Draco: A system for uniform and fine-grained access control for web code on android
Abstract
In-app embedded browsers are commonly used by app developers
to display web content without having to redirect the user to heavyweight web browsers. Just like the conventional web browsers, embedded browsers can allow the execution of web code. In addition,
they provide mechanisms (viz., JavaScript bridges) to give web code
access to internal app code that might implement critical functionalities and expose device resources. This is intrinsically dangerous
since there is currently no means for app developers to perform
origin-based access control on the JavaScript bridges, and any web
code running in an embedded browser is free to use all the exposed
app and device resources. Previous work that addresses this problem provided access control solutions that work only for apps that
are built using hybrid frameworks. Additionally, these solutions focused on protecting only the parts of JavaScript bridges that expose
permissions-protected resources. In this work, our goal is to provide
a generic solution that works for all apps that utilize embedded web
browsers and protects all channels that give access to internal app
and device resources. Towards realizing this goal, we built Draco,
a uniform and fine-grained access control framework for web code
running on Android embedded browsers (viz., WebView). Draco
provides a declarative policy language that allows developers to
define policies to specify the desired access characteristics of web
origins in a fine-grained fashion, and a runtime system that dynamically enforces the policies. In contrast with previous work, we do
not assume any modifications to the Android operating system, and
implement Draco in the Chromium Android System WebView app
to enable seamless deployment. Our evaluation of the the Draco
runtime system shows that Draco incurs negligible overhead, which
is in the order of microseconds.
to display web content without having to redirect the user to heavyweight web browsers. Just like the conventional web browsers, embedded browsers can allow the execution of web code. In addition,
they provide mechanisms (viz., JavaScript bridges) to give web code
access to internal app code that might implement critical functionalities and expose device resources. This is intrinsically dangerous
since there is currently no means for app developers to perform
origin-based access control on the JavaScript bridges, and any web
code running in an embedded browser is free to use all the exposed
app and device resources. Previous work that addresses this problem provided access control solutions that work only for apps that
are built using hybrid frameworks. Additionally, these solutions focused on protecting only the parts of JavaScript bridges that expose
permissions-protected resources. In this work, our goal is to provide
a generic solution that works for all apps that utilize embedded web
browsers and protects all channels that give access to internal app
and device resources. Towards realizing this goal, we built Draco,
a uniform and fine-grained access control framework for web code
running on Android embedded browsers (viz., WebView). Draco
provides a declarative policy language that allows developers to
define policies to specify the desired access characteristics of web
origins in a fine-grained fashion, and a runtime system that dynamically enforces the policies. In contrast with previous work, we do
not assume any modifications to the Android operating system, and
implement Draco in the Chromium Android System WebView app
to enable seamless deployment. Our evaluation of the the Draco
runtime system shows that Draco incurs negligible overhead, which
is in the order of microseconds.
