文档章节

Android Interprocess Communication(三)

ifindbug
 ifindbug
发布于 2014/10/08 20:49
字数 1471
阅读 52
收藏 0

6. Example IPC Message Flow

6.1. Testing Environment

We used two testing apps running on a virtual device. The first one was an modified example1, which was originally designed to demonstrate an in-app service communication. This is handled quite differently and copes with intercomponent communication, not interprocess communication. It is called SimpleMathService and offers methods for simple mathematical operations.

Testing Environment

The second application was self-programmed and simply uses the remote service provided by the first app.

The applications of the testing environment are illustrated as an extended UML class diagram in Figure 6.1. The UML diagramm is extended with a view of the processes, which instantiated nested Java objects. Their classes and objects (shown in yellow) are compiled from the Android AIDL language. The service app has two components, an activity component called Main and a service component called SimpleMathService. The SimpleMathService class holds an extended anonymous inner class implementing the business logic of the service. The inner class is derived from ISimpleMathService.Stub which is generated by Android SDK from the ISimpleMathService.aidl definition file. This file contains the API definition of the service and must be published if other application developers wish to use this service. The stub class extends the Binder class as well as the proxy class. Accordingly, they are the endpoints of the Binder communication progress.

The application manifest declares the service as remote and therefore it is started in an own process by Android. The activity component will hold a proxy object which is a nested class of the interface ISimpleMathService. The activity runs in an own process, too.

The second application contains the Main activity as component only. This main object holds the UI with a button and a text output and a proxy object for the SimpleMathService, that is more related to IPC.

The applications were compiled with Android SDK for Eclipse and were executed in an Android emulator.

6.2. Message Flow and Call Stacks

Due to the limited size of this paper, only an excerpt can be presented. The binding of the service is presented abstractly, and the remote procedure call is presented in detail.

The user app is executed first. It asks the service manager for a Binder of the SimpleMathService. This Binder is implemented as an anonymous class from ISimpleMathService.Stub of the SimpleMathService application. In this example, the stub object implements the business logic of the service. The bindService() method of the Main class of the user app will create a proxy object for the requested service, which communicates with the stub object on the server side.

Proxy and Stub

At this point we describe in detail what happens, when a remote procedure is called after the binding to the service has been established. The listing 6.1 shows a nested anonymous extended class, which is used as callback.

Callback on Connection Events

This ServiceConnection object was an argument of the earlier called bindService() method. The onServiceConnected callback method returns a proxy object, which delivers all method calls to the remote service. The user application can now handle the object as if it were a local object and marshal methods.

Remote Method Call

Listing 6.2 does a method call on the proxy object to add 40 and 2. In the background, following happens: The call is divided by the proxy object in 6.3 into basic data types, which can be written in a parcel. At first, the receiver is written to the parcel, that is a Binder. The arguments are written serialized in the data packet. A user defined int code is assigned to the transaction. This code relates to the intended method name, because the Binder framework at this point permits only to submit an integer value. To avoid misunderstandings, the remote service as the user application must use the same assignment of code and methods.

Proxy Method

At this point, the interprocess communication is initiated with the transact method.

The parcel is sent to the JNI interface that sends it to the Binder C++ middleware that sends it to the Binder kernel driver. The Binder kernel driver will send the client process to sleep and map the parcel data and the code from client process to the server process. The parcel is send from Binder driver to C++ middleware and then to JNI and on Java API Wrapper Layer the method ontransact of the stub is called.

Stub Method1Stub Method2

In Listing 6.4 the entry point for receiving a message is presented. The code is read first and due to knowledge of the method signature the accurate count of arguments are read from the parcel. Now the method corresponding to the code implementing the business logic is called with extracted arguments. The result is written to a reply parcel.

Again it is routed through the layers to the binder driver, that transfers the parcel and wakes up the sleeping client process and delivers the reply parcel to the proxy object. The relpy is unparceled and returned as the result of the proxy method. Thereafter the result is displayed at the activity window of the client app, refer Figure 6.3.

