android 权限

1.AID

Android系统沿用了Ｌｉｎｕｘ的UID/GID权限模型，但并没有使用传统的passws和group文件来存储用户和用户组的认证凭据，作为代替，Android定义了从名称到Android ID(AID) 的映射表。system/core/include/private/android_filesystem_config.h

#define AID_ROOT             0  /* traditional unix root user */


#define AID_SYSTEM        1000  /* system server */


#define AID_RADIO         1001  /* telephony subsystem, RIL */
#define AID_BLUETOOTH     1002  /* bluetooth subsystem */
#define AID_GRAPHICS      1003  /* graphics devices */
#define AID_INPUT         1004  /* input devices */
#define AID_AUDIO         1005  /* audio devices */
#define AID_CAMERA        1006  /* camera devices */
#define AID_LOG           1007  /* log devices */
#define AID_COMPASS       1008  /* compass device */
#define AID_MOUNT         1009  /* mountd socket */
#define AID_WIFI          1010  /* wifi subsystem */
#define AID_ADB           1011  /* android debug bridge (adbd) */
#define AID_INSTALL       1012  /* group for installing packages */
#define AID_MEDIA         1013  /* mediaserver process */
#define AID_DHCP          1014  /* dhcp client */
#define AID_SDCARD_RW     1015  /* external storage write access */
#define AID_VPN           1016  /* vpn system */
#define AID_KEYSTORE      1017  /* keystore subsystem */
#define AID_USB           1018  /* USB devices */
#define AID_DRM           1019  /* DRM server */

2.Android 权限

权限至用户组的映射表存储在/etc/permissions/platform.xml文件中。

<permissions>

 <!--

 ================================================================== 

  -->

 <!--

 ================================================================== 

  -->

 <!--

 ================================================================== 

  -->

 <!--

 The following tags are associating low-level group IDs with         permission names.  By specifying such a mapping, you are saying         that any application process granted the given permission will         also be running with the given group ID attached to its process,         so it can perform any filesystem (read, write, execute) operations         allowed for that group. 

  -->

- <permission name="android.permission.BLUETOOTH_ADMIN">

  <group gid="net_bt_admin" />

  </permission>

- <permission name="android.permission.BLUETOOTH">

  <group gid="net_bt" />

  </permission>

- <permission name="android.permission.BLUETOOTH_STACK">

  <group gid="net_bt_stack" />

  </permission>

- <permission name="android.permission.NET_TUNNELING">

  <group gid="vpn" />

  </permission>

- <permission name="android.permission.INTERNET">

  <group gid="inet" />

  </permission>

- <permission name="android.permission.READ_LOGS">

  <group gid="log" />

  </permission>

- <permission name="android.permission.WRITE_MEDIA_STORAGE">

  <group gid="media_rw" />

  <group gid="sdcard_rw" />

  </permission>

- <permission name="android.permission.ACCESS_MTP">

  <group gid="mtp" />

  </permission>

- <permission name="android.permission.NET_ADMIN">

  <group gid="net_admin" />

  </permission>