Android(安卓)UID 问题 uid 改变进行了覆盖安装
16lz
2021-12-04
解决的问题:
应用由:非系统应用升级为 android.uid.system 应用,进行了覆盖安装。包名下数据都没了。
- app1
package=“com.opnext.face” - app2
package=“com.beeboxes.face.record”
android:sharedUserId=“android.uid.system”
1. uid pid gid gids 的含义和作用
- uid: android中uid用于标识一个应用程序,uid在应用安装时被分配,并且在应用存在于手机上期间,都不会改变。一个应用程序只能有一个uid,多个应用可以使用sharedUserId 方式共享同一个uid,前提是这些应用的签名要相同。
- pid : 进程ID,可变的
- gid: 对应于linux中用户组的概念,android 中 gid 等于uid
gids: 个GIDS相当于一个权限的集合,一个UID可以关联GIDS,表明该UID拥有多种权限
一个进程就是host应用程序的沙箱,里面一般有一个UID和多个GIDS,每个进程只能访问UID的权限范围内的文件和GIDs所允许访问的接口,构成了Android最基本的安全基础。
2. UID 的分配:
app 的 UID 和 GID 是安装的时候就确认的, 关键的代码如下:
frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java 中
private PackageParser.Package scanPackageDirtyLI(PackageParser.Package pkg, final int policyFlags, final int scanFlags, long currentTime, @Nullable UserHandle user) throws PackageManagerException { if (DEBUG_PACKAGE_SCANNING) { if ((policyFlags & PackageParser.PARSE_CHATTY) != 0) Log.d(TAG, "Scanning package " + pkg.packageName); } applyPolicy(pkg, policyFlags); ..................................... if (pkgSetting == null) { ....................... // SIDE EFFECTS; updates system state; move elsewhere if (origPackage != null) { mSettings.addRenamedPackageLPw(pkg.packageName, origPackage.name); } //主要是这句, PMS 维护着 mSettings 这个数据结构,里面存储着所有应用的安装信息 mSettings.addUserToSettingLPw(pkgSetting); } else { // REMOVE SharedUserSetting from method; update in a separate call. // // TODO(narayan): This update is bogus. nativeLibraryDir & primaryCpuAbi, // secondaryCpuAbi are not known at this point so we always update them // to null here, only to reset them at a later point. Settings.updatePackageSetting(pkgSetting, disabledPkgSetting, suid, destCodeFile, pkg.applicationInfo.nativeLibraryDir, pkg.applicationInfo.primaryCpuAbi, pkg.applicationInfo.secondaryCpuAbi, pkg.applicationInfo.flags, pkg.applicationInfo.privateFlags, pkg.getChildPackageNames(), UserManagerService.getInstance(), usesStaticLibraries, pkg.usesStaticLibrariesVersions); } .................... return pkg;}frameworks\base\services\core\java\com\android\server\pm\Settings.java:
/** * Registers a user ID with the system. Potentially allocates a new user ID. * @throws PackageManagerException If a user ID could not be allocated. */void addUserToSettingLPw(PackageSetting p) throws PackageManagerException { if (p.appId == 0) { // Assign new user ID p.appId = newUserIdLPw(p); } else { // Add new setting to list of user IDs addUserIdLPw(p.appId, p, p.name); } if (p.appId < 0) { PackageManagerService.reportSettingsProblem(Log.WARN, "Package " + p.name + " could not be assigned a valid UID"); throw new PackageManagerException(INSTALL_FAILED_INSUFFICIENT_STORAGE, "Package " + p.name + " could not be assigned a valid UID"); }} // uid 的分配 // Returns -1 if we could not find an available UserId to assign private int newUserIdLPw(Object obj) { // Let's be stupidly inefficient for now... final int N = mUserIds.size(); //从0开始,找到第一个未使用的ID,此处对应之前有应用被移除的情况,复用之前的ID for (int i = mFirstAvailableUid; i < N; i++) { if (mUserIds.get(i) == null) { mUserIds.set(i, obj); return Process.FIRST_APPLICATION_UID + i; } } //最多只能安装 9999 个应用 // None left? if (N > (Process.LAST_APPLICATION_UID-Process.FIRST_APPLICATION_UID)) { return -1; } mUserIds.add(obj); // 可以解释为什么普通应用的UID 都是从 10000开始的 return Process.FIRST_APPLICATION_UID + N; }3. 查看应用UID 的几种方式