Testing Environment

  1. Discussion The Binder framework supports basic security features. It ensures that no other application can read or manipulate data by transmitting them over a private channel, namely the Binder kernel module. It acts as mediator and must be trusted by the communicating parties. For identification, the Binder framework provides the UID and PID of the calling Binder. With the UID, an application can check the package signature and identify the app. 7 This is important, because multiple services can be assigned with the same name. The operating system will decide, which service is called, depending on the set priority of the service. However, it is possible for a malicious service to overlap the good service and retrieve information, that is sent by the App believing it is communicating with a trusted service. The application must ensure in security critical situations, e.g. the login to a service, the identity of the service. This is possible and this work could not find a flaw in that system, since the UID and PID are derived from Linux methods, that can be regarded as secure and can not be manipulated by unintended calls or arguments.

The use of Binder as a security token should be audited, because the binder reference number is not chosen randomly. It is incremented from zero in the Binder driver. It could be possible to increase the possible numbers and guess with good probability the right Binder token. But this must be confirmed in a future work.

A. Bibliography

  1. Openhandset Alliance. Android overview, 08 2011. URL http://www. openhandsetalliance.com/android_overview.html.

  2. Bornstein. Dalvik vm internals, 2008 google i/o session, 01 2008. URL http://sites.google.com/site/io/dalvik-vm-internals.

  3. Brady. Anatomy & physiology of an android, 2008 google i/o, 2008. URL http://sites.google.com/site/io/ anatomy--physiology-of-an-android.

  4. Winandy Davi, Sadeghi. Privilege escalation attacks on android, 11 2010. URL http://www.ei.rub.de/media/trust/veroeffentlichungen/2010/ 11/13/DDSW2010_Privilege_Escalation_Attacks_on_Android.pdf.

  5. David Ehringer. Dalvik virtual machine, 03 2011. URL http: //davidehringer.com/software/android/The_Dalvik_Virtual_ Machine.pdf.

  6. Enck. Understanding android security. IEEE S, JanuaryFebruary:50pp, 2009.

  7. freyo. Android get signature by uid, 07 2010. URL http://www.xinotes. org/notes/note/1204/.

  8. Gartner. Gartner says android to become no. 2 worldwide mobile operating system in 2010 and challenge symbian for no. 1 position by 2014, 10 2010. URL http://www.gartner.com/it/page.jsp?id=1434613.

  9. Google. Android java sources, .

  10. Google. Android kernel sources, .

  11. Google. Android interface definition language (aidl), 08 2011. URL http: //developer.android.com/guide/developing/tools/aidl.html.

  12. Google. Android documentation - fundamentals, 08 2011. URL http:// developer.android.com/guide/topics/fundamentals.html.

  13. Google. The android mainifest xml file, 08 2011. URL http://developer. android.com/guide/topics/manifest/manifest-intro.html.

  14. Google. Binder java documentation, 08 2011. URL http://developer. android.com/reference/android/os/Binder.html.

  15. Google. Android documentation - intent, 08 2011. URL http://developer. android.com/reference/android/content/Intent.html.

  16. Google. Android security, 08 2011. URL http://developer.android.com/ guide/topics/security/security.html.

  17. Goolge. Android documentation - what is android, 08 2011. URL http: //developer.android.com/guide/basics/what-is-android.html.

  18. Security Engineering Research Group. Android security, a survey. so far so good., 07 2010. URL http://imsciences.edu.pk/serg/2010/07/ android-security-a-survey-so-far-so-good/.

  19. Hackborn. Re: [patch 1/6] staging: android: binder: Remove some funny && usage, 06 2009. URL https://lkml.org/lkml/2009/6/25/3.

  20. Palmsource Inc. Open binder documentation, 12 2005. URL http://www. angryredplanet.com/~hackbod/openbinder/docs/html/index.html.

