SlideShare a Scribd company logo

Linker namespace upload

Download as PPTX, PDF
B
Bin Yang

This document discusses linker namespaces and their implementation in Android to restrict access to non-public NDK APIs. It describes how namespaces are created for different processes and apps to isolate system apps from third-party apps and allow preloaded system apps access to non-public APIs. The implementation involves creating different namespaces - a default, anonymous, and class-loader namespaces - and checking the namespace of the caller before loading shared libraries to determine if access is permitted.

Engineering
1 of 8
Downloaded 18 times
1
2
3
4
5
6
7
8
1 Linker Namespace Insight
2 Agenda • Target & Behavior • Implementation
3 Target & Behavior Target • Reduce the possibility that 3rd APK call non- public NDK API Behavior • Non-system app will fail on N device if it uses non-public APIs. • Preloaded system app is allowed to use non- public APIs.
4 Namespace Creation– Daemon process Only Default namespace Run native executable file Bionic execve Kernel Sys_exec ve StartLoad er /system/bin /linker Create a default Namespace and put all so into the namespace
5 Namespace Creation – Java App Add Name Space in Linker • Default namespace • Anonymous namespace • Class-loader namespace Run Java APK Framework Fork zygote Load Dex file Create JIT Get default Namespace libart-compiler.so libvixl.so Load *.classes.dexunder default namespace Get Classloader for apk Create Anonymous Namespace Create classloader Namespace System.load to load a lib Loaded in classloader namespace Anonymous Namespace Default Namespace classloader Namespace
6 Implementation – Name space Namespace Directory Default default_library_paths: System/lib Vendor/lib permitted_paths_: none Anonymous default_library_paths_: Same as default_library_paths of class-loader namespace. permitted_paths_: none It is used by JIT when JIT tries to load a lib. Class-loader default_library_paths: /data/app/com.eXXX- 1/lib/arm(x86);XXXX permitted_paths_: /data;XXXX
7 Check Name space before library is loaded Caller belongs to Default namespace? Load so Whether so is in public name space list? Can be loaded No Yes Check whether *.so in the dedicated directory contained by namespace Yes No Yes Can not be loaded No
8 Why we need it • Different constrictions on library is required for different caller. • Different constrictions on library is required for different stage for a process.

More Related Content

PPTX
Introduction of Android Architecture
Bin Yang
 
PPT
Introduction to Git for developers
Dmitry Guyvoronsky
 
PDF
Golang workshop
Victor S. Recio
 
PPTX
A Skeptic's Guide to Docker
Tori Wieldt
 
PDF
Toward dynamic analysis of obfuscated android malware
ZongXian Shen
 
PDF
[2014 CodeEngn Conference 10] 정광운 - 안드로이드에서도 한번 후킹을 해볼까 (Hooking on Android)
Code Engn
 
PPTX
Ci with jenkins docker and mssql belgium
Chris Adkin
 
PDF
How to build a tool for operating Flink on Kubernetes
AndreaMedeghini
 
Introduction of Android Architecture
Bin Yang
 
Introduction to Git for developers
Dmitry Guyvoronsky
 
Golang workshop
Victor S. Recio
 
A Skeptic's Guide to Docker
Tori Wieldt
 
Toward dynamic analysis of obfuscated android malware
ZongXian Shen
 
[2014 CodeEngn Conference 10] 정광운 - 안드로이드에서도 한번 후킹을 해볼까 (Hooking on Android)
Code Engn
 
Ci with jenkins docker and mssql belgium
Chris Adkin
 
How to build a tool for operating Flink on Kubernetes
AndreaMedeghini
 

What's hot (20)

PPTX
Continuous Integration With Jenkins Docker SQL Server
Chris Adkin
 
PPTX
Essential Tools for Modern PHP
Alex Weissman
 
KEY
Travis CI
bsiggelkow
 
PDF
(CISC 2013) Real-Time Record and Replay on Android for Malware Analysis
ZongXian Shen
 
PDF
Create a PHP Library the right way
Christian Varela
 
PDF
Codifying the Build and Release Process with a Jenkins Pipeline Shared Library
Alvin Huang
 
PDF
Acceptance testing plone sites and add ons with robot framework and selenium
Asko Soukka
 
PDF
From Android NDK To AOSP
Min-Yih Hsu
 
PDF
How to fail at docker
Christian Ortner
 
PDF
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ZongXian Shen
 
PDF
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
CloudBees
 
PPTX
Continuous integration ( jen kins travis ci)
Sadani Rodrigo
 
PDF
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
CloudBees
 
PDF
Network Protocol Testing Using Robot Framework
Payal Jain
 
PPTX
Jenkins pipeline as code
Mohammad Imran Ansari
 
PPTX
Tugbot - Testing Framework for Docker Containers
Neil Gehani
 
ODP
2017 DevSecCon ZAP Scripting Workshop
Simon Bennetts
 
PPTX
Devops.pptx
MeetPatel921377
 
PPT
FTP Commando to Git Hero - WordCamp Denver 2013
Jeremy Green
 
PDF
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
CloudBees
 
Continuous Integration With Jenkins Docker SQL Server
Chris Adkin
 
Essential Tools for Modern PHP
Alex Weissman
 
Travis CI
bsiggelkow
 
(CISC 2013) Real-Time Record and Replay on Android for Malware Analysis
ZongXian Shen
 
