Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Android Security Features

Dave Smith
November 09, 2016

Android Security Features

Overview of the core platform elements that make up the Android security model for applications.

Dave Smith

November 09, 2016
Tweet

More Decks by Dave Smith

Other Decks in Programming

Transcript

  1. App Manifest Compiled Code Resources Signature Info Application Package (APK)

    Authenticate Developer Identity Prevent APK Tampering
  2. JAR Signer APK Signature Hash Files Hash Hashes Sign w/

    Private Key Hash 1MB Chunks Sign w/ Private Key Hash Hashes
  3. # ps USER PID PPID ... NAME ... system 1723

    1240 ... com.android.settings u0_a10 1803 1240 ... android.ext.services u0_a32 1824 1240 ... com.android.deskclock u0_a1 1896 1240 ... android.process.acore u0_a55 1914 1240 ... com.android.printspooler u0_a13 1942 1240 ... com.android.launcher3 system 1974 1240 ... com.android.keychain u0_a8 2000 1240 ... android.process.media u0_a26 2064 1240 ... com.android.calendar u0_a66 2096 1240 ... com.android.quicksearchbox u0_a67 2123 1240 ... com.android.messaging u0_a6 2189 1240 ... com.android.dialer u0_a35 2209 1240 ... com.android.email u0_a65 2229 1240 ... com.android.gallery3d
  4. # ps USER PID PPID ... NAME ... system 1723

    1240 ... com.android.settings u0_a10 1803 1240 ... android.ext.services u0_a32 1824 1240 ... com.android.deskclock u0_a1 1896 1240 ... android.process.acore u0_a55 1914 1240 ... com.android.printspooler u0_a13 1942 1240 ... com.android.launcher3 system 1974 1240 ... com.android.keychain u0_a8 2000 1240 ... android.process.media u0_a26 2064 1240 ... com.android.calendar u0_a66 2096 1240 ... com.android.quicksearchbox u0_a67 2123 1240 ... com.android.messaging u0_a6 2189 1240 ... com.android.dialer u0_a35 2209 1240 ... com.android.email u0_a65 2229 1240 ... com.android.gallery3d
  5. # cd /data/data/com.android.launcher3 # ls -l total 24 drwxrwx--x 2

    u0_a13 u0_a13 4096 2016-09-15 22:23 cache drwxrwx--x 2 u0_a13 u0_a13 4096 2016-09-15 22:23 databases drwxrwx--x 2 u0_a13 u0_a13 4096 2016-11-01 22:13 shared_prefs # cd /data/data/ # ls -l ... drwxr-x--x 6 u0_a6 u0_a6 4096 2016-09-15 22:23 com.android.dialer drwxr-x--x 6 u0_a35 u0_a35 4096 2016-09-15 22:23 com.android.email drwxr-x--x 5 u0_a13 u0_a13 4096 2016-09-15 22:23 com.android.launcher3
  6. $ ps -Z LABEL USER ... NAME ... u:r:system_app:s0 system

    ... com.android.settings u:r:platform_app:s0:c512,c768 u0_a10 ... android.ext.services u:r:untrusted_app:s0:c512,c768 u0_a32 ... com.android.deskclock u:r:priv_app:s0:c512,c768 u0_a1 ... android.process.acore u:r:untrusted_app:s0:c512,c768 u0_a55 ... com.android.printspooler u:r:priv_app:s0:c512,c768 u0_a13 ... com.android.launcher3 u:r:system_app:s0 system ... com.android.keychain u:r:priv_app:s0:c512,c768 u0_a8 ... android.process.media u:r:untrusted_app:s0:c512,c768 u0_a26 ... com.android.calendar u:r:untrusted_app:s0:c512,c768 u0_a66 ... com.android.quicksearchbox u:r:platform_app:s0:c512,c768 u0_a67 ... com.android.messaging u:r:priv_app:s0:c512,c768 u0_a6 ... com.android.dialer u:r:untrusted_app:s0:c512,c768 u0_a35 ... com.android.email u:r:untrusted_app:s0:c512,c768 u0_a65 ... com.android.gallery3d
  7. <manifest xmlns:android="http://schemas.android.com/apk/res/android"
 package="android">
 ... 
 <permission android:name="android.permission.INTERNET"
 android:description="@string/permdesc_createNetworkSockets"
 android:label="@string/permlab_createNetworkSockets"
 android:protectionLevel="normal"

    />
 ...
 <permission android:name="android.permission.ACCESS_FINE_LOCATION"
 android:permissionGroup="android.permission-group.LOCATION"
 android:label="@string/permlab_accessFineLocation"
 android:description="@string/permdesc_accessFineLocation"
 android:protectionLevel="dangerous" />
 ...
 </manifest> frameworks/base/core/res/AndroidManifest.xml
  8. <manifest xmlns:android="http://schemas.android.com/apk/res/android"
 package="android">
 ... 
 <permission android:name="android.permission.INTERNET"
 android:description="@string/permdesc_createNetworkSockets"
 android:label="@string/permlab_createNetworkSockets"
 android:protectionLevel="normal"

    />
 ...
 <permission android:name="android.permission.ACCESS_FINE_LOCATION"
 android:permissionGroup="android.permission-group.LOCATION"
 android:label="@string/permlab_accessFineLocation"
 android:description="@string/permdesc_accessFineLocation"
 android:protectionLevel="dangerous" />
 ...
 </manifest> frameworks/base/core/res/AndroidManifest.xml
  9. <permissions>
 …
 <permission name="android.permission.INTERNET" >
 <group gid="inet" />
 </permission>
 …


    </permissions> …
 #define AID_INET 3003 /* can create AF_INET and AF_INET6 sockets */
 …
 static const struct android_id_info android_ids[] = {
 …
 { "inet", AID_INET, },
 …
 };
 … frameworks/base/data/etc/platform.xml system/core/include/private/android_filesystem_config.h
  10. # ps | grep browser u0_a17 2276 1212 ... com.android.browser

    # cat /proc/2276/status Name: android.browser State: S (sleeping) Tgid: 2276 Pid: 2276 PPid: 1212 TracerPid: 0 Uid: 10017 10017 10017 10017 Gid: 10017 10017 10017 10017 FDSize: 256 Groups: 3003 9997 50017 ...
  11. Vibrator vib = (Vibrator) getSystemService(VIBRATOR_SERVICE);
 vib.vibrate(500); public class VibratorService extends

    IVibratorService.Stub {
 …
 public void vibrate(int uid, String packageName, long milliseconds, IBinder token) {
 if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.VIBRATE)
 != PackageManager.PERMISSION_GRANTED) {
 throw new SecurityException("Requires VIBRATE permission");
 }
 …
 }
 …
 }
  12. public class VibratorService extends IVibratorService.Stub {
 …
 public void vibrate(int

    uid, String packageName, long milliseconds, IBinder token) {
 if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.VIBRATE)
 != PackageManager.PERMISSION_GRANTED) {
 throw new SecurityException("Requires VIBRATE permission");
 }
 …
 }
 …
 } Vibrator vib = (Vibrator) getSystemService(VIBRATOR_SERVICE);
 vib.vibrate(500);