Binder transactions in the bowels of the Linux Kernel

Binder is the main IPC/RPC (Inter-Process Communication) system in Android. It allows applications to communicate with each other and it is the base of several important mechanisms in the Android environment. For instance, Android services are built on top of Binder. Message exchanged with Binder are called binder transactions, they can transport simple data such as integers but also process more complex structures like file descriptors, memory buffers or weak/strong references on objects. There are a lot of interesting Binder documentations available on the Internet but quite few details on how messages are translated from a process to another. This article tries to describe how Binder handles messages and performs translations of complex objects (file descriptors, pointers) between different processes. For this, a binder transaction will be followed from userland to the binder kernel.

Breaking namespace isolation with PF_RING before 7.0.0

Linux hardening and proper isolation using containerization can be tricky especially when performance is critical.

We recently helped a client to design a secure network appliance that involve sniffing network traffic. This device has high security and performance constraints.

This post is a feedback on the unlikely integration of fast sniffers with linux containers.

Page 1 / 1