1.adb ps
adb shell ps
u0_a35 1675 456 2850484 239084 SyS_epoll_ 7ea346c754 S com.opnext.face
system 3525 456 1462440 90752 SyS_epoll_ 7ea346c754 S com.beeboxes.face.record
这个 u0_a35 就表示该应用是 user 0(主用户)下面的应用,id是 35,前面说过 普通应用程序的UID 都是从 10000开始的,所以 最终计算出的 UID 就是 10035
2.通过pid 查看
进程 id 1675
cat proc/pid号/status
h03v57c2k:/ # cat proc/1675/statusName:com.opnext.faceState:S (sleeping)Tgid:1675Ngid:0Pid:1675PPid:456TracerPid:0Uid:10035100351003510035Gid:10035100351003510035FDSize:256Groups:1015 1023 3003 9997 50035 VmPeak: 2933688 kBVmSize: 2850484 kBVmLck: 0 kBVmPin: 0 kBVmHWM: 261264 kBVmRSS: 239372 kBVmData: 251436 kBVmStk: 8196 kBVmExe: 16 kBVmLib: 165276 kBVmPTE: 1048 kBVmPMD: 24 kBVmSwap: 0 kBThreads:50SigQ:0/10542SigPnd:0000000000000000ShdPnd:0000000000000000SigBlk:0000000000001204SigIgn:0000000000000000SigCgt:20000002000084f8CapInh:0000000000000000CapPrm:0000000000000000CapEff:0000000000000000CapBnd:0000000000000000CapAmb:0000000000000000Seccomp:0Cpus_allowed:ffCpus_allowed_list:0-7voluntary_ctxt_switches:5637nonvoluntary_ctxt_switches:4097h03v57c2k:/ # 方法3:
如果手机有root权限的话,可以导出 data/system/packages.list 文件, 里面可以看到所有应用的包名及对应的 UID
- /data/system/packages.list
com.opnext.face 10035 0 /data/user/0/com.opnext.face platform 3003,1023,1015com.beeboxes.face.record 1000 0 /data/user/0/com.beeboxes.face.record platform 1004,1001,1018,3009,3002,1023,1015,3003,3001,3005,1007,3006- /data/system/packages.xml
<package name="com.opnext.face" codePath="/system/app/Face" nativeLibraryPath="/system/app/Face/lib" publicFlags="945339981" privateFlags="0" pkgFlagsEx="0" ft="11e8dc5d800" it="11e8dc5d800" ut="11e8dc5d800" version="1" userId="10035"> <sigs count="1"> <cert index="1" /> </sigs> <perms> <item name="android.permission.SYSTEM_ALERT_WINDOW" granted="true" flags="0" /> <item name="android.permission.INTERNET" granted="true" flags="0" /> <item name="android.permission.REORDER_TASKS" granted="true" flags="0" /> <item name="android.permission.MOUNT_UNMOUNT_FILESYSTEMS" granted="true" flags="0" /> <item name="app.custom.permission.START_RECORD_SERVICE" granted="true" flags="0" /> <item name="android.permission.ACCESS_WIFI_STATE" granted="true" flags="0" /> <item name="android.permission.WAKE_LOCK" granted="true" flags="0" /> </perms> <proper-signing-keyset identifier="1" /> </package>//下面是App2 <package name="com.beeboxes.face.record" codePath="/system/app/FaceRecordService" nativeLibraryPath="/system/app/FaceRecordService/lib" primaryCpuAbi="arm64-v8a" publicFlags="944258629" privateFlags="0" pkgFlagsEx="0" ft="11e8dc5d800" it="11e8dc5d800" ut="11e8dc5d800" version="1" sharedUserId="1000"> <sigs count="1"> <cert index="1" /> </sigs> <perms> <item name="android.permission.BIND_INCALL_SERVICE" granted="true" flags="0" /> <item name="android.permission.WRITE_SETTINGS" granted="true" flags="0" /> <item name="android.permission.CONFIGURE_WIFI_DISPLAY" granted="true" flags="0" /> <item name="com.opnext.odsl.CONF_CHANGED" granted="true" flags="0" /> <item name="android.permission.ACCESS_WIMAX_STATE" granted="true" flags="0" /> <item name="android.permission.RECOVERY" granted="true" flags="0" /> <item name="beeboxes.permission.INPUT_MANAGER" granted="true" flags="0" /> <item name="android.permission.STORAGE_INTERNAL" granted="true" flags="0" /> <item