Android5.1.1 source code, android source code

Android5.1.1 source code, android source code
Preface

All Android Application processes are obtained from zygote fork, and the new fork application processes still maintain the root permission, which is obviously not allowed, therefore, the permissions of the fork sub-process must be downgraded. This article describes where the Android source code executes the permission downgrade operation.

 

If you do not know what zygote is, or are curious about how zygote starts, you can read the article of Lao Luo:
Source code analysis of the Startup Process of the Android system process Zygote

 

Execution path

The following runSelectLoop method is a member method of ZygoteInit. It is in the file "frameworks/base/core/java/com/android/internal/OS/ZygoteInit. java, the following is its source code:

Zygote waits for the client to notify you to start a new application in this method. For more information, see the articles listed in the preface. Now we are concerned about done = peers. get (index ). runOnce (); Statement, which calls the runOnce method to start a new application process. The runOnce method is a member method of the ZygoteConnection class.

The ZygoteConnection. runOnce method is in the file "frameworks/base/core/java/com/android/internal/OS/ZygoteConnection. java". The following is its source code:

 

ParsedArgs stores information about the application to be started. Its type is Arguments, and Arguments is the internal class of ZygoteConnection.

Zygote is called in runOnce method. forkAndSpecialize method, which is in the file "frameworks/base/core/java/com/android/internal/OS/Zygote. java, the following is its source code:

 

The nativeForkAndSpecialize method is called in this method.

NativeForkAndSpecialize is a native method. In native code, its function name is callback. This function is in the file "frameworks/base/core/jni/com_android_internal_ OS _Zygote.cpp". The following is its source code:

 

The ForkAndSpecializeCommon function is called in this function.

 

Subprocess permission downgrade Function

The ForkAndSpecializeCommon function calls the fork function in the file "frameworks/base/core/jni/com_android_internal_ OS _Zygote.cpp", and the subprocess that generates the fork function degrades its permissions, the following is its source code:

The sub-processes in this function call SetGids, SetRLimits, setresgid, and setresuid respectively, and set the group ID and user ID to downgrade their permissions.

 

 

Author: xunyu @ Alibaba mobile security. For more security technology blogs, clickAlibaba Cloud universal security blog