文档章节

Android Interprocess Communication(三)

ifindbug
 ifindbug
发布于 2014/10/08 20:49
字数 1471
阅读 51
收藏 0

6. Example IPC Message Flow

6.1. Testing Environment

We used two testing apps running on a virtual device. The first one was an modified example1, which was originally designed to demonstrate an in-app service communication. This is handled quite differently and copes with intercomponent communication, not interprocess communication. It is called SimpleMathService and offers methods for simple mathematical operations.

Testing Environment

The second application was self-programmed and simply uses the remote service provided by the first app.

The applications of the testing environment are illustrated as an extended UML class diagram in Figure 6.1. The UML diagramm is extended with a view of the processes, which instantiated nested Java objects. Their classes and objects (shown in yellow) are compiled from the Android AIDL language. The service app has two components, an activity component called Main and a service component called SimpleMathService. The SimpleMathService class holds an extended anonymous inner class implementing the business logic of the service. The inner class is derived from ISimpleMathService.Stub which is generated by Android SDK from the ISimpleMathService.aidl definition file. This file contains the API definition of the service and must be published if other application developers wish to use this service. The stub class extends the Binder class as well as the proxy class. Accordingly, they are the endpoints of the Binder communication progress.

The application manifest declares the service as remote and therefore it is started in an own process by Android. The activity component will hold a proxy object which is a nested class of the interface ISimpleMathService. The activity runs in an own process, too.

The second application contains the Main activity as component only. This main object holds the UI with a button and a text output and a proxy object for the SimpleMathService, that is more related to IPC.

The applications were compiled with Android SDK for Eclipse and were executed in an Android emulator.

6.2. Message Flow and Call Stacks

Due to the limited size of this paper, only an excerpt can be presented. The binding of the service is presented abstractly, and the remote procedure call is presented in detail.

The user app is executed first. It asks the service manager for a Binder of the SimpleMathService. This Binder is implemented as an anonymous class from ISimpleMathService.Stub of the SimpleMathService application. In this example, the stub object implements the business logic of the service. The bindService() method of the Main class of the user app will create a proxy object for the requested service, which communicates with the stub object on the server side.

Proxy and Stub

At this point we describe in detail what happens, when a remote procedure is called after the binding to the service has been established. The listing 6.1 shows a nested anonymous extended class, which is used as callback.

Callback on Connection Events

This ServiceConnection object was an argument of the earlier called bindService() method. The onServiceConnected callback method returns a proxy object, which delivers all method calls to the remote service. The user application can now handle the object as if it were a local object and marshal methods.

Remote Method Call

Listing 6.2 does a method call on the proxy object to add 40 and 2. In the background, following happens: The call is divided by the proxy object in 6.3 into basic data types, which can be written in a parcel. At first, the receiver is written to the parcel, that is a Binder. The arguments are written serialized in the data packet. A user defined int code is assigned to the transaction. This code relates to the intended method name, because the Binder framework at this point permits only to submit an integer value. To avoid misunderstandings, the remote service as the user application must use the same assignment of code and methods.

Proxy Method

At this point, the interprocess communication is initiated with the transact method.

The parcel is sent to the JNI interface that sends it to the Binder C++ middleware that sends it to the Binder kernel driver. The Binder kernel driver will send the client process to sleep and map the parcel data and the code from client process to the server process. The parcel is send from Binder driver to C++ middleware and then to JNI and on Java API Wrapper Layer the method ontransact of the stub is called.

Stub Method1Stub Method2

In Listing 6.4 the entry point for receiving a message is presented. The code is read first and due to knowledge of the method signature the accurate count of arguments are read from the parcel. Now the method corresponding to the code implementing the business logic is called with extracted arguments. The result is written to a reply parcel.

Again it is routed through the layers to the binder driver, that transfers the parcel and wakes up the sleeping client process and delivers the reply parcel to the proxy object. The relpy is unparceled and returned as the result of the proxy method. Thereafter the result is displayed at the activity window of the client app, refer Figure 6.3.

