Android UID 问题 uid 改变进行了覆盖安装
解决的问题:
应用由:非系统应用升级为 android.uid.system 应用,进行了覆盖安装。包名下数据都没了。
- app1
package=“com.opnext.face” - app2
package=“com.beeboxes.face.record”
android:sharedUserId=“android.uid.system”
1. uid pid gid gids 的含义和作用
- uid: android中uid用于标识一个应用程序,uid在应用安装时被分配,并且在应用存在于手机上期间,都不会改变。一个应用程序只能有一个uid,多个应用可以使用sharedUserId 方式共享同一个uid,前提是这些应用的签名要相同。
- pid : 进程ID,可变的
- gid: 对应于linux中用户组的概念,android 中 gid 等于uid
gids: 个GIDS相当于一个权限的集合,一个UID可以关联GIDS,表明该UID拥有多种权限
一个进程就是host应用程序的沙箱,里面一般有一个UID和多个GIDS,每个进程只能访问UID的权限范围内的文件和GIDs所允许访问的接口,构成了Android最基本的安全基础。
2. UID 的分配:
app 的 UID 和 GID 是安装的时候就确认的, 关键的代码如下:
frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java 中
private PackageParser.Package scanPackageDirtyLI(PackageParser.Package pkg,
final int policyFlags, final int scanFlags, long currentTime, @Nullable UserHandle user)
throws PackageManagerException {
if (DEBUG_PACKAGE_SCANNING) {
if ((policyFlags & PackageParser.PARSE_CHATTY) != 0)
Log.d(TAG, "Scanning package " + pkg.packageName);
}
applyPolicy(pkg, policyFlags);
.....................................
if (pkgSetting == null) {
.......................
// SIDE EFFECTS; updates system state; move elsewhere
if (origPackage != null) {
mSettings.addRenamedPackageLPw(pkg.packageName, origPackage.name);
}
//主要是这句, PMS 维护着 mSettings 这个数据结构,里面存储着所有应用的安装信息
mSettings.addUserToSettingLPw(pkgSetting);
} else {
// REMOVE SharedUserSetting from method; update in a separate call.
//
// TODO(narayan): This update is bogus. nativeLibraryDir & primaryCpuAbi,
// secondaryCpuAbi are not known at this point so we always update them
// to null here, only to reset them at a later point.
Settings.updatePackageSetting(pkgSetting, disabledPkgSetting, suid, destCodeFile,
pkg.applicationInfo.nativeLibraryDir, pkg.applicationInfo.primaryCpuAbi,
pkg.applicationInfo.secondaryCpuAbi, pkg.applicationInfo.flags,
pkg.applicationInfo.privateFlags, pkg.getChildPackageNames(),
UserManagerService.getInstance(), usesStaticLibraries,
pkg.usesStaticLibrariesVersions);
}
....................
return pkg;
}
frameworks\base\services\core\java\com\android\server\pm\Settings.java:
/**
* Registers a user ID with the system. Potentially allocates a new user ID.
* @throws PackageManagerException If a user ID could not be allocated.
*/
void addUserToSettingLPw(PackageSetting p) throws PackageManagerException {
if (p.appId == 0) {
// Assign new user ID
p.appId = newUserIdLPw(p);
} else {
// Add new setting to list of user IDs
addUserIdLPw(p.appId, p, p.name);
}
if (p.appId < 0) {
PackageManagerService.reportSettingsProblem(Log.WARN,
"Package " + p.name + " could not be assigned a valid UID");
throw new PackageManagerException(INSTALL_FAILED_INSUFFICIENT_STORAGE,
"Package " + p.name + " could not be assigned a valid UID");
}
}
// uid 的分配
// Returns -1 if we could not find an available UserId to assign
private int newUserIdLPw(Object obj) {
// Let's be stupidly inefficient for now...
final int N = mUserIds.size();
//从0开始,找到第一个未使用的ID,此处对应之前有应用被移除的情况,复用之前的ID
for (int i = mFirstAvailableUid; i < N; i++) {
if (mUserIds.get(i) == null) {
mUserIds.set(i, obj);
return Process.FIRST_APPLICATION_UID + i;
}
}
//最多只能安装 9999 个应用
// None left?
