acp
源代码位于:build/tools/acp。
fs_config
源代码位于:build/tools/fs_config。
fs_config从stdin读入目录、文件列表(每行一项,目录必须以“/”结尾),查找权限数据库,向stdout输出每一项名称、uid、gid和mode,以及selabel。
输出内容:
system 0 0 755 system/fonts 0 0 755 system/fonts/DroidSans-Bold.ttf 0 0 644 system/fonts/DroidSansDevanagari-Regular.ttf 0 0 644 system/fonts/AndroidClock.ttf 0 0 644 system/fonts/DroidSerif-Bold.ttf 0 0 644 system/fonts/Roboto-Bold.ttf 0 0 644 system/fonts/Lohit-Kannada.ttf 0 0 644 system/fonts/RobotoCondensed-Regular.ttf 0 0 644 system/fonts/DroidSerif-Regular.ttf 0 0 644 system/fonts/DroidSerif-Italic.ttf 0 0 644 system/fonts/Lohit-Telugu.ttf 0 0 644 …… |
权限数据库保存在system/core/include/private/android_filesystem_config.h,包括数据库查询逻辑。
static const struct fs_path_config android_dirs[] = { { 00770, AID_SYSTEM, AID_CACHE, 0, "cache" }, { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app" }, { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app-private" }, { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/dalvik-cache" }, { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/data" }, { 00771, AID_SHELL, AID_SHELL, 0, "data/local/tmp" }, { 00771, AID_SHELL, AID_SHELL, 0, "data/local" }, { 01771, AID_SYSTEM, AID_MISC, 0, "data/misc" }, { 00770, AID_DHCP, AID_DHCP, 0, "data/misc/dhcp" }, { 00775, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media" }, { 00775, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media/Music" }, { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data" }, { 00750, AID_ROOT, AID_SHELL, 0, "sbin" }, { 00755, AID_ROOT, AID_SHELL, 0, "system/bin" }, { 00755, AID_ROOT, AID_SHELL, 0, "system/vendor" }, { 00755, AID_ROOT, AID_SHELL, 0, "system/xbin" }, { 00755, AID_ROOT, AID_ROOT, 0, "system/etc/ppp" }, { 00755, AID_ROOT, AID_SHELL, 0, "vendor" }, { 00777, AID_ROOT, AID_ROOT, 0, "sdcard" }, { 00755, AID_ROOT, AID_ROOT, 0, 0 }, }; |
static const struct fs_path_config android_files[] = { { 00440, AID_ROOT, AID_SHELL, 0, "system/etc/init.goldfish.rc" }, { 00550, AID_ROOT, AID_SHELL, 0, "system/etc/init.goldfish.sh" }, { 00440, AID_ROOT, AID_SHELL, 0, "system/etc/init.trout.rc" }, { 00550, AID_ROOT, AID_SHELL, 0, "system/etc/init.ril" }, { 00550, AID_ROOT, AID_SHELL, 0, "system/etc/init.testmenu" }, { 00550, AID_DHCP, AID_SHELL, 0, "system/etc/dhcpcd/dhcpcd-run-hooks" }, { 00444, AID_RADIO, AID_AUDIO, 0, "system/etc/AudioPara4.csv" }, { 00555, AID_ROOT, AID_ROOT, 0, "system/etc/ppp/*" }, { 00555, AID_ROOT, AID_ROOT, 0, "system/etc/rc.*" }, { 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app/*" }, { 00644, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media/*" }, { 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app-private/*" }, { 00644, AID_APP, AID_APP, 0, "data/data/*" }, { 00755, AID_ROOT, AID_ROOT, 0, "system/bin/ping" }, |
/* the following file is INTENTIONALLY set-gid and not set-uid. * Do not change. */ { 02750, AID_ROOT, AID_INET, 0, "system/bin/netcfg" }, /* the following five files are INTENTIONALLY set-uid, but they * are NOT included on user builds. */ { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/su" }, { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/librank" }, { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procrank" }, { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" }, { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/tcpdump" }, { 04770, AID_ROOT, AID_RADIO, 0, "system/bin/pppd-ril" }, |
