SlideShare a Scribd company logo

TOMOYO Linux on Android

Toshiharu Harada, Ph.D
Toshiharu Harada, Ph.D

The document discusses porting TOMOYO Linux, a MAC implementation for Linux, to the Android platform. It describes patching the Android kernel with the TOMOYO patch, adapting the TOMOYO policy tools for embedded use, and integrating a TOMOYO policy loader into the Android boot process. Key challenges addressed include splitting security domains given Android's "fork vs exec" app launching approach and using TOMOYO's conditional ACLs to work with Android's existing DAC permissions. A demo is provided of remote management of Android policies using the TOMOYO tools.

Technology
1 of 38
Download to read offline
TOMOYO Linux on Android CE Linux Forum Japan Technical Jamboree 28 Osaka, 2009/06/12 Giuseppe La Tona giuseppelatona@gmail.com Copyright (C) 2009 NTT Data Corporation Android Goodies image is reproduced from work created and shared by Google and used according to terms described in the Creative Commons 2.5 Attribution License
About me… • Master Degree in Computer Engineering University of Catania (Italy), 2008 Università degli – Exchange student in Linköping University (Sweden), 2007 Studi di Catania • “Vulcanus in Japan” (Sep. 2008 – Aug. 2009) programme of the EU-Japan Centre for Industrial Cooperation – Industrial placement-oriented student exchange – Scholarship offered by EU and Japanese METI – Japanese language intensive course , cultural activities – Internship in NTT Data Corporation (R&D) (January-August 2009) Learning and experiencing Japanese culture, lifestyle, working way! TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 2
About my internship… • Secure OS group – TOMOYO Linux project • R&D: – Study • Mandatory Access Control (MAC) • TOMOYO Linux – Porting TOMOYO Linux to Android platform – Analyze TOMOYO and MAC potentials on embedded Linux Android Robot is reproduced from work created and shared by Google and used according to terms described in the Creative Commons 2.5 Attribution License TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 3
TOMOYO Linux • MAC implementation for Linux Operating Systems – pathname-based approach • It consists of: – a kernel patch (ccspatch) – a set of utilities (ccstools), for management and security policy editing • TOMOYO Linux 2.2.0 has just been merged in Linux kernel 2.6.30 (10 June 2009)! TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 4
Android overview • Full software stack for mobile devices Java TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 5
Android kernel • Linux Kernel 2.6 with some changes – reduced set of standard Linux utilities ( toolbox) – no support for glibc ( Bionic libraries) – no standard IPC ( Binder, specific IPC driver) – no native windowing system – optimized Power Management – Low memory killer, Alarm, Kernel Debugger, etc. • Android SDK 1.5 r2 (May 2009) – released with Linux Kernel 2.6.27 – higher versions being developed (2.6.29 is ready) TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 6
Android from boot to user (1/2) adbd vold (mount) rild (radio) Runtime debuggerd installd init init Native Servers … Binder init init Daemons servicemanager mediaserver zygote init Kernel TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 7
Android Runtime: Dalvik and Zygote • Runtime is made by Java programs running in application Dalvik: Virtual Machine for mobile devices – slow CPU, small RAM, no swap space, battery – Not a JVM, no JIT: only interpreter of DEX Dalvik VM (optimized bytecode obtained from Java .class) – Multiple VM instances can run efficiently. • Zygote process: fork() zygote – first instance of Dalvik VM, partially initialized – load preload classes and resources to make applications start faster – is kept always alive in idle state When an application execution request occurs: – zygote fork()s to a new process… • …which loads the requested package (Biology concept of “zygote”: duplicate, specialize and differentiate) TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 8
Android from boot to user (2/2) service manager service manager service manager service manager System Services Applications Home systemserver Dalvik VM Dalvik VM adbd Dalvik VM Dalvik VM vold (mount) registration rild (radio) GUI Runtime debuggerd installd init init Native Servers … fork() Binder init init Daemons servicemanager mediaserver zygote init exec() fork() Dalvik Kernel specialization TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 9
Android security model • Each application runs in its own process – Runtime in separate instances of Dalvik virtual machine • Each process is a “secure sandbox” – Linux Discretionary Access Control (DAC) for file access: all applications are assigned a unique UID (constant) • UID for system services are hard-coded • UID for user packages are progressively assigned at install-time, starting from uid 10000 (and mapped to app_0, app_1, …); they are saved in a file are maintained constant during the life of the package on the device. • Application specific files are saved in /data/data in separate folders owned by specific UID users TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 10
Porting TOMOYO Linux to Android • Patching Android kernel with TOMOYO patch • Adapting TOMOYO ccstools for embedded purposes • Cross-compiling for Android • Integrating TOMOYO Policy Loader in Android boot • TOMOYO policy files location TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 11
TOMOYO Linux versions There are 2 main development lines: - non-LSM (versions 1.6.x) - provides full functionalities of pathname-based MAC (MAC for files, network, capabilities…) - mainline (version 2.2.0) - uses Linux Security Modules (LSM) - necessary hooks available from Linux kernel 2.6.29 - subset of MAC functionalities (only for files, so far) - currently developing the others to use LSM TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 12
Patching Android kernel • TOMOYO Linux 1.6.8 (non-LSM version) • Emulator (no real Android device available)  Linux kernel version: Goldfish v2.6.29 – “Goldfish” is the given to the ARM architecture emulated by Android SDK Emulator • ccspatch 1.6.8 (2009/05/28) for kernel vanilla v2.6.29  TOMOYO Linux Kernel TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 13
Adapting ccstools (1/2) Since version 1.6.7, ccstools has been enhanced with Network mode, to support editing policy via TCP connection $ ccs-editpolicy <IP>:<port> In the case of embedded systems, this is more convenient for developing policies and debugging. Using the policy editor from the embedded device is generally not required. TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 14
Adapting ccstools (2/2) Only few utilities are actually useful on the device: loadpolicy, savepolicy, setprofile, ccstree, make_alias. Other tools would also need porting C libraries missing ccstools version for Android: • Reduced the size and the complexity of these utilities removing the unnecessary code • Introducing editpolicy-agent daemon to allow network mode communication This ccstools version could actually be suitable for other embedded Linux systems as well. TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 15
Cross-compiling for Android • C libraries used by Android: Bionic – no glibc • Toolchain – suite of cross-compilers for different architectures • agcc (Perl script by Andrew Ross http://plausible.org/andy/agcc) – simple gcc-like front-end to compile C programs for Android – links Android libraries (needs Android source) – uses the appropriate cross-compiler from the Android Toolchain TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 16
