Android培訓班(40)

<!-- @page { margin: 2cm } P { margin-bottom: 0.21cm } -->

在init.rc檔案裡，可以看到載入下面的服務：

service keystore /system/bin/keystore /data/misc/keystore

user keystore

group keystore

socket keystore stream 666

keystore服務的代碼在目錄：

Android-2.0/frameworks/base/cmds/keystore

 

keystore服務是加解密儲存索引值的服務。它主要作用就是驗證應用程式與簽名檔案是否一致。

它的主要入口函數代碼如下：

int main(int argc, char **argv)

{

擷取Data Encryption Service的SOCKET。

int control_socket = android_get_control_socket("keystore");

if (argc < 2) {

LOGE("A directory must be specified!");

return 1;

}

if (chdir(argv[1]) == -1) {

LOGE("chdir: %s: %s", argv[1], strerror(errno));

return 1;

}

if ((the_entropy = open(RANDOM_DEVICE, O_RDONLY)) == -1) {

LOGE("open: %s: %s", RANDOM_DEVICE, strerror(errno));

return 1;

}

監聽這個服務。

if (listen(control_socket, 3) == -1) {

LOGE("listen: %s", strerror(errno));

return 1;

}

signal(SIGPIPE, SIG_IGN);

if (access(MASTER_KEY_FILE, R_OK) == 0) {

state = LOCKED;

}

接收到串連。

while ((the_socket = accept(control_socket, NULL, 0)) != -1) {

struct timeval tv = {.tv_sec = 3};

struct ucred cred;

socklen_t size = sizeof(cred);

int8_t request;

setsockopt(the_socket, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv));

setsockopt(the_socket, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));

if (getsockopt(the_socket, SOL_SOCKET, SO_PEERCRED, &cred, &size)) {

LOGW("getsockopt: %s", strerror(errno));

} else if (recv_code(&request)) {

接收到請求後，就開始進行加密驗證處理。

int8_t old_state = state;

int8_t response;

uid = cred.uid;

if ((response = process(request)) > 0) {

send_code(response);

response = -response;

}

LOGI("uid: %d action: %c -> %d state: %d -> %d retry: %d",

cred.uid, request, -response, old_state, state, retry);

}

close(the_socket);

}

LOGE("accept: %s", strerror(errno));

return 1;

}