Android Security Internals: An In-Depth Guide to Android’s Security Architecture

Android Security Internals: An In-Depth Guide to Android’s Security Architecture
About the Author
About the Technical Reviewer
Foreword
Acknowledgments
Introduction
	Who This Book Is For
	Prerequisites
	Android Versions
	How Is This Book Organized?
	Conventions
1. Android’s Security Model
	Android’s Architecture
		Linux Kernel
		Native Userspace
		Dalvik VM
		Java Runtime Libraries
		System Services
		Inter-Process Communication
		Binder
			Binder Implementation
			Binder Security
			Binder Identity
			Capability-Based Security
			Binder Tokens
			Accessing Binder Objects
			Other Binder Features
		Android Framework Libraries
		Applications
			System Apps
			User-Installed Apps
			Android App Components
	Android’s Security Model
		Application Sandboxing
		Permissions
		IPC
		Code Signing and Platform Keys
		Multi-User Support
		SELinux
		System Updates
		Verified Boot
	Summary
2. Permissions
	The Nature of Permissions
	Requesting Permissions
	Permission Management
	Permission Protection Levels
		normal
		dangerous
		signature
		signatureOrSystem
	Permission Assignment
		Permissions and Process Attributes
			Process Attribute Assignment
	Permission Enforcement
		Kernel-Level Enforcement
		Native Daemon-Level Enforcement
		Framework-Level Enforcement
			Dynamic Enforcement
			Static Enforcement
			Activity and Service Permission Enforcement
			Content Provider Permission Enforcement
			Broadcast Permission Enforcement
			Protected and Sticky Broadcasts
	System Permissions
		Signature Permissions
		Development Permissions
	Shared User ID
	Custom Permissions
	Public and Private Components
	Activity and Service Permissions
	Broadcast Permissions
	Content Provider Permissions
		Static Provider Permissions
		Dynamic Provider Permissions
	Pending Intents
	Summary
3. Package Management
	Android Application Package Format
	Code signing
		Java Code Signing
			Implementation
			JAR File Signing
			JAR File Verification
			Viewing or Extracting Signer Information
		Android Code Signing
			Android Code Signing Tools
			OTA File Code Signing
	APK Install Process
		Location of Application Packages and Data
		Active Components
			PackageInstaller System Application
			pm command
			PackageManagerService
			Installer class
			installd Daemon
			MountService
			vold daemon
			MediaContainerService
			AppDirObserver
		Installing a Local Package
			Parsing and Verifying the Package
			Accepting Permissions and Starting the Install Process
			Copying to the Application Directory
			The Package Scan
			Creating Data Directories
			Generating Optimized DEX
			File and Directory Structure
			Adding the New Package to packages.xml
			Package Attributes
			Updating Components and Permissions
		Updating a Package
			Signature Verification
			Updating Non-System Apps
			Updating System Apps
		Installing Encrypted APKs
			Creating and Installing an Encrypted APK
			Implementation and Encryption Parameters
			Installing an Encrypted APK with Integrity Check
		Forward Locking
		Android 4.1 Forward Locking Implementation
			Encrypted App Containers
			Installing Forward-Locked APKs
		Encrypted Apps and Google Play
	Package Verification
		Android Support for Package Verification
		Google Play Implementation
	Summary
4. User Management
	Multi-User Support Overview
	Types of Users
		The Primary User
		Secondary Users
		Restricted Profiles
			User Restrictions
			Applying Restrictions
			Access to Online Accounts
		Guest User
	User Management
		Command-Line Tools
		User States and Related Broadcasts
	User Metadata
		The User List File
		User Metadata Files
		User System Directory
	Per-User Application Management
		Application Data Directories
		Application Sharing
	External Storage
		External Storage Implementations
		Multi-User External Storage
			Advanced Linux Mount Features