  21. Intel. Intel 64 and IA-32 Architectures Software Developer’s Manual. Intel, 2011.

  22. Oracle. Java native interface, 08 2011. URL http://download.oracle. com/javase/6/docs/technotes/guides/jni/index.html.

  23. David A Rusling. The Linux Kernel. 1999.

  24. Chin Felt Greenwood Wagner. Analyzing inter-application commu- nication in android, 06 2001. URL www.cs.berkeley.edu/~afelt/ intentsecurity-mobisys.pdf.

  25. Wiki. Android memory usage, 08 2011. URL http://elinux.org/Android_ Memory_Usage.

本文转载自:https://www.nds.rub.de/media/attachments/files/2011/10/main.pdf

共有 人打赏支持
ifindbug
粉丝 0
博文 9
码字总数 0
作品 0
广州
私信 提问
android service & AIDL

1,Service 可以理解一个没有用户交互接口的Activity,运行在主线程中,只是一个普通的component,而不是另外一个线程或者进程!它的特殊之处在于当用户被切换到后台时 service可以继续运行。...

lightUp
2015/03/12
0
0
Android AIDL的实现

AIDL (Android Interface Definition Language) 是一种IDL 语言,用于生成可以在Android设备上两个进程之间进行进程间通信(interprocess communication, IPC)的代码。如果在一个进程中(例如...

_liusl
2013/06/13
0
4
简单音乐播放实例的实现,Android Service AIDL 远程调用服务

Android Service是分为两种: 本地服务(Local Service): 同一个apk内被调用 远程服务(Remote Service):被另一个apk调用 远程服务需要借助AIDL来完成。 AIDL 是什么 AIDL (Android Inte...

baisou
2013/07/27
0
0
Linux与Android的关系

大家都知道Android是基于Linux内核的操作系统,也曾经和Linux基金会因为内核问题产生过分歧,本文将开始对Android的内核进行剖析,主要介绍Android和Linux之间的关系,后续还会讲到Android系...

开心303
2011/08/03
0
0
后台的幽灵 - Service

后台的幽灵 - Service 本节内容涉及到 一 什么是Service 二 如何使用Service 三 Service的生命周期 一 什么是Service Service, 看名字就知道跟正常理解的“服务”差不多,后台运行,可交互这...

垂盆草
2012/09/21
0
0

没有更多内容

加载失败,请刷新页面

加载更多

全面理解Java内存模型(JMM)及volatile关键字

理解Java内存区域与Java内存模型 Java内存区域 Java虚拟机在运行程序时会把其自动管理的内存划分为以上几个区域,每个区域都有的用途以及创建销毁的时机,其中蓝色部分代表的是所有线程共享的...

亭子happy
5分钟前
0
0
Prometheus监控mysql实例--centos7安装mysql_exporter

目录 概述 环境准备 普罗米修斯简介 mysql安装 mysqld_exporter安装 启动参数列表 概述 prometheus(普罗米修斯) 是一个开源系统监控和报警工具包,许多公司和组织都采用了Prometheus,该项目...

java_龙
11分钟前
3
0
拥有2000家门店,他如何晋升为服装界的新宠?

摘要: —— iwarm3.0加热组件、碳纳米管膜炎、管状石墨结构体...你看到并不是一款高科技电子产品,这是快鱼服饰在这个冬天推出的黑科技产品 - 智能温控羽绒服。 在竞争激烈的服装行业,快鱼...

阿里云云栖社区
13分钟前
0
0
不忘初心 砥砺前行-智和信通2018年年会报道

1月18日,智和信通以“不忘初心 砥砺前行”为主题的2018总结会议暨2019年年会在京召开。年会以总经理李少龙的讲话为开场,充分肯定了全体员工2018年的工作和成绩,并表达了公司产品智和网管平...

智和网管平台
22分钟前
0
0
NGINX api网关

以谁为师
23分钟前
1
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部