Android | How to use IsolatedProcess

Question

As far as i understand, an IsolatedProcess is here to run untrusted code.

But if the IsolatedProcess is basicly a process without any permissions, how can one send the untrusted code (lets say a class) to the IsolatedProcess?

I mean the IsolatedProcess have no access to the files in the device , to the internet, or anything else.

So what is the way to send the untrusted code to the IsolatedProcess?

I am trying to pass Constructors to the IsolatedProcess so he can start this untrusted classes safetly, but all the communication between processes must be with Serializable objects, and a Constructor is not a Serializable object.

Answer 1

You're misunderstanding the purpose of isolatedProcess. It doesn't provide APIs to do what you want because it isn't how it's intended to be used and using it like that wouldn't be a good security practice. It's designed to provide a layer of security that an attacker needs to bypass once they've gained remote code execution via an exploit. You simply shouldn't run untrusted Java code because Android isn't designed to do it. It will still have access to native APIs including the kernel's system calls, etc. within an isolatedProcess. isolatedProcess drops nearly all privileges (gets a unique UID / GID and runs in the isolated_app SELinux domain) but it's not a very good sandbox alone. If you're determined to do it, then doing it within isolatedProcess is better than outside it, but you would be rolling your own code for it.

The main user of isolatedProcess is Chrome. Each site instance is rendered by a separate isolatedProcess service. It doesn't run untrusted Java or native code. An attacker needs a remote code execution exploit to gain control over the isolatedProcess. Chrome also doesn't only rely on isolatedProcess for the second layer of defence. It uses a strict seccomp-bpf filter to greatly reduce kernel attack surface.