Modifying Android boot init init Native Servers Binder init init Daemons servicemanager mediaserver zygote init Kernel TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 17
Modifying Android boot It is required in order to: • start TOMOYO Policy Loader /sbin/ccs-init, via /sbin/ccs-start (*) • launch agent for editing policy remotely /sbin/ccs-editpolicy-agent zygote mediaserver Daemons Daemons /sbin/ccs-init Editpolicy Agent Daemons servicemanager 3 Policy Loader init 2 * 1 TOMOYO Linux Kernel TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 18
TOMOYO policy files location (1/2) • /data/ccs/ (at the moment) • /data is… – …a readwrite partition – …allowed to be empty at Android boot time – …supposed to be wiped off if Android device is reset to factory default state Not a safe place for security policy files? – a reset would delete them! TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 19
TOMOYO policy files location (2/2) A possible solution: split policy files for… • prebuilt firmware applications  in /system readonly partition (i.e. /system/ccs) • other applications downloaded/installed later  in /data readwrite partition (i.e. /data/ccs) – application-specific policies could be saved at application install-time, in /data – any eventual reset will wipe off those policies, but the related applications as well. TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 20
TOMOYO Linux on Android • Analyzing Android processes and domains • Problem of Zygote “fork vs exec” approach • Splitting domains in Android runtime • Enforcing policy TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 21
Domain transition tree TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 22
Process tree ccs-ccstree: command showing process tree with relative security domains and profiles TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 23
Process tree ccs-ccstree: servicemanager init init Daemons mediaserver zygote service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 24
Problem of splitting domains • The applications are executed with different UID (i.e.: root, system, app_#, …) and different process name, but… ps: service manager service manager Applications System Server • …they are all fork()ed from app_process! ccs-ccstree: Dalvik VM Dalvik VM Dalvik VM fork() zygote TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 25
Problem of splitting domains • New and unexpected situation for TOMOYO Linux • In TOMOYO Linux, domain transitions occur after process invocation, that is execve(), not fork()  Splitting domain <kernel> /system/bin/app_process in different domains according to each single application is impossible. . . ? TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 26
Problem of splitting domains <kernel> /system/bin/app_process TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 27
An example We want to allow the Browser to connect to Internet. In this way any process running under “<kernel> /system/app/process” domain would be allowed to open TCP connection on any IP, port 80.  least-privilege principle violated TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 28
Solution • TOMOYO Linux allows conditional ACL • Using task UID as a condition, for access grant. app_1 811 586 132256 31548 ffffffff afe03e4 S com.android.browser UID=10001 In this way only the task with UID=10001 (browser) will be able to connect TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 29
TOMOYO’s MAC and Android DAC • Android security rule: data files of one application should be prevented from being accessed by other applications • This is performed by using DAC permissions, as said before • TOMOYO can provide with conditional ACL a further insurance that this rule is respected, especially in cases when: – DAC permissions are poorly configured – root process (zygote) would be hijacked allow_read/write @APP_DATA_FILE if task.uid=path1.uid allow_unlink @APP_DATA_FILE if task.uid=path1.uid allow_mkdir @APP_DATA_DIR if task.uid=path1.parent.uid1 TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 30
TOMOYO’s MAC and Android DAC • DAC’s ability to restrict by UID has a low granularity: only “owner”, “group”, “others”. • TOMOYO, on the other hand, allows minimal and customizable permissions to any group of specific UIDs. • Example: users are app_1, app_2, app_3, app_4; some files owned by app_2 (uid=10002) need to be accessed by app_1 (uid=10001) also, but not by all the “others”. allow_read/write @SOME_FILES if task.uid=10001-10002 TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 31
DEMO • Remote management of Android + TOMOYO Linux – ccstools • “<kernel> /system/bin/app_process” domain policy • Enforcing MAC with conditional ACL – browser, application data, … • Support for symbolic links – toolbox – makealias TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 32
Some numbers Android kernel + Android kernel impact TOMOYO 1.6.8 1,397,200 1,440,616 Kernel zImage size about 43 KB Bytes Bytes Kernel memory 93856 KB 93772 KB 84 KB usage (total=96MB) available after boot available after boot Policy handling 32768 Bytes about 33 KB - (with access logs (with access logs memory usage 221952 Bytes) about 222 KB) • TO DO: Benchmark! to measure all the overhead caused by TOMOYO Linux TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 33
Some possible scenarios • MAC for Android devices – Protection for vulnerabilities – Effective containment of malicious attacks • Function restriction – Limited network access (specific sites, applications) – Package Installing/Uninstalling ability • Enterprise employee portable devices • User smartphones, netbooks, … TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 34
Conclusions • TOMOYO Linux successfully working on Android • MAC enforced for system services and user applications • Solution proposed with the minimum modifications in both Android and TOMOYO Linux – no changes in Android kernel source code, beside the TOMOYO patch – no changes in Android userland applications, except adding TOMOYO management tools – no changes in TOMOYO Linux patch – enhancements to TOMOYO Linux tools for embedded purposes TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 35
Conclusions • Ideas and plans for future works – Benchmarking – Porting and testing TOMOYO Linux to other embedded Linux systems • Call For Collaboration! Discuss and confronting with you is essential to improve and develop new ideas. We need your help  We would be glad to receive any form of feedback: questions, comments, critics, proposals! TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 36
Useful links • TOMOYO Linux – Wiki (english): http://tomoyo.sourceforge.jp/wiki-e/ – compile & install manuals: http://tomoyo.sourceforge.jp/en/1.6.x/compile.html#2.6-vanilla http://tomoyo.sourceforge.jp/en/1.6.x/install.html – Mailing list: (english) http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en (japanese) http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users – @ Sourceforge: http://tomoyo.sourceforge.jp/index.html.en • Android – source: http://source.android.com/download – kernel: http://android.git.kernel.org/?p=kernel/common.git;a=summary – developer’s guide: http://developer.android.com/guide/index.html TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 37
CE Linux Forum Japan Technical Jamboree 28 2009/06/12 Thank you for listening ご静聴どうもありがとうございました TOMOYO is a registered trademark of NTT DATA CORPORATION in Japan. Linux is a trademark of Linus Torvalds. Other names and trademarks are the property of their respective owners. TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 38

