文档章节

Android Interprocess Communication(一)

ifindbug
 ifindbug
发布于 2014/10/08 19:51
字数 2455
阅读 75
收藏 0
点赞 0
评论 0

Abstract

This paper is an analysis of the interprocess communication in Android mobile operating system, provided by a custom software called Binder. It gives an overview about the capabilities and different layers of the Binder framework.

1. Introduction

A Gartner forecast [8] stated in late 2010, that Android will ”... challenge symbian for no. 1 position by 2014”.That means, that Android is an increasing factor in smartphone computing. Android introduces new extensions and features to the Linux kernel. The Binder framework for interprocess communication represents such a feature. For this framework a complete documentation does not exist. The Java classes are well documented, but it gets more fragmented and is completely missing for the kernel module.

This work tries to give an overview of the Binder framework, its features and functionalities.

Chapter 2 provides all needed background knowledge to understand the Binder framework. It gives an overview about Linux and outlines its basic concepts.

Chapter 3 introduces the Android operating system and its basic concepts.

Chapter 4 discusses the Binder and its capabilities. The explanation covers an abstract level, without going into implementation details.

The Chapter 5 discusses the different layers of the Binder framework and where its the features are implemented.

Chapter 6 gives an example of an applied Binder interprocess communication, where an Android client application accesses an Android remote service application and performs an remote procedure call.

2. Background

In this chapter we discuss the underlying theory. We give an overview on the topic of multitasking and processes and we point out why the concept of interprocess communication is needed.

2.1. Multitasking, Processes and Threads

Multitasking is the ability to execute multiple instances of programs or processes at the same time. An operating system therefore creates for every binary executable file a certain memory frame with its own stack, heap, data and shared mapped libraries. It also assigns special internal management structures. This is called a process.

The operating system must provide fair proportioning, because only one process can use the CPU at the same time. All processes must be interruptible. The operating system sends them to sleep or wakes them on their time slot. This work is done by a scheduler, supplying each process with an optimal time slot.

A thread is a process without own address space in memory, it shares the address space with the parent process. Processes can have child threads, and a thread must be assigned to a process.

2.2. Process Isolation

Due to security and safety reasons, one process must not manipulate the data of another process. For this purpose an operating system must integrate a concept for process isolation. In Linux, the virtual memory mechanism achieves that by assigning each process accesses to one linear and contiguous memory space. This virtual memory space is mapped to physical memory by the operating system. Each process has its own virtual memory space, so that a process cannot manipulate the memory space of another process. The memory access of a process is limited to its virtual memory. Only the operating system has access to physical and therefore all memory.

The process isolation ensures for each process memory security, but in many cases the communication between process is wanted and needed. The operating system must provide mechanisms to approve interprocess communication.

2.3. User Space and Kernel Space

Processes run normally in an unprivileged operation mode, that means they have no access to physical memory or devices. This operation mode is called in Linux user space. More abstractly, the concept of security boundaries of an operating system introduces the term ring. Note, that this must be a hardware supported feature of the platform. A certain group of rights is assigned to a ring. Intel hardware [21] supports four rings, but only two rings are used by Linux. These are ring 0 with full rights and ring 3 with least rights. Ring 1 and 2 are unused. System processes run in ring 0 and user processes in ring 3. If a process needs higher privileges, it must perform a transition from ring 3 to ring 0. The transition passes a gateway, that performs security checks on arguments. This transition is called system call and produces a certain amount of calculating overhead.

2.4. Interprocess Communication in Linux

If one process exchanges data with another process, it is called interprocess communication (IPC). Linux offers a variety of mechanisms for IPC. These are the following listed: [23]

Signals Oldest IPC method. A process can send signals to processes with the same uid and gid or in the same process group.

Pipes Pipes are unidirectional bytestreams that connect the standard output from one process with the standard input of another process.

Sockets A socket is an endpoint of bidirectional communication. Two processes can communicate with bytestreams by opening the same socket.

Message queues Processes can write a message to a message queue that is readable for other Processes. Semaphores A semaphore is a shared variable that can be read and written by many processes.

Shared Memory A location in system memory mapped into virtual address spaces of two processes, that each process can fully access.

