BY
Uploaded byBin Yang
PPTX, PDF538 views

Linker namespace upload

This document discusses linker namespaces and their implementation in Android to restrict access to non-public NDK APIs. It describes how namespaces are created for different processes and apps to isolate system apps from third-party apps and allow preloaded system apps access to non-public APIs. The implementation involves creating different namespaces - a default, anonymous, and class-loader namespaces - and checking the namespace of the caller before loading shared libraries to determine if access is permitted.

Embed presentation

Downloaded 18 times
1 Linker Namespace Insight
2 Agenda • Target & Behavior • Implementation
3 Target & Behavior Target • Reduce the possibility that 3rd APK call non- public NDK API Behavior • Non-system app will fail on N device if it uses non-public APIs. • Preloaded system app is allowed to use non- public APIs.
4 Namespace Creation– Daemon process Only Default namespace Run native executable file Bionic execve Kernel Sys_exec ve StartLoad er /system/bin /linker Create a default Namespace and put all so into the namespace
5 Namespace Creation – Java App Add Name Space in Linker • Default namespace • Anonymous namespace • Class-loader namespace Run Java APK Framework Fork zygote Load Dex file Create JIT Get default Namespace libart-compiler.so libvixl.so Load *.classes.dexunder default namespace Get Classloader for apk Create Anonymous Namespace Create classloader Namespace System.load to load a lib Loaded in classloader namespace Anonymous Namespace Default Namespace classloader Namespace
6 Implementation – Name space Namespace Directory Default default_library_paths: System/lib Vendor/lib permitted_paths_: none Anonymous default_library_paths_: Same as default_library_paths of class-loader namespace. permitted_paths_: none It is used by JIT when JIT tries to load a lib. Class-loader default_library_paths: /data/app/com.eXXX- 1/lib/arm(x86);XXXX permitted_paths_: /data;XXXX
7 Check Name space before library is loaded Caller belongs to Default namespace? Load so Whether so is in public name space list? Can be loaded No Yes Check whether *.so in the dedicated directory contained by namespace Yes No Yes Can not be loaded No
8 Why we need it • Different constrictions on library is required for different caller. • Different constrictions on library is required for different stage for a process.

More Related Content

PPTX
Introduction of Android Architecture
byBin Yang
 
PDF
Toward dynamic analysis of obfuscated android malware
byZongXian Shen
 
PPTX
Ci with jenkins docker and mssql belgium
byChris Adkin
 
PDF
[2014 CodeEngn Conference 10] 정광운 - 안드로이드에서도 한번 후킹을 해볼까 (Hooking on Android)
byCode Engn
 
PDF
How to build a tool for operating Flink on Kubernetes
byAndreaMedeghini
 
PPT
Introduction to Git for developers
byDmitry Guyvoronsky
 
PDF
Golang workshop
byVictor S. Recio
 
PPTX
A Skeptic's Guide to Docker
byTori Wieldt
 
Introduction of Android Architecture
byBin Yang
 
Toward dynamic analysis of obfuscated android malware
byZongXian Shen
 
Ci with jenkins docker and mssql belgium
byChris Adkin
 
[2014 CodeEngn Conference 10] 정광운 - 안드로이드에서도 한번 후킹을 해볼까 (Hooking on Android)
byCode Engn
 
How to build a tool for operating Flink on Kubernetes
byAndreaMedeghini
 
Introduction to Git for developers
byDmitry Guyvoronsky
 
Golang workshop
byVictor S. Recio
 
A Skeptic's Guide to Docker
byTori Wieldt
 

What's hot

PDF
Create a PHP Library the right way
byChristian Varela
 
PPTX
Essential Tools for Modern PHP
byAlex Weissman
 
ODP
2017 DevSecCon ZAP Scripting Workshop
bySimon Bennetts
 
PDF
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
byZongXian Shen
 
PDF
From Android NDK To AOSP
byMin-Yih Hsu
 
PDF
Codifying the Build and Release Process with a Jenkins Pipeline Shared Library
byAlvin Huang
 
PPTX
Continuous Integration With Jenkins Docker SQL Server
byChris Adkin
 
PPTX
Jenkins pipeline as code
byMohammad Imran Ansari
 
KEY
Travis CI
bybsiggelkow
 
PDF
Network Protocol Testing Using Robot Framework
byPayal Jain
 
PPT
FTP Commando to Git Hero - WordCamp Denver 2013
byJeremy Green
 
PPTX
Devops.pptx
byMeetPatel921377
 
PPTX
Tugbot - Testing Framework for Docker Containers
byNeil Gehani
 
PDF
How to fail at docker
byChristian Ortner
 
PDF
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
byCloudBees
 
PDF
(CISC 2013) Real-Time Record and Replay on Android for Malware Analysis
byZongXian Shen
 