Recommended

Introduction to Android by Demian Neidetcher
Introduction to Android by Demian NeidetcherIntroduction to Android by Demian Neidetcher
Introduction to Android by Demian Neidetcher
Matthew McCullough
 
Learning, Analyzing and Protecting Android with TOMOYO Linux (JLS2009)
Learning, Analyzing and Protecting Android with TOMOYO Linux (JLS2009)Learning, Analyzing and Protecting Android with TOMOYO Linux (JLS2009)
Learning, Analyzing and Protecting Android with TOMOYO Linux (JLS2009)
Toshiharu Harada, Ph.D
 
Dalvik Vm &amp; Jit
Dalvik Vm &amp; JitDalvik Vm &amp; Jit
Dalvik Vm &amp; Jit
Ankit Somani
 
Inside Android's Dalvik VM - NEJUG Nov 2011
Inside Android's Dalvik VM - NEJUG Nov 2011Inside Android's Dalvik VM - NEJUG Nov 2011
Inside Android's Dalvik VM - NEJUG Nov 2011
Doug Hawkins
 
Low Level View of Android System Architecture
Low Level View of Android System ArchitectureLow Level View of Android System Architecture
Low Level View of Android System Architecture
National Cheng Kung University
 
Guides To Analyzing WebKit Performance
Guides To Analyzing WebKit PerformanceGuides To Analyzing WebKit Performance
Guides To Analyzing WebKit Performance
National Cheng Kung University
 
Android Optimization: Myth and Reality
Android Optimization: Myth and RealityAndroid Optimization: Myth and Reality
Android Optimization: Myth and Reality
National Cheng Kung University
 
Android is NOT just 'Java on Linux'
Android is NOT just 'Java on Linux'Android is NOT just 'Java on Linux'
Android is NOT just 'Java on Linux'
Tetsuyuki Kobayashi
 

Recommended

Introduction to Android by Demian Neidetcher
Introduction to Android by Demian NeidetcherIntroduction to Android by Demian Neidetcher
Introduction to Android by Demian Neidetcher
Matthew McCullough
 
Learning, Analyzing and Protecting Android with TOMOYO Linux (JLS2009)
Learning, Analyzing and Protecting Android with TOMOYO Linux (JLS2009)Learning, Analyzing and Protecting Android with TOMOYO Linux (JLS2009)
Learning, Analyzing and Protecting Android with TOMOYO Linux (JLS2009)
Toshiharu Harada, Ph.D
 
Dalvik Vm &amp; Jit
Dalvik Vm &amp; JitDalvik Vm &amp; Jit
Dalvik Vm &amp; Jit
Ankit Somani
 
Inside Android's Dalvik VM - NEJUG Nov 2011
Inside Android's Dalvik VM - NEJUG Nov 2011Inside Android's Dalvik VM - NEJUG Nov 2011
Inside Android's Dalvik VM - NEJUG Nov 2011
Doug Hawkins
 
Low Level View of Android System Architecture
Low Level View of Android System ArchitectureLow Level View of Android System Architecture
Low Level View of Android System Architecture
National Cheng Kung University
 
Guides To Analyzing WebKit Performance
Guides To Analyzing WebKit PerformanceGuides To Analyzing WebKit Performance
Guides To Analyzing WebKit Performance
National Cheng Kung University
 
Android Optimization: Myth and Reality
Android Optimization: Myth and RealityAndroid Optimization: Myth and Reality
Android Optimization: Myth and Reality
National Cheng Kung University
 
Android is NOT just 'Java on Linux'
Android is NOT just 'Java on Linux'Android is NOT just 'Java on Linux'
Android is NOT just 'Java on Linux'
Tetsuyuki Kobayashi
 
Understanding the Dalvik Virtual Machine
Understanding the Dalvik Virtual MachineUnderstanding the Dalvik Virtual Machine
Understanding the Dalvik Virtual Machine
National Cheng Kung University
 
Build Programming Language Runtime with LLVM
Build Programming Language Runtime with LLVMBuild Programming Language Runtime with LLVM
Build Programming Language Runtime with LLVM
National Cheng Kung University
 
Android graphic system (SurfaceFlinger) : Design Pattern's perspective
Android graphic system (SurfaceFlinger) : Design Pattern's perspectiveAndroid graphic system (SurfaceFlinger) : Design Pattern's perspective
Android graphic system (SurfaceFlinger) : Design Pattern's perspective
Bin Chen
 
Android IPC Mechanism
Android IPC MechanismAndroid IPC Mechanism
Android IPC Mechanism
National Cheng Kung University
 
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded DevicesQi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
National Cheng Kung University
 
Improve Android System Component Performance
Improve Android System Component PerformanceImprove Android System Component Performance
Improve Android System Component Performance
National Cheng Kung University
 
Accelerated Android Development with Linaro
Accelerated Android Development with LinaroAccelerated Android Development with Linaro
Accelerated Android Development with Linaro
National Cheng Kung University
 
Android Internals
Android InternalsAndroid Internals
Android Internals
Opersys inc.
 
