Upload
bucharest-java-user-group
View
456
Download
3
Embed Size (px)
Citation preview
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Binding Android piece by piece
Radu Marin
Softvision
November 19, 2015
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
1 Introduction
2 Implementation
3 Learn by doing
4 Improvements
5 Conclusions
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
1 Introduction
2 Implementation
3 Learn by doing
4 Improvements
5 Conclusions
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions Java = Love
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions Linux + Java = Open Love
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
ConclusionsLinux + C/C++ + JNI +Java = Marriage (AOSP)
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Android Software Stack
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Hiccup #1
Linux: process-unit component model
Security: each process is sandboxedand run under a distinct system identity
Stability: if a process misbehaves (i.e.crashes), it does not affect otherprocesses
Memory management: unneededprocesses are removed to free resources(mainly memory)
Inter-process communication = ?
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Hiccup #1
Linux: process-unit component model
Security: each process is sandboxedand run under a distinct system identity
Stability: if a process misbehaves (i.e.crashes), it does not affect otherprocesses
Memory management: unneededprocesses are removed to free resources(mainly memory)
Inter-process communication = sharing data across multipleand commonly specialized processes using communicationprotocols
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Android IPC
Android does not support System V IPCs (Posix):
1 SysV semaphores2 SysV shared memory segments3 SysV message queues
Why not?
1 they lead to global kernel resource leakage, i.e. there is noway to automatically release a SysV semaphore allocatedin the kernel when:
a buggy or malicious process exitsa non-buggy and non-malicious process crashes or isexplicitely killed.
2 Killing processes automatically to make room for new onesis an important part of Android’s application lifecycleimplementation
We can’t ignore potential malicious applications.
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Android IPC
So what’s left?
UNIX domain sockets
has support directly in the init processused for low level services (e.g. ril)file based, need a shared folderno support in Java
TCP/IP sockets
not really useful for IPCcannot use it internally in the software stack (does notpass CTS)
pipes
does not support RPC calls
Files (including memory mapped files)
but what about small data?relatively small support in Java
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
OpenBinder
Started at Be, Inc as a part of the Next generation BeOS(2001)
Acquired by Palm
First real implementation in Palm Cobalt OS(micro-kernel)
Palm switches to Linux, so does OpenBinder (2005)
Key lead engineer, Dianne Hackborn, hired by Google(along most other engineers)
Re-written from scratch for Android, as Binder (2008)
OpenBinder dies, Binder lives!
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
What is Binder anyway?
IPC mechanism/system used for developing objectoriented system services over traditional kernels
built-in reference counting of object references (acrossprocesses)
death-notification mechanism
built-in support for marshalling many common data types
ability to send file descriptors across processes
methods on remote objects can be invoked as if they werelocal
local execution mode if client and service are in the sameprocess (no overhead whatsoever)
simplified APIs (especially for Java)
focused on scalability, stability, flexibility, low-latency, easyto use
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
What is Binder used for?
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
What is Binder used for?
Dianne Hackborn:package manager, telephony manager, app widgets, audioservices, search manager, location manager, notificationmanager, accessibility manager, connectivity manager, wifimanager, input method manager, clipboard, status bar, windowmanager, sensor service, alarm manager, content service,activity manager, power manager, surface compositor
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Binder controversy
That must have hurt
Most of these questions related to the fact that I don’t think an interface
like this just slips into the kernel as a driver. Since it’s IPC, it’s totally
generic, and it’s not part of a standard (i.e. POSIX), we need to have
some better and more specific information about it (or at least I do)
Didn’t see that one coming
If for instance the main reason for Google using this interface is cause
a large number of android people once worked at Palm or BeOS, that’s
not reason enough for it to go into the kernel. Or if this binder interface
really fits well with Java or C++ people and they just love it, that’s not
really acceptable either..
