Principles of LBE in 1.x for online permission management

I have previously studied some of the principles of implementing security monitoring in LBE of 1.x, and have basically figured out the principles of Implementing network-based permission management. Here is a simple record.

First of all, we need to introduce the process of starting the Android application. For more information, see the relevant information. I have only mentioned this, for example, starting an apk process, it will certainly send a message to system_server, including some parameters for starting the process. One of the parameters is "-- setgroups = xxx, xxx, xxx", and the following xxx values are integer values, corresponding to some permission definitions of Android, 3003 (0 xBBB) is the corresponding Internet permission. Www.2cto.com

So 1. the implementation principle of Version x is coming out. hook the system_server process, intercept the sendmsg function, and parse the parameters. If it is a parameter of the startup process, use the uid to check whether the process is allowed to be connected to the Internet, if the network connection is not allowed, replace the related permissions in setgroups, replace 3003 with 9999, and then hand it over to the real sendmsg function for processing, then you will find that the process you started has no Internet permission.

 

The drawbacks of this implementation method are also obvious, and the processes started after the hook will not be affected. A started process cannot be modified in real time.

So how can we solve these problems?

Using iptable for online permission management, google code has an open-source project droidwall. If you are interested, you can study it on your own. Currently, LBE and 360 functions are similar to droidwall, it is unknown whether it is learned from droidwall.