/* the following files have enhanced capabilities and ARE included in user builds. */ { 00750, AID_ROOT, AID_SHELL, (1 << CAP_SETUID) | (1 << CAP_SETGID), "system/bin/run-as" }, { 00755, AID_ROOT, AID_SHELL, 0, "system/bin/*" }, { 00755, AID_ROOT, AID_ROOT, 0, "system/lib/valgrind/*" }, { 00755, AID_ROOT, AID_SHELL, 0, "system/xbin/*" }, { 00755, AID_ROOT, AID_SHELL, 0, "system/xbin/*" }, { 00755, AID_ROOT, AID_SHELL, 0, "system/vendor/bin/*" }, { 00755, AID_ROOT, AID_SHELL, 0, "vendor/bin/*" }, { 00750, AID_ROOT, AID_SHELL, 0, "sbin/*" }, { 00755, AID_ROOT, AID_ROOT, 0, "bin/*" }, { 00750, AID_ROOT, AID_SHELL, 0, "init*" }, { 00750, AID_ROOT, AID_SHELL, 0, "charger*" }, { 00750, AID_ROOT, AID_SHELL, 0, "sbin/fs_mgr" }, { 00640, AID_ROOT, AID_SHELL, 0, "fstab.*" }, { 00644, AID_ROOT, AID_ROOT, 0, 0 }, }; |
fs_get_stats
源代码位于:build/tools/fs_get_stats。
与fs_config相似,但只处理一项,从参数输入文件名称,向stdout输出uid、gid和mode。
$ out/host/linux-x86/bin/fs_get_stats 0755 1 data 1000 1000 0771 $ out/host/linux-x86/bin/fs_get_stats 0755 1 system/bin 0 2000 0755 |
post_process_props.py
源代码位于:build/tools/post_process_props.py。
确认属性值长度不超过最大值,一些属性特殊处理,如:persist.sys.usb.config。
buildinfo.sh
源代码位于:build/tools/buildinfo.sh。
从环境变量读取属性值,输出属性名称值对,属性名映射到ro.build.*、ro.product.*等。
dump-package-stats
源代码位于:build/tools/dump-package-stats。
Shell脚本,用unzip获取apk/jar包的size信息。
merge-event-log-tags.py
源代码位于:build/tools/merge-event-log-tags.py。
zipalign
源代码位于:build/tools/zipalign。
mktarball.sh
源代码位于:build/tools/mktarball.sh。
压缩目录,使用fs_get_stats获取目标权限配置,并写入压缩包。
build/tools/mktarball.sh: ------------------------------------------------------------------------- # $1: path to fs_get_stats program # $2: start dir # $3: subdir to tar up (from $2) # $4: target tar name # $5: target tarball name (usually $(4).bz2) |
signapk.jar
signapk的源码位于:build/tools/signapk。
证书生成:
- 生成长度为2048位的RSA私钥
openssl genrsa -3 -out test.pem 2048 |
- 生成x509格式的公钥证书
openssl req -new -x509 -key test.pem -out test.x509.pem -days 10000 |
- 生成符合PKCS8标注的私钥文件
openssl pkcs8 -in test.pem -topk8 -outform DER -out test.pk8 -nocrypt |
使用方法:
signapk.jar -w <公钥> <私钥> <输入文件> <输出文件>
其中:-w表示对整个文件进行签名。
- 分散(没有-w)签名算法:
- 程序遍历update.apk包中的所有文件(entry),对非文件夹非签名文件的文件,逐个生成SHA1的数字签名信息,再用Base64进行编码。
- 之后将生成的签名写入MANIFEST.MF文件。
- 对前一步生成的Manifest,使用SHA1-RSA算法,用私钥进行签名。
- 在CERT.RSA文件中保存公钥、所采用的加密算法等信息。
签名后,apk(zip)文件中多了下列文件
META-INF/MANIFEST.MF
META-INF/CERT.SF
META-INF/CERT.RSA
- 整包(有-w)的签名算法:
00 08 16 24 32 40 48 56 64 +-----------------------------------------------------------------------+ | EOCD | | | +-----------------------------------------------------------------------+ | | | | | +-----------------------------------------------------------------------+ | | | | Comment length | +-----------------------------------------------------------------------+ | Comment | +-----------------------------------------------------------------------+ | Comment | +-----------------------------------------------------------------------+ | …….. | +-----------------------------------------------------------------------+ | Comment | +--------------------------------------------------------+ |
Comment = ‘signed by SignApk\0’ + (PKCS#7_SIG) + signature_start + \xff\xff + Comment_Length。