溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊(cè)×
其他方式登錄
點(diǎn)擊 登錄注冊(cè) 即表示同意《億速云用戶服務(wù)條款》

Monkey源碼分析番外篇之WindowManager注入事件如何跳出進(jìn)程間安全限制

發(fā)布時(shí)間:2020-07-16 03:17:43 來(lái)源:網(wǎng)絡(luò) 閱讀:413 作者:zhukev 欄目:移動(dòng)開(kāi)發(fā)

在分析monkey源碼的時(shí)候有些背景知識(shí)沒(méi)有搞清楚,比如在看到monkey是使用windowmanager的injectKeyEvent方法注入事件的時(shí)候,心里就打了個(gè)疙瘩,這種方式不是只能在當(dāng)前應(yīng)用中注入事件嗎?Google了下發(fā)現(xiàn)了國(guó)外一個(gè)大牛有留下蛛絲馬跡描述這個(gè)問(wèn)題,特意摘錄下來(lái)并做相應(yīng)部分的翻譯,其他部分大家喜歡就看下,我就不翻譯了。

How it works

Behind the scenes, Monkey uses several private interfaces to communicate with three essential system services:

  1. Package Manager: Monkey uses the package manager to get a list of Activities for a given Intent. This enables Monkey to randomly switch between Activities while testing an application.
  2. Activity Manager: Monkey calls the very powerful setActivityController function on the Activity Manager. This effectively gives Monkey complete control over the activity life-cycle for the duration of the test.
  3. Window Manager: Monkey calls a series of functions on the Window Manager to inject events into the application. This enables Monkey to simulate touches and key-presses. Because Monkey communicates at this level, there is no obvious difference between events which have arrived from Monkey and events which have arrived from an actual user. In fact, the distinction is so seamless that it is sometimes necessary to manually check who is in control — hence the famous isUserAMonkey() method in the Android
Window Manager: Monkey通過(guò)調(diào)用WindowManager的一系列方法來(lái)注入事件到應(yīng)用中。這樣monkey可以模擬觸摸和按鍵等用戶行為。正是因?yàn)閙onkey是在這個(gè)層面和應(yīng)用交互的,所以你的應(yīng)用接收到的事件哪個(gè)是來(lái)自真實(shí)用戶,哪個(gè)是來(lái)自monkey模擬的已經(jīng)沒(méi)有很明顯的界限了。事實(shí)上正是因?yàn)檫@種近似無(wú)縫的區(qū)別,我們有時(shí)不得不去判斷究竟是誰(shuí)在控制著我們的設(shè)備了--這就是為什么android系統(tǒng)提供的isUserAMonkey()方法變得這么流行的原因了。

Monkey sends random events to any application you choose. In order to ensure that this doesn’t cause a security hole, Android uses several techniques to ensure that only monkey can send events, and only when the phone’s user is asking it to.

Monkey隨機(jī)的往不同的的app發(fā)送隨機(jī)事件。為了防止這種行為導(dǎo)致android自家的安全漏洞出來(lái),android使用了幾個(gè)技術(shù)來(lái)保證只有monkey可以,且在改手機(jī)設(shè)備用戶允許的情況下才可以,往不同的app發(fā)送事件。

Firstly, Monkey itself can only be run by root, or by someone in the “shell” Unix group. Normally, only “adb shell” runs as the “shell group”. This means that the only way to run monkey is to do so through “adb shell”.

首先,monkey本身只能一是被root運(yùn)行,二是被屬于shell這個(gè)組的成員運(yùn)行。而正常來(lái)說(shuō),只有”adb shell“是在shell這個(gè)組下運(yùn)行的。這就意味著運(yùn)行monkey的唯一方法就是通過(guò)‘a(chǎn)db shell’了。

Secondly, the Monkey application, which is mostly written in Java, asks for two special manifest permissions. The first, SET_ACTIVITY_WATCHER, allows Monkey to take control of the activity life-cycle. The second, INJECT_EVENTS, allows Monkey to simulate touches and key presses. Importantly, no normal Android application can request these permissions — they are only granted to applications supplied with the Android system. So there is little danger of a rogue APK taking control of an Android device using Monkey.

其次,monkey這個(gè)android自身提供的應(yīng)用,大部分是用android的native語(yǔ)言java來(lái)編寫(xiě)的,它會(huì)向系統(tǒng)請(qǐng)求兩個(gè)特背的manifest權(quán)限。第一個(gè)就是SET_ACTIVITY_WATCHER這個(gè)權(quán)限,它允許monkey對(duì)activity的生命周期進(jìn)行全權(quán)控制。第二個(gè)就是INJECT_EVENTS這個(gè)權(quán)限它允許monkey去模擬觸摸和按鍵事件。重要的是,正常的安卓app是不能請(qǐng)求到這些權(quán)限的--只有android系統(tǒng)同意的應(yīng)用才會(huì)得到允許獲得這些權(quán)限(譯者注:其實(shí)就是需要android系統(tǒng)的AOSP系統(tǒng)簽名。monkey是android自己維護(hù)編寫(xiě)的工具,當(dāng)然是允許了)

以下是本人摘錄的INJECT_EVENTS這個(gè)manifest選項(xiàng)的官方解析:

INJECT_EVENTS:Allows an application to inject user events (keys, touch, trackball) into the event stream and deliver them to ANY window.


Monkey events

What is an event? In Android, events are sent in  response to user input, or due to system events, such as power management. Monkey supports quite a few event types, but only three of them are of interest for automated testing:

  • KeyEvent: these events are sent by the window manager in response to hardware button presses, and also presses on the keyboard — whether hardware, or on-screen.
  • MotionEvent: sent by the window manager in response to presses on the touchscreen.
  • FlipEvent: sent when the user flips out the hardware keyboard on the HTC Dream. On that device, this would imply an orientation change. Unfortunately, Monkey does not simulate orientation changes on other devices.


 

作者

自主博客

微信

CSDN

天地會(huì)珠海分舵

http://techgogogo.com


服務(wù)號(hào):TechGoGoGo

掃描碼:

Monkey源碼分析番外篇之WindowManager注入事件如何跳出進(jìn)程間安全限制

向AI問(wèn)一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI

    <p id="skpey"><strike id="skpey"></strike></p>