CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
-
Upload
ambrose-strickland -
Category
Documents
-
view
213 -
download
0
Transcript of CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.
![Page 1: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/1.jpg)
CS 153CS 153Design of Operating SystemsDesign of Operating Systems
Spring 2015Spring 2015
Lecture 24: Android OSLecture 24: Android OS
![Page 2: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/2.jpg)
OS AbstractionsOS Abstractions
2
Operating System
Hardware
Applications
CPU Disk RAM
Process File system Virtual memory
NetworkI/O Devices
![Page 3: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/3.jpg)
SmartphonesSmartphones
3
==
![Page 4: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/4.jpg)
……in 2015in 2015
4
![Page 5: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/5.jpg)
What is the difference between a mobile OS and a desktop/server OS?
5
![Page 6: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/6.jpg)
DifferencesDifferences Size / form-factor
UI system design? Resource-constrained (e.g., battery, memory)
Optimized OS (what would you do?) Cellular and other hardware components User has no root access
Unless OS has vulnerabilities Security threats
App is fully sandboxed and cannot easily attack other apps
6
![Page 7: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/7.jpg)
AndroidAndroid
7
![Page 8: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/8.jpg)
Based on LinuxBased on LinuxLinux on ARMDrivers and architecture support
How to port Android to a new device?Using Linux vs. Writing a new OS from scratch?
Do all Linux kernel implementations work well on mobile devices?
8
![Page 9: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/9.jpg)
AndroidAndroid
9
![Page 10: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/10.jpg)
AndroidAndroid
10
![Page 11: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/11.jpg)
AndroidAndroid
11
![Page 12: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/12.jpg)
DifferencesDifferences Size / form-factor Resource-constrained (e.g., battery, memory)
Optimized OS (what would you do?) Cellular and other hardware components User has no root access
Unless OS has vulnerabilities Security threats
Malware is fully sandboxed and cannot easily attack other apps
12
![Page 13: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/13.jpg)
Offloading of ComputationOffloading of Computation
Naive offloadingSpeech-to-text, OCR, Apple’s Siri
More sophisticated offloading - fine-grained offloadingMAUI: Making Smartphones Last Longer with Code Offload
Running two versions of the app on the mobile device and a powerful server
Decide when/what to offload on the fly
13
![Page 14: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/14.jpg)
DifferencesDifferences Size / form-factor Resource-constrained (e.g., battery, memory)
Optimized OS (what would you do?) Cellular and other hardware components User has no root access
Unless OS has vulnerabilities Security threats
Malware is fully sandboxed and cannot easily attack other apps
14
![Page 15: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/15.jpg)
Disk I/ODisk I/O
Flash Hard Disk Drive
Random access ~0.1ms 5-10ms
File fragment impact
No Greatly impacted
Total power 1/2 to 1/3 of HDD up to 15+ watts
Reliability Reliable Less reliable due to mechanical parts
Write longevity Limited number of writes Less of a problem
Capacity <= 1TB 4TB
Price $0.4 / GB $0.04 / GB
15
![Page 16: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/16.jpg)
New CapabilitiesNew Capabilities Cellular
Make phone calls Send/Recv SMS
GPS Tracking
Phone number Identification
...
How to secure them?
16
![Page 17: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/17.jpg)
Android SecurityAndroid Security
17
![Page 18: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/18.jpg)
Android SandboxAndroid Sandbox UID separation to protect apps from each other
18
![Page 19: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/19.jpg)
Android PermissionAndroid Permission Apps need permissions when
they attempt to access sensitive resource or perform sensitive operations
19
![Page 20: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/20.jpg)
Device-related permissionDevice-related permission
20
![Page 21: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/21.jpg)
Non-device-related permissionNon-device-related permission Enforced in kernel through uid
Kernel code in net/ipv4/af_inet.c:
#include <linux/android_aid.h>
static inline int current_has_network(void) {
return in_egroup_p(AID_INET) || capable(CAP_NET_RAW);
}
21
![Page 22: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/22.jpg)
DifferencesDifferences Size / form-factor Resource-constrained (e.g., battery, memory)
Optimized OS (what would you do?) Cellular and other hardware components User has no root access
Unless OS has vulnerabilities Security threats
Malware is fully sandboxed and cannot easily attack other apps
22
![Page 23: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/23.jpg)
Android RootAndroid Root No app can run with root privilege in Android
even if the user desires Restrictions set by Google, Vendors, and Carriers
Result: bloatware, power inefficiency, lost freedom/functionality, etc.
How do we gain root back?
23
![Page 24: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/24.jpg)
Background: Symbolic LinkBackground: Symbolic Link On most file systems, symbolic link is supported to
point to the same file content without having to copy the content
“ln –s /home/zhiyunq/ /shortcut” /shortcut /home/zhiyunq
24
![Page 25: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/25.jpg)
File Permission VulnerabilitiesFile Permission Vulnerabilities Works on certain Android devices
Customized by vendors such as Motorola or Samsung
Goal: Write to /data/local.prop Add line ro.kernel.qemu=1 But permission denied to normal app
Exploit: rm /data/local/logs/log.txt (accessible to anyone) ln -s /data/local.prop /data/local/logs/log.txt What is the vulnerability?
25
![Page 26: CS 153 Design of Operating Systems Spring 2015 Lecture 24: Android OS.](https://reader035.fdocuments.in/reader035/viewer/2022081519/56649dc05503460f94ab4b9e/html5/thumbnails/26.jpg)
SummarySummary
Android OS vs. Traditional OS Security architecture of Android Android root exploit through file permission
vulnerability
27