A device may be configured with a security infrastructure that controls access to resources, applications, etc. Currently on mobile devices, trust is assigned to individual applications based on code identity. A security infrastructure determines what applications may run on the device, what applications can be locked out, what applications can be run in what context, and what resources such application can access. Current trust levels include “trusted”, “normal”, and “untrusted” for unsigned modules. An application or a module can be signed with a trusted certificate or a certificate that chains to a trusted certification store. In this case, that module is considered to be trusted and as such, any code in that module has access to all the privileged APIs and resources on the system. Trust decisions are based on the caller's application trust level.
However, there are several problems with the current security model mentioned above. When a thread migrates through multiple protected server library (PSL) servers in the system, it is possible that an immediate calling process in the call chain has permission to access a system resource, but examine of the entire call chain context may reveal that the resource should not be accessible. Such security cannot be enforced if the security decisions are always based solely on the immediate caller's context. Also, the current security model does not provide for impersonating a different identity where a low privileged application calls into a system service, wherein the system service is asked to process the request based either on the caller's context or on its own context. Still further, for asynchronous access requests, the current security model does not provide for security checks in a secondary thread where a caller context might not be fully available.
It is respect to these and other considerations the present invention has been made.