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
1 Introduction
2 Implementation
3 Learn by doing
4 Improvements
5 Conclusions
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Down in the Linux kernel
driver to facilitate IPC:$ adb s h e l ls h e l l @ a n d r o i d : / $ l s − l / dev / | grep b i n d e rcrw−rw−rw− r o o t r oo t 10 , 49 2015−09−07 20 :23 b i n d e rs h e l l @ a n d r o i d : / $ ca t / s y s / d e v i c e s / v i r t u a l /misc / b i n d e r / ueventMAJOR=10MINOR=49DEVNAME=b i nd e r
supports: open, mmap, release, poll, and ioctl
key command - ioctl (sending commands and data):
BINDER WRITE READBINDER SET MAX THREADSBINDER SET CONTEXT MGRBINDER THREAD EXITBINDER VERSION
multi-thread aware (status per thread)
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Down in the Linux kernel
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Hiccup #2
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Moving up to the Linux userspace
token address 0 (well-known address)
must be started before anything else
other processes use it find services → Mediator pattern
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Moving up to the Linux userspace
$ adb s h e l ls h e l l @ a n d r o i d : / $ s e r v i c e l i s tFound 75 s e r v i c e s :0 s i p : [ and ro i d . net . s i p . I S i p S e r v i c e ]1 phone : [ com . and ro i d . i n t e r n a l . t e l e phony . ITe l ephony ]2 i p h on e s u b i n f o : [ com . and ro i d . i n t e r n a l . t e l e phony . IPhoneSub In fo ]3 s imphonebook : [ com . and ro i d . i n t e r n a l . t e l e phony . I I ccPhoneBook ]4 i sms : [ com . and ro i d . i n t e r n a l . t e l e phony . ISms ]5 p i e s e r v i c e : [ and ro i d . s e r v i c e . p i e . I P i e S e r v i c e ][ . . . ]
s h e l l @ a n d r o i d : / $ dumpsys media . cameraCamera module HAL API v e r s i o n : 0 x100Camera module API v e r s i o n : 0 x100Camera module name : Exynos CameraCamera module au tho r : Paul Koc i a l k owsk iNumber o f camera d e v i c e s : 2
Camera 0 s t a t i c i n f o rma t i o n :Fac ing : BACKOr i e n t a t i o n : 90Dev ice v e r s i o n : 0 x100Dev ice i s c l o s ed , no c l i e n t i n s t a n c e
Camera 1 s t a t i c i n f o rma t i o n :Fac ing : FRONTOr i e n t a t i o n : 270Dev ice v e r s i o n : 0 x100Dev ice i s c l o s ed , no c l i e n t i n s t a n c e
No a c t i v e camera c l i e n t s y e t .
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Moving up to the Linux userspace
Simple inter process messaging system
In an object oriented view, the transaction data is calledparcel.
The procedure of building a parcel is called marshalling anobject.
The procedure of rebuilding a object from a parcel iscalled unmarshalling an object.
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Moving up to the Linux userspace
c l a s s I S e r v i c eManage r : p u b l i c I I n t e r f a c e{p u b l i c :
DECLARE META INTERFACE( Serv i ceManager ) ;v i r t u a l sp<IB i nde r> g e t S e r v i c e ( con s t S t r i n g16& name) con s t = 0 ;v i r t u a l sp<IB i nde r> c h e c kS e r v i c e ( con s t S t r i n g16& name) cons t = 0 ;v i r t u a l Vector<St r i ng16> l i s t S e r v i c e s ( ) = 0 ;
} ;
c l a s s BnServ iceManager : p u b l i c Bn I n t e r f a c e<I Se rv i c eManage r>{p u b l i c :
v i r t u a l s t a t u s t onTransact ( u i n t 3 2 t code ,con s t Pa r c e l& data ,Pa r c e l∗ r e p l y ,u i n t 3 2 t f l a g s = 0) ;
} ;
methods are purely virtual → Proxy pattern
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Moving up to the Linux userspace
enum {GET SERVICE TRANSACTION = IB i n d e r : : FIRST CALL TRANSACTION ,CHECK SERVICE TRANSACTION ,ADD SERVICE TRANSACTION ,LIST SERVICES TRANSACTION ,
} ;
c l a s s BpServ iceManager : p u b l i c Bp I n t e r f a c e<I Se rv i c eManage r> {p u b l i c :
v i r t u a l sp<IB i nde r> g e t S e r v i c e ( con s t S t r i n g16& name) cons t{
