GitBook: [master] one page modified
This commit is contained in:
CPol
gitbook-bot
parent
f735b700ee
commit
59569f22c6
|
|
@ -18,7 +18,7 @@
|
|||
|
||||
### Sandboxing
|
||||
|
||||
The **Android Application Sandbox** allows to run **each application** as a **separate process under a separate user ID**.
|
||||
The **Android Application Sandbox** allows to run **each application** as a **separate process under a separate user ID**. Each process has its own virtual machine, so an app’s code runs in isolation from other apps.
|
||||
From Android 5.0\(L\) **SELinux** is enforced. Basically, SELinux denied all process interactions and then created policies to **allow only the expected interactions between them**.
|
||||
|
||||
### Permissions
|
||||
|
|
@ -332,7 +332,9 @@ The **`grant-uri-permission`** has three attributes: path, pathPrefix and pathPa
|
|||
* **pathPrefix**: Allows to specify the beginning of the path
|
||||
* **pathPattern**: Allows the use of wildcards and symbolic replacements to gain more granular control.
|
||||
|
||||
It's important to validate and sanitise the received input to avoid potential vulnerabilities like SQL injection.
|
||||
It's **important to validate and sanitise the received input** to avoid potential vulnerabilities like SQL injection.
|
||||
|
||||
**Content Provider features:**
|
||||
|
||||
* Content Provider component supplies data from one application to others on request.
|
||||
* You can store the data in the file system, an SQLite database, on the web, or any other persistent storage location your app can access.
|
||||
|
|
@ -371,17 +373,7 @@ Sharing something like **`path="."`** could be **dangerous** even if the provide
|
|||
You could **access** an **image** inside that folder with `content://com.example.myapp.fileprovider/myimages/default_image.jpg`asd
|
||||
[More information about FileProviders here](https://developer.android.com/training/secure-file-sharing/setup-sharing).
|
||||
|
||||
#### <a id="services"></a>
|
||||
|
||||
####
|
||||
|
||||
####
|
||||
|
||||
####
|
||||
|
||||
###
|
||||
|
||||
### WebViews
|
||||
## WebViews
|
||||
|
||||
WebViews are effectively **web browsers** embedded into Android Apps.
|
||||
WebViews content can be pulled from remote sites or can be files included in the app.
|
||||
|
|
@ -408,25 +400,17 @@ By default, local files can be accessed by WebViews via file:// URLs, but there
|
|||
* The method **`setAllowFileAccess`** indicates if a path from a `file://` URL should be able to access the content from other file scheme URLs.
|
||||
* The method **`setAllowUniversalAccessFromFileURLs`** indicates if a path from a `file://` URL should be able to access content from any origin.
|
||||
|
||||
### Other App components
|
||||
## Other App components
|
||||
|
||||
**Application Signing**
|
||||
### **Application Signing**
|
||||
|
||||
* Android requires that all apps be digitally signed with a certificate before they can be installed. Android uses this certificate to identify the author of an app.
|
||||
* To run application on the device ,it should be signed.When application is installed on to an device then package manager verifies that whether the application has been properly signed with the certificate in the apk file or not.
|
||||
* Android requires that **all apps be digitally signed with a certificate** before they can be installed. Android uses this certificate to identify the author of an app.
|
||||
* To run application on the device, it should be signed.When application is installed on to a device the **package manager verifies** that whether the application has been properly signed with the certificate in the apk file or not.
|
||||
* Application can be self signed or can be signed through CA.
|
||||
* Application signing ensures that one application can’t access any other application except through well-defined IPC and also that it is passed unmodified to the device.
|
||||
|
||||
**Application Verification**
|
||||
### **Application Verification**
|
||||
|
||||
* Android 4.2 and later support application verification. Users can choose to enable “Verify Apps” and have applications evaluated by an application verifier prior to installation.
|
||||
* App verification can alert the user if they try to install an app that might be harmful; if an application is especially bad, it can block installation.
|
||||
|
||||
**Android Sandbox**
|
||||
|
||||
Once installed on a device, each Android app lives in its own security sandbox: – The Android operating system is a multi-user Linux system in which each app is a different user.
|
||||
|
||||
* By default, the system assigns each app a unique Linux user ID \(the ID is used only by the system and is unknown to the app\). The system sets permissions for all the files in an app so that only the user ID assigned to that app can access them.
|
||||
* Each process has its own virtual machine \(VM\), so an app’s code runs in isolation from other apps.
|
||||
* By default, every app runs in its own Linux process. Android starts the process when any of the app’s components need to be executed, then shuts down the process when it’s no longer needed or when the system must recover memory for other apps.
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue