Android Security Internals · an In-Depth Guide to Android’s Security Architecture by Elenkov, Nikolay -- Read -- Imperial Library of Trantor

Index

Android Security Internals: An In-Depth Guide to Android’s Security Architecture About the Author About the Technical Reviewer Foreword Acknowledgments Introduction

Who This Book Is For Prerequisites Android Versions How Is This Book Organized? Conventions

1. Android’s Security Model

Android’s Architecture

Linux Kernel Native Userspace Dalvik VM Java Runtime Libraries System Services Inter-Process Communication Binder

Binder Implementation Binder Security Binder Identity Capability-Based Security Binder Tokens Accessing Binder Objects Other Binder Features

Android Framework Libraries Applications

System Apps User-Installed Apps Android App Components

Android’s Security Model

Application Sandboxing Permissions IPC Code Signing and Platform Keys Multi-User Support SELinux System Updates Verified Boot

Summary

2. Permissions

The Nature of Permissions Requesting Permissions Permission Management Permission Protection Levels

normal dangerous signature signatureOrSystem

Permission Assignment

Permissions and Process Attributes

Process Attribute Assignment

Permission Enforcement

Kernel-Level Enforcement Native Daemon-Level Enforcement Framework-Level Enforcement

Dynamic Enforcement Static Enforcement Activity and Service Permission Enforcement Content Provider Permission Enforcement Broadcast Permission Enforcement Protected and Sticky Broadcasts

System Permissions

Signature Permissions Development Permissions

Shared User ID Custom Permissions Public and Private Components Activity and Service Permissions Broadcast Permissions Content Provider Permissions

Static Provider Permissions Dynamic Provider Permissions

Pending Intents Summary

3. Package Management

Android Application Package Format Code signing

Java Code Signing

Implementation JAR File Signing JAR File Verification Viewing or Extracting Signer Information

Android Code Signing

Android Code Signing Tools OTA File Code Signing

APK Install Process

Location of Application Packages and Data Active Components

PackageInstaller System Application pm command PackageManagerService Installer class installd Daemon MountService vold daemon MediaContainerService AppDirObserver

Installing a Local Package

Parsing and Verifying the Package Accepting Permissions and Starting the Install Process Copying to the Application Directory The Package Scan Creating Data Directories Generating Optimized DEX File and Directory Structure Adding the New Package to packages.xml Package Attributes Updating Components and Permissions

Updating a Package

Signature Verification Updating Non-System Apps Updating System Apps

Installing Encrypted APKs

Creating and Installing an Encrypted APK Implementation and Encryption Parameters Installing an Encrypted APK with Integrity Check

Forward Locking Android 4.1 Forward Locking Implementation

Encrypted App Containers Installing Forward-Locked APKs

Encrypted Apps and Google Play

Package Verification

Android Support for Package Verification Google Play Implementation

Summary

4. User Management

Multi-User Support Overview Types of Users

The Primary User (Owner) Secondary Users Restricted Profiles

User Restrictions Applying Restrictions Access to Online Accounts

Guest User

User Management

Command-Line Tools User States and Related Broadcasts

User Metadata

The User List File User Metadata Files User System Directory

Per-User Application Management

Application Data Directories Application Sharing

External Storage

External Storage Implementations Multi-User External Storage

Advanced Linux Mount Features Android Implementation

External Storage Permissions

Other Multi-User Features Summary

5. Cryptographic Providers

JCA Provider Architecture

Cryptographic Service Providers

Provider Implementation Static Provider Registration Dynamic Provider Registration

JCA Engine Classes

Obtaining an Engine Class Instance Algorithm Names SecureRandom MessageDigest Signature Cipher

Block Cipher Modes of Operation Obtaining a Cipher Instance Using a Cipher

Mac Key SecretKey and PBEKey PublicKey, PrivateKey, and KeyPair KeySpec KeyFactory SecretKeyFactory KeyPairGenerator KeyGenerator KeyAgreement KeyStore

KeyStore Types PKCS#12 File-Backed KeyStores

CertificateFactory and CertPath CertPathValidator and CertPathBuilder

Android JCA Providers

Harmony’s Crypto Provider Android’s Bouncy Castle Provider AndroidOpenSSL Provider OpenSSL

Using a Custom Provider

Spongy Castle

Summary

6. Network Security and PKI

PKI and SSL Overview

Public Key Certificates Direct Trust and Private CAs Public Key Infrastructure Certificate Revocation

JSSE Introduction

Secure Sockets Peer Authentication Hostname Verification

Android JSSE Implementation

Certificate Management and Validation

System Trust Stores Android 4.x System Trust Store Using the System Trust Store System Trust Store APIs

Certificate Blacklisting

Handling CA Key Compromises Handling End Entity Key Compromises Android Certificate Blacklisting

Reexamining the PKI Trust Model

Trust Problems in Today’s PKI Radical Solutions Convergence and Trust Agility Certificate Pinning Certificate Pinning in Android

Summary

7. Credential Storage

VPN and Wi-Fi EAP Credentials

Authentication Keys and Certificates The System Credential Store

Credential Storage Implementation

The keystore Service Key Blob Versions and Types Access Restrictions keymaster Module and keystore Service Implementation Nexus 4 Hardware-Backed Implementation Framework Integration

