Newbi

by shaunak saha » Wed, 28 Jan 2009 20:30:38 GMT


Sponsored Links
 Hi All,

I am a completely  newbie with the android platform and to explore and know
about the security framework in android. I have just
downloaded the source code,build and run the emulator in ubuntu.

I have been working in SELinux for last few months.
 http://code.google.com/android/devel/security.html i got that security here 
is in process level,that every application runs in a sandboxed environment.I
have two questions(maybe they are too basic to ask,sorry for that)

1.Is there any security when some application wants to make a system call?
2.Which module in android source code is responsible for security
enforcement(want to know where to start with in order to know about android
security)?

Could anyone help me?

Regards,
Shaunak



Newbi

by Alex Stamos » Wed, 28 Jan 2009 21:02:47 GMT


 Shaunak-

My colleague, Jesse Burns wrote a very good overview of the Android security 
model, which should cover most of your questions:

 http://www.isecpartners.com/files/iSEC_Securing_Android_Apps.pdf 

Let me know if you have any more questions after reading this doc.

   -Alex


---------------------------
From: android-security-discuss@googlegroups.com 
[mailto:android-security-disc...@googlegroups.com] On Behalf Of shaunak saha
Sent: Wednesday, January 28, 2009 11:55 AM
To: android-security-discuss@googlegroups.com
Subject: [android-security-discuss] Newbie

Hi All,

I am a completely newbie with the android platform and toexploreand know 
about the security framework in android. I have just 
downloaded the source code,build and run the emulator in ubuntu.

I have been working in SELinux for last few months. 

1.Is there any security when some application wants to make a system call?
2.Which module in android source code is responsible for security 
enforcement(want to know where to start with in order to know about android 
security)?

Could anyone help me?

Regards,
Shaunak


Sponsored Links


Newbi

by Andi Latte » Mon, 02 Feb 2009 17:31:32 GMT


 Hi,

i guess you need to clarify your questions first. If your working on the 
Java/Android layer, then the document of Alex might help you. If you are 
interested in the linux layer, you might first add an appropriate tool 
for following system calls on the emulator in order to see which 
components are affected when making certain calls (e.g. strace worked 
well for us).

If you are trying to port SELinux to Android, i have already seen some 
some limited but successful attempt on a "rooted" G1.

BR,
Aubrey




>



Newbi

by shaunak saha » Tue, 03 Feb 2009 06:34:33 GMT


 Hi,

I m interested in linux layer.But still that document send by Alex was a
great help,as it gave a nice overview of the security framework in Java
layer in android.Thanks Alex for that.



This will be a good solution.It would be a great help if you tell me how to
add strace tool in android environment.


Wanted to try this also(maybe later after i get a bit clear understanding of
the present framework). Yeah, I also found some information about those
successful porting work in google.I wanted to try in emulator environment.

Thanks for your help.

Regrads,
Shaunak



On Mon, Feb 2, 2009 at 5:56 PM, Andi Latte



>



Newbi

by Andi Latte » Tue, 03 Feb 2009 15:56:50 GMT


 i hope, this document can help you with this issue (esp. section 4):

 http://www.dai-labor.de/fileadmin/files/publications/lk2008-android_security.pdf 

if there are any open questions, please dont hesitate to write an email.

BR,
Aubrey





>



Other Threads

1. Crippling widget bug still present in 2.0, is a comment on this possible?

I don't know the priorities of the android team but to me this looks
like a really significant bug.

As reported here:

http://code.google.com/p/android/issues/detail?id=2539&q=Widget&colspec=ID%20Type%20Status%20Owner%20Summary%20Stars

and here:

http://code.google.com/p/android/issues/detail?id=3696&q=Widget&colspec=ID%20Type%20Status%20Owner%20Summary%20Stars

and a few other places in different wording.

Apart from it not working anything like the documentation specifies,
it disables two methods in the widget provider class, creates
potentially huge redundancies/wasted cpu usage and pretty much makes
any widget that uses a config activity a bad piece of software.
Further yet, the problem with screen real estate failures (first link,
my post) applies to ALL widgets, config activity or not. The entire
widget framework is effected by these limbo widgets and it seems like
something really small, perhaps a few lines of code to fix,
considering you display Toasts and other things, the failure paths are
already known, should it not just unbind these widget ids on failure?

Also as a small suggestion, considering you know the minimum
dimensions of the widgets before they're added, widgets could not even
be shown or grayed out if the screen can not accommodate them. I
notice the "Add" in the Menu does this but only when the screen is
completely full, if there is any space left, a larger widget can still
be chosen to add, even though it's guaranteed to fail.

Thanks.
--~--~---------~--~----~------------~-------~--~----~

2. Nebudroid..

guys cekitdot..

http://www.nebudroid.com/videos.htm

Nebudroid is a funny way to interact with PC games and simulators using the
accelerometer and the new multitouch capabilities. You can drive a car using
the phone as a steering wheel (with gears for manual transmission), you can
play Mario with a NES controller, or you can jump with the mobile in the
pants pocket and Mario will move with you.

The software is tested in a HTC Hero, and soon will be tested in more
Android devices.
The software will be continuosly updated, and I'm working in a improved
version that has more new features.

--~--~---------~--~----~------------~-------~--~----~
Google Groups "Indonesian Android Community [id-android]" group.

To post to this group, send email to id-android@googlegroups.com

To request to subscribe to this group, please visit the following page:
 

3. Why do screenshot utilities require rooting?

4. Programmatically Add Dedicated Key/Shortcut/Quick Launch of an Application

5. Cara unlock htc mytouch

6. How to build Android emulator for special platform?

7. Screenshot app di Android