android 9 系统应用抓取报文tcpdump
app要抓取logcat 时,可以用以下代码,
Process process =Runtime.getRuntime().exec("logcat -vtime");
BufferedReader buffRead = new BufferedReader(new InputStreamReader(process.getInputStream()));//获取输入流
String strTemp;
while (true) {//循环读取
strTemp = buffRead.readLine();
fos.write((strTemp).getBytes());
fos.write((newline).getBytes());
}
buffRead.close();
fos.close();
Runtime执行tcpdump时,没有权限。所以需要用到init.rc文件 service。
1、init.rc文件里注册服务
service mytcpdump /system/bin/mytcpdump.sh
class main
user root
disabled
oneshot
service mystoptcpdump /system/bin/mystoptcpdump.sh
class main
user root
disabled
oneshot
2、mystoptcpdump.sh、mytcpdump.sh文件放入system/bin。
mytcpdump.sh
#!/system/bin/sh
tcpdump -i any -s0 -w /data/log/capture.pcap&
sleep 3s
chmod 777 /data/log/capture.pcap
chown system:system /data/log/capture.pcap
mystoptcpdump.sh
#!/system/bin/sh
killall tcpdump
3、android 9加入权限,解决sepolicy问题
3.1 /device/google/marlin/sepolicy 目录下添加文件
添加 xxx.te文件,名称和服务名一样
mystoptcpdump.te
type mystoptcpdump, domain, coredomain;
type mystoptcpdump_exec, exec_type, file_type;
#permissive mystoptcpdump;
init_daemon_domain(mystoptcpdump)
net_domain(mystoptcpdump)
mytcpdump.te
type mytcpdump, domain, coredomain;
type mytcpdump_exec, exec_type, file_type;
#permissive mytcpdump;
init_daemon_domain(mytcpdump)
net_domain(mytcpdump)
3.2 file_contexts,添加服务脚本文件权限
/device/google/marlin/sepolicy/file_contexts
/system/bin/mytcpdump.sh u:object_r:mytcpdump_exec:s0
/system/bin/mystoptcpdump.sh u:object_r:mystoptcpdump_exec:s0
4,拉起服务
利用ctl.start属性。
SystemProperties.set("ctl.start", "mytcpdump");
SystemProperties.set("ctl.start", "mystoptcpdump");