[rsyslog-notify] Forum Thread: Re: ERROR: imuxsock cannot create /dev/log - (Mode 'reply')

noreply at adiscon.com noreply at adiscon.com
Thu Feb 27 02:06:23 CET 2014 

User: dlang 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24265#p24265

Message: 
----------
Ok, with android there are other permission checks to worry about, it runs
each app as a different user. If you don't start off as root, you won't be
able to switch to another user. If you start it with the debug flag on the
command line you may get some other error details.

<!-- m --><a class="postlink"
href="http://developer.android.com/guide/topics/security/permissions.html">http://developer.android.com/guide/topi
... sions.html</a><!-- m -->

User IDs and File Access
At install time, Android gives each package a distinct Linux user ID. The
identity remains constant for the duration of the package's life on that
device. On a different device, the same package may have a different UID;
what matters is that each package has a distinct UID on a given device.

Because security enforcement happens at the process level, the code of any
two packages cannot normally run in the same process, since they need to
run as different Linux users. You can use the sharedUserId attribute in the
AndroidManifest.xml's manifest tag of each package to have them assigned
the same user ID. By doing this, for purposes of security the two packages
are then treated as being the same application, with the same user ID and
file permissions. Note that in order to retain security, only two
applications signed with the same signature (and requesting the same
sharedUserId) will be given the same user ID.

Any data stored by an application will be assigned that application's user
ID, and not normally accessible to other packages. When creating a new file
with getSharedPreferences(String, int), openFileOutput(String, int), or
openOrCreateDatabase(String, int, SQLiteDatabase.CursorFactory), you can
use the MODE_WORLD_READABLE and/or MODE_WORLD_WRITEABLE flags to allow any
other package to read/write the file. When setting these flags, the file is
still owned by your application, but its global read and/or write
permissions have been set appropriately so any other application can see
it.

More information about the rsyslog-notify mailing list