Pa r c e l data , r e p l y ;data . w r i t e I n t e r f a c eTo k e n ( ISe r v i c eManage r : : g e t I n t e r f a c eD e s c r i p t o r ( ) ) ;data . w r i t e S t r i n g 1 6 (name) ;remote ( )−>t r a n s a c t (CHECK SERVICE TRANSACTION , data , &r e p l y ) ;r e t u r n r e p l y . r e adS t r ongB inde r ( ) ;
}
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Moving up to the Linux userspace
s t a t u s t BnServ iceManager : : onTransact (u i n t 3 2 t code , con s t Pa r c e l& data , Pa r c e l∗ r e p l y , u i n t 3 2 t f l a g s ) {sw i t c h ( code ) {
ca se GET SERVICE TRANSACTION : {CHECK INTERFACE( ISe rv i c eManage r , data , r e p l y ) ;S t r i n g16 which = data . r e a dS t r i n g 16 ( ) ;sp<IB i nde r> b = con s t c a s t<BnServ iceManager∗>( t h i s )−>
g e t S e r v i c e ( which ) ;r e p l y−>wr i t e S t r o ngB i n d e r ( b ) ;r e t u r n NO ERROR;
} break ;[ . . . ]
}
v i r t u a l sp<IB i nde r> g e t S e r v i c e ( con s t S t r i n g16& name) cons t{
uns i gned n ;f o r ( n = 0 ; n < 5 ; n++){
sp<IB i nde r> s vc = ch e c kS e r v i c e ( name) ;i f ( s vc != NULL) r e t u r n svc ;ALOGI( ”Wait ing f o r s e r v i c e %s . . . \ n” , S t r i n g 8 (name) . s t r i n g ( ) ) ;s l e e p (1 ) ;
}r e t u r n NULL ;
}
IMPLEMENT META INTERFACE( Serv iceManager , ” and ro i d . os . I S e r v i c eManage r ” ) ;}
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Moving up to the Linux userspace
$ adb s h e l ls h e l l @ a n d r o i d : / $ s e r v i c e c a l l −hs e r v i c e : No s e r v i c e s p e c i f i e d f o r c a l lUsage : s e r v i c e [−h|−?]
s e r v i c e l i s ts e r v i c e check SERVICEs e r v i c e c a l l SERVICE CODE [ i 3 2 INT | s16 STR] . . .
Opt ions :i 3 2 : Wr i te the i n t e g e r INT i n t o the send p a r c e l .s16 : Wr i te the UTF−16 s t r i n g STR i n t o the send p a r c e l .
10 | s h e l l @ a n d r o i d : / $ s e r v i c e c a l l phone 2 s16 ”123456”Re s u l t : P a r c e l (00000000 ’ . . . . ’ )
130 | s h e l l @ a n d r o i d : / $ pm l i s t packages | headpackage : and ro i dpackage : a t . s p a r da t . b c rmob i l epackage : com . adobe . r e a d e rpackage : com . andrew . a p o l l opackage : com . and ro i d . backupconf i rmpackage : com . and ro i d . b l u e t o o t hpackage : com . and ro i d . b rowse rpackage : com . and ro i d . c a l c u l a t o r 2package : com . and ro i d . c a l e n d a rpackage : com . and ro i d . c e l l b r o a d c a s t r e c e i v e r
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Reaching the Android framework
JNI wrappers over C++ APIs → Bridge pattern
wraps the entire middleware
exposed mainly through AIDL, but low-level APIs can becalled
all service references through from APIs are implementedthrough AIDL / Binder
all interactions with the Android framework are mediatedthrough Binder (e.g. activity callbacks: onCreate,onResume etc)
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Hiccup #3
Android application building blocks:
Activity
Service
Content Provider
Broadcast Receiver
Intent
Manifest file
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Reaching the Android framework - AIDL
eases the implementation of Android remote services
defines a Java-like interface for such remote services
fully automated: parser generates Java classes:
Proxy class for clientStub class exposed by a Service through onBind
allows sending: primitive data types, basic containers,compound data types (i.e. Parcelable), Binder objectsetc.
paramater direction: in, out, inout
allows oneway (asynchronous calls)
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Reaching the Android framework
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
1 Introduction
2 Implementation
3 Learn by doing
4 Improvements
5 Conclusions
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Why use it?
a more object-oriented approach for applicationarchitectures
complicated business logic → message passing isinsufficient
strong coupling between Service and Activity
decoupling control logic from UI → allow customers tocreate own UI by exposing an AIDL interface
better suited for engines, middlewares, frameworks etc.