TOMOYO Linux on Android (Taipei, 2009)
TOMOYO Linux on Android (Taipei, 2009)TOMOYO Linux on Android (Taipei, 2009)
TOMOYO Linux on Android (Taipei, 2009)
Toshiharu Harada, Ph.D
 
Dvm
DvmDvm
Dvm
Shivam Sharma
 
Overview of Android binder IPC implementation
Overview of Android binder IPC implementationOverview of Android binder IPC implementation
Overview of Android binder IPC implementation
Chethan Pchethan
 
Applied Computer Science Concepts in Android
Applied Computer Science Concepts in AndroidApplied Computer Science Concepts in Android
Applied Computer Science Concepts in Android
National Cheng Kung University
 
Explore Android Internals
Explore Android InternalsExplore Android Internals
Explore Android Internals
National Cheng Kung University
 
Implement Checkpointing for Android
Implement Checkpointing for AndroidImplement Checkpointing for Android
Implement Checkpointing for Android
National Cheng Kung University
 
Learn C Programming Language by Using GDB
Learn C Programming Language by Using GDBLearn C Programming Language by Using GDB
Learn C Programming Language by Using GDB
National Cheng Kung University
 
Develop Community-based Android Distribution and Upstreaming Experience
Develop Community-based Android Distribution and Upstreaming Experience Develop Community-based Android Distribution and Upstreaming Experience
Develop Community-based Android Distribution and Upstreaming Experience
National Cheng Kung University
 
淺談探索 Linux 系統設計之道
淺談探索 Linux 系統設計之道 淺談探索 Linux 系統設計之道
淺談探索 Linux 系統設計之道
National Cheng Kung University
 
JAVA AND ANDROID OS_PRESENTATION
JAVA AND ANDROID OS_PRESENTATIONJAVA AND ANDROID OS_PRESENTATION
JAVA AND ANDROID OS_PRESENTATION
Benjamin Agboola
 
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Jérôme Petazzoni
 
Discover System Facilities inside Your Android Phone
Discover System Facilities inside Your Android Phone Discover System Facilities inside Your Android Phone
Discover System Facilities inside Your Android Phone
National Cheng Kung University
 
Android. behind the scenes_programatica 2012
Android. behind the scenes_programatica 2012Android. behind the scenes_programatica 2012
Android. behind the scenes_programatica 2012
Agora Group
 
Google Android Naver 1212
Google Android Naver 1212Google Android Naver 1212
Google Android Naver 1212
Yoojoo Jang
 

More Related Content

What's hot

Improve Android System Component Performance
Improve Android System Component PerformanceImprove Android System Component Performance
Improve Android System Component Performance
National Cheng Kung University
 
Overview of Android binder IPC implementation
Overview of Android binder IPC implementationOverview of Android binder IPC implementation
Overview of Android binder IPC implementation
Chethan Pchethan
 
JAVA AND ANDROID OS_PRESENTATION
JAVA AND ANDROID OS_PRESENTATIONJAVA AND ANDROID OS_PRESENTATION
JAVA AND ANDROID OS_PRESENTATION
Benjamin Agboola
 
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Jérôme Petazzoni
 

What's hot (20)

Understanding the Dalvik Virtual Machine
Understanding the Dalvik Virtual MachineUnderstanding the Dalvik Virtual Machine
Understanding the Dalvik Virtual Machine
 
Build Programming Language Runtime with LLVM
Build Programming Language Runtime with LLVMBuild Programming Language Runtime with LLVM
Build Programming Language Runtime with LLVM
 
Android graphic system (SurfaceFlinger) : Design Pattern's perspective
Android graphic system (SurfaceFlinger) : Design Pattern's perspectiveAndroid graphic system (SurfaceFlinger) : Design Pattern's perspective
Android graphic system (SurfaceFlinger) : Design Pattern's perspective
 
Android IPC Mechanism
Android IPC MechanismAndroid IPC Mechanism
Android IPC Mechanism
 
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded DevicesQi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
 
Improve Android System Component Performance
Improve Android System Component PerformanceImprove Android System Component Performance
Improve Android System Component Performance
 
Accelerated Android Development with Linaro
Accelerated Android Development with LinaroAccelerated Android Development with Linaro
Accelerated Android Development with Linaro
 
Android Internals
Android InternalsAndroid Internals
Android Internals
 
TOMOYO Linux on Android (Taipei, 2009)
TOMOYO Linux on Android (Taipei, 2009)TOMOYO Linux on Android (Taipei, 2009)
TOMOYO Linux on Android (Taipei, 2009)
 
Dvm
DvmDvm
Dvm
 
Overview of Android binder IPC implementation
Overview of Android binder IPC implementationOverview of Android binder IPC implementation
Overview of Android binder IPC implementation
 
Applied Computer Science Concepts in Android
Applied Computer Science Concepts in AndroidApplied Computer Science Concepts in Android
Applied Computer Science Concepts in Android
 
Explore Android Internals
Explore Android InternalsExplore Android Internals
Explore Android Internals
 
Implement Checkpointing for Android
Implement Checkpointing for AndroidImplement Checkpointing for Android
Implement Checkpointing for Android
 
Learn C Programming Language by Using GDB
Learn C Programming Language by Using GDBLearn C Programming Language by Using GDB
Learn C Programming Language by Using GDB
 
