The ANDROID operating system is a LINUX-based operating system designed primarily for touchscreen mobile devices such as smartphones and tablet computers. The ANDROID operating system uses a LINUX kernel at its core, and also provides an application framework that software developers incorporate into their ANDROID operating system applications and services. The ANDROID operating system additionally provides a middleware layer between the LINUX operating system at the LINUX operating system layer and the ANDROID operating system applications and services at the higher the application layer to enable easier cross-platform development for deploying the same applications or services across different types of smartphones, tablets or other hardware.
The middleware layer comprises libraries that provide services such as data storage, screen display, multimedia, and web browsing, and are compiled to machine language to enable services to execute quickly. The middleware libraries implement device-specific functions, so applications and the application framework need not concern themselves with the variations between devices running the ANDROID operating system. The middleware layer also supports a specialized version of Java to simplify cross-platform development. In particular, it contains the Dalvik Virtual Machine (DVM) and its core Java application libraries. Applications or services can be compiled from Java (or other supported languages) to a byte-code that can be run by the DVM.
Although the middleware layer simplifies application development, it also adds significantly more complexity to the overall ANDROID operating system. This additional complexity can be exploited by applications or services programmed to perform malicious tasks (malware) or execute malicious code (malcode).
By way of example, malware or malcode can exploit Inter-Process Communications (IPC) to attack sensitive applications and their data. Referring to FIG. 1, each application 10,12 is executed in a respective DVM 14,16. When launched, each application corresponds to an instance of a DVM. Each DVM 14,16 is mapped into a dedicated process 18,20 running in User Mode 22 in the LINUX operating system layer 24. In the ANDROID operating system, applications can communicate with each other using IPC mechanisms. The standard mechanism in the ANDROID operating system to implement IPC is though the Binder framework. The Binder framework has the facility to provide bindings to functions and data from one process to another. The Binder framework in the ANDROID operating system is provided in three levels. At the application layer 42 there is an Application Programming Interface (API) 26,28 to enable applications to communicate with each other, such as the ANDROID Interface Definition Language (AIDL). The AIDL allows application developers to define the interface for remote service and an AIDL parser generates the required Java client and server code. At the middleware layer 44 a Binder 30, such as C++ code, is provided which has user space facilities to be used by the applications via Java Native Interface (JNI) and interacts with the Binder kernel driver 32 in the LINUX operating system layer 24. The Binder kernel driver 32 in the LINUX kernel carries out the message passing between processes and provides a shared memory facility. The driver sits behind a special device, /dev/binder, and implements various system calls, such as open and ioctl, to enable processes to communicate with each other.
As shown in FIG. 1, the IPC mechanism can be described in two layers. At the ANDROID operating system layer 46, when Application 1 (10) sends an IPC through its AIDL API (26) as shown at 34, the binder code 30 in the middleware will take care of the delivery of the request to the destination Application 2 (12) as shown at (36). At the LINUX operating system layer, this operation is translated into a sequence of system calls (open and ioctl) executed by Process 1 (18) (corresponding to Application 1) using the binder kernel driver (dev/binder) 32 as shown at (38). The request is then forwarded to Process 2 (20) (corresponding to Application 2) as shown at (40).
In conventional UNIX and LINUX operating systems, security systems have been proposed that use kernel modules in order to trace a process to enforce security policies, and this involves recompiling the kernel image in order to register the module. Additionally, as new applications are launched by the user via a shell, the monitoring module is able to link the correct security policy to the newly launched process. Such security systems do not work effectively on the ANDROID operating system, which uses a distinctly different way of launching and managing programs. It is also desirable to have a security system for the ANDROID operating system that does not require recompilation of the LINUX kernel.
In this specification where reference has been made to patent specifications, other external documents, or other sources of information, this is generally for the purpose of providing a context for discussing the features of the invention. Unless specifically stated otherwise, reference to such external documents is not to be construed as an admission that such documents, or such sources of information, in any jurisdiction, are prior art, or form part of the common general knowledge in the art.
It is an object of the invention to provide a security system and method for the ANDROID operating system in which security policies for each application can be configured at the ANDROID operating system layer and which are enforced at the lower LINUX operating system layer, or to at least provide the public with a useful choice.