			Android Implementation
		External Storage Permissions
	Other Multi-User Features
	Summary
5. Cryptographic Providers
	JCA Provider Architecture
		Cryptographic Service Providers
			Provider Implementation
			Static Provider Registration
			Dynamic Provider Registration
	JCA Engine Classes
		Obtaining an Engine Class Instance
		Algorithm Names
		SecureRandom
		MessageDigest
		Signature
		Cipher
			Block Cipher Modes of Operation
			Obtaining a Cipher Instance
			Using a Cipher
		Mac
		Key
		SecretKey and PBEKey
		PublicKey, PrivateKey, and KeyPair
		KeySpec
		KeyFactory
		SecretKeyFactory
		KeyPairGenerator
		KeyGenerator
		KeyAgreement
		KeyStore
			KeyStore Types
			PKCS#12 File-Backed KeyStores
		CertificateFactory and CertPath
		CertPathValidator and CertPathBuilder
	Android JCA Providers
		Harmony’s Crypto Provider
		Android’s Bouncy Castle Provider
		AndroidOpenSSL Provider
		OpenSSL
	Using a Custom Provider
		Spongy Castle
	Summary
6. Network Security and PKI
	PKI and SSL Overview
		Public Key Certificates
		Direct Trust and Private CAs
		Public Key Infrastructure
		Certificate Revocation
	JSSE Introduction
		Secure Sockets
		Peer Authentication
		Hostname Verification
	Android JSSE Implementation
		Certificate Management and Validation
			System Trust Stores
			Android 4.x System Trust Store
			Using the System Trust Store
			System Trust Store APIs
		Certificate Blacklisting
			Handling CA Key Compromises
			Handling End Entity Key Compromises
			Android Certificate Blacklisting
		Reexamining the PKI Trust Model
			Trust Problems in Today’s PKI
			Radical Solutions
			Convergence and Trust Agility
			Certificate Pinning
			Certificate Pinning in Android
	Summary
7. Credential Storage
	VPN and Wi-Fi EAP Credentials
		Authentication Keys and Certificates
		The System Credential Store
	Credential Storage Implementation
		The keystore Service
		Key Blob Versions and Types
		Access Restrictions
		keymaster Module and keystore Service Implementation
		Nexus 4 Hardware-Backed Implementation
		Framework Integration
	Public APIs
		The KeyChain API
			The KeyChain Class
			Installing a PKCS#12 File
			Using a Private Key
			Installing a CA Certificate
			Deleting Keys and User Certificates
			Getting Information about Supported Algorithms
		KeyChain API Implementation
		Controlling Access to the Keystore
			KeyChainBroadcastReceiver
			Credential and Trust Store Summary
		Android Keystore Provider
	Summary
8. Online Account Management
	Android Account Management Overview
	Account Management Implementation
		AccountManagerService and AccountManager
		Authenticator Modules
		The Authenticator Module Cache
		AccountManagerService Operations and Permissions
			Listing and Authenticating Accounts
			Managing Accounts
			Using Account Credentials
			Requesting Authentication Token Access
		The Accounts Database
			Table Schema
			Table Access
			Password Security
		Multi-User Support
			Per-User Account Databases
			Shared Accounts
		Adding an Authenticator Module
	Google Accounts Support
		The Google Login Service
		Google Services Authentication and Authorization
			ClientLogin
			OAuth 2.0
		Google Play Services
	Summary
9. Enterprise Security
	Device Administration
		Implementation
			Privilege Management
			Policy Persistence
			Policy Enforcement
		Adding a Device Administrator
			Implementing a Device Administrator
			Setting the Device Owner
			Managed Devices
		Enterprise Account Integration
			Microsoft Exchange ActiveSync
			Google Apps
	VPN Support
		PPTP
		L2TP/IPSec
		IPSec Xauth
		SSL-Based VPNs
		Legacy VPN
			Implementation
			Profile and Credential Storage
			Accessing Credentials
			Always-On VPN
		Application-Based VPNs
			Declaring a VPN
			Preparing the VPN
			Establishing a VPN Connection
			Notifying the User About the VPN Connection
		Multi-User Support
			Linux Advanced Routing