Testing Environment

  1. Discussion The Binder framework supports basic security features. It ensures that no other application can read or manipulate data by transmitting them over a private channel, namely the Binder kernel module. It acts as mediator and must be trusted by the communicating parties. For identification, the Binder framework provides the UID and PID of the calling Binder. With the UID, an application can check the package signature and identify the app. 7 This is important, because multiple services can be assigned with the same name. The operating system will decide, which service is called, depending on the set priority of the service. However, it is possible for a malicious service to overlap the good service and retrieve information, that is sent by the App believing it is communicating with a trusted service. The application must ensure in security critical situations, e.g. the login to a service, the identity of the service. This is possible and this work could not find a flaw in that system, since the UID and PID are derived from Linux methods, that can be regarded as secure and can not be manipulated by unintended calls or arguments.

The use of Binder as a security token should be audited, because the binder reference number is not chosen randomly. It is incremented from zero in the Binder driver. It could be possible to increase the possible numbers and guess with good probability the right Binder token. But this must be confirmed in a future work.

A. Bibliography

  1. Openhandset Alliance. Android overview, 08 2011. URL http://www. openhandsetalliance.com/android_overview.html.

  2. Bornstein. Dalvik vm internals, 2008 google i/o session, 01 2008. URL http://sites.google.com/site/io/dalvik-vm-internals.

  3. Brady. Anatomy & physiology of an android, 2008 google i/o, 2008. URL http://sites.google.com/site/io/ anatomy--physiology-of-an-android.

  4. Winandy Davi, Sadeghi. Privilege escalation attacks on android, 11 2010. URL http://www.ei.rub.de/media/trust/veroeffentlichungen/2010/ 11/13/DDSW2010_Privilege_Escalation_Attacks_on_Android.pdf.

  5. David Ehringer. Dalvik virtual machine, 03 2011. URL http: //davidehringer.com/software/android/The_Dalvik_Virtual_ Machine.pdf.

  6. Enck. Understanding android security. IEEE S, JanuaryFebruary:50pp, 2009.

  7. freyo. Android get signature by uid, 07 2010. URL http://www.xinotes. org/notes/note/1204/.

  8. Gartner. Gartner says android to become no. 2 worldwide mobile operating system in 2010 and challenge symbian for no. 1 position by 2014, 10 2010. URL http://www.gartner.com/it/page.jsp?id=1434613.

  9. Google. Android java sources, .

  10. Google. Android kernel sources, .

  11. Google. Android interface definition language (aidl), 08 2011. URL http: //developer.android.com/guide/developing/tools/aidl.html.

  12. Google. Android documentation - fundamentals, 08 2011. URL http:// developer.android.com/guide/topics/fundamentals.html.

  13. Google. The android mainifest xml file, 08 2011. URL http://developer. android.com/guide/topics/manifest/manifest-intro.html.

  14. Google. Binder java documentation, 08 2011. URL http://developer. android.com/reference/android/os/Binder.html.

  15. Google. Android documentation - intent, 08 2011. URL http://developer. android.com/reference/android/content/Intent.html.

  16. Google. Android security, 08 2011. URL http://developer.android.com/ guide/topics/security/security.html.

  17. Goolge. Android documentation - what is android, 08 2011. URL http: //developer.android.com/guide/basics/what-is-android.html.

  18. Security Engineering Research Group. Android security, a survey. so far so good., 07 2010. URL http://imsciences.edu.pk/serg/2010/07/ android-security-a-survey-so-far-so-good/.

  19. Hackborn. Re: [patch 1/6] staging: android: binder: Remove some funny && usage, 06 2009. URL https://lkml.org/lkml/2009/6/25/3.

  20. Palmsource Inc. Open binder documentation, 12 2005. URL http://www. angryredplanet.com/~hackbod/openbinder/docs/html/index.html.