Create a PHP Library the right way
Christian Varela
 
Codifying the Build and Release Process with a Jenkins Pipeline Shared Library
Alvin Huang
 
Acceptance testing plone sites and add ons with robot framework and selenium
Asko Soukka
 
From Android NDK To AOSP
Min-Yih Hsu
 
How to fail at docker
Christian Ortner
 
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...
ZongXian Shen
 
JUC Europe 2015: The Famous Cows of Cambridge: A Non-Standard Use Case for Je...
CloudBees
 
Continuous integration ( jen kins travis ci)
Sadani Rodrigo
 
JUC Europe 2015: Jenkins Pipeline for Continuous Delivery of Big Data Projects
CloudBees
 
Network Protocol Testing Using Robot Framework
Payal Jain
 
Jenkins pipeline as code
Mohammad Imran Ansari
 
Tugbot - Testing Framework for Docker Containers
Neil Gehani
 
2017 DevSecCon ZAP Scripting Workshop
Simon Bennetts
 
Devops.pptx
MeetPatel921377
 
FTP Commando to Git Hero - WordCamp Denver 2013
Jeremy Green
 
JUC Europe 2015: Jenkins-Based Continuous Integration for Heterogeneous Hardw...
CloudBees
 
Ad

More from Bin Yang (7)

PPTX
Introduction of android treble
Bin Yang
 
PPTX
New features in android m upload
Bin Yang
 
PPTX
Android ressource and overlay upload
Bin Yang
 
PPTX
Android secuirty permission - upload
Bin Yang
 
PPTX
Linker and loader upload
Bin Yang
 
PPTX
Update from android kk to android l
Bin Yang
 
PPTX
Google IO 2014 overview
Bin Yang
 
Introduction of android treble
Bin Yang
 
New features in android m upload
Bin Yang
 
Android ressource and overlay upload
Bin Yang
 
Android secuirty permission - upload
Bin Yang
 
Linker and loader upload
Bin Yang
 
Update from android kk to android l
Bin Yang
 
Google IO 2014 overview
Bin Yang
 
Ad

Recently uploaded (20)

PPT
introduction to datamining and warehousing
ssuser4ab3a2
 
PPTX
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
PPTX
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PDF
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PPT
Introduction, IoT Design Methodology, Case Study on IoT System for Weather Mo...
MariaRufina4
 
PDF
PPT on Performance Review to get promotions
prashant593122
 
PPTX
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
PDF
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PDF
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
PDF
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
PPTX
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
PPTX
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
PPTX
Construction Project Organization Group 2.pptx
vj5agdales
 
PPTX
Geodesy 1.pptx...............................................
abhi1361yadav
 
PDF
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
PPTX
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
introduction to datamining and warehousing
ssuser4ab3a2
 
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
Introduction, IoT Design Methodology, Case Study on IoT System for Weather Mo...
MariaRufina4
 
PPT on Performance Review to get promotions
prashant593122
 
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
Project quality management in manufacturing
BarMusaTetik
 
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
Construction Project Organization Group 2.pptx
vj5agdales
 
Geodesy 1.pptx...............................................
abhi1361yadav
 
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 

Linker namespace upload

  • 2. 2 Agenda • Target & Behavior • Implementation
  • 3. 3 Target & Behavior Target • Reduce the possibility that 3rd APK call non- public NDK API Behavior • Non-system app will fail on N device if it uses non-public APIs. • Preloaded system app is allowed to use non- public APIs.
  • 4. 4 Namespace Creation– Daemon process Only Default namespace Run native executable file Bionic execve Kernel Sys_exec ve StartLoad er /system/bin /linker Create a default Namespace and put all so into the namespace
  • 5. 5 Namespace Creation – Java App Add Name Space in Linker • Default namespace • Anonymous namespace • Class-loader namespace Run Java APK Framework Fork zygote Load Dex file Create JIT Get default Namespace libart-compiler.so libvixl.so Load *.classes.dexunder default namespace Get Classloader for apk Create Anonymous Namespace Create classloader Namespace System.load to load a lib Loaded in classloader namespace Anonymous Namespace Default Namespace classloader Namespace
  • 6. 6 Implementation – Name space Namespace Directory Default default_library_paths: System/lib Vendor/lib permitted_paths_: none Anonymous default_library_paths_: Same as default_library_paths of class-loader namespace. permitted_paths_: none It is used by JIT when JIT tries to load a lib. Class-loader default_library_paths: /data/app/com.eXXX- 1/lib/arm(x86);XXXX permitted_paths_: /data;XXXX
  • 7. 7 Check Name space before library is loaded Caller belongs to Default namespace? Load so Whether so is in public name space list? Can be loaded No Yes Check whether *.so in the dedicated directory contained by namespace Yes No Yes Can not be loaded No
  • 8. 8 Why we need it • Different constrictions on library is required for different caller. • Different constrictions on library is required for different stage for a process.