Develop Community-based Android Distribution and Upstreaming Experience
Develop Community-based Android Distribution and Upstreaming Experience Develop Community-based Android Distribution and Upstreaming Experience
Develop Community-based Android Distribution and Upstreaming Experience
 
淺談探索 Linux 系統設計之道
淺談探索 Linux 系統設計之道 淺談探索 Linux 系統設計之道
淺談探索 Linux 系統設計之道
 
JAVA AND ANDROID OS_PRESENTATION
JAVA AND ANDROID OS_PRESENTATIONJAVA AND ANDROID OS_PRESENTATION
JAVA AND ANDROID OS_PRESENTATION
 
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
 
Discover System Facilities inside Your Android Phone
Discover System Facilities inside Your Android Phone Discover System Facilities inside Your Android Phone
Discover System Facilities inside Your Android Phone
 

Similar to TOMOYO Linux on Android

Android. behind the scenes_programatica 2012
Android. behind the scenes_programatica 2012Android. behind the scenes_programatica 2012
Android. behind the scenes_programatica 2012
Agora Group
 
Google Android Naver 1212
Google Android Naver 1212Google Android Naver 1212
Google Android Naver 1212
Yoojoo Jang
 
Eclispe daytoulouse combining the power of eclipse with android_fr_1024_768_s...
Eclispe daytoulouse combining the power of eclipse with android_fr_1024_768_s...Eclispe daytoulouse combining the power of eclipse with android_fr_1024_768_s...
Eclispe daytoulouse combining the power of eclipse with android_fr_1024_768_s...
Mathias Seguy
 
Skype testing overview
Skype testing overviewSkype testing overview
Skype testing overview
QA Club Kiev
 
V Labs Product Presentation
V Labs Product PresentationV Labs Product Presentation
V Labs Product Presentation
Wil Huijben
 
ITECH Kenya presentation on OpenMRS Developers Forum
ITECH Kenya presentation on OpenMRS Developers ForumITECH Kenya presentation on OpenMRS Developers Forum
ITECH Kenya presentation on OpenMRS Developers Forum
djazayeri
 
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
Ian Choi
 

Similar to TOMOYO Linux on Android (20)

Android. behind the scenes_programatica 2012
Android. behind the scenes_programatica 2012Android. behind the scenes_programatica 2012
Android. behind the scenes_programatica 2012
 
Google Android Naver 1212
Google Android Naver 1212Google Android Naver 1212
Google Android Naver 1212
 
Eclispe daytoulouse combining the power of eclipse with android_fr_1024_768_s...
Eclispe daytoulouse combining the power of eclipse with android_fr_1024_768_s...Eclispe daytoulouse combining the power of eclipse with android_fr_1024_768_s...
Eclispe daytoulouse combining the power of eclipse with android_fr_1024_768_s...
 
Rococo Software Q409
Rococo Software Q409Rococo Software Q409
Rococo Software Q409
 
BP207 - Meet the Java Application Server You Already Own – IBM Domino
BP207 - Meet the Java Application Server You Already Own – IBM DominoBP207 - Meet the Java Application Server You Already Own – IBM Domino
BP207 - Meet the Java Application Server You Already Own – IBM Domino
 
Puppet for Junos
Puppet for JunosPuppet for Junos
Puppet for Junos
 
Cont0519
Cont0519Cont0519
Cont0519
 
Skype testing overview
Skype testing overviewSkype testing overview
Skype testing overview
 
Skype testing overview
Skype testing overviewSkype testing overview
Skype testing overview
 
Nokia Qt SDK in action - Qt developer days 2010
Nokia Qt SDK in action - Qt developer days 2010Nokia Qt SDK in action - Qt developer days 2010
Nokia Qt SDK in action - Qt developer days 2010
 
V Labs Product Presentation
V Labs Product PresentationV Labs Product Presentation
V Labs Product Presentation
 
ITECH Kenya presentation on OpenMRS Developers Forum
ITECH Kenya presentation on OpenMRS Developers ForumITECH Kenya presentation on OpenMRS Developers Forum
ITECH Kenya presentation on OpenMRS Developers Forum
 
What’s New ?Linux on System z
What’s New ?Linux on System zWhat’s New ?Linux on System z
What’s New ?Linux on System z
 
Qt App Development for Symbian & MeeGo - v3.4.6 (17. January 2012)
Qt App Development for Symbian & MeeGo - v3.4.6 (17. January 2012)Qt App Development for Symbian & MeeGo - v3.4.6 (17. January 2012)
Qt App Development for Symbian & MeeGo - v3.4.6 (17. January 2012)
 
What's LUM Got To Do with It: Deployment Considerations for Linux User Manage...
What's LUM Got To Do with It: Deployment Considerations for Linux User Manage...What's LUM Got To Do with It: Deployment Considerations for Linux User Manage...
What's LUM Got To Do with It: Deployment Considerations for Linux User Manage...
 
Deep Dive into WinRT
Deep Dive into WinRTDeep Dive into WinRT
Deep Dive into WinRT
 
Quickstart: Qt for Windows, Symbian and Maemo / Meego v2.0.8 (January 10th, 2...
Quickstart: Qt for Windows, Symbian and Maemo / Meego v2.0.8 (January 10th, 2...Quickstart: Qt for Windows, Symbian and Maemo / Meego v2.0.8 (January 10th, 2...
Quickstart: Qt for Windows, Symbian and Maemo / Meego v2.0.8 (January 10th, 2...
 
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...
 
