Group of Software Security In Progress

GoSSIP @ LoCCS.Shanghai Jiao Tong University

NJAS Sandboxing Unmodified Applications in Non-rooted Devices Running Stock Android

论文下载

简介

这篇文章提出了一种不修改系统,不需要ROOT,不重打包来制造一个沙盒的工具–NJAS(Not Just Another Sandbox)

特点

  • executing an Android application within the context of another one1
  • achieves sandboxing by means of system call interposition(using the ptrace mechanism)
  • no modication to the framework, no root access to the device, no require to enable unsafe options
  • cannot be evaded by using native code components

实现方法

原APP这里称为orig, 针对每个orig, 会单独生成一个stub APP。 这个stub包含orig的menifest.xml中少量基本信息,权限,组件声明等等,不包括资源文件和代码。

用户直接运行stub, stub收先会fork自身,生成一个monitor 子进程。monitor子进程会利用ptrace来在system call 层面上监督stub执行的代码,目前可以限制四个功能:network,filesystem,sms,contact。 而stub执行的代码来自orig。 stub通过从data/app目录下的apk文件中拿到orig的dex及资源文件。用classloader来读取并运行其代码。除了监控,monitor子进程还需要做一些对源代码的patch工作,来保证orig的代码可以在stub的context中正常运行。比如修改一些参数和返回值,(文件系统路径,包名等等)。

Security

by using syscall interposition, Njas is able to fully control the behavior of an app. In fact, the usage of the ptrace mechanism guarantees that the monitor process will be able to intercept every syscall invoked by orig。

  1. Java-level API
  2. native library
  3. syscall through inline assembly code

会阻止ptrace和kill指令,防止恶意APP绕过Njas

评估

Fig