mobile spaces
DESCRIPTION
TRANSCRIPT
A Sneak Peek Into Android Internals
GDG Dec-2012By Yoav Weiss
MobileSpaces Founder & CTO
What we're going to talk about
● Virtualizing Android● Understanding Android internals
through dynamic tracing
What is MobileSpaces
● Solving BYOD through a unique virtualization platform
● Any app, any device, no root(!)● Funded by Accel Partners
Short demo of
Android Security Model in a nutshell
● The Android security model is based on linux kernel separation
● Apps and services run in usermode● Each app is assigned a unique uid and a
home directory● Android takes advantage of linux gids● Android permissions are enforced by uid
rather than package
Application Initialization ProcessStep 1 - ActivityManager asks the System Server to start Activity/Service/Receiver/Provider
* ActivityManager is actually a service running in the system_server process
Application Initialization Process
Step 2 - System Server checks which package provides that functionality
Application Initialization Process
Step 3 - System Server tells Zygote to load the package
Application Initialization Process
Step 4 - Zygote forks and creates the new application process
Application Initialization ProcessStep 5 - The application is set up:
● Check permissions ● Set gid● Set uid● Load the package
Application Initialization Process
Step 6 - The application starts listening for instructions from ActivityManager (Activity lifecycle messages)
Virtualizing AndroidSince Android apps and services run in usermode, they must interact with the world via syscalls.
Binder Flow Example
Step 1 - Camera app asks MediaServer to access the camera
Binder Flow Example
Step 2 - MediaServer asks system_server if camera app is allow to access the camera
Binder Flow Example
Step 3 - system_server grants the permission
Binder Flow Example
Step 4 - MediaServer opens the camera driver and configures it
Binder Flow Example
Step 5 - MediaServer returns the file descriptor to the camera app which can now use the camera
Live Demos Using the
platform
Summary
● We virtualized Android. No root required● We used the VM to peek into the system
MobileSpaces is hiring!
Visit us at: http://www.mobilespaces.somContact us: [email protected]
Q&A