Daemon-Guard: Towards Preventing Privilege Abuse Attacks in Android Native Daemons

With essential privileges, native daemons provide core system services for apps in the Android system. However, we find that exploiting Android native daemons can still lead to another security issue: the privilege abuse within the confined privilege. So, in this paper, we firstly demonstrate the privilege abuse problem in native daemons through two types of attacks: the data leakage attack and the Denial-of-Service (DoS) attack. To mitigate the privilege abuse issue, we then propose the Daemon-Guard framework, in which we build a dispatcher to fork a new daemon process for handling each service request from apps. The dispatcher can check the ownership of data and determine whether a data access operation is authorized, and check the speed of the service requests from an app by a reference monitor. To restrict a daemon process accessing data in the file system, we deploy Seccomp, a capability system supported by the Linux kernel. At last, we implement the Daemon-Guard framework on the keystore daemon through the static instrumentation. The evaluation of the keystore case shows that Daemon-Guard can successfully prevent these two privilege abuse attacks with an acceptable performance overhead.