3. Android

In this chapter, the basic mechanisms and concepts of the mobile operating system Android are presented. Android was developed by the Open Handset Alliance and Google and is available since 2008. 1

3.1. Kernel

Android is based on a Linux 2.6 standard kernel but enhanced with new extensions for mobile needs. These are kernel modules Alarm, Ashmem, Binder, power management, Low Memory Killer, a kernel debugger and a logger. We will analyze the Binder driver in this work, that offers a new IPC mechanism to Linux. [17]

3.2. Programming Languages

Four programming languages are used for system development: Assembler, C, C++ and Java. The kernel has a small amount of Assembler but is mainly written in C. Some native applications and libraries are written in C++. All other applications, especially custom apps, are written in Java. [10]

3.3. Java Native Interface

A distinction is made between programs compiled for the virtual machine and programs compiled to run on a specific computation platform, like Intel x86 or ARM. Programs compiled for a specific platform are called native. Because Java is executed in a virtual machine with its own byte-code, no native code can be executed directly. Due to the need to access low-level os mechanism like kernel calls, Java has to overcome this obstacle. This is done by the Java native interface (JNI) [22], which allows Java to execute compiled code from libraries written in other languages, e.g. C++. This is a trade-off between gaining capabilities of accessing the system and decreasing the level of security in Java.

### 3.4. Dalvik Virtual Machine

The Dalvik virtual machine (DVM) [5] runs the Java programmed apps. The DVM does not claim to be a Java virtual machine (JVM) due to license reasons, but fulfills the same purpose. Java 5 programs can run in that environment.

The Sun JVM is stack based, because a stack machine can be run on every hardware. Hardware and platform independence were major design principles of Java. The DVM is register based for performance reasons and well adapted to ARM hardware. This is a different design principle, taking the advantage of hardware independence for high performance and less power consumption, which is essential for mobile purposes with limited battery capability. The possibility to use the Java native interface weakens the security guarantying property of Java to implicit checking the bounds of variables and to encapsulate system calls and the force to use JVM defined interfaces to the system. The use of native libraries can allow bypassing the type and border checking of the virtual machine and opens the door to stack-overflow attacks. [4]

Even it is a security issue, the JNI is essential for the interprocess communication mechanism because the middleware of Binder are C++ libraries and must be accessed with JNI.

3.5. Zygote

Due to performance reasons, the DVM is started only once. Each new instance of it is cloned. This is done by a system service called Zygote. 2

First, it preinitializes and preloads common Android classes in its heap. [25] Then, it listens on a socket for commands to start a new Android application. On receiving a start command, it forks a new process with the loaded application. This process becomes the started application and shares the heap with the original Zygote process by copy-on-write mapping and so the memory pages of Zygote’s heap are linked to this new process. While the application reads only from the heap, it stays shared. But when the application performs write operations on its heap, the corresponding memory page is copied and the link is changed to the new page. Now the heap can be manipulated, without manipulating the original data from the parent Zygote process.

When an Android application forks, it uses Zygote’s memory layout and therefore the layout is the same for each application.

3.6. Application Concept

Each Android application is composed from up to 4 different components. [12] Each component has a special subject. Figure 3.1 presents the components as a ierarchically class diagram since they are actually Java classes.

Application Components System

The activity represents the user interface of an application. It is responsible for performing the screen and receiving interaction created by the user. It is not intended to hold persistent data because it can be sent to sleep by the operating system if another activity is brought to the front.

For long duration purposes Android offers the service component. All tasks running in the background of an application must be implemented here, because a foreground service is only stopped if the system runs out of memory and apps must be terminated to free memory.

Even if the service is persistent in task performing, it is depreciated to hold persistent data. This is the subject of the content provider, which gives an interface for accessing persistent data like file or network streams as SQLlike databases.

The broadcast receiver is for receiving system wide messages, i.e. the message that a new SMS has come in is provided to all subscribers. A low battery level warning is also sent on this channel. Broadcast reveivers handle these messages and marshal certain action, e.g. saving the state of an app in prospect to a soon shutdown of the mobile device.

The application manifest [13] keeps the information for Android about the component. In this file, the basic application configuration is set. E.g., if an service starts in its own process or if it is attached to local process. Listing 3.1 gives an example of an Android application manifest XML file.

<!-- lang: xml -->
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.msi.manning.binder">
    <application android:icon="@drawable/icon">
        <activity android:name=".ActivityExample" android:label="@string/app_name">
            <intent-filter>
                <action android:name="android.intent.action.MAIN" />
                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>
        </activity>
        <service android:name=".SimpleMathService" />
    </application>
</manifest> 

3.7. Component Communication Concepts

As different components have to exchange data, this is realized through intercom- ponent communication, or interprocess communication, if the specific components belong to different processes (apps).

