what 's difference between android system user and linux root user

Question

When I connect my phone to a computer and use adb shell command to communicate with my phone and input ps command to output processes info that currently run on my phone, I find two special users: one is root, the other is system.

As far as I know, Android is based on linux, so the root user is the biggest authority user. However I'm confused about the system user. Maybe I can consider it as a normal user in Linux system, but it is special in Android: it has a lot of permissions related to Android.

Can someone tell me the real difference between root user and system user, and why Android need to add a system user?

Answer 1

As far as Linux is concerned, the system user is just a regular user (UID 1000). Android services however give it special permissions and you can get access to pretty much anything. Most services have code like this somewhere:

private static final void enforceSystemOrRoot(String message) {
    final int uid = Binder.getCallingUid();
    if (uid != Process.SYSTEM_UID && uid != 0) {
        throw new SecurityException(message);
    }
}

What that does is deny access to anyone who is not root or system. The shell user (UID 2000) (what you get when doing adb shell) is another user with a lot of power (member of many groups). Cf.

system:

 $ su 1000
 $ id
 uid=1000(system) gid=1000(system)
 groups=1003(graphics),1004(input),1007(log),1009(mount),
 1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),
 3002(net_bt),3003(inet),3006(net_bw_stats)

shell:

$ adb shell
shell@android:/ $ id
uid=2000(shell) gid=2000(shell)   
groups=1003(graphics),1004(input),1007(log),1009(mount),
1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),
3002(net_bt),3003(inet),3006(net_bw_stats)

Android uses a separate user for every app, and system services also have their dedicated users (media, radio, wifi, etc.). Very few things run as root (mostly native daemons).