I'm having some trouble understanding how system calls come into play in android app execution.
From my understanding of android app execution, .class file is translated into dalvik bytecode (DEX) which is combined together to form ODEX. ODEX is then compiled with JIT compiler directly into machine code for execution.
In this case, how does system call on android's linux kernel comes into play? In addition, is there any possible way to monitor these system calls?Answer1:
Well, Java is a high-level language and when you open a file in Android it all-in-all calls fopen() using <a href="https://en.wikipedia.org/wiki/Java_Native_Interface" rel="nofollow">JNI</a>. So do every method which make any "system" stuff.
Yes you can monitor system calls in android but you need a rooted device and you'll need to replace system .so libs with your libs.Answer2:
System calls are the functions of the kernel space, available to the user space. It gives the capacity to manipulate hard drive files or to control processes. It is available via the libc.so. All code (Java, native, whatever ...) that need to interact with the linux OS / Android OS will end up calling a syscall. Strace is a Linux utility for debugging processes. It can monitor system calls, signal deliveries and changes of process state. Strace use the ptrace system call to monitor another process memory and registers. For using it simply execute:
strace -p <package-name-pid>