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
A simple example
Step 1: define an AIDL interface
i n t e r f a c e ISeconda r y {/∗∗∗ Request the PID o f t h i s s e r v i c e , to do e v i l t h i n g s w i th i t .∗/i n t ge tP id ( ) ;
/∗∗∗ This demons t ra t e s the b a s i c t yp e s t ha t you can use as pa ramete r s∗ and r e t u r n v a l u e s i n AIDL .∗/
vo i d ba s i cType s ( i n t an In t , l ong aLong , boo l ean aBoolean , f l o a t aF loat ,doub l e aDouble , S t r i n g aS t r i n g ) ;
}
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
A simple example
Step 2: provide Stub implementation
p r i v a t e f i n a l I S e conda r y . Stub mSecondaryBinder = new ISeconda r y . Stub ( ) {p u b l i c i n t ge tP id ( ) {
r e t u r n P roce s s . myPid ( ) ;}p u b l i c vo i d ba s i cType s ( i n t an In t , l ong aLong , boo l ean aBoolean ,
f l o a t aF loat , doub l e aDouble , S t r i n g aS t r i n g ) {// do someth ing wi th the data he r e
}} ;
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
A simple example
Step 3: export it through a Service@Over r idep u b l i c I B i n d e r onBind ( I n t e n t i n t e n t ) {
// S e l e c t the i n t e r f a c e to r e t u r n . I f your s e r v i c e on l y implements// a s i n g l e i n t e r f a c e , you can j u s t r e t u r n i t he r e w i thout check i ng// the I n t e n t .i f ( IRemoteSe r v i c e . c l a s s . getName ( ) . e qu a l s ( i n t e n t . g e tAc t i on ( ) ) ) {
r e t u r n mBinder ;}i f ( I S e conda r y . c l a s s . getName ( ) . e qu a l s ( i n t e n t . g e tAc t i on ( ) ) ) {
r e t u r n mSecondaryBinder ;}r e t u r n n u l l ;
}
<s e r v i c e and ro i d : name=” . app . RemoteServ i ce ” and ro i d : p r o c e s s=” : remote ”><i n t e n t−f i l t e r >
<!−− These a r e the i n t e r f a c e s suppo r t ed by the s e r v i c e , whichyou can b ind to . −−>
<a c t i o nand ro i d : name=”com . example . and ro i d . a p i s . app . IRemoteSe r v i c e ”/>
<a c t i o n and ro i d : name=”com . example . and ro i d . a p i s . app . I Seconda r y ”/>
<a c t i o nand ro i d : name=”com . example . and ro i d . a p i s . app . REMOTE SERVICE”/>
</i n t e n t−f i l t e r ></s e r v i c e>
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
A simple example
Step 4: Create a ServiceConnectionI S e conda r y mSecondarySe rv i ce = n u l l ;S e r v i c eConne c t i o n mSecondaryConnect ion = new Se r v i c eConne c t i o n ( ) {
p u b l i c vo i d onSe rv i c eConnec t ed (ComponentName className ,IB i n d e r s e r v i c e ) {
mSecondarySe rv i ce = ISeconda r y . Stub . a s I n t e r f a c e ( s e r v i c e ) ;// s t a r t u s i n g mSecondarySe rv i ce
}
p u b l i c vo i d onSe r v i c eD i s c onn e c t e d (ComponentName className ) {mSecondarySe rv i ce = n u l l ;
}} ;
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
A simple example
Step 5: Bind/Unbind the Service
boo l ean mIsBound = f a l s e ;
@Over r idep u b l i c vo i d onCreate ( Bundle s a v e d I n s t a n c e S t a t e ) {
[ . . . ]b i n d S e r v i c e ( new I n t e n t ( ISeconda r y . c l a s s . getName ( ) ) ,
mSecondaryConnect ion , Context . BIND AUTO CREATE) ;mIsBound = t r u e ;
}
@Over r idep u b l i c vo i d onDest roy ( ) {
[ . . . ]i f ( mIsBound ) {
unb i n dS e r v i c e ( mSecondaryConnect ion ) ;}
}
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
A simple example
Using a Local Binder:
p u b l i c c l a s s MyLoca lSe r v i c e ex t end s S e r v i c e{
I B i n d e r mBinder = new Loca lB i nd e r ( ) ;
@Over r idep u b l i c I B i n d e r onBind ( I n t e n t i n t e n t ) {r e t u r n mBinder ;}