Public APIs

The KeyChain API

The KeyChain Class Installing a PKCS#12 File Using a Private Key Installing a CA Certificate Deleting Keys and User Certificates Getting Information about Supported Algorithms

KeyChain API Implementation Controlling Access to the Keystore

KeyChainBroadcastReceiver Credential and Trust Store Summary

Android Keystore Provider

Summary

8. Online Account Management

Android Account Management Overview Account Management Implementation

AccountManagerService and AccountManager Authenticator Modules The Authenticator Module Cache AccountManagerService Operations and Permissions

Listing and Authenticating Accounts Managing Accounts Using Account Credentials Requesting Authentication Token Access

The Accounts Database

Table Schema Table Access Password Security

Multi-User Support

Per-User Account Databases Shared Accounts

Adding an Authenticator Module

Google Accounts Support

The Google Login Service Google Services Authentication and Authorization

ClientLogin OAuth 2.0

Google Play Services

Summary

9. Enterprise Security

Device Administration

Implementation

Privilege Management Policy Persistence Policy Enforcement

Adding a Device Administrator

Implementing a Device Administrator Setting the Device Owner Managed Devices

Enterprise Account Integration

Microsoft Exchange ActiveSync Google Apps

VPN Support

PPTP L2TP/IPSec IPSec Xauth SSL-Based VPNs Legacy VPN

Implementation Profile and Credential Storage Accessing Credentials Always-On VPN

Application-Based VPNs

Declaring a VPN Preparing the VPN Establishing a VPN Connection Notifying the User About the VPN Connection

Multi-User Support

Linux Advanced Routing Multi-User VPN Implementation

Wi-Fi EAP

EAP Authentication Methods Android Wi-Fi Architecture EAP Credentials Management Adding an EAP Network with WifiManager

Summary

10. Device Security

Controlling OS Boot-Up and Installation

Bootloader Recovery

Verified Boot

dm-verity Overview Android Implementation Enabling Verified Boot

Disk Encryption

Cipher Mode Key Derivation Disk Encryption Password Changing the Disk Encryption Password Enabling Encryption

Controlling Device Encryption Using System Properties Unmounting /data Triggering the Encryption Process Updating the Crypto Footer and Encrypting Data

Booting an Encrypted Device

Obtaining the Disk Encryption Password Decrypting and Mounting /data Starting All System Services

Screen Security

Lockscreen Implementation Keyguard Unlock Methods

Face Unlock Pattern Unlock PIN and Password Unlock PIN and PUK Unlock

Brute-Force Attack Protection

Secure USB Debugging

ADB Overview The Need for Secure ADB Securing ADB Secure ADB Implementation ADB Authentication Keys Verifying the Host Key Fingerprint

Android Backup

Android Backup Overview

Cloud Backup Local Backup

Backup File Format Backup Encryption Controlling Backup Scope

Summary

11. NFC and Secure Elements

NFC Overview Android NFC Support

Reader/Writer Mode

Registering for Tag Dispatch Tag Technologies Reading a Tag Using Reader Mode

Peer-to-Peer Mode Card Emulation Mode

Secure Elements

SE Form Factors in Mobile Devices

UICC microSD-Based SE Embedded SE

Accessing the Embedded SE

Granting Access to the eSE Using the NfcExecutionEnvironment API eSE-Related Broadcasts

Android SE Execution Environment

SE Communication Protocols Querying the eSE Execution Environment

UICC as a Secure Element

SIM Cards and UICCs UICC Applications UICC Application Implementation and Installation Accessing the UICC Using the OpenMobile API

Software Card Emulation

Android 4.4 HCE Architecture APDU Routing

Specifying Routing for HCE Services Specifying Routing for SE Applets

Writing an HCE Service Security of HCE Applications

Summary

12. Selinux

SELinux Introduction

SELinux Architecture Mandatory Access Control SELinux Modes Security Contexts Security Context Assignment and Persistence Security Policy Policy Statements

Type and Attribute Statements User and Role Statements Object Class and Permission Statements

Type Transition Rules Domain Transition Rules Access Vector Rules

allow Rules auditallow Rules dontaudit Rules neverallow Rules

Android Implementation

Kernel Changes Userspace Changes

Libraries and Tools System Initialization Labeling Files Labeling System Properties Labeling Application Processes Middleware MAC

Device Policy Files Policy Event Logging

Android 4.4 SELinux Policy

Policy Overview Enforcing Domains Unconfined Domains App Domains

Summary

13. System Updates and Root Access

Bootloader

Unlocking the Bootloader Fastboot Mode

Android Partition Layout The Fastboot Protocol Fastboot Commands

Recovery

Stock Recovery

Controlling the Recovery Sideloading an OTA Package OTA Signature Verification Starting the System Update Process Applying the Update Copying and Patching Files Setting File Ownership, Permissions, and Security Labels Finishing the Update Updating the Recovery

Custom Recoveries

Root Access

Root Access on Engineering Builds

Starting ADB as Root Using the su Command

Root Access on Production Builds

Rooting by Changing the boot or system Image Rooting by Flashing an OTA Package

SuperSU How SuperSU Is Initialized Root Access on Custom ROMs

Rooting via Exploits

Summary

Index Copyright

← Prev
Back
Next →

← Prev
Back
Next →