if (N > (Process.LAST_APPLICATION_UID-Process.FIRST_APPLICATION_UID)) {
return -1;
}
mUserIds.add(obj);
// 可以解释为什么普通应用的UID 都是从 10000开始的
return Process.FIRST_APPLICATION_UID + N;
}
3. 查看应用UID 的几种方式
1.adb ps
adb shell ps
u0_a35 1675 456 2850484 239084 SyS_epoll_ 7ea346c754 S com.opnext.face
system 3525 456 1462440 90752 SyS_epoll_ 7ea346c754 S com.beeboxes.face.record
这个 u0_a35 就表示该应用是 user 0(主用户)下面的应用,id是 35,前面说过 普通应用程序的UID 都是从 10000开始的,所以 最终计算出的 UID 就是 10035
2.通过pid 查看
进程 id 1675
cat proc/pid号/status
h03v57c2k:/ # cat proc/1675/status
Name: com.opnext.face
State: S (sleeping)
Tgid: 1675
Ngid: 0
Pid: 1675
PPid: 456
TracerPid: 0
Uid: 10035 10035 10035 10035
Gid: 10035 10035 10035 10035
FDSize: 256
Groups: 1015 1023 3003 9997 50035
VmPeak: 2933688 kB
VmSize: 2850484 kB
VmLck: 0 kB
VmPin: 0 kB
VmHWM: 261264 kB
VmRSS: 239372 kB
VmData: 251436 kB
VmStk: 8196 kB
VmExe: 16 kB
VmLib: 165276 kB
VmPTE: 1048 kB
VmPMD: 24 kB
VmSwap: 0 kB
Threads: 50
SigQ: 0/10542
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000001204
SigIgn: 0000000000000000
SigCgt: 20000002000084f8
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 0000000000000000
CapAmb: 0000000000000000
Seccomp: 0
Cpus_allowed: ff
Cpus_allowed_list: 0-7
voluntary_ctxt_switches: 5637
nonvoluntary_ctxt_switches: 4097
h03v57c2k:/ #
方法3:
如果手机有root权限的话,可以导出 data/system/packages.list 文件, 里面可以看到所有应用的包名及对应的 UID
- /data/system/packages.list
com.opnext.face 10035 0 /data/user/0/com.opnext.face platform 3003,1023,1015
com.beeboxes.face.record 1000 0 /data/user/0/com.beeboxes.face.record platform 1004,1001,1018,3009,3002,1023,1015,3003,3001,3005,1007,3006
- /data/system/packages.xml
<package name="com.opnext.face" codePath="/system/app/Face" nativeLibraryPath="/system/app/Face/lib" publicFlags="945339981" privateFlags="0" pkgFlagsEx="0" ft="11e8dc5d800" it="11e8dc5d800" ut="11e8dc5d800" version="1" userId="10035">
<sigs count="1">
<cert index="1" />
</sigs>
<perms>
<item name="android.permission.SYSTEM_ALERT_WINDOW" granted="true" flags="0" />
<item name="android.permission.INTERNET" granted="true" flags="0" />
<item name="android.permission.REORDER_TASKS" granted="true" flags="0" />
<item name="android.permission.MOUNT_UNMOUNT_FILESYSTEMS" granted="true" flags="0" />
<item name="app.custom.permission.START_RECORD_SERVICE" granted="true" flags="0" />
<item name="android.permission.ACCESS_WIFI_STATE" granted="true" flags="0" />
<item name="android.permission.WAKE_LOCK" granted="true" flags="0" />
</perms>
<proper-signing-keyset identifier="1" />
</package>
//下面是App2
<package name="com.beeboxes.face.record" codePath="/system/app/FaceRecordService" nativeLibraryPath="/system/app/FaceRecordService/lib" primaryCpuAbi="arm64-v8a" publicFlags="944258629" privateFlags="0" pkgFlagsEx="0" ft="11e8dc5d800" it="11e8dc5d800" ut="11e8dc5d800" version="1" sharedUserId="1000">
<sigs count="1">
<cert index="1" />
</sigs>
<perms>
<item name="android.permission.BIND_INCALL_SERVICE" granted="true" flags="0" />
<item name="android.permission.WRITE_SETTINGS" granted="true" flags="0" />
<item name="android.permission.CONFIGURE_WIFI_DISPLAY" granted="true" flags="0" />
<item name="com.opnext.odsl.CONF_CHANGED" granted="true" flags="0" />
<item name="android.permission.ACCESS_WIMAX_STATE" granted="true" flags="0" />