p u b l i c c l a s s Lo ca lB i nd e r e x t end s B inde r {p u b l i c MyLoca lSe rv i c e g e t I n s t a n c e ( ) {r e t u r n MyLoca lSe rv i c e . t h i s ;}}
p u b l i c vo i d myPulicMethod {// do someth ing
}}[ . . . ]p u b l i c vo i d onSe rv i c eConnec t ed (ComponentName name , IB i n d e r s e r v i c e ) {
mIsBound = t r u e ;Lo ca lB i nd e r mLoca lB inder = ( Loca lB i nd e r ) s e r v i c e ;mLoca lSe r v i c e = mLoca lB inder . g e t I n s t a n c e ( ) ;}
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
A simple example
Sending complex data types (1):p u b l i c c l a s s MyData implements P a r c e l a b l e{
p r i v a t e S t r i n g myStr ing ;p r i v a t e i n t myInt ;p u b l i c MyData ( S t r i n g myStr ing , i n t myInt ){
t h i s . myStr ing = myStr ing ;t h i s . myInt = myInt ;
}p r i v a t e MyData ( Pa r c e l i n ){
t h i s . myStr ing = i n . r e a d S t r i n g ( ) ;t h i s . myInt = i n . r e a d I n t ( ) ;
}
@Over r idep u b l i c vo i d w r i t eToPa r c e l ( Pa r c e l des t , i n t f l a g s ) {
de s t . w r i t e S t r i n g ( myStr ing ) ;d e s t . w r i t e I n t ( myInt ) ;
}p u b l i c s t a t i c f i n a l P a r c e l a b l e . C r ea t o r CREATOR = new
Pa r c e l a b l e . C r ea t o r ( ) {p u b l i c MyData c r ea t eF romPar c e l ( Pa r c e l i n ) {
r e t u r n new MyData ( i n ) ;}
p u b l i c MyData [ ] newArray ( i n t s i z e ) {r e t u r n new Student [ s i z e ] ;
}} ;
}
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
A simple example
Sending complex data types (2):
specify direction in AIDL:
i n t e r f a c e IMyData {vo i d send ( i n ou t MyData myData ) ;
}
create parcelable AIDL file:
package my . package ;
p a r c e l a b l e MyData ;
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
A simple example
Passing Binders through Binder:
i n t e r f a c e IRemoteSe r v i c e {/∗∗∗ Often you want to a l l ow a s e r v i c e to c a l l back to i t s c l i e n t s .∗ This shows how to do so , by r e g i s t e r i n g a c a l l b a c k i n t e r f a c e w i th∗ the s e r v i c e .∗/
vo i d r e g i s t e r C a l l b a c k ( IR emo t eSe r v i c eCa l l b a c k cb ) ;
/∗∗∗ Remove a p r e v i o u s l y r e g i s t e r e d c a l l b a c k i n t e r f a c e .∗/
vo i d u n r e g i s t e r C a l l b a c k ( IR emo t eS e r v i c eCa l l b a c k cb ) ;}
oneway i n t e r f a c e IR emo t eSe r v i c eCa l l b a c k {/∗∗∗ Ca l l e d when the s e r v i c e has a new va l u e f o r you .∗/
vo i d va lueChanged ( i n t v a l u e ) ;}
API level ≥ 16 → can send Binders through Bundle (must manuallytake care of ownership)
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
A highly available middleware for contextacquisition
Specs:
1 a middleware for sensing, acquiring and storing contextualdata
2 what is context? anything measurable from theenvironment
3 must enforce transparency (MVC architecture)
4 must enforce a stable and extensible API
5 must restrict contextual collectors by permissions
6 must manage the lifetime of collectors
7 must export data to other Android applications
8 must recognize collectors from any allowed applicationon-the-fly
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
A highly available middleware for contextacquisition
ICollector.aidl:package ro . pub . acs . hyccups . c o l l e c t o r ;
impor t ro . pub . acs . hyccups . c o l l e c t o r . I c o n I n f o ;
i n t e r f a c e I C o l l e c t o r {S t r i n g name ( ) ;I n t e n t v iew ( ) ;I c o n I n f o i c on ( ) ;v o i d s t a r t ( ) ;v o i d s top ( ) ;
}
package ro . pub . acs . hyccups . c o l l e c t o r ;
