Android Sandboxing and Permission Model
The Android OS versions 4.2 and earlier were based on the Discretionary Access Control (DAC) with Sandboxing model. I will explain here how the security was designed with this initial approach and shortcomings associate with DAC.
The Android kernel is a modified version of Linux Kernel in order to adopt the specific requirements of a mobile device. The multi-user system used in desktop Linux is adopted to Android as each application as a unique user. Thus the user based isolation is followed as application based isolation with Android . Consequently, each application has got a unique UserID (UID). With the isolation, each application is run within its own Dalivk VM and within its own process.
By default, an application process runs within this sandbox can only access its own private data. Thus inter-application communication is not allowed by default.
However, applications may required to access other system resources. For instance GPS, Network, Bluetooth, Contacts, etc. In order to access these resources application will have to go through the permission model. The owner of the system resources is the device user. According to the Discretionary Access Control (DAC), the owner of the resource controls access permissions related to it. Thus, a permission request list will be prompted at the installation time of the application for the user or the device owner to accept it or denied. Once the application granted the permissions they can have access to particular set of system resources.
Shortcomings of DAC
If somehow malicious application got the root access, which is also called su, superuer or UID=root, then the sandboxing model can be easily bypassed and it is no longer applicable. Because with this security model super user or root user has given absolute power over the device.Thus can access any system resource and even resources belong to the other 3-rd party applications. Moreover, it can perform all privilege actions including;
-read, write private files of any app.
-Can read, write or change permission bits of any file/directry
-Kill any process, change system configurations, starting/stopping system services
-Remove core system apps etc.
In the next post I will explain how the Security Enhanced Linux was adopted to Android to further improve the security of the OS.
Cheers !! 🙂