The communication works with so called intents. These are representations for operations to be performed. An intent is basically a datastructure which contains a URI and an action. The URI uniquely identifies an application component and the action identifies the operation to be executed.

This intent is submitted by the interprocess communication system. Figure 3.2 gives an overview about the different forms of component interaction. An activity is started by an intent and can bring another activity to the front.

A service can be started, stopped and bound by IPC. Also the call and return methods are implemented by IPC.

A content provider can be queried by an activity via IPC and returns the result accordingly. The Android source code files show an extensive use of IPC to exchange the abstract data.

A broadcast receiver gets all the intents (eg. messages) it has subscripted to via IPC. [12]

Application Components System

At this point, the importance of the IPC mechanism becomes apparent. The Android OS with its framework is a distributed system and the major and key technology to achieve that design is the IPC Binder mechanism.

3.8. Security Concept

The security mechanism in Android consists of three layers. The basic layer consists of a division of the persistent memory in two partitions, called system and data. The system partition is mounted as read only to prevent system data manipulation. The data partition is the place where application states and persistent data can be stored. Note, that the system partition can be remounted in write mode by the App Store application to install new apps.

To separate the apps from each other, the discretionary access control (DAC) model of Linux is used. Each app has its unique user ID and group ID and can only access its own directory. Only apps from the same author run under the same user ID and can access their data. All apps must be signed by the author to prevent data manipulation and to identify the author. So the system can determine if apps are from the same author and can run under one UID.

Since the Linux DAC model allows only a rudimentary level of access control, for fine granulated rights Android’s middleware offers a permission label system which implements a mandatory access control (MAC) model. This system is based on a set of permissions and a set of exported services including access restrictions.

For each action performed on the operating system a permission label exists. At installation time the application asks the user for a set of permissions, the user has the choice between granting all asked permissions or aborting the installation. Once granted at installation time, a permission can never be removed except by uninstalling the app.

Every app can specify an intent filter, a white list mechanism, that defines the types of intents the components of the application should receive. Intents that are not listed will be filtered out by the reference monitor.

A problem is that the apps of an author can communicate freely because of same UID and GID. That means, if multiple apps from the same author are installed on the phone the different rights of each app accumulate through transitive property. App A asks app B of the same author to perform an action, for which app A has no rights but app B. So app B gets in possession of rights that are not granted by user for this dedicated app. [6] [18] [16]

(continue...)

本文转载自:https://www.nds.rub.de/media/attachments/files/2011/10/main.pdf

共有 人打赏支持
ifindbug
粉丝 0
博文 9
码字总数 0
作品 0
广州
android service & AIDL

1,Service 可以理解一个没有用户交互接口的Activity,运行在主线程中,只是一个普通的component,而不是另外一个线程或者进程!它的特殊之处在于当用户被切换到后台时 service可以继续运行。...

lightUp
2015/03/12
0
0
android开发AIDL实例

由于每个应用程序都运行在自己的进程空间,并且可以从应用程序UI运行另一个服务进程,而且经常会在不同的进程间传递对象。在Android平台,一个进程通常不能访问另一个进程的内存空间。但是a...

晨曦之光
2012/03/13
0
0
Linux与Android的关系

大家都知道Android是基于Linux内核的操作系统,也曾经和Linux基金会因为内核问题产生过分歧,本文将开始对Android的内核进行剖析,主要介绍Android和Linux之间的关系,后续还会讲到Android系...

开心303
2011/08/03
0
0
Android AIDL的实现

AIDL (Android Interface Definition Language) 是一种IDL 语言,用于生成可以在Android设备上两个进程之间进行进程间通信(interprocess communication, IPC)的代码。如果在一个进程中(例如...

_liusl
2013/06/13
0
4
简单音乐播放实例的实现,Android Service AIDL 远程调用服务

Android Service是分为两种: 本地服务(Local Service): 同一个apk内被调用 远程服务(Remote Service):被另一个apk调用 远程服务需要借助AIDL来完成。 AIDL 是什么 AIDL (Android Inte...

baisou
2013/07/27
0
0
深入解读Linux与Android的相互关系& Android消息处理系统的原理

深入解读Linux与Android的相互关系 大家都知道Android是基于Linux内核的操作系统,也曾经和Linux基金会因为内核问题产生过分歧,本文将开始对Android的内核进行剖析,主要介绍Android和Linux...

AlphaJay
2011/07/29
0
0
后台的幽灵 - Service

后台的幽灵 - Service 本节内容涉及到 一 什么是Service 二 如何使用Service 三 Service的生命周期 一 什么是Service Service, 看名字就知道跟正常理解的“服务”差不多,后台运行,可交互这...