p a r c e l a b l e I c o n I n f o ;
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
A highly available middleware for contextacquisition
Exposing a collector:
<p r o v i d e rand ro i d : name=” . c o l l e c t o r s . memory . Model”and ro i d : a u t h o r i t i e s=” ro . pub . acs . hyccups . t r a c e r . p r o v i d e r . memory”and ro i d : e xpo r t ed=” t r u e ”and ro i d : w r i t eP e rm i s s i o n=” ro . pub . acs . hyccups . p e rm i s s i o n .WRITE COLLECTOR DATA”
/>
<a c t i v i t y and ro i d : name=” . c o l l e c t o r s . memory . Viewer ”and ro i d : i c on=”@drawable /memory”>
<meta−dataand ro i d : name=” a u t h o r i t y ”and ro i d : v a l u e=” ro . pub . acs . hyccups . t r a c e r . p r o v i d e r . memory” />
</a c t i v i t y>
<s e r v i c eand ro i d : name=” . c o l l e c t o r s . memory . C o n t r o l l e r ”and ro i d : e xpo r t ed=” f a l s e ”and ro i d : p r o c e s s=” : t r a c e r ” ><i n t e n t−f i l t e r >
<a c t i o n and ro i d : name=” ro . pub . acs . hyccups . c o l l e c t o r . I C o l l e c t o r ” />
<c a t e go r y and ro i d : name=” and ro i d . i n t e n t . c a t e go r y .DEFAULT” /></i n t e n t−f i l t e r >
</s e r v i c e>
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
A highly available middleware for contextacquisition
Binding anything appropriate:f i n a l L i s t l i s t = new L i s t ( ) ;j a v a . u t i l . L i s t<Re so l v e I n f o> i n f o s =
con t e x t . getPackageManager ( ) . q u e r y I n t e n t S e r v i c e s (new I n t e n t ( I C o l l e c t o r . c l a s s . getName ( ) ) ,
PackageManager .MATCH DEFAULT ONLY) ;f i n a l CountDownLatch b a r r i e r = new CountDownLatch ( i n f o s . s i z e ( ) ) ;
f o r ( R e s o l v e I n f o i n f o : i n f o s ) {// I n s t a n t i a t e a l l c o l l e c t o r snew C o l l e c t o r ( contex t , i n f o , new Reque s t e r ( ) {
@Over r idep u b l i c vo i d onFa i l e d ( S e r v i c e I n f o i n f o ) {l i s t . f a i l e d ( i n f o ) ;b a r r i e r . countDown ( ) ;}
@Over r idep u b l i c vo i d onDi sconnec ted ( C o l l e c t o r c o l l e c t o r ) {l i s t . remove ( c o l l e c t o r ) ;}
@Over r idep u b l i c vo i d onConnected ( C o l l e c t o r c o l l e c t o r ) {// I f the c o l l e c t o r s u c c e s s f u l l y connect s , i t adds i t s e l f to the l i s tl i s t . add ( c o l l e c t o r ) ;b a r r i e r . countDown ( ) ;}}) ;}b a r r i e r . awa i t ( ) ;
r e t u r n l i s t ;
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
A highly available middleware for contextacquisition
Displaying all collectors:
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
A highly available middleware for contextacquisition
Binding the data to views:
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
A highly available middleware for contextacquisition
Exposing additional functionality (1):
i n t e r f a c e IEng i n e {vo i d r e g i s t e r ( IChanne l channe l ) ;v o i d u n r e g i s t e r ( IChanne l channe l ) ;v o i d fo rwa rd ( IChanne l channe l , i n ou t MessageWrapper message ) ;v o i d d i s s em i n a t e ( IChanne l channe l , i n o u t MessageWrapper message ) ;
}
i n t e r f a c e IChanne l {S t r i n g getName ( ) ;oneway vo i d onReg i s t e r e d ( ) ;oneway vo i d onDi sconnec ted ( S t r i n g e r r o r ) ;oneway vo i d onPeerConnected ( i n ou t Peer pee r ) ;oneway vo i d onPee rD i sconnec ted ( i n ou t Peer pee r ) ;oneway vo i d onMessageRece ived ( i n ou t MessageWrapper message ) ;oneway vo i d onD i s s em ina t i onRec e i v ed ( i n ou t MessageWrapper message ) ;
}
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
