Re: [android-developers] Why explicit need for Permissions to be specified in Manifest File

> As for the various static analysis comments in the thread, in the denial
> role its quite weak as self-modifying code will hide possibilities from it.
>  As a granting mechanism in the context of the present "everything not
> explicitly granted is denied" model, it could work in the sense of being
> secure in that anything too obscure in its construct would not be granted
> and would simply result in failure (errors or exceptions which would be
> caught or cause crashes).  But I fail to see how this is superior to
> declaring what you want.  Someone who does think it is superior is welcome
> to package their static analysis algorithm as a tool which will scan your
> code base and automatically generate a manifest file...
>

The stowaway tool previous mentioned does tell you (in an approximate
sense) what you need. Sure, it doesn't handle all reflection well,
and maybe not get all instances of content providers, etc... But I
believe that the majority of apps won't do lots of reflection or
obscure string manipulations to content providers. (Obviously there
will be some, as you point out, which is why permissions weren't
inferred in the first place..)

kris

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en