Android Oren Laadan orenl@cellrox.com Android Builders 2014 - - PowerPoint PPT Presentation

Oren Laadan

• renl@cellrox.com

Android Builders 2014 www.cellrox.com

Multi-Persona Android

aprilzosia

Android Builders 2014 2

Mobile devices have multiple uses -

• the device needs to reflect that.

Android Builders 2014 3

Personal Phone Business Phone Security Use Case

Android Builders 2014 4

Do People Remember?

• Only download apps from trusted sources, such as reputable app
• markets. Remember to look at the developer name, reviews, and star

ratings.

• Always check the permissions an app requests. Use common sense

to ensure that the permissions an app requests match the features the app provides.

• Be alert for unusual behavior on your phone. Suspicious behavior

could be a sign that your phone is infected. These behaviors may include unusual SMS or network activity.

• Install a mobile security app for your phone that scans every app you

download to ensure it’s safe.

Android Builders 2014 5

No, They Don’t!

• Only download apps from trusted sources, such as reputable app
• markets. Remember to look at the developer name, reviews, and star

ratings.

• Always check the permissions an app requests. Use common sense

to ensure that the permissions an app requests match the features the app provides.

• Be alert for unusual behavior on your phone. Suspicious behavior

could be a sign that your phone is infected. These behaviors may include unusual SMS or network activity.

• Install a mobile security app for your phone that scans every app you

download to ensure it’s safe.

Android Builders 2014 6

More Use Cases Personal Phone Business Phone Children Phone Privacy Phone Secure Phone

Android Builders 2014 7

Even More Use Cases Personal Phone Business Phone Children Phone Privacy Phone Secure Phone Social Phone Guest Phone Dev Phone

Android Builders 2014 8

Multi-Persona for Mobile Devices

Android Builders 2014 9 Android applications Android environment Linux kernel Device hardware Typical device

Mobile Device Virtualization

Android applications Android environment Linux kernel Device hardware Typical device

Android Builders 2014 10

Nobody Will Notice? Performance Transparent

Application Transparent Platform Transparent User Transparent

Android Builders 2014 11

Hardware Virtualization

Android applications Android environment Linux kernel Device hardware Typical device Android applications Android environment Linux kernel Device hardware Virtual Phone Hypervisor Type I Android applications Android environment Linux kernel Virtual Phone

Android Builders 2014 12

Hardware Virtualization

Suitable for servers

• standard hardware
• slow server replace rate
• strong security model

Sub-optimal for mobile devices

• burden to support devices
• reduced performance / battery-life
• sub-optimal use of resources

Android Builders 2014 19

Operating System Virtualization

Namespaces provide a group of processes with the illusion that they are the only processes

• n the system.

Android Builders 2014 20

Namespace (r)evolution

Kernel namespaces:

• mount-ns:

2.4.19

• uts-ns:

2.6.19

• ipc-ns:

2.6.19

• pid-ns:

2.6.24

• net-ns:

2.6.24-2.6.29

• user-ns:

2.6.23-3.8 System calls: clone(), unshare(), setns()

Android Builders 2014 21 Virtual Phone Android applications Android environment Linux kernel Device hardware Typical device Virtual Phone Android applications Android environment Linux kernel Device hardware Android applications Android environment

Namespaces

Operating System Virtualization

Android Builders 2014 22

Device Diversity

A typical collection of peripherals available

• n a modern smartphone or tablet:

Headset Microphone Speakers (Touch) Screen Power Buttons Telephony Bluetooth GPS WiFi Framebuffer GPU Compass Camera(s) Accelerometer RTC/Alarms

Android Builders 2014 23

Device Interactivity

Users interact with a device one application at a time, expect consistent user experience: Split the “attention” of resources between the multiple persona, depending on context.

Android Builders 2014 24 Android applications Android environment Linux kernel Device hardware Framebuf

Android Builders 2014 25 Android applications Android environment Linux kernel Device hardware Framebuf Android applications Android environment

Android Builders 2014 26 Android applications Android environment Linux kernel Device hardware Framebuf Input

Android Builders 2014 27 Android applications Android environment Linux kernel Device hardware Framebuf Android applications Android environment Input

Android Builders 2014 28 Android applications Android environment Linux kernel Device hardware

Device Namespace

Framebuf Android applications Android environment Input

Android Builders 2014 29 Android applications Android environment Linux kernel Device hardware

Device Namespace

Framebuf Android applications Android environment Input Touch Proximty

Android Builders 2014 30 Android applications Android environment Linux kernel Device hardware

Device Namespace

Framebuf Android applications Android environment Input Touch Buttons Proximty LED GPS

Android Builders 2014 32

Mobile Virtualization Challenges

Challenge 1: device diversity

• plethora of peripherals not virtualized
• key logical devices not virtualized

 virtualize physical & logical devices

Android Builders 2014 34

Mobile Virtualization Challenges

Challenge 1: device diversity

• plethora of peripherals not virtualized
• key logical devices not virtualized

 virtualize physical & logical devices Challenge 2: interactive usage

• users interact with one app at a time
• foreground vs. background apps

 multiplex access based on context

Android Builders 2014 35

Device Namespaces

Device diversity: traditional virtualization

• create the illusion that processes interact

exclusively with a set of devices

• hide the fact that other processes interact

with the same set of devices

• Device major/minor (e.g. loop, dm), and

device setup and internal state

Android Builders 2014 36

“Traditional” virtualization

Examples:

• alarm-dev
• binder
• logger
• wakelocks
• …

Android Builders 2014 37

“Traditional” virtualization

Typical driver: Virtualized driver?

