本文深入探讨了Android的Component Injection技术,包括其原理和一个具体的示例。通过分析`com.demo.host`和`com.demo.inject`,阐述了如何绕过ClassLoader的双亲委托机制,并展示了操作过程及最终的输出结果。
继续
在《二》详细介绍了通过ptrace实现注入的技术方案,在这个章节里,我再介绍一种Android上特有的注入技术,我命其名为——Component Injection。顾名思义,这种方式是跟Android的组件相关的,详细见下面叙述。
Component Injection
原理
在android的开发者文档里,对android:process的描述是这样的:
android:process
process attribute. By default, Android creates a process for an application when the first of its components needs to run. All components then run in that process. The name of the default process matches the package name set by the
<manifest> element.
By setting this attribute to a process name that's shared with another application, you can arrange for components of both applications to run in the same process — but only if the two applications also share a user ID and be signed with the same certificate.
If the name assigned to this attribute begins with a colon (':'), a new process, private to the application, is created when it's needed. If the process name begins with a lowercase character, a global process of that name is created. A global process can be shared with other applications, reducing resource usage.
从描述上可以发现,当两个应用,它们签名同样且具备相同的shareduserID,它们之间只有一个组件的android:process是相同的,那么这两个组件之间的互动可以发生在同一个进程里。这里所说的同一个进程ÿ
最低0.47元/天 解锁文章
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
