View stunning SlideShares in full-screen with the new iOS app!Introducing SlideShare for AndroidExplore all your favorite topics in the SlideShare appGet the SlideShare app to Save for Later — even offline
View stunning SlideShares in full-screen with the new Android app!View stunning SlideShares in full-screen with the new iOS app!
Android Security Model in a nutshell● The Android security model is based on linux kernel separation● Apps and services run in usermode● Each app is assigned a unique uid and a home directory● Android takes advantage of linux gids● Android permissions are enforced by uid rather than package
Application Initialization Process Step 1 - ActivityManager asks the System Server to start Activity/Service/Receiver/Provider * ActivityManager is actually a service running in the system_server process
Application Initialization Process Step 2 - System Server checks which package provides that functionality
Application Initialization Process Step 3 - System Server tells Zygote to load the package
Application Initialization Process Step 4 - Zygote forks and creates the new application process
Application Initialization Process Step 5 - The application is set up: ● Check permissions ● Set gid ● Set uid ● Load the package
Application Initialization Process Step 6 - The application starts listening for instructions from ActivityManager (Activity lifecycle messages)
Virtualizing AndroidSince Android apps and services run inusermode, they must interact with the world viasyscalls.
Binder Flow ExampleStep 1 - Camera app asks MediaServer to access the camera
Binder Flow ExampleStep 2 - MediaServer asks system_server if camera app is allow to access the camera
Binder Flow ExampleStep 3 - system_server grants the permission
Binder Flow ExampleStep 4 - MediaServer opens the camera driver and configures it
Binder Flow ExampleStep 5 - MediaServer returns the file descriptor to the camera app whichcan now use the camera