Dominik Gusenbauer Qt Mobility
Dominik Gusenbauer Qt MobilityDominik Gusenbauer Qt Mobility
Dominik Gusenbauer Qt Mobility
 
Jython for embedded software validation
Jython for embedded software validationJython for embedded software validation
Jython for embedded software validation
 

More from Toshiharu Harada, Ph.D

僕より少し遅く生まれてきた君たちへ
僕より少し遅く生まれてきた君たちへ僕より少し遅く生まれてきた君たちへ
僕より少し遅く生まれてきた君たちへ
Toshiharu Harada, Ph.D
 
20031030 「読み込み専用マウントによる改ざん防止Linuxサーバの構築」
20031030 「読み込み専用マウントによる改ざん防止Linuxサーバの構築」20031030 「読み込み専用マウントによる改ざん防止Linuxサーバの構築」
20031030 「読み込み専用マウントによる改ざん防止Linuxサーバの構築」
Toshiharu Harada, Ph.D
 
20031020 「プロセス実行履歴に基づくアクセスポリシー自動生成システム」
20031020 「プロセス実行履歴に基づくアクセスポリシー自動生成システム」20031020 「プロセス実行履歴に基づくアクセスポリシー自動生成システム」
20031020 「プロセス実行履歴に基づくアクセスポリシー自動生成システム」
Toshiharu Harada, Ph.D
 
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Toshiharu Harada, Ph.D
 

More from Toshiharu Harada, Ph.D (20)

20090703 tomoyo thankyou
20090703 tomoyo thankyou20090703 tomoyo thankyou
20090703 tomoyo thankyou
 
Job's 2005 Stanford Speech Translation Kit
Job's 2005 Stanford Speech Translation KitJob's 2005 Stanford Speech Translation Kit
Job's 2005 Stanford Speech Translation Kit
 
’You’ve got to find what you love,’ Jobs says
’You’ve got to find what you love,’ Jobs says’You’ve got to find what you love,’ Jobs says
’You’ve got to find what you love,’ Jobs says
 
CaitSith 新しいルールベースのカーネル内アクセス制御
CaitSith 新しいルールベースのカーネル内アクセス制御CaitSith 新しいルールベースのカーネル内アクセス制御
CaitSith 新しいルールベースのカーネル内アクセス制御
 
TOMOYO Linuxのご紹介
TOMOYO Linuxのご紹介TOMOYO Linuxのご紹介
TOMOYO Linuxのご紹介
 
LSM Leaks
LSM LeaksLSM Leaks
LSM Leaks
 
The role of "pathname based access control" in security"
The role of "pathname based access control" in security"The role of "pathname based access control" in security"
The role of "pathname based access control" in security"
 
Tomoyo linux introduction
Tomoyo linux introductionTomoyo linux introduction
Tomoyo linux introduction
 
Your First Guide to "secure Linux"
Your First Guide to "secure Linux"Your First Guide to "secure Linux"
Your First Guide to "secure Linux"
 
振る舞いに基づくSSHブルートフォースアタック対策
振る舞いに基づくSSHブルートフォースアタック対策振る舞いに基づくSSHブルートフォースアタック対策
振る舞いに基づくSSHブルートフォースアタック対策
 
僕より少し遅く生まれてきた君たちへ
僕より少し遅く生まれてきた君たちへ僕より少し遅く生まれてきた君たちへ
僕より少し遅く生まれてきた君たちへ
 
Why TOMOYO Linux?
Why TOMOYO Linux?Why TOMOYO Linux?
Why TOMOYO Linux?
 
Deep inside TOMOYO Linux
Deep inside TOMOYO LinuxDeep inside TOMOYO Linux
Deep inside TOMOYO Linux
 
ComSys2009
ComSys2009ComSys2009
ComSys2009
 
20031030 「読み込み専用マウントによる改ざん防止Linuxサーバの構築」
20031030 「読み込み専用マウントによる改ざん防止Linuxサーバの構築」20031030 「読み込み専用マウントによる改ざん防止Linuxサーバの構築」
20031030 「読み込み専用マウントによる改ざん防止Linuxサーバの構築」
 
20031020 「プロセス実行履歴に基づくアクセスポリシー自動生成システム」
20031020 「プロセス実行履歴に基づくアクセスポリシー自動生成システム」20031020 「プロセス実行履歴に基づくアクセスポリシー自動生成システム」
20031020 「プロセス実行履歴に基づくアクセスポリシー自動生成システム」
 
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
 
プロセス実行履歴に基づくアクセスポリシー自動生成システム
プロセス実行履歴に基づくアクセスポリシー自動生成システムプロセス実行履歴に基づくアクセスポリシー自動生成システム
プロセス実行履歴に基づくアクセスポリシー自動生成システム
 
TOMOYO Linux
TOMOYO LinuxTOMOYO Linux
TOMOYO Linux
 
使いこなせて安全なLinuxを目指して
使いこなせて安全なLinuxを目指して使いこなせて安全なLinuxを目指して
使いこなせて安全なLinuxを目指して
 

Recently uploaded

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Recently uploaded (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

