Xiaomi Redmi Note 8 128Gb+6Gb Dual LTE [115/132] Uid and process isolation
Макгруп McGrp.ru
Задайте вопрос
Зарегистрироваться

Xiaomi Redmi Note 8 128Gb+6Gb Dual LTE [115/132] Uid and process isolation

Xiaomi Redmi Note 8 128Gb+6Gb Dual LTE [115/132] Uid and process isolation
subset of the explicitly whitelisted permissions for each app. The AOSP implementation
meets this requirement by reading and honoring the whitelisted permissions for each app
from the files in the etc/permissions/ path and using the system/priv-app path as the privileged
path.
Permissions with a protection level of dangerous are runtime permissions. Applications with
targetSdkVersion > 22 request them at runtime.
Device implementations:
[C-0-3] MUST show a dedicated interface for the user to decide whether to grant the
requested runtime permissions and also provide an interface for the user to manage
runtime permissions.
[C-0-4] MUST have one and only one implementation of both user interfaces.
[C-0-5] MUST NOT grant any runtime permissions to preinstalled apps unless:
The user's consent can be obtained before the application uses it.
The runtime permissions are associated with an intent pattern for which the
preinstalled application is set as the default handler.
[C-0-6] MUST grant the android.permission.RECOVER_KEYSTORE permission only to system
apps that register a properly secured Recovery Agent. A properly secured Recovery Agent
is defined as an on-device software agent that synchronizes with an off-device remote
storage, that is equipped with secure hardware with protection equivalent or stronger than
what is described in Google Cloud Key Vault Service to prevent brute-force attacks on the
lockscreen knowledge factor.
If device implementations include a pre-installed app or wish to allow third-party apps to access the
usage statistics, they:
[SR] are STRONGLY RECOMMENDED provide user-accessible mechanism to grant or
revoke access to the usage stats in response to the
android.settings.ACTION_USAGE_ACCESS_SETTINGS intent for apps that declare the
android.permission.PACKAGE_USAGE_STATS permission.
If device implementations intend to disallow any apps, including pre-installed apps, from accessing
the usage statistics, they:
[C-1-1] MUST still have an activity that handles the
android.settings.ACTION_USAGE_ACCESS_SETTINGS intent pattern but MUST implement it as
a no-op, that is to have an equivalent behavior as when the user is declined for access.
9.2. UID and Process Isolation
Device implementations:
[C-0-1] MUST support the Android application sandbox model, in which each application
runs as a unique Unixstyle UID and in a separate process.
[C-0-2] MUST support running multiple applications as the same Linux user ID, provided
that the applications are properly signed and constructed, as defined in the Security and
Permissions reference .
9.3. Filesystem Permissions
Device implementations:
Page 115 of 132

Содержание

Похожие устройства

Скачать