Starting Activity from other application inside my application process context

34 views

Skip to first unread message

Moustafa Alzantot

unread,

Mar 9, 2016, 5:52:20 PM3/9/16

to android-platform

Hi,

I am trying to load an activity class from another application's APK and start it inside my application's process context.

Assuming I have two Android applications, **Container** and **Target**. My goal is to start an activity from **Target** inside the process context of **Container**. This has been already achieved in this research paper:

[NJAS: Sandboxing Unmodified Applications in non-rooted Devices Running Stock Android][1]

First, I create a package context of the **target** application by using the `CreatePackageContext` method while setting the `Context.CONTEXT_IGNORE_SECURITY | Context.CONTEXT_INCLUDE_CODE` flags.

then I obtain a class object of the target activity, the one I am willing to start, by using the class loader of that context object.

Context otherApplicationContext = getApplicationContext().
createPackageContext("target_package_name",
Context.CONTEXT_IGNORE_SECURITY | Context.CONTEXT_INCLUDE_CODE);

I also, define a dummy activity in my application's manifest file that has the same name of the target activity.

ClassLoader loader = otherApplicationContext.getClassLoader();

Class<?> activityClass = Class.forName("target_package_name.MainActivity", false, loader);

Finally, I attempt to call the `StartActivity` method, passing my applications context and the target activity class object.

Intent intent = new Intent(getApplicationContext() , activityClass);
startActivity(intent);

However, the system fails to start the activity as it tries to load it again using the **Container** application class loader. Therefore, it fails with the following error message.

> java.lang.RuntimeException: Unable to instantiate activity
> ComponentInfo{cotainer_package_name/target_package_name.MainActivity}

I have setup, the **ptrace** patching (more details in the paper), so that I can modify binder transactions used in calling the `ActivityManagerService` after the `StartActivity` calls.

Thanks,

Moustafa

Reply all

Reply to author

Forward

0 new messages