TOMOYO Linux on Android

  • 1. TOMOYO Linux on Android CE Linux Forum Japan Technical Jamboree 28 Osaka, 2009/06/12 Giuseppe La Tona giuseppelatona@gmail.com Copyright (C) 2009 NTT Data Corporation Android Goodies image is reproduced from work created and shared by Google and used according to terms described in the Creative Commons 2.5 Attribution License
  • 2. About me… • Master Degree in Computer Engineering University of Catania (Italy), 2008 Università degli – Exchange student in Linköping University (Sweden), 2007 Studi di Catania • “Vulcanus in Japan” (Sep. 2008 – Aug. 2009) programme of the EU-Japan Centre for Industrial Cooperation – Industrial placement-oriented student exchange – Scholarship offered by EU and Japanese METI – Japanese language intensive course , cultural activities – Internship in NTT Data Corporation (R&D) (January-August 2009) Learning and experiencing Japanese culture, lifestyle, working way! TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 2
  • 3. About my internship… • Secure OS group – TOMOYO Linux project • R&D: – Study • Mandatory Access Control (MAC) • TOMOYO Linux – Porting TOMOYO Linux to Android platform – Analyze TOMOYO and MAC potentials on embedded Linux Android Robot is reproduced from work created and shared by Google and used according to terms described in the Creative Commons 2.5 Attribution License TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 3
  • 4. TOMOYO Linux • MAC implementation for Linux Operating Systems – pathname-based approach • It consists of: – a kernel patch (ccspatch) – a set of utilities (ccstools), for management and security policy editing • TOMOYO Linux 2.2.0 has just been merged in Linux kernel 2.6.30 (10 June 2009)! TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 4
  • 5. Android overview • Full software stack for mobile devices Java TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 5
  • 6. Android kernel • Linux Kernel 2.6 with some changes – reduced set of standard Linux utilities ( toolbox) – no support for glibc ( Bionic libraries) – no standard IPC ( Binder, specific IPC driver) – no native windowing system – optimized Power Management – Low memory killer, Alarm, Kernel Debugger, etc. • Android SDK 1.5 r2 (May 2009) – released with Linux Kernel 2.6.27 – higher versions being developed (2.6.29 is ready) TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 6
  • 7. Android from boot to user (1/2) adbd vold (mount) rild (radio) Runtime debuggerd installd init init Native Servers … Binder init init Daemons servicemanager mediaserver zygote init Kernel TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 7
  • 8. Android Runtime: Dalvik and Zygote • Runtime is made by Java programs running in application Dalvik: Virtual Machine for mobile devices – slow CPU, small RAM, no swap space, battery – Not a JVM, no JIT: only interpreter of DEX Dalvik VM (optimized bytecode obtained from Java .class) – Multiple VM instances can run efficiently. • Zygote process: fork() zygote – first instance of Dalvik VM, partially initialized – load preload classes and resources to make applications start faster – is kept always alive in idle state When an application execution request occurs: – zygote fork()s to a new process… • …which loads the requested package (Biology concept of “zygote”: duplicate, specialize and differentiate) TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 8
  • 9. Android from boot to user (2/2) service manager service manager service manager service manager System Services Applications Home systemserver Dalvik VM Dalvik VM adbd Dalvik VM Dalvik VM vold (mount) registration rild (radio) GUI Runtime debuggerd installd init init Native Servers … fork() Binder init init Daemons servicemanager mediaserver zygote init exec() fork() Dalvik Kernel specialization TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 9
  • 10. Android security model • Each application runs in its own process – Runtime in separate instances of Dalvik virtual machine • Each process is a “secure sandbox” – Linux Discretionary Access Control (DAC) for file access: all applications are assigned a unique UID (constant) • UID for system services are hard-coded • UID for user packages are progressively assigned at install-time, starting from uid 10000 (and mapped to app_0, app_1, …); they are saved in a file are maintained constant during the life of the package on the device. • Application specific files are saved in /data/data in separate folders owned by specific UID users TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 10
  • 11. Porting TOMOYO Linux to Android • Patching Android kernel with TOMOYO patch • Adapting TOMOYO ccstools for embedded purposes • Cross-compiling for Android • Integrating TOMOYO Policy Loader in Android boot • TOMOYO policy files location TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 11
  • 12. TOMOYO Linux versions There are 2 main development lines: - non-LSM (versions 1.6.x) - provides full functionalities of pathname-based MAC (MAC for files, network, capabilities…) - mainline (version 2.2.0) - uses Linux Security Modules (LSM) - necessary hooks available from Linux kernel 2.6.29 - subset of MAC functionalities (only for files, so far) - currently developing the others to use LSM TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 12
  • 13. Patching Android kernel • TOMOYO Linux 1.6.8 (non-LSM version) • Emulator (no real Android device available)  Linux kernel version: Goldfish v2.6.29 – “Goldfish” is the given to the ARM architecture emulated by Android SDK Emulator • ccspatch 1.6.8 (2009/05/28) for kernel vanilla v2.6.29  TOMOYO Linux Kernel TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 13
  • 14. Adapting ccstools (1/2) Since version 1.6.7, ccstools has been enhanced with Network mode, to support editing policy via TCP connection $ ccs-editpolicy <IP>:<port> In the case of embedded systems, this is more convenient for developing policies and debugging. Using the policy editor from the embedded device is generally not required. TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 14
  • 15. Adapting ccstools (2/2) Only few utilities are actually useful on the device: loadpolicy, savepolicy, setprofile, ccstree, make_alias. Other tools would also need porting C libraries missing ccstools version for Android: • Reduced the size and the complexity of these utilities removing the unnecessary code • Introducing editpolicy-agent daemon to allow network mode communication This ccstools version could actually be suitable for other embedded Linux systems as well. TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 15
  • 16. Cross-compiling for Android • C libraries used by Android: Bionic – no glibc • Toolchain – suite of cross-compilers for different architectures • agcc (Perl script by Andrew Ross http://plausible.org/andy/agcc) – simple gcc-like front-end to compile C programs for Android – links Android libraries (needs Android source) – uses the appropriate cross-compiler from the Android Toolchain TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 16
  • 17. Modifying Android boot init init Native Servers Binder init init Daemons servicemanager mediaserver zygote init Kernel TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 17