PDF
Acceptance testing plone sites and add ons with robot framework and selenium
byAsko Soukka
 
PDF
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
byCloudBees
 
PDF
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
byCloudBees
 
PPTX
Continuous integration ( jen kins travis ci)
bySadani Rodrigo
 
Create a PHP Library the right way
byChristian Varela
 
Essential Tools for Modern PHP
byAlex Weissman
 
2017 DevSecCon ZAP Scripting Workshop
bySimon Bennetts
 
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
byZongXian Shen
 
From Android NDK To AOSP
byMin-Yih Hsu
 
Codifying the Build and Release Process with a Jenkins Pipeline Shared Library
byAlvin Huang
 
Continuous Integration With Jenkins Docker SQL Server
byChris Adkin
 
Jenkins pipeline as code
byMohammad Imran Ansari
 
Travis CI
bybsiggelkow
 
Network Protocol Testing Using Robot Framework
byPayal Jain
 
FTP Commando to Git Hero - WordCamp Denver 2013
byJeremy Green
 
Devops.pptx
byMeetPatel921377
 
Tugbot - Testing Framework for Docker Containers
byNeil Gehani
 
How to fail at docker
byChristian Ortner
 
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
byCloudBees
 
(CISC 2013) Real-Time Record and Replay on Android for Malware Analysis
byZongXian Shen
 
Acceptance testing plone sites and add ons with robot framework and selenium
byAsko Soukka
 
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
byCloudBees
 
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
byCloudBees
 
Continuous integration ( jen kins travis ci)
bySadani Rodrigo
 

More from Bin Yang

PPTX
Linker and loader upload
byBin Yang
 
PPTX
Android ressource and overlay upload
byBin Yang
 
PPTX
Introduction of android treble
byBin Yang
 
PPTX
Android secuirty permission - upload
byBin Yang
 
PPTX
New features in android m upload
byBin Yang
 
PPTX
Update from android kk to android l
byBin Yang
 
PPTX
Google IO 2014 overview
byBin Yang
 
Linker and loader upload
byBin Yang
 
Android ressource and overlay upload
byBin Yang
 
Introduction of android treble
byBin Yang
 
Android secuirty permission - upload
byBin Yang
 
New features in android m upload
byBin Yang
 
Update from android kk to android l
byBin Yang
 
Google IO 2014 overview
byBin Yang
 

Recently uploaded

PPTX
Keeping the Home Fires Burning - How cesium formate brine has helped to keep ...
byJohn Downs
 
PPTX
DEEP LEARNING UNIT 2 all about deep learning
bypavanforsocials
 
PPTX
Coupled Hazard-Mobility Framework for Optimizing Emergency Vehicle Routing
byghn2015
 
PPTX
Lean Maintenance: Streamlining Operations for Efficiency & Reliability
byMaintWiz Technologies Private Limited
 
PPTX
Chen,Usmani,Li - Optimizing PATH Weekend Operations - Presentation.pptx
byLeyanChen3
 
PPT
861828706-chapter-7 introductionto UrbanHydrology.ppt
byHussenMohammed18
 
PPTX
Diffusion Models under Local Differential Privacy for Personalized Human Mobi...
bybl4150
 
PPTX
Lecture-15- Thermodynamics II Mohamed salem-NO COMMENTARY.pptx
byDinaSaad22
 
PPTX
Inventory Excellence: Achieve Efficient Inventory Management with CMMS
byMaintWiz Technologies Private Limited
 
PPTX
IEC60079-10-1 -Annex F -Hazardous Area Classification -HAC-Annex F.pptx
byasifmirzamakki
 
PDF
Albert Pintoy - Specializing In Low-Latency
byAlbert Pintoy
 
PPTX
Importance of Instrument Calibration — Improve Accuracy, Reliability & Mainte...
byMaintWiz Technologies Private Limited
 
PPTX
How to Select the Right CMMS Software for Your Organization — A Complete Buye...
byMaintWiz Technologies Private Limited
 
PPTX
Emerging Trends and Research Frontiers in Chemical Engineering for Green and ...
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
PDF
CV_Rahul_ELV Project Engineer_8 Years Experience
byRahulSushruth
 
