A formal specification of access control yields a deeper understanding of any operating system, and facilitates performing security analysis of the OS. In this paper, we provide a comprehensive formal specification of access control in Android (ACiA). Prior work is limited in scope, furthermore, recent developments in Android concerning dynamic runtime permissions require rethinking of its formalization. Our formal specification includes three parts, the user-initiated operations (UIOs) and app-initiated operations (AIOs) - which are distinguished based on the initiating entity, and the URI permissions which are utilized in sharing temporary access to data. We also studied the evolution of URI permissions from API 10 (Gingerbread) to API 22 (Lollipop), and a brief discussion on this is included in the paper. Formalizing ACiA allowed us to discover many peculiar behaviors pertaining to ACiA. In addition to that, we discovered two significant issues with permissions in Android which were reported to Google.

访问控制的正式规范可以使您对任何操作系统都有更深入的了解，并有助于执行OS的安全性分析。在本文中，我们提供了Android（ACiA）中访问控制的全面正式规范。先前的工作范围有限，此外，Android中有关动态运行时权限的最新开发要求重新考虑其形式化。我们的正式规范包括三个部分，用户启动操作（UIO）和应用程序启动操作（AIO）-基于启动实体进行区分，以及URI权限（用于共享对数据的临时访问权限）。我们还研究了URI权限从API 10（姜饼）到API 22（棒棒糖）的演变，本文对此进行了简要讨论。规范化ACiA使我们能够发现许多与ACiA相关的特殊行为。除此之外，我们发现了两个重大的Android权限问题，已报告给Google。