name="android.permission.USE_CREDENTIALS" granted="true" flags="0" /> <item name="android.permission.MODIFY_AUDIO_SETTINGS" granted="true" flags="0" /> <item name="android.permission.ACCESS_CHECKIN_PROPERTIES" granted="true" flags="0" /> <item name="android.permission.INSTALL_LOCATION_PROVIDER" granted="true" flags="0" /> <item name="android.permission.SYSTEM_ALERT_WINDOW" granted="true" flags="0" /> <item name="android.permission.BROADCAST_PHONE_ACCOUNT_REGISTRATION" granted="true" flags="0" /> <item name="android.permission.CLEAR_APP_USER_DATA" granted="true" flags="0" /> <item name="android.permission.BROADCAST_CALLLOG_INFO" granted="true" flags="0" /> <item name="android.permission.INSTALL_PACKAGES" granted="true" flags="0" /> <item name="android.permission.SHUTDOWN" granted="true" flags="0" /> <item name="android.permission.NFC" granted="true" flags="0" /> <item name="android.permission.INTERNAL_SYSTEM_WINDOW" granted="true" flags="0" /> <item name="android.permission.CALL_PRIVILEGED" granted="true" flags="0" /> <item name="android.permission.CHANGE_NETWORK_STATE" granted="true" flags="0" /> <item name="android.permission.MASTER_CLEAR" granted="true" flags="0" /> <item name="android.permission.WRITE_SYNC_SETTINGS" granted="true" flags="0" /> <item name="android.permission.RECEIVE_BOOT_COMPLETED" granted="true" flags="0" /> <item name="android.permission.PEERS_MAC_ADDRESS" granted="true" flags="0" /> <item name="android.permission.DEVICE_POWER" granted="true" flags="0" /> <item name="android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS" granted="true" flags="0" /> <item name="android.permission.READ_PROFILE" granted="true" flags="0" /> <item name="android.permission.BLUETOOTH" granted="true" flags="0" /> <item name="android.permission.CHANGE_WIFI_MULTICAST_STATE" granted="true" flags="0" /> <item name="com.android.alarm.permission.SET_ALARM" granted="true" flags="0" /> <item name="android.permission.WRITE_MEDIA_STORAGE" granted="true" flags="0" /> <item name="android.permission.WRITE_BLOCKED_NUMBERS" granted="true" flags="0" /> <item name="android.permission.AUTHENTICATE_ACCOUNTS" granted="true" flags="0" /> <item name="android.permission.INTERNET" granted="true" flags="0" /> <item name="android.permission.REORDER_TASKS" granted="true" flags="0" /> <item name="android.permission.BLUETOOTH_ADMIN" granted="true" flags="0" /> <item name="android.permission.CONTROL_VPN" granted="true" flags="0" /> <item name="android.permission.READ_PRECISE_PHONE_STATE" granted="true" flags="0" /> <item name="android.permission.MANAGE_FINGERPRINT" granted="true" flags="0" /> <item name="android.permission.NET_ADMIN" granted="true" flags="0" /> <item name="android.permission.BIND_CONNECTION_SERVICE" granted="true" flags="0" /> <item name="android.permission.MANAGE_USB" granted="true" flags="0" /> <item name="android.permission.INTERACT_ACROSS_USERS_FULL" granted="true" flags="0" /> <item name="android.permission.STOP_APP_SWITCHES" granted="true" flags="0" /> <item name="android.permission.BATTERY_STATS" granted="true" flags="0" /> <item name="android.permission.PACKAGE_USAGE_STATS" granted="true" flags="0" /> <item name="android.permission.MOUNT_UNMOUNT_FILESYSTEMS" granted="true" flags="0" /> <item name="android.permission.TETHER_PRIVILEGED" granted="true" flags="0" /> <item name="android.permission.WRITE_SECURE_SETTINGS" granted="true" flags="0" /> <item