垂盆草
2012/09/21
0
0
Android之AIDL进程之间的通信

意义: 由于每个应用进程都有自己的独立进程空间,在android平台上,一个进程通常不能访问另一个进程的内存空间,而我们经常需要夸进程传递对象,就需要把对象分解成操作对象可以理解的基本单...

zhoulc
2014/02/12
0
1
Android TCP/IP Socket Test

TCP/IP协议:Transmission Control Protocol/Internet Protocol的简写,中译名为传输控制协议/因特网互联协议,又名网络通讯协议,是Internet最基本的协议、Internet国际互联网络的基础,由网...

postdep
2014/11/01
0
1
Android Service学习之AIDL, Parcelable和远程服务

AIDL的作用 由于每个应用程序都运行在自己的进程空间,并且可以从应用程序UI运行另一个服务进程,而且经常会在不同的进程间传递对象。在Android平台,一个进程通常不能访问另一个进程的内存空...

eric_zhang
2011/08/01
0
1

没有更多内容

加载失败,请刷新页面

加载更多

下一页

idea tomcat 远程调试

tomcat 配置 编辑文件${tomcat_home}/bin/catalina.sh,在文件开头添加如下代码。    CATALINA_OPTS="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=7829" Idea端配......

qwfys
今天
1
0
遍历目录下的文件每250M打包一个文件

#!/usr/bin/env python # -*- utf-8 -*- # @Time : 2018/7/20 0020 下午 10:16 # @Author : 陈元 # @Email : abcmeabc@163.com # @file : tarFile.py import os import tarfile import thr......

寻爱的小草
今天
1
0
expect同步文件&expect指定host和要同步的文件&构建文件分发系统&批量远程执行命令

20.31 expect脚本同步文件 expect通过与rsync结合,可以在一台机器上把文件自动同步到多台机器上 编写脚本 [root@linux-5 ~]# cd /usr/local/sbin[root@linux-5 sbin]# vim 4.expect#!/...

影夜Linux
今天
1
0
SpringBoot | 第九章:Mybatis-plus的集成和使用

前言 本章节开始介绍数据访问方面的相关知识点。对于后端开发者而言,和数据库打交道是每天都在进行的,所以一个好用的ORM框架是很有必要的。目前,绝大部分公司都选择MyBatis框架作为底层数...

oKong
今天
13
0
win10 上安装解压版mysql

1.效果 2. 下载MySQL 压缩版 下载地址: https://downloads.mysql.com/archives/community/ 3. 配置 3.1 将下载的文件解压到合适的位置 我最终将myql文件 放在:D:\develop\mysql 最终放的位...

Lucky_Me
今天
2
0
linux服务器修改mtu值优化cpu

一、jumbo frames 相关 1、什么是jumbo frames Jumbo frames 是指比标准Ethernet Frames长的frame,即比1518/1522 bit大的frames,Jumbo frame的大小是每个设备厂商规定的,不属于IEEE标准;...

问题终结者
今天
2
0
expect脚本同步文件expect脚本指定host和要同步的文件 构建文件分发系统批量远程执行命令

expect脚本同步文件 在一台机器上把文件同步到多台机器上 自动同步文件 vim 4.expect [root@yong-01 sbin]# vim 4.expect#!/usr/bin/expectset passwd "20655739"spawn rsync -av ro...

lyy549745
今天
1
0
36.rsync下 日志 screen

10.32/10.33 rsync通过服务同步 10.34 linux系统日志 10.35 screen工具 10.32/10.33 rsync通过服务同步: rsync还可以通过服务的方式同步。那需要开启一个服务,他的架构是cs架构,客户端服务...

王鑫linux
今天
1
0
matplotlib 保存图片时的参数

简单绘图 import matplotlib.pyplot as pltplt.plot(range(10)) 保存为csv格式,放大后依然很清晰 plt.savefig('t1.svg') 普通保存放大后会有点模糊文件大小20多k plt.savefig('t5.p...

阿豪boy
今天
3
0
java 8 复合Lambda 表达式

comparator 比较器复合 //排序Comparator.comparing(Apple::getWeight);List<Apple> list = Stream.of(new Apple(1, "a"), new Apple(2, "b"), new Apple(3, "c")) .collect(......

Canaan_
昨天
1
0

没有更多内容

加载失败,请刷新页面

加载更多

下一页

返回顶部
顶部