AOSP: How to restrict app accessing Camera, Location?

别来无恙 提交于 2020-01-05 12:29:29

问题


I'm trying to restrict apps in Android by modifying source code. I was able to get it working for Internet, but I was not able to restrict apps from using Camera or Location?

Internet permission is enforced at linux process level with group-id. But I Camera/Location are not enforced the same way.

So I want to know what is the best place to restrict the apps for these permissions. Are checkCallingPermission() enforceCallingPermission() methods the right ones?


回答1:


Yes, you're right. In these methods you can put your hooks where you will check if a permission should be restricted for an application. We did similar check when we were implementing CRePE (enter link description here).




回答2:


I may be wrong but it looks like you are trying to reinvent the bicycle. The correct way to go about this would be to use SEAndroid:

http://selinuxproject.org/page/SEAndroid

What you are trying to do is one of many security enhancements offered and you would not need to modify source code every time you need to change something, just update the security policy. Specifically, Middleware MAC would do the trick.



来源:https://stackoverflow.com/questions/22975353/aosp-how-to-restrict-app-accessing-camera-location

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!