移动互联网技术-Android安全 苏锐丹
移动互联网技术-Android安全 苏锐丹
Android software stack Applications System apps User apps Launcher2 Phone Evernote Feedly Browser Settings Chrome Dropbox Contacts Facebook Application Framework Java core libraries Android Framework Libraries PowerManager PackageManager ResourceManager Apache ContentProviders LocationManager Harmony Binder System Services PowerManager PackageManager Battery Service service ActivityManager Connectivity rvice Daivik VM/Android Runtime Zygote Native Userspace Hardware Abstraction Native Layer Libraries Linux Kernel Ashmem Wakelocks Logger Binder (IPC) Driver Camera driver Audio driver Display driver
Android software stack
the green blocks correspond to the components developed in C/C++ the blue cohere with the ones implemented in Java. Apache version 2.0 License GNU GPL version 2 license(linux kernel)
◼ the green blocks correspond to the components developed in C/C++ ◼ the blue cohere with the ones implemented in Java. ◼ Apache version 2.0 License ◼ GNU GPL version 2 license(linux kernel)
Kernel changes Binder Ashmem ■Vakelocks
Kernel changes ◼ Binder ◼ Ashmem ◼ Wakelocks
Native userspace Hardware Abstraction Layer a very different approach to support new hardware Android define an API that is used by upper layers to interact with this type of hardware Init/toolbox Native daemons ■Native libraries
Native userspace ◼ Hardware Abstraction Layer a very different approach to support new hardware Android define an API that is used by upper layers to interact with this type of hardware ◼ Init/toolbox ◼ Native daemons ◼ Native libraries
Application framework Dalvik Zygote,accelerate the process initialization procedure Java Core Libraries ■System Services basic mobile operating system functionality(PackageManagerService......) ▣JNI Application Framework Libraries
Application framework ◼ Dalvik Zygote, accelerate the process initialization procedure ◼ Java Core Libraries ◼ System Services basic mobile operating system functionality(PackageManagerService……) JNI ◼ Application Framework Libraries
Android applications ■System Applications Applications from numerous app markets
Android applications ◼ System Applications ◼ Applications from numerous app markets
an adversary app should not harm the operating system resources,the user and other applications ▣Linux kernel level Application Framework level
◼ an adversary app should not harm the operating system resources, the user and other applications Linux kernel level Application Framework level
Application Sandbox ■ enforces the isolation of applications and operating system components process separation and Discretionary Access Control over network sockets and filesystem assigning each application a separate Unix user(UID)and group(GID)identifiers running each application in a separate Linux process
Application Sandbox ◼ enforces the isolation of applications and operating system components process separation and Discretionary Access Control over network sockets and filesystem assigning each application a separate Unix user (UID) and group (GID) identifiers running each application in a separate Linux process
App 1 App 2 Applications IPC MAC Android Middleware FileSystem DAC Linux Socket DAC Kernel