how-is-android-permission-enforced