<item name="android.permission.RECOVERY" granted="true" flags="0" />
<item name="beeboxes.permission.INPUT_MANAGER" granted="true" flags="0" />
<item name="android.permission.STORAGE_INTERNAL" granted="true" flags="0" />
<item name="android.permission.USE_CREDENTIALS" granted="true" flags="0" />
<item name="android.permission.MODIFY_AUDIO_SETTINGS" granted="true" flags="0" />
<item name="android.permission.ACCESS_CHECKIN_PROPERTIES" granted="true" flags="0" />
<item name="android.permission.INSTALL_LOCATION_PROVIDER" granted="true" flags="0" />
<item name="android.permission.SYSTEM_ALERT_WINDOW" granted="true" flags="0" />
<item name="android.permission.BROADCAST_PHONE_ACCOUNT_REGISTRATION" granted="true" flags="0" />
<item name="android.permission.CLEAR_APP_USER_DATA" granted="true" flags="0" />
<item name="android.permission.BROADCAST_CALLLOG_INFO" granted="true" flags="0" />
<item name="android.permission.INSTALL_PACKAGES" granted="true" flags="0" />
<item name="android.permission.SHUTDOWN" granted="true" flags="0" />
<item name="android.permission.NFC" granted="true" flags="0" />
<item name="android.permission.INTERNAL_SYSTEM_WINDOW" granted="true" flags="0" />
<item name="android.permission.CALL_PRIVILEGED" granted="true" flags="0" />
<item name="android.permission.CHANGE_NETWORK_STATE" granted="true" flags="0" />
<item name="android.permission.MASTER_CLEAR" granted="true" flags="0" />
<item name="android.permission.WRITE_SYNC_SETTINGS" granted="true" flags="0" />
<item name="android.permission.RECEIVE_BOOT_COMPLETED" granted="true" flags="0" />
<item name="android.permission.PEERS_MAC_ADDRESS" granted="true" flags="0" />
<item name="android.permission.DEVICE_POWER" granted="true" flags="0" />
<item name="android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS" granted="true" flags="0" />
<item name="android.permission.READ_PROFILE" granted="true" flags="0" />
<item name="android.permission.BLUETOOTH" granted="true" flags="0" />
<item name="android.permission.CHANGE_WIFI_MULTICAST_STATE" granted="true" flags="0" />
<item name="com.android.alarm.permission.SET_ALARM" granted="true" flags="0" />
<item name="android.permission.WRITE_MEDIA_STORAGE" granted="true" flags="0" />
<item name="android.permission.WRITE_BLOCKED_NUMBERS" granted="true" flags="0" />
<item name="android.permission.AUTHENTICATE_ACCOUNTS" granted="true" flags="0" />
<item name="android.permission.INTERNET" granted="true" flags="0" />
<item name="android.permission.REORDER_TASKS" granted="true" flags="0" />
<item name="android.permission.BLUETOOTH_ADMIN" granted="true" flags="0" />
<item name="android.permission.CONTROL_VPN" granted="true" flags="0" />
<item name="android.permission.READ_PRECISE_PHONE_STATE" granted="true" flags="0" />
<item name="android.permission.MANAGE_FINGERPRINT" granted="true" flags="0" />
<item name="android.permission.NET_ADMIN" granted="true" flags="0" />
<item name="android.permission.BIND_CONNECTION_SERVICE" granted="true" flags="0" />
<item name="android.permission.MANAGE_USB" granted="true" flags="0" />
<item name="android.permission.INTERACT_ACROSS_USERS_FULL" granted="true" flags="0" />
<item name="android.permission.STOP_APP_SWITCHES" granted="true" flags="0" />
<item name="android.permission.BATTERY_STATS" granted="true" flags="0" />