A highly available middleware for contextacquisition
Exposing additional functionality (2):
<s e r v i c eand ro i d : name=” . c o l l e c t o r s . o p p o r t u n i s t i c . C o n t r o l l e r ”and ro i d : e xpo r t ed=” f a l s e ”and ro i d : p r o c e s s=” : t r a c e r ” ><i n t e n t−f i l t e r >
<a c t i o n and ro i d : name=” ro . pub . acs . hyccups . c o l l e c t o r . I C o l l e c t o r ” />
<c a t e go r y and ro i d : name=” and ro i d . i n t e n t . c a t e go r y .DEFAULT” /></i n t e n t−f i l t e r ><i n t e n t−f i l t e r >
<a c t i o n and ro i d : name=” ro . pub . acs . hyccups . o p p o r t u n i s t i c . I Eng i n e ” />
<c a t e go r y and ro i d : name=” and ro i d . i n t e n t . c a t e go r y .DEFAULT” /></i n t e n t−f i l t e r >
</s e r v i c e><s e r v i c e
and ro i d : name=” . c o l l e c t o r s . o p p o r t u n i s t i c . Con t r o l l e r $T r a c i n gChann e l ”and ro i d : e xpo r t ed=” f a l s e ”and ro i d : p r o c e s s=” : t r a c e r ” ><i n t e n t−f i l t e r >
<a c t i o n and ro i d : name=” ro . pub . acs . hyccups . o p p o r t u n i s t i c . IHos t ” />
<c a t e go r y and ro i d : name=” and ro i d . i n t e n t . c a t e go r y .DEFAULT” /></i n t e n t−f i l t e r >
</s e r v i c e>
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
1 Introduction
2 Implementation
3 Learn by doing
4 Improvements
5 Conclusions
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Exploit #1
Keylogger (Binder in the middle attack):
Binder service tokens were allocated incrementally
Attacker would identify the desired service token and killit’s process (InputManagerService)
Before the service would have time to recover → registeran infected version with the same token number
All input would then pass through the attacker’s code
Fixed by allocating token numbers randomly (still notimpossible for hackers).
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Exploit #2
Playing with in app data:
hack the linker to bypass binder flow and read buffers (onrooted device)programmers send sensitive data through Binder (betweenActivities)hacker reads the sensitive data by parsing thecommand/reply bufferhacker decompiles application to see how data is usedhacker uses non-privileged Binder call back into theapplication using the sensitive data
Fixes:
nothing much that Android can do in this situationprogrammers should always obfuscate their code (make lifeharder for hackers)programmers should never send sensitive data in the clearover Binder (rather have overhead than security breach)
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Improvements
Binder is not yet a stable API and keeps on evolving
Currently uses SELinux for securing Binder calls
Does not block all cores when carrying out Bindertransaction (initial designs did...)
Rumours about switching to ADSP
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
1 Introduction
2 Implementation
3 Learn by doing
4 Improvements
5 Conclusions
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
Conclusions
Good:
unique IPC mechanism supporting object oriented systemservices over traditional kernels (i.e. Linux)
extends Linux with the ability to send file descriptorsacross processes
optimized for both local and remote execution; nativebinary marshalling
simplified, object-oriented APIs
focused on scalability, stability, flexibility, low-latency, easyto use
Bad:
ioctl() path is not optimal
Use it wisely and only when needed!
Never send sensitive data through Binder!
Java UserGroup
Radu Marin
Introduction
Implementation
Learn by doing
Improvements
Conclusions
The end
Thank you !