Android

Question 1

What is a Service in Linux?

Answer 1

In Linux a service is just another name for a daemon, which is a client / server application that runs in the background. A service is continuously listening for incoming requests and sends a response based on the request given.

A Linux service is an application (or set of applications) that runs in the background waiting to be used, or carrying out essential tasks. I’ve already mentioned a couple of typical ones (Apache and MySQL). You will generally be unaware of services until you need them. …

Question 2

What is a Process in Linux?

Answer 2

A process is simply an application or a script which can be running in the foreground or the background.

Processes carry out tasks within the operating system. A program is a set of machine code instructions and data stored in an executable image on disk and is, as such, a passive entity; a process can be thought of as a computer program in action.

Question 3

What are the four main components of Android apps?

Answer 3

Activities
Services
Content Providers
Broadcast Receivers

Question 4

A single focused thing a user can do. They are the main building blocks of Android GUI applications.

Answer 4

Activity

Question 5

A component that runs in the background and has no user interface. Typically used to perform some long-running operation, without blocking the user interface. (like downloading a file or playing music).

Answer 5

Service

Question 6

What;s the difference between a system service and an application service?

Answer 6

System services, which are part of the OS, are always running.

App services are started and stopped on demand.

Question 7

Content Providers

Answer 7

An interface to app data, which is typically stored in a database or files.
Accessed via IPC
Mainly used to share data with other apps.

Question 8

What is a Broadcast Receiver?

Answer 8

An app component that responds to system-wide events call broadcasts.

Question 9

What is a broadcast?

Answer 9

A system-wide event that can originate from the system of from an app.

System ex. - Announcing changes in network connectivity.

App ex. - Announcing that background data update has completed.

Question 10

What is Binder?

How does it work?

Answer 10

An IPC mechanism.

Binder manages address space of each process. Acts as a middle-man.

inter-process communication (IPC)

Question 11

How does Binder prevent privilege escalation?

Answer 11

Binder automatically adds process ID (PID) and user ID of the calling process to the transaction data.

Identity can’t be faked because the kernel provides the PID and UID.

Question 12

What is an Intent?

Answer 12

Commands with associated data that are delivered to components across process.

Built on top of binder.

Question 13

What is a contentprovider (component)?

Answer 13

Components that expose a cross-process data management interface.

Built no top of binder.

Question 14

What is SELinux?

Answer 14

It’s a MAC implementation of the Linux kernel.

Security Enhanced Linux

Question 15

What does Mandatory Access Control do?

Answer 15

MAC ensures that access to resources conforms to a system-wide set of authorization rules called a policy.

Question 16

What is DAC and how does it differ from MAC?

Answer 16

Discretionary access control.

Once a user gets access to a particular resource, they can pass it on to another user at their discretion.

Question 17

How is SELinux used in Android?

Answer 17

Enforcing mode for core system daemons (policy violations cause runtime errors)

Apps are run in permissive mode (violations are logged only.)

Question 18

What are the 4 main permission types?

Answer 18

Normal
Dangerous
Signature
signatureOrSystem

Question 19

How do apps request permissions?

Answer 19

Add one or more tags to their AndroidManifest.xml file.

Question 20

When are app permissions checked?

Answer 20

At runtime as of Android 6.0

Dangerous permissions must be authorized by the user at runtime?

Question 21

What enforces app permissions and how?

Answer 21

The Package Manager

It has the UID and permissions of the app from the kernel.

A service can check if a service caller has been granted a certain permission by querying the Package Manager service.

Question 22

What is an explicit intent?

Answer 22

Description of an operation that needs to be performed that fully specifies the target components.

Question 23

What is an implicit intent?

Answer 23

Description of an operation that needs to be performed but that lets the system find a matching component.

(System looks and if there’s more than one matching component, the user is presented with a selection dialog)

Question 24

How are permissions enforced for intents?

Answer 24

The system checks the intent’s (service caller’s) permissions to see if they match the target component’s declared permissions.

Question 25

How are broadcast permission’s enforced?

Answer 25

The permission check is performed when delivering the intent to registered receivers.

Might require two permission checks:

• one for the broadcast sender (if receiver specified permission.)
• one for the broadcast receiver (if the sender specified permissions.)

Because broadcasts are asynchronous, no permission check is performed when calling this method.

Question 26

Are broadcasts delivered to all components?

Answer 26

No. Only to components that registered as broadcast receivers.

Question 27

What are protected broadcasts?

Answer 27

Broadcasts that can only be sent by root and a few system processes.

Question 28

System applications use signature permissions, signed by the _________ key.

Answer 28

Platform key

Question 29

Can apps create custom permissions? If so, how?

Answer 29

Yes. Applications using the same certificate can use customer permissions. The app that defines the customer permission has to be installed first so the system can enforce it. (Can’t enforce what you don’t know exists.)

Question 30

Does an application have to show everything that is available in it?

Answer 30

No. Components can be defined in the AndroidManifest.xml as public or private.