<item name="android.permission.PACKAGE_USAGE_STATS" granted="true" flags="0" />
<item name="android.permission.MOUNT_UNMOUNT_FILESYSTEMS" granted="true" flags="0" />
<item name="android.permission.TETHER_PRIVILEGED" granted="true" flags="0" />
<item name="android.permission.WRITE_SECURE_SETTINGS" granted="true" flags="0" />
<item name="android.permission.MOVE_PACKAGE" granted="true" flags="0" />
<item name="android.permission.READ_BLOCKED_NUMBERS" granted="true" flags="0" />
<item name="android.permission.READ_SEARCH_INDEXABLES" granted="true" flags="0" />
<item name="android.permission.READ_PRIVILEGED_PHONE_STATE" granted="true" flags="0" />
<item name="android.permission.ACCESS_DOWNLOAD_MANAGER" granted="true" flags="0" />
<item name="android.permission.BLUETOOTH_PRIVILEGED" granted="true" flags="0" />
<item name="android.permission.HARDWARE_TEST" granted="true" flags="0" />
<item name="android.intent.category.MASTER_CLEAR.permission.C2D_MESSAGE" granted="true" flags="0" />
<item name="android.permission.BIND_JOB_SERVICE" granted="true" flags="0" />
<item name="android.permission.CONFIRM_FULL_BACKUP" granted="true" flags="0" />
<item name="android.permission.CAPTURE_SECURE_VIDEO_OUTPUT" granted="true" flags="0" />
<item name="android.permission.SET_TIME" granted="true" flags="0" />
<item name="android.permission.WRITE_APN_SETTINGS" granted="true" flags="0" />
<item name="android.permission.CHANGE_WIFI_STATE" granted="true" flags="0" />
<item name="android.permission.MANAGE_USERS" granted="true" flags="0" />
<item name="android.permission.FLASHLIGHT" granted="true" flags="0" />
<item name="android.permission.ACCESS_NETWORK_STATE" granted="true" flags="0" />
<item name="android.permission.DISABLE_KEYGUARD" granted="true" flags="0" />
<item name="android.permission.BACKUP" granted="true" flags="0" />
<item name="android.permission.CHANGE_CONFIGURATION" granted="true" flags="0" />
<item name="android.permission.USER_ACTIVITY" granted="true" flags="0" />
<item name="android.permission.LOCAL_MAC_ADDRESS" granted="true" flags="0" />
<item name="android.permission.READ_LOGS" granted="true" flags="0" />
<item name="android.permission.COPY_PROTECTED_DATA" granted="true" flags="0" />
<item name="android.permission.INTERACT_ACROSS_USERS" granted="true" flags="0" />
<item name="android.permission.SET_KEYBOARD_LAYOUT" granted="true" flags="0" />
<item name="android.permission.READ_NETWORK_USAGE_HISTORY" granted="true" flags="0" />
<item name="android.permission.USE_FINGERPRINT" granted="true" flags="0" />
<item name="android.permission.WRITE_USER_DICTIONARY" granted="true" flags="0" />
<item name="android.permission.READ_SYNC_STATS" granted="true" flags="0" />
<item name="android.permission.REBOOT" granted="true" flags="0" />
<item name="android.permission.MOUNT_FORMAT_FILESYSTEMS" granted="true" flags="0" />
<item name="android.permission.OEM_UNLOCK_STATE" granted="true" flags="0" />
<item name="android.permission.MANAGE_DEVICE_ADMINS" granted="true" flags="0" />
<item name="android.permission.CHANGE_APP_IDLE_STATE" granted="true" flags="0" />
<item name="android.permission.MANAGE_NETWORK_POLICY" granted="true" flags="0" />
<item name="android.permission.SET_POINTER_SPEED" granted="true" flags="0" />
<item name="android.permission.MANAGE_NOTIFICATIONS" granted="true" flags="0" />
