Every application in android system is generally being sandboxed, which means applications application one can’t simply access application two and applications three. That’s actually a good feature. Imagine that another applications cloud access to your banking application data.
But how the sandboxing work in Android?
It’s easier than you think. We are in Linux system, therefore android create a new user and assign in to each application have been installed. So every application gets its own User ID. Now you can find out the Linux system simply didn’t let to User A access to User B data.
There are a file located on /etc/permissions/platform.xml. In this file there are some permissions which assigned to groups.
Example:
<?xml version="1.0" encoding="utf-8"?>
<permissions>
<!-- The following tags are associating low-level group IDs with specific permissions -->
<permission name="android.permission.INTERNET" group gid="inet" />
<permission name="com.sec.android.permission.CAMERA" group gid="camera" />
<permission name="android.permission.READ_LOGS" group gid="log" />
<permission name="android.permission.WRITE_MEDIA_STORAGE" group gid="sdcard_rw" group gid="media_rw" />
<permission name="android.permission.ACCESS_MTP" group gid="mtp" />
<permission name="android.permission.NET_ADMIN" group gid="net_admin" />
<!-- ... -->
</permissions>
In this example, the android.permission.INTERNET permission is associated with the inet group, the com.sec.android.permission.CAMERA permission is associated with the camera group, and so on. This file is crucial for maintaining the security of the Android system, as it ensures that only authorized applications and users can access certain system resources.
If any third-party application want to access internet, it should join to the inet group.
Another important path is /data/system/packages.xml which contains information about installed applications, their granted permissions, their code path and etc.
The /data/system/packages.xml file is an important file in the Android operating system that contains information about installed applications and their permissions. It is a well-formed XML file that lists the package names, code paths, native library paths, user IDs, and other metadata for each installed application on the device.
Example:
<package codepath="/data/app/com.project.t2i-2.apk" flags="0" ft="13a837c2068" it="13a83704ea3" name="com.project.t2i" nativelibrarypath="/data/data/com.project.t2i/lib" userid="10040" ut="13a837c2ecb" version="1">
<sigs count="1">
<cert index="3" key="308201e53082014ea0030201020204506825ae300d06092a86" /> <!-- This is signing key -->
</sigs>
<perms>
<!-- List of permissions for the app -->
</perms>
</package>
This example shows a part of the packages.xml file for an application named com.project.t2i. The file contains information about the application's code path, native library path, user ID, and version, as well as the permissions(with granted or not granted state) ****to the application. Modifying this file can have security implications, so it should be done with caution.
<aside> 💡 Custom permission define here too.
</aside>
<aside> 💡 Permission Flag: 0 → Normal Permission. No alert to user. 1 → Dangerous Permission. Showing pop up and asking user to grant the permission.
</aside>
All the android application cloud define their own permissions which if the user grant, the other application access to feature or data on it.
<permission android:label="Allows reading user infroatmion" android:name="com.apphacking.privacy.USER_INFO" android:protectionLevel="dangerous"/>
android:label—> This attribute is a description for users about this permission.android:name—> Other applications should use this name to request for grant.