• global driver state
• per open fd state
• open() is special
• read/write/ioctl etc

use per open fd state (and global state)

Android Builders 2014 38

“Traditional” virtualization

Typical driver: Virtualized driver:

• global driver state

 - per-devns state

• per open fd state
• open() is special
• read/write/ioctl etc

use per open fd state (and global state)

Android Builders 2014 39

“Traditional” virtualization

Typical driver: Virtualized driver:

• global driver state

 - per-devns state

• per open fd state

 - per open fd state points to per-devns state

• open() is special
• read/write/ioctl etc

use per open fd state (and global state)

Android Builders 2014 40

“Traditional” virtualization

Typical driver: Virtualized driver:

• global driver state

 - per-devns state

• per open fd state

 - per open fd state points to per-devns state

• open() is special

 - obtain per-devns state and perform in context

• read/write/ioctl etc

use per open fd state (and global state)

Android Builders 2014 41

“Traditional” virtualization

Typical driver: Virtualized driver:

• global driver state

 - per-devns state

• per open fd state

 - per open fd state points to per-devns state

• open() is special

 - obtain per-devns state and perform in context

• read/write/ioctl etc

 - read/write/ioctl etc use per open fd state use per open fd state (and global state) and per-devns state (and global state)

Android Builders 2014 42

“Traditional” virtualization

A peek at the code:

• alarm-dev
• binder
• …

Android Builders 2014 43

Device Namespaces

Interactivity: context-aware virtualization

• concept of an active namespace, with

which the user actually interacts

• ability to switch namespaces, to allow

interacting with multi-namespaces

• users really interact with one namespace

at a time

Android Builders 2014 44

Device Namespaces

Android applications Android environment Android applications Android environment Linux kernel Device hardware

(Device) Namespaces

Framebuf Input Touch Buttons Proximty LED GPS

Android Builders 2014 45

Framebuffer ?

Android applications Android environment Linux kernel Framebuffer Android applications Android environment Android applications Android environment VP VP VP

Android Builders 2014 47

Framebuffer: device namespaces

Android applications Android environment Linux kernel Android applications Android environment Android applications Android environment Background Foreground Background RAM Framebuffer Virtualized Framebuffer

Android Builders 2014 48

Framebuffer: device namespaces

Android applications Android environment Linux kernel Android applications Android environment Android applications Android environment Background Foreground Background RAM Framebuffer Virtualized Framebuffer

Android Builders 2014 49

Framebuffer: device namespaces

Android applications Android environment Linux kernel Android applications Android environment Android applications Android environment Background Background RAM Framebuffer Foreground Virtualized Framebuffer

Android Builders 2014 50

Input ?

Android applications Android environment Linux kernel input Android applications Android environment Android applications Android environment VP VP VP

Android Builders 2014 51

Input: device namespaces

Android applications Android environment Linux kernel Android applications Android environment Android applications Android environment Background Foreground Background Input Virtualized Input

Android Builders 2014 52

Input: device namespaces

Android applications Android environment Linux kernel Android applications Android environment Android applications Android environment Input Background Background Foreground Virtualized Input

Android Builders 2014 53

“Context-aware” virtualization

Typical driver: Virtualized driver:

• global driver state



• per-devns state
• per open fd state



• per open fd state points

to per-devns state

• open() is special



• obtain per-devns state

and perform in context

• read/write/ioctl etc



• read/write/ioctl etc

use per open fd state use per open fd state (and global state) and per-devns state (and global state)

Android Builders 2014 54

“Context-aware” virtualization

Typical driver: Virtualized driver:

• global driver state



• per-devns state
• per open fd state



• per open fd state points

to per-devns state

• open() is special



• obtain per-devns state

and perform in context

• read/write/ioctl etc



• read/write/ioctl etc

use per open fd state use per open fd state (and global state) and per-devns state (and global state)

per devns state:

• active flag (foreground/background)
• callbacks (create, destroy, switch)

Android Builders 2014 55

“Context-aware” virtualization

A peek at the code:

• input layer
• backlight
• LED
• …

Android Builders 2014 59

Device namespaces in action

A quick hands on with the Android emulator

Android Builders 2014 60

User-experience ?

Android Builders 2014 64

User-experience Identity Awareness Switching Sharing

Android Builders 2014 65

Unique UX

Background persona tab Foreground persona tab Background persona icon Foreground persona icon

Android Builders 2014 66

Experimental Benchmarks

• CPU (Linpack)
• Graphics (Neocore)
• Storage (Quadrant)
• Web browsing (SunSpider)
• Networking (custom)

Android Builders 2014 67

Runtime Overhead (Idle)

0.00 0.20 0.40 0.60 0.80 1.00 1.20 1.40 Linpack NeoCore Quadrant I/O Sun Spider Network Baseline 1-VP 2-VP 3-VP 4-VP 5-VP

Android Builders 2014 68

Runtime Overhead (load)

0.00 0.20 0.40 0.60 0.80 1.00 1.20 1.40 Linpack NeoCore Quadrant I/O Sun Spider Network Baseline 1-VP 2-VP 3-VP 4-VP 5-VP

Android Builders 2014 69

Power Consumption Overhead

0.00 0.20 0.40 0.60 0.80 1.00 1.20 1.40

After 4hrs Music After 12hrs Idle

Baseline 1-VP 2-VP 3-VP 4-VP 5-VP

Android Builders 2014 70

Summary

• Multi-persona Android
• Device namespaces (?!)

More info:

https://github.com/Cellrox/devns-patches/wiki

• renl@cellrox.com