Transcript Android Intro and ICC Model I

Android
Introduction and ICC
Inter-component communication
Google Android
•
•
•
•
•
•
•
•
First Android handset released in 2008
Open source
Strict Sandboxing
Java Dalvik VM
Java Apps
Lightweight code signing
Permission Framework
App Market (more 100K apps)
The Smartphomania
Source Gartner http://www.gartner.com/newsroom/id/2335616
It’s free!
• Vendors can get Android for free from Google
• You can get it as well
• http://source.android.com/
• You’ll need
• http://www.oracle.com/technetwork/java/javase/downloads/jdk7downloads-1880260.html
• http://developer.android.com/sdk/index.html
• Unzip it and Double click on eclipse.exe
Fragmentation Problem
• Vendors customise the OS in their devices
• Usually a lot of rubbish apps
• The worst: Samsung apps also leak privileges
• http://randomthoughts.greyhats.it/2013/03/owning-samsungphones-for-fun-but-with.html
• However seldom does a vendor push any updates
• Some devices can be 2 or 3 versions behind
• http://theunderstatement.com/post/11982112928/androidorphans-visualizing-a-sad-history-of-support
Heading for Trouble
• The lack of support can lead to vulnerabilities
• Often vendors just ignore vulnerabilities on their software
• Apple does a much better job:
• One single piece of hardware
• One single software image
• Apple also locks you in…
What is under the hood?
•
•
•
•
•
Android is actually middleware
It sits between a Linux kernel and a set of API’s
Android apps are mainly written in Java
Only android apps can run on android
Through the Android API apps can access all the device
components
• It provides apps a rich set of information
Android View
• Android is a set of programs for mobile devices that includes
operating system, middleware and core applications
Applications
• Core platform
• Phone, Browser, Email…
• Third-party
• Applications that are produced by third-party developers
• Yours
Java
Application Framework
• Core platform services
• Activity, Package, Window and Content Providers
• Hardware services
• Telephony, Location, Bluetooth, WiFi, USB, and Sensor Services
Java
Android Native Libraries
• Window
management
• 2D and 3D graphics
• Media codecs
• Font rendering
• Datastorage core
• Web browser core
• Bionic libc
• SSL
C/C++
Android Runtime
Core Libraries
• Data structures, Utilities,
File access, Network
access, and Graphics
Dalvik VM
• Provides application
portability
• Supports multiple
instances
• CPU and memory
optimized to run on
mobile devices
Linux Kernel
Linux features
• Hardware abstraction
layer
• Memory management
• Process management
• Security module
• Networking
Android enhancements
• Power management
• Binder IPC
• Logger
Android App Model
•
•
•
•
Each application runs within an instance of a Dalvik VM (DVM)
Each DVM is mapped in the Linux Kernel with a unique user id
Android supports Inter-process communication (IPC)
A reference monitor mediates IPC calls
Application Components
• Activities
• An activity represents a single screen with a user interface.
• An email app might have one activity that shows a list of new
emails, another activity to compose an email, and another
activity for reading emails.
• Although the activities work together to form a cohesive user
experience in the email app, each one is independent of the others.
• Different apps can start any one of these activities (if the email app
allows it).
• A camera app can start the activity in the email app that composes new
mail, in order for the user to share a picture.
Application Components
• Services
• A service is a component that runs in the background to perform
long-running operations or to perform work for remote
processes.
• A service does not provide a user interface.
• A service might play music in the background while the user is in a
different app, or it might fetch data over the network without
blocking user interaction with an activity.
• Another component, such as an activity, can start the service and let
it run or bind to it in order to interact with it.
Application Components
• Content providers
• A content provider manages a shared set of app data.
• You can store the data in the file system, an SQLite database, on
the web, or any other persistent storage location your app can
access.
• Through the content provider, other apps can query or even
modify the data (if the content provider allows it).
• The Android system provides a content provider that manages the
user's contact information. As such, any app with the proper
permissions can query part of the content provider to read and write
information about a particular person.
• Content providers are also useful for reading and writing data
that is private to your app and not shared.
• The Note Pad sample app uses a content provider to save notes.
Application Components
• Broadcast receivers
• A broadcast receiver is a component that responds to systemwide broadcast announcements.
• Many broadcasts originate from the system
• A broadcast announcing that the screen has turned off, the battery is
low, or a picture was captured.
• Apps can also initiate broadcasts
• To let other apps know that some data has been downloaded to the
device and is available for them to use.
• A broadcast receiver is just a "gateway" to other components and
is intended to do a very minimal amount of work.
• It might initiate a service to perform some work based on the event.
Additional Components
• Views
• Views are objects that know how to draw themselves to the screen
• Each activity is made up of a set of views grouped together within a
layout
• Intents
• These are objects used to send messages across the whole Android
system
• They are used to broadcast messages, start an Activity, or start a
Service
• The system interprets the intent and determines the target that will
perform any actions as appropriate
• Notifications
• Used in an application to alert users to certain events without having
a visible activity
• When a service finishes downloading a file from the Internet, it can alert
the user by a notification that can make sound, show dialog messages,
vibrate, etc.
Note: An application is a set of components
Application Components
Mapping Apps to Users
• Two forms of security enforcement
• Each application executes with its own user identity as a Linux
process
• Android middleware has a reference monitor that mediates the
establishment of inter-component communication (ICC)
• Allows for an activity to start and use any other activities
within/without the one that started it (if permission is allowed)
Inter-Component Communications
• Each Component exposes a specific API for communications
• Services expose Start, Stop, Bind as actions that other
applications can invoke through Intents
The Binder
•
•
•
•
•
•
It is responsible for all ICC in Android
It is implemented as a driver in the Linux kernel
It is a customised version of the Open Binder (Palm Inc)
It provides a simple remote procedure call (RPC) mechanism
Apps use Java methods to invoke ICC
Android then translates this in C++ invocations and system
calls to the Binder driver
• open and ioctl to /dev/binder
Intents
• Intents are abstract actions in ICC
• asynchronous messaging system
• message passing between components
• Two variants:
• Explicit Intents: specify the target component of the ICC
• Implicit Intents: provide information like action, URI and type.
• Resolved at runtime by the Package Manager
Activity Manager (AM)
• The AM is a special service that apps use for ICC
• It provides more than 100 methods
• Most common are: startActivity, sendBroadcast, startService,
and bindService
• Apps can export services by “publishing” them with the AM
Activity Manager
bindService Example
• The app send an explicit intent with the name of the service
• The service will die after the app client unbinds the service
• BIND_SERVICE_TRANSACTION through the Binder using ioctl
system call
Communication with the Binder
• The main functionality of the Binder is accessed via an ioctl
system call
• BINDER_WRITE_READ is the main command for ICC
• The last argument of the ioctl is a BINDER_READ_WRITE
structure
• WRITE_BUFFER: sub-commands to the binder and arguments
• READ_BUFFER: contains replies from the sub-commands
BINDER_READ_WRITE
•
•
•
•
ioctl on /dev/binder BINDER_WRITE_READ
Sub-command:BC_TRANSACTION:
target name = android.app.IActivityManager
code = BIND_SERVICE_TRANSACTION
Other
Inter-component communication
• Similar considerations hold for other ICC types
• These include:
• Broadcast Receivers
• Content Providers
• Service Manager
• We will see more of these in detail next lecture
Resources
• Read: William Enck, Machigar Ongtang, and Patrick McDaniel.
Understanding Android Security, IEEE Security and Privacy
Magazine, 7(1):50--57, January/February, 2009.
• Figures in slides 20-22
Questions?