name="android.permission.MOVE_PACKAGE" granted="true" flags="0" /> <item name="android.permission.READ_BLOCKED_NUMBERS" granted="true" flags="0" /> <item name="android.permission.READ_SEARCH_INDEXABLES" granted="true" flags="0" /> <item name="android.permission.READ_PRIVILEGED_PHONE_STATE" granted="true" flags="0" /> <item name="android.permission.ACCESS_DOWNLOAD_MANAGER" granted="true" flags="0" /> <item name="android.permission.BLUETOOTH_PRIVILEGED" granted="true" flags="0" /> <item name="android.permission.HARDWARE_TEST" granted="true" flags="0" /> <item name="android.intent.category.MASTER_CLEAR.permission.C2D_MESSAGE" granted="true" flags="0" /> <item name="android.permission.BIND_JOB_SERVICE" granted="true" flags="0" /> <item name="android.permission.CONFIRM_FULL_BACKUP" granted="true" flags="0" /> <item name="android.permission.CAPTURE_SECURE_VIDEO_OUTPUT" granted="true" flags="0" /> <item name="android.permission.SET_TIME" granted="true" flags="0" /> <item name="android.permission.WRITE_APN_SETTINGS" granted="true" flags="0" /> <item name="android.permission.CHANGE_WIFI_STATE" granted="true" flags="0" /> <item name="android.permission.MANAGE_USERS" granted="true" flags="0" /> <item name="android.permission.FLASHLIGHT" granted="true" flags="0" /> <item name="android.permission.ACCESS_NETWORK_STATE" granted="true" flags="0" /> <item name="android.permission.DISABLE_KEYGUARD" granted="true" flags="0" /> <item name="android.permission.BACKUP" granted="true" flags="0" /> <item name="android.permission.CHANGE_CONFIGURATION" granted="true" flags="0" /> <item name="android.permission.USER_ACTIVITY" granted="true" flags="0" /> <item name="android.permission.LOCAL_MAC_ADDRESS" granted="true" flags="0" /> <item name="android.permission.READ_LOGS" granted="true" flags="0" /> <item name="android.permission.COPY_PROTECTED_DATA" granted="true" flags="0" /> <item name="android.permission.INTERACT_ACROSS_USERS" granted="true" flags="0" /> <item name="android.permission.SET_KEYBOARD_LAYOUT" granted="true" flags="0" /> <item name="android.permission.READ_NETWORK_USAGE_HISTORY" granted="true" flags="0" /> <item name="android.permission.USE_FINGERPRINT" granted="true" flags="0" /> <item name="android.permission.WRITE_USER_DICTIONARY" granted="true" flags="0" /> <item name="android.permission.READ_SYNC_STATS" granted="true" flags="0" /> <item name="android.permission.REBOOT" granted="true" flags="0" /> <item name="android.permission.MOUNT_FORMAT_FILESYSTEMS" granted="true" flags="0" /> <item name="android.permission.OEM_UNLOCK_STATE" granted="true" flags="0" /> <item name="android.permission.MANAGE_DEVICE_ADMINS" granted="true" flags="0" /> <item name="android.permission.CHANGE_APP_IDLE_STATE" granted="true" flags="0" /> <item name="android.permission.MANAGE_NETWORK_POLICY" granted="true" flags="0" /> <item name="android.permission.SET_POINTER_SPEED" granted="true" flags="0" /> <item name="android.permission.MANAGE_NOTIFICATIONS" granted="true" flags="0" /> <item name="android.permission.CONNECTIVITY_INTERNAL" granted="true" flags="0" /> <item name="android.permission.READ_SYNC_SETTINGS" granted="true" flags="0" /> <item name="android.permission.OVERRIDE_WIFI_CONFIG" granted="true" flags="0" /> <item name="android.permission.FORCE_STOP_PACKAGES" granted="true" flags="0" /> <item