<item name="android.permission.CONNECTIVITY_INTERNAL" granted="true" flags="0" />
<item name="android.permission.READ_SYNC_SETTINGS" granted="true" flags="0" />
<item name="android.permission.OVERRIDE_WIFI_CONFIG" granted="true" flags="0" />
<item name="android.permission.FORCE_STOP_PACKAGES" granted="true" flags="0" />
<item name="android.permission.CAPTURE_VIDEO_OUTPUT" granted="true" flags="0" />
<item name="android.permission.ACCESS_NOTIFICATIONS" granted="true" flags="0" />
<item name="app.custom.permission.START_RECORD_SERVICE" granted="true" flags="0" />
<item name="android.permission.VIBRATE" granted="true" flags="0" />
<item name="com.android.certinstaller.INSTALL_AS_USER" granted="true" flags="0" />
<item name="android.permission.READ_USER_DICTIONARY" granted="true" flags="0" />
<item name="android.permission.CRYPT_KEEPER" granted="true" flags="0" />
<item name="android.permission.ACCESS_WIFI_STATE" granted="true" flags="0" />
<item name="android.permission.CHANGE_WIMAX_STATE" granted="true" flags="0" />
<item name="android.permission.MODIFY_PHONE_STATE" granted="true" flags="0" />
<item name="android.permission.STATUS_BAR" granted="true" flags="0" />
<item name="android.permission.RECORD_AUDIO" granted="true" flags="30" />
<item name="android.permission.DUMP" granted="true" flags="0" />
<item name="android.permission.LOCATION_HARDWARE" granted="true" flags="0" />
<item name="android.permission.WAKE_LOCK" granted="true" flags="0" />
<item name="android.permission.DELETE_PACKAGES" granted="true" flags="0" />
</perms>
<proper-signing-keyset identifier="1" />
</package>
4. 程序 通过uid获取包名,通过包名获取uid
通过包名获取UID
PackageManager mPm = getPackageManager();
try {
ApplicationInfo applicationInfo = mPm.getApplicationInfo("com.tencent.mm", 0);
int uid = applicationInfo.uid;
Toast.makeText(MainActivity.this, "" + uid, Toast.LENGTH_SHORT).show();
}catch (Exception e){
e.printStackTrace();
}
{
得到信息:gson 格式化后
"className":"com.opnext.face.application.FaceApplication",
"compatibleWidthLimitDp":0,
"credentialEncryptedDataDir":"/data/user/0/com.opnext.face",
"credentialProtectedDataDir":"/data/user/0/com.opnext.face",
"dataDir":"/data/user/0/com.opnext.face",
"descriptionRes":0,
"deviceEncryptedDataDir":"/data/user_de/0/com.opnext.face",
"deviceProtectedDataDir":"/data/user_de/0/com.opnext.face",
"enabled":true,
"enabledSetting":0,
"flags":953728589,
"flagsEx":0,
"fullBackupContent":0,
"installLocation":-1,
"largestWidthLimitDp":0,
"minSdkVersion":24,
"nativeLibraryDir":"/system/app/Face/lib/arm64",
"nativeLibraryRootDir":"/system/app/Face/lib",
"nativeLibraryRootRequiresIsa":true,
"networkSecurityConfigRes":0,
"privateFlags":2048,
"processName":"com.opnext.face",
"publicSourceDir":"/system/app/Face/Face.apk",
"requiresSmallestWidthDp":0,
"scanPublicSourceDir":"/system/app/Face",
"scanSourceDir":"/system/app/Face",
"seinfo":"platform",
"sourceDir":"/system/app/Face/Face.apk",
"targetSdkVersion":24,
"taskAffinity":"com.opnext.face",
"theme":2131623942,
"uiOptions":0,
"uid":10035,
"versionCode":1,
"banner":0,
"icon":2131427345,
"labelRes":2131558438,
"logo":0,
"packageName":"com.opnext.face",
"showUserIcon":-10000
}
- 通过 UID 获取包名
String packagename = getPackageManager().getNameForUid(uid);
结果:
"com.opnext.face" = getPackageManager().getNameForUid(10035);
参考:+实操
https://www.jianshu.com/p/b33dd49f2ae6