  21. Intel. Intel 64 and IA-32 Architectures Software Developer’s Manual. Intel, 2011.

  22. Oracle. Java native interface, 08 2011. URL http://download.oracle. com/javase/6/docs/technotes/guides/jni/index.html.

  23. David A Rusling. The Linux Kernel. 1999.

  24. Chin Felt Greenwood Wagner. Analyzing inter-application commu- nication in android, 06 2001. URL www.cs.berkeley.edu/~afelt/ intentsecurity-mobisys.pdf.

  25. Wiki. Android memory usage, 08 2011. URL http://elinux.org/Android_ Memory_Usage.

本文转载自:https://www.nds.rub.de/media/attachments/files/2011/10/main.pdf

共有 人打赏支持
ifindbug
粉丝 0
博文 9
码字总数 0
作品 0
广州
android service & AIDL

1,Service 可以理解一个没有用户交互接口的Activity,运行在主线程中,只是一个普通的component,而不是另外一个线程或者进程!它的特殊之处在于当用户被切换到后台时 service可以继续运行。...

lightUp
2015/03/12
0
0
android开发AIDL实例

由于每个应用程序都运行在自己的进程空间,并且可以从应用程序UI运行另一个服务进程,而且经常会在不同的进程间传递对象。在Android平台,一个进程通常不能访问另一个进程的内存空间。但是a...

晨曦之光
2012/03/13
0
0
Android AIDL的实现

AIDL (Android Interface Definition Language) 是一种IDL 语言,用于生成可以在Android设备上两个进程之间进行进程间通信(interprocess communication, IPC)的代码。如果在一个进程中(例如...

_liusl
2013/06/13
0
4
简单音乐播放实例的实现,Android Service AIDL 远程调用服务

Android Service是分为两种: 本地服务(Local Service): 同一个apk内被调用 远程服务(Remote Service):被另一个apk调用 远程服务需要借助AIDL来完成。 AIDL 是什么 AIDL (Android Inte...

baisou
2013/07/27
0
0
Linux与Android的关系

大家都知道Android是基于Linux内核的操作系统,也曾经和Linux基金会因为内核问题产生过分歧,本文将开始对Android的内核进行剖析,主要介绍Android和Linux之间的关系,后续还会讲到Android系...

开心303
2011/08/03
0
0

没有更多内容

加载失败,请刷新页面

加载更多

如何通过 J2Cache 实现分布式 session 存储

做 Java Web 开发的人多数都会需要使用到 session (会话),我们使用 session 来保存一些需要在两个不同的请求之间共享数据。一般 Java 的 Web 容器像 Tomcat、Resin、Jetty 等等,它们会在...

红薯
37分钟前
1
0
C++ std::thread

C++11提供了std::thread类来表示一个多线程对象。 1,首先介绍一下std::this_thread命名空间: (1)std::this_thread::get_id():返回当前线程id (2)std::this_thread::yield():用户接口...

yepanl
今天
2
0
Nignx缓存文件与动态文件自动均衡的配置

下面这段nginx的配置脚本的作用是,自动判断是否存在缓存文件,如果有优先输出缓存文件,不经过php,如果没有,则回到php去处理,同时生成缓存文件。 PHP框架是ThinkPHP,最后一个rewrite有关...

swingcoder
今天
1
0
20180920 usermod命令与用户密码管理

命令 usermod usermod 命令的选项和 useradd 差不多。 一个用户可以属于多个组,但是gid只有一个;除了gid,其他的组(groups)叫做扩展组。 usermod -u 1010 username # 更改用户idusermod ...

野雪球
今天
1
0
Java网络编程基础

1. 简单了解网络通信协议TCP/IP网络模型相关名词 应用层(HTTP,FTP,DNS等) 传输层(TCP,UDP) 网络层(IP,ICMP等) 链路层(驱动程序,接口等) 链路层:用于定义物理传输通道,通常是对...

江左煤郎
今天
1
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部