name="android.permission.CAPTURE_VIDEO_OUTPUT" granted="true" flags="0" /> <item name="android.permission.ACCESS_NOTIFICATIONS" granted="true" flags="0" /> <item name="app.custom.permission.START_RECORD_SERVICE" granted="true" flags="0" /> <item name="android.permission.VIBRATE" granted="true" flags="0" /> <item name="com.android.certinstaller.INSTALL_AS_USER" granted="true" flags="0" /> <item name="android.permission.READ_USER_DICTIONARY" granted="true" flags="0" /> <item name="android.permission.CRYPT_KEEPER" granted="true" flags="0" /> <item name="android.permission.ACCESS_WIFI_STATE" granted="true" flags="0" /> <item name="android.permission.CHANGE_WIMAX_STATE" granted="true" flags="0" /> <item name="android.permission.MODIFY_PHONE_STATE" granted="true" flags="0" /> <item name="android.permission.STATUS_BAR" granted="true" flags="0" /> <item name="android.permission.RECORD_AUDIO" granted="true" flags="30" /> <item name="android.permission.DUMP" granted="true" flags="0" /> <item name="android.permission.LOCATION_HARDWARE" granted="true" flags="0" /> <item name="android.permission.WAKE_LOCK" granted="true" flags="0" /> <item name="android.permission.DELETE_PACKAGES" granted="true" flags="0" /> </perms> <proper-signing-keyset identifier="1" /> </package>4. 程序 通过uid获取包名,通过包名获取uid
通过包名获取UID
PackageManager mPm = getPackageManager(); try { ApplicationInfo applicationInfo = mPm.getApplicationInfo("com.tencent.mm", 0); int uid = applicationInfo.uid; Toast.makeText(MainActivity.this, "" + uid, Toast.LENGTH_SHORT).show(); }catch (Exception e){ e.printStackTrace(); }{得到信息:gson 格式化后 "className":"com.opnext.face.application.FaceApplication", "compatibleWidthLimitDp":0, "credentialEncryptedDataDir":"/data/user/0/com.opnext.face", "credentialProtectedDataDir":"/data/user/0/com.opnext.face", "dataDir":"/data/user/0/com.opnext.face", "descriptionRes":0, "deviceEncryptedDataDir":"/data/user_de/0/com.opnext.face", "deviceProtectedDataDir":"/data/user_de/0/com.opnext.face", "enabled":true, "enabledSetting":0, "flags":953728589, "flagsEx":0, "fullBackupContent":0, "installLocation":-1, "largestWidthLimitDp":0, "minSdkVersion":24, "nativeLibraryDir":"/system/app/Face/lib/arm64", "nativeLibraryRootDir":"/system/app/Face/lib", "nativeLibraryRootRequiresIsa":true, "networkSecurityConfigRes":0, "privateFlags":2048, "processName":"com.opnext.face", "publicSourceDir":"/system/app/Face/Face.apk", "requiresSmallestWidthDp":0, "scanPublicSourceDir":"/system/app/Face", "scanSourceDir":"/system/app/Face", "seinfo":"platform", "sourceDir":"/system/app/Face/Face.apk", "targetSdkVersion":24, "taskAffinity":"com.opnext.face", "theme":2131623942, "uiOptions":0, "uid":10035, "versionCode":1, "banner":0, "icon":2131427345, "labelRes":2131558438, "logo":0, "packageName":"com.opnext.face", "showUserIcon":-10000}- 通过 UID 获取包名
String packagename = getPackageManager().getNameForUid(uid);结果:"com.opnext.face" = getPackageManager().getNameForUid(10035);参考:+实操
https://www.jianshu.com/p/b33dd49f2ae6
更多相关文章
- Android(安卓)SDK4.0 离线安装方法
- android 各系统区别(android 1.5- android 3.0)
- Android(安卓)Launcher3去除应用列表,二级菜单,应用全部在桌面显示
- Android应用的LinearLayout中嵌套RelativeLayout的布局用法
- Android中minSdkVersion、targetSdkVersion、maxSdkVersion的作
- android apk的安装
- Android(安卓)MediaPlayer 简单综合应用
- Android(安卓)编写使用root权限的android应用程序
- android监听程序安装、卸载