Monday, May 9, 2016

google play store - How much privileged GMS Core is in the Android Stack?


The GMS Core has a ton of capabilities and doesn't seem to perform like a typical application (as in an Application living in the 'Applications' layer shown below). I would assume it would have more privileges and potentially live in the Android Framework layer or the same place as the 'Core Libraries' mention. However, I noticed a u0_a12 UID (not root or system) was attached to the com.google.android.gms process indicating that it's a user owned application. Can someone elaborate on this a little?



Android Stack



Answer



Android reserves UID range 10000 to 19999 for apps - user, system or framework. u0_a12 doesn't indicate a user owned application, it simply means UID 10012 which can be assigned to any app. On Android every app is assigned a unique non-zero UID. No app can run with root privileges, including system apps.


UID 0 (root) is the privileged user in Discretionary Access Control (DAC) but be noted that even a process running with UID 0 can be non-privileged or one with non-zero UID can be privileged. Refer to Linux capabilities, particularly Ambient Capabilities.


However Android's Java framework doesn't rely directly on DAC very much, it has its own privilege control mechanism through permissions e.g. Storage, Camera, Internet etc. Manifest permissions have different Protection Levels. Some are granted without asking user, some others require user's approval to be granted or denied and some are reserved only for system use. For more details please see this answer.


Google Mobile Services (GMS) make use of both; application layer and some features only available to framework/system/privileged apps. For instance Play Services has android.permission.INTERNET which is granted to every app that requests for it. But it also has android.permission.READ_LOGS (1) which has protection level signature|privileged and can't be granted to user installed apps. Similarly GMS Core has unrestricted internet access even in Data Saver and Battery Saver modes (2) which is also possible only for framework apps.




RELATED:



No comments:

Post a Comment

samsung galaxy s 2 - Cannot restore Kies backup after firmware upgrade

I backed up my Samsung Galaxy S2 on Kies before updating to Ice Cream Sandwich. After the upgrade I tried to restore, but the restore fails ...