  • 18. Modifying Android boot It is required in order to: • start TOMOYO Policy Loader /sbin/ccs-init, via /sbin/ccs-start (*) • launch agent for editing policy remotely /sbin/ccs-editpolicy-agent zygote mediaserver Daemons Daemons /sbin/ccs-init Editpolicy Agent Daemons servicemanager 3 Policy Loader init 2 * 1 TOMOYO Linux Kernel TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 18
  • 19. TOMOYO policy files location (1/2) • /data/ccs/ (at the moment) • /data is… – …a readwrite partition – …allowed to be empty at Android boot time – …supposed to be wiped off if Android device is reset to factory default state Not a safe place for security policy files? – a reset would delete them! TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 19
  • 20. TOMOYO policy files location (2/2) A possible solution: split policy files for… • prebuilt firmware applications  in /system readonly partition (i.e. /system/ccs) • other applications downloaded/installed later  in /data readwrite partition (i.e. /data/ccs) – application-specific policies could be saved at application install-time, in /data – any eventual reset will wipe off those policies, but the related applications as well. TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 20
  • 21. TOMOYO Linux on Android • Analyzing Android processes and domains • Problem of Zygote “fork vs exec” approach • Splitting domains in Android runtime • Enforcing policy TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 21
  • 22. Domain transition tree TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 22
  • 23. Process tree ccs-ccstree: command showing process tree with relative security domains and profiles TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 23
  • 24. Process tree ccs-ccstree: servicemanager init init Daemons mediaserver zygote service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 24
  • 25. Problem of splitting domains • The applications are executed with different UID (i.e.: root, system, app_#, …) and different process name, but… ps: service manager service manager Applications System Server • …they are all fork()ed from app_process! ccs-ccstree: Dalvik VM Dalvik VM Dalvik VM fork() zygote TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 25
  • 26. Problem of splitting domains • New and unexpected situation for TOMOYO Linux • In TOMOYO Linux, domain transitions occur after process invocation, that is execve(), not fork()  Splitting domain <kernel> /system/bin/app_process in different domains according to each single application is impossible. . . ? TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 26
  • 27. Problem of splitting domains <kernel> /system/bin/app_process TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 27
  • 28. An example We want to allow the Browser to connect to Internet. In this way any process running under “<kernel> /system/app/process” domain would be allowed to open TCP connection on any IP, port 80.  least-privilege principle violated TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 28
  • 29. Solution • TOMOYO Linux allows conditional ACL • Using task UID as a condition, for access grant. app_1 811 586 132256 31548 ffffffff afe03e4 S com.android.browser UID=10001 In this way only the task with UID=10001 (browser) will be able to connect TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 29
  • 30. TOMOYO’s MAC and Android DAC • Android security rule: data files of one application should be prevented from being accessed by other applications • This is performed by using DAC permissions, as said before • TOMOYO can provide with conditional ACL a further insurance that this rule is respected, especially in cases when: – DAC permissions are poorly configured – root process (zygote) would be hijacked allow_read/write @APP_DATA_FILE if task.uid=path1.uid allow_unlink @APP_DATA_FILE if task.uid=path1.uid allow_mkdir @APP_DATA_DIR if task.uid=path1.parent.uid1 TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 30
  • 31. TOMOYO’s MAC and Android DAC • DAC’s ability to restrict by UID has a low granularity: only “owner”, “group”, “others”. • TOMOYO, on the other hand, allows minimal and customizable permissions to any group of specific UIDs. • Example: users are app_1, app_2, app_3, app_4; some files owned by app_2 (uid=10002) need to be accessed by app_1 (uid=10001) also, but not by all the “others”. allow_read/write @SOME_FILES if task.uid=10001-10002 TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 31
  • 32. DEMO • Remote management of Android + TOMOYO Linux – ccstools • “<kernel> /system/bin/app_process” domain policy • Enforcing MAC with conditional ACL – browser, application data, … • Support for symbolic links – toolbox – makealias TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 32
  • 33. Some numbers Android kernel + Android kernel impact TOMOYO 1.6.8 1,397,200 1,440,616 Kernel zImage size about 43 KB Bytes Bytes Kernel memory 93856 KB 93772 KB 84 KB usage (total=96MB) available after boot available after boot Policy handling 32768 Bytes about 33 KB - (with access logs (with access logs memory usage 221952 Bytes) about 222 KB) • TO DO: Benchmark! to measure all the overhead caused by TOMOYO Linux TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 33
  • 34. Some possible scenarios • MAC for Android devices – Protection for vulnerabilities – Effective containment of malicious attacks • Function restriction – Limited network access (specific sites, applications) – Package Installing/Uninstalling ability • Enterprise employee portable devices • User smartphones, netbooks, … TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 34
  • 35. Conclusions • TOMOYO Linux successfully working on Android • MAC enforced for system services and user applications • Solution proposed with the minimum modifications in both Android and TOMOYO Linux – no changes in Android kernel source code, beside the TOMOYO patch – no changes in Android userland applications, except adding TOMOYO management tools – no changes in TOMOYO Linux patch – enhancements to TOMOYO Linux tools for embedded purposes TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 35
  • 36. Conclusions • Ideas and plans for future works – Benchmarking – Porting and testing TOMOYO Linux to other embedded Linux systems • Call For Collaboration! Discuss and confronting with you is essential to improve and develop new ideas. We need your help  We would be glad to receive any form of feedback: questions, comments, critics, proposals! TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 36
  • 37. Useful links • TOMOYO Linux – Wiki (english): http://tomoyo.sourceforge.jp/wiki-e/ – compile & install manuals: http://tomoyo.sourceforge.jp/en/1.6.x/compile.html#2.6-vanilla http://tomoyo.sourceforge.jp/en/1.6.x/install.html – Mailing list: (english) http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en (japanese) http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users – @ Sourceforge: http://tomoyo.sourceforge.jp/index.html.en • Android – source: http://source.android.com/download – kernel: http://android.git.kernel.org/?p=kernel/common.git;a=summary – developer’s guide: http://developer.android.com/guide/index.html TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 37
  • 38. CE Linux Forum Japan Technical Jamboree 28 2009/06/12 Thank you for listening ご静聴どうもありがとうございました TOMOYO is a registered trademark of NTT DATA CORPORATION in Japan. Linux is a trademark of Linus Torvalds. Other names and trademarks are the property of their respective owners. TOMOYO Linux on Android - Copyright (C) 2009 NTT Data Corporation 38