PPT
63490613-Boiler-Tube-Leakage-analysis-symptoms-causes.ppt
byallahdittashafi
 
PPTX
علي نفط.pptx هندسة النفط هندسة النفط والغاز
byengpe23e27
 
PPTX
TPM Metrics & Measurement: Drive Performance Excellence with TPM | MaintWiz
byMaintWiz Technologies Private Limited
 
PPTX
The Importance of Maintenance Budgets — Maximize Reliability & Control Costs ...
byMaintWiz Technologies Private Limited
 
PPTX
MECCA Empire – Hotel Shuttle System for the 2026 FIFA World Cup
byay2432
 
Keeping the Home Fires Burning - How cesium formate brine has helped to keep ...
byJohn Downs
 
DEEP LEARNING UNIT 2 all about deep learning
bypavanforsocials
 
Coupled Hazard-Mobility Framework for Optimizing Emergency Vehicle Routing
byghn2015
 
Lean Maintenance: Streamlining Operations for Efficiency & Reliability
byMaintWiz Technologies Private Limited
 
Chen,Usmani,Li - Optimizing PATH Weekend Operations - Presentation.pptx
byLeyanChen3
 
861828706-chapter-7 introductionto UrbanHydrology.ppt
byHussenMohammed18
 
Diffusion Models under Local Differential Privacy for Personalized Human Mobi...
bybl4150
 
Lecture-15- Thermodynamics II Mohamed salem-NO COMMENTARY.pptx
byDinaSaad22
 
Inventory Excellence: Achieve Efficient Inventory Management with CMMS
byMaintWiz Technologies Private Limited
 
IEC60079-10-1 -Annex F -Hazardous Area Classification -HAC-Annex F.pptx
byasifmirzamakki
 
Albert Pintoy - Specializing In Low-Latency
byAlbert Pintoy
 
Importance of Instrument Calibration — Improve Accuracy, Reliability & Mainte...
byMaintWiz Technologies Private Limited
 
How to Select the Right CMMS Software for Your Organization — A Complete Buye...
byMaintWiz Technologies Private Limited
 
Emerging Trends and Research Frontiers in Chemical Engineering for Green and ...
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
CV_Rahul_ELV Project Engineer_8 Years Experience
byRahulSushruth
 
63490613-Boiler-Tube-Leakage-analysis-symptoms-causes.ppt
byallahdittashafi
 
علي نفط.pptx هندسة النفط هندسة النفط والغاز
byengpe23e27
 
TPM Metrics & Measurement: Drive Performance Excellence with TPM | MaintWiz
byMaintWiz Technologies Private Limited
 
The Importance of Maintenance Budgets — Maximize Reliability & Control Costs ...
byMaintWiz Technologies Private Limited
 
MECCA Empire – Hotel Shuttle System for the 2026 FIFA World Cup
byay2432
 

Linker namespace upload

  • 1.
  • 2.
    2 Agenda • Target &Behavior • Implementation
  • 3.
    3 Target & Behavior Target •Reduce the possibility that 3rd APK call non- public NDK API Behavior • Non-system app will fail on N device if it uses non-public APIs. • Preloaded system app is allowed to use non- public APIs.
  • 4.
    4 Namespace Creation– Daemonprocess Only Default namespace Run native executable file Bionic execve Kernel Sys_exec ve StartLoad er /system/bin /linker Create a default Namespace and put all so into the namespace
  • 5.
    5 Namespace Creation –Java App Add Name Space in Linker • Default namespace • Anonymous namespace • Class-loader namespace Run Java APK Framework Fork zygote Load Dex file Create JIT Get default Namespace libart-compiler.so libvixl.so Load *.classes.dexunder default namespace Get Classloader for apk Create Anonymous Namespace Create classloader Namespace System.load to load a lib Loaded in classloader namespace Anonymous Namespace Default Namespace classloader Namespace
  • 6.
    6 Implementation – Namespace Namespace Directory Default default_library_paths: System/lib Vendor/lib permitted_paths_: none Anonymous default_library_paths_: Same as default_library_paths of class-loader namespace. permitted_paths_: none It is used by JIT when JIT tries to load a lib. Class-loader default_library_paths: /data/app/com.eXXX- 1/lib/arm(x86);XXXX permitted_paths_: /data;XXXX
  • 7.
    7 Check Name spacebefore library is loaded Caller belongs to Default namespace? Load so Whether so is in public name space list? Can be loaded No Yes Check whether *.so in the dedicated directory contained by namespace Yes No Yes Can not be loaded No
  • 8.
    8 Why we needit • Different constrictions on library is required for different caller. • Different constrictions on library is required for different stage for a process.