From "Eggplant Quick biography" See how the app gets the apk file for the phone's installed program

"Eggplant Fast Biography" is Lenovo developed a close-range file sharing software, it through the wifi-direct (fast, no need to network) or the normal network (slow) to transfer files between different mobile phones. For some reason, it was on fire, and the fire was swift. Where the shared transfer installed program Files APK This feature has aroused my keen interest.

we know that Android has a very strict control over the permissions of each app, each application has its own user ID, and each application can only access its own data, such as the program Com.android.calculator Calculator program is only allowed to access/data/data The data in the/com.android.calculator directory, and all the data for that program are also stored in that directory. at the same time, when the program is installed, the system will copy the installation file apk to the/data/app directory. The eggplant clippers. As a normal program, how does it have permission to read/data/app apk file? If it is not read in the directory under the APK file, the installation file of the program apk where it is obtained from?

So, I began to give full play to the initiative, began to constantly think about its implementation, and have the following ideas and practices.

Realization Principle Analysis and practice

1) Implementation method one:

At first I was very determined that the eggplant Clippers must not be reading the installation files of the program in the phone apk. I think it just reads the information of all the installed programs of the system, then searches for the corresponding installation file (APK file) on the network server based on the package name of the program, and then sends it to the other phone via the network.

In order to verify this speculation, I guess as long as I break the network, it is naturally unable to do the program search, then certainly cannot transfer the file. So, I did the following experiment:

I disconnect all of my phone's network (2G/WIFI) and then use this feature to select a program and choose to send it to another phone, and it turns out it's still working.

I then guess that the apk file is most likely to be downloaded from the server to the Eggplant Clippers directory when the program is installed, so it is no longer necessary to send the network. So I did another experiment:

I disconnect all of my network, and then install a program through ADB, so during the installation process, eggplant Clippers must not be able to download the corresponding APK file from the network. But surprisingly, the eggplant Clippers still succeeded in transmitting the installation files for the program I just installed.

2) Finally I have to believe that it is really through reading the apk file under/data/app to transfer the installer.

Then I began to think, is not the/data/app under the document itself is indeed readable.           I don't superstitious, I start to view the permissions information for these files. So I started the following experiment. In order to simulate the permissions of the general program, I use the shell user to execute the Read/data/app/file to verify that the normal program has the relevant permissions.

[Email protected]/tmp$ adb shell1| [Email protected]:/$ ls/data-al                                                opendir failed, Permission denied[email protected]:/$ ls/data/app-alopendir fail Ed, Permission denied# No permissions 1| [Email protected]:/$

From the above can be seen that the general program should not be able to read directly under the/data/app file Ah, ah? Had to make a trick, and I then use the root user to view the specific permissions of the directory:

1| [Email protected]:/$ su root[email protected]:/# ls/data-alls/data-aldrwxrwx--x System   System            2014-06-19 20: App

At this, I finally understand that the original/data/app directory for other users with the-X permission. This means that the normal program can enter the directory, but cannot read the contents of the directory file, that is, unable to query the directory under which files. This is why we do ls/data/app–al failure because this command reads the directory file, which naturally requires the directory to open the-r permission to other users. Under-X permissions, only the files in this directory for third-party programs to develop-R permissions, then the program can be specific file name to read the corresponding file of the directory. So I can't wait to see the file permission properties in this directory.

[Email protected]:/# cd/data/appcd/data/app[email Protected]:/data/app # ls-alls-al-rw-r--r--system   System    5784942 2014-05-18 15:22 cn.lvye.hd-1.apk-rw-r--r--system   system   16056547 2014-05-16 21:11 cn.whonow.whonow-1.apk

Sure enough, the APK in the directory has the-r permission for other users. So I re-simulate the normal program user's permission to start the following experiment.

[Email Protected]:/data/app # exitexit# back to Shell user [email protected]:/$ ls/data/appopendir failed, Permission denied[ Email protected]:/$ cd/data/app# into/data/app directory successful [email Protected]:/data/app $ cd-/1| [Email protected]:/$ ls/data/app/cn.lvye.hd-1.apk-al-rw-r--r--System   System    5784942 2014-05-18 15:22 cn.lvye.hd-1.apk# Read APK file successfully

As can be seen from the above, the shell user has successfully read the information to the cn.lvye.hd-1.apk file. But there is another problem, we just through the root user to view the/data/app directory of the APK file name, for ordinary users, it is not able to know what/data/app under the file, then it is how to know the installation file name of a program? In fact, this is very simple, the Packageinfo.sourcedir information of the installed program will indicate the program's installation program name and path. The specific get code is as follows:

public class Mainactivity extends Activity {private static final String TAG = "Itleaks test"; @Overrideprotected void Oncre Ate (Bundle savedinstancestate) {super.oncreate (savedinstancestate); Setcontentview (R.layout.activity_main); Readfirstapkfile ();} private void Readfirstapkfile () {//TODO auto-generated method stub list<packageinfo> installedlist = This.ge        Tpackagemanager (). getinstalledpackages (0);        int installedlistsize = Installedlist.size ();        ApplicationInfo firstapplicationinfo = null;            for (int i = 0; i < installedlistsize; i++) {PackageInfo info = installedlist.get (i);            ApplicationInfo ainfo = Info.applicationinfo;             LOG.D (TAG, "application source dir" + ainfo.sourcedir);            if (Firstapplicationinfo = = null) {firstapplicationinfo = Ainfo;        }} File File = new file (Firstapplicationinfo.sourcedir); if (!file.exists ()) {LOG.E (TAG, "package:" + firstapplicationinFo.packagename + "APK file" + firstapplicationinfo.sourcedir + "doesn ' t exist");        } else {FileInputStream in = null;try {in = new FileInputStream (file); int size;try {size = in.available (); LOG.D (TAG, "Apk file" + Firstapplicationinfo.sourcedir + "size:" + size);} catch (IOException e) {//TODO auto-generated catch Blocke.printstacktrace ();}}        catch (FileNotFoundException e) {//TODO auto-generated catch Blocke.printstacktrace ();} }}}

For the Le Lvye this program, its sourcedir is/data/app/cn.lvye.hd-1.apk, with this file path, the normal program can be read through the normal file read the file.

Appendix:

You can download the source code and the apk file on GitHub:

Https://github.com/itleaks/apkfileshare

/********************************

* This article from the blog "Love Kick Door"

* Reprint Please indicate the source : Http://blog.csdn.net/itleaks

******************************************/

Appendix:

You can download the source code and the apk file on GitHub:

Https://github.com/itleaks/apkfileshare

/********************************

* This article from the blog "Love Kick Door"

* Reprint Please indicate the source : Http://blog.csdn.net/itleaks

******************************************/