Android5.1.1 Source-zygote Fork How to demote a child process

Preface

? If you do not know what zygote is, or how curious zygote to start, you can go to see the old Luo article:

Source code Analysis for Android process zygote startup process

All Android application processes are zygote fork, the new fork out of the application process also maintains the root authority, which is obviously not allowed, so the fork out of the child process permissions need to be degraded, This article is about the Android source code where the permission to perform the downgrade operation.

Execution Path

The following Runselectloop method is a member method of the class Zygoteinit, which is in the file "Frameworks/base/core/java/com/android/internal/os/zygoteinit.java", The following is its source code:

Zygote will wait in this method for the client to notify the launch of a new application, the details of which can be seen in the preface section of the article. Now what we care about is done = Peers.get (index). RunOnce (); statement, which invokes the RunOnce method to launch a new application process, the RunOnce method is the member method of the Zygoteconnection class, The following is an analysis starting from the RunOnce method.

Zygoteconnection.runonce method in the file "Frameworks/base/core/java/com/android/internal/os/zygoteconnection.java", The following is its source code:

The information for the app to start is saved in Parsedargs, and its type is arguments,arguments is the inner class of zygoteconnection.

The Zygote.forkandspecialize method is called in the RunOnce method, which is used in the file "Frameworks/base/core/java/com/android/internal/os/zygote.java" , the following is its source code:

The Nativeforkandspecialize method is called in this method.

Nativeforkandspecialize is a native method, in native code its function name is Com_android_internal_os_zygote_nativeforkandspecialize, This function is in the file "Frameworks/base/core/jni/com_android_internal_os_zygote.cpp", the following is its source code:

The Forkandspecializecommon function is called in this function.

child Process permission demotion function

The Forkandspecializecommon function in the file "Frameworks/base/core/jni/com_android_internal_os_zygote.cpp", in this function called the fork function, and fork out the sub-process to downgrade its own permissions, the following is its source:

In this function a neutron process called setgids, setrlimits, Setresgid, Setresuid, set the group ID and the user ID to downgrade their own permissions.

Search Yu Ali Mobile security, more security technology blog, please click on the Ali Poly Security Blog

Android5.1.1 Source-zygote Fork How to demote a child process