			Multi-User VPN Implementation
	Wi-Fi EAP
		EAP Authentication Methods
		Android Wi-Fi Architecture
		EAP Credentials Management
		Adding an EAP Network with WifiManager
	Summary
10. Device Security
	Controlling OS Boot-Up and Installation
		Bootloader
		Recovery
	Verified Boot
		dm-verity Overview
		Android Implementation
		Enabling Verified Boot
	Disk Encryption
		Cipher Mode
		Key Derivation
		Disk Encryption Password
		Changing the Disk Encryption Password
		Enabling Encryption
			Controlling Device Encryption Using System Properties
			Unmounting /data
			Triggering the Encryption Process
			Updating the Crypto Footer and Encrypting Data
		Booting an Encrypted Device
			Obtaining the Disk Encryption Password
			Decrypting and Mounting /data
			Starting All System Services
	Screen Security
		Lockscreen Implementation
		Keyguard Unlock Methods
			Face Unlock
			Pattern Unlock
			PIN and Password Unlock
			PIN and PUK Unlock
		Brute-Force Attack Protection
	Secure USB Debugging
		ADB Overview
		The Need for Secure ADB
		Securing ADB
		Secure ADB Implementation
		ADB Authentication Keys
		Verifying the Host Key Fingerprint
	Android Backup
		Android Backup Overview
			Cloud Backup
			Local Backup
		Backup File Format
		Backup Encryption
		Controlling Backup Scope
	Summary
11. NFC and Secure Elements
	NFC Overview
	Android NFC Support
		Reader/Writer Mode
			Registering for Tag Dispatch
			Tag Technologies
			Reading a Tag
			Using Reader Mode
		Peer-to-Peer Mode
		Card Emulation Mode
	Secure Elements
		SE Form Factors in Mobile Devices
			UICC
			microSD-Based SE
			Embedded SE
		Accessing the Embedded SE
			Granting Access to the eSE
			Using the NfcExecutionEnvironment API
			eSE-Related Broadcasts
		Android SE Execution Environment
			SE Communication Protocols
			Querying the eSE Execution Environment
		UICC as a Secure Element
			SIM Cards and UICCs
			UICC Applications
			UICC Application Implementation and Installation
			Accessing the UICC
			Using the OpenMobile API
	Software Card Emulation
		Android 4.4 HCE Architecture
		APDU Routing
			Specifying Routing for HCE Services
			Specifying Routing for SE Applets
		Writing an HCE Service
		Security of HCE Applications
	Summary
12. Selinux
	SELinux Introduction
		SELinux Architecture
		Mandatory Access Control
		SELinux Modes
		Security Contexts
		Security Context Assignment and Persistence
		Security Policy
		Policy Statements
			Type and Attribute Statements
			User and Role Statements
			Object Class and Permission Statements
		Type Transition Rules
		Domain Transition Rules
		Access Vector Rules
			allow Rules
			auditallow Rules
			dontaudit Rules
			neverallow Rules
	Android Implementation
		Kernel Changes
		Userspace Changes
			Libraries and Tools
			System Initialization
			Labeling Files
			Labeling System Properties
			Labeling Application Processes
			Middleware MAC
		Device Policy Files
		Policy Event Logging
	Android 4.4 SELinux Policy
		Policy Overview
		Enforcing Domains
		Unconfined Domains
		App Domains
	Summary
13. System Updates and Root Access
	Bootloader
		Unlocking the Bootloader
		Fastboot Mode
			Android Partition Layout
			The Fastboot Protocol
			Fastboot Commands
	Recovery
		Stock Recovery
			Controlling the Recovery
			Sideloading an OTA Package
			OTA Signature Verification
			Starting the System Update Process
			Applying the Update
			Copying and Patching Files
			Setting File Ownership, Permissions, and Security Labels
			Finishing the Update
			Updating the Recovery
		Custom Recoveries
	Root Access
		Root Access on Engineering Builds
			Starting ADB as Root
			Using the su Command
	Root Access on Production Builds
		Rooting by Changing the boot or system Image
		Rooting by Flashing an OTA Package
			SuperSU
			How SuperSU Is Initialized
			Root Access on Custom ROMs
		Rooting via Exploits
	Summary
Index
Copyright