一、adb install 安装apk的时候会有下面的log,有install字样。会调用StartCommandInProcess和execCmd执行命令。system\core\adb\daemon\abb.cpp
frameworks\native\cmds\cmd\cmd.cpp
后面会在frameworks\base\services\core\java\com\android\server\pm\Installer.java里面调用 installd 执行文件安装
二、从上面的log可以知道android\system\core\adb\daemon\abb.cpp里面的bin程序一直在读命令ReadProtocolString,abb这个程序开机就在后台运行。
三、禁止用户使用adb install 命令安装app的方法(android 11 )
1、system\core\adb\daemon\shell_service.cpp修改下面的代码
commit 59e6e59a99bbf6d774139933cfd33b7e7557bb1b
Author:
Date: Thu Jul 7 19:38:18 2022 +0800
setprop topdon.thirdapp.prohibit true to prohibit user to install app by using adb install
Change-Id: I284635cef80f08b4d43fa77e05db41b940bdabf3
diff --git a/adb/daemon/shell_service.cpp b/adb/daemon/shell_service.cpp
old mode 100644
new mode 100755
index fbfae1e..224bce1
--- a/adb/daemon/shell_service.cpp
+++ b/adb/daemon/shell_service.cpp
@@ -877,16 +877,43 @@ unique_fd StartSubprocess(std::string name, const char* terminal_type, Subproces
return local_socket;
}
+
+bool CheckThirdAppProhibit() {
+ std::string isprohibit ("true");
+ std::string value;
+ value = android::base::GetProperty("topdon.thirdapp.prohibit", "false");
+ if (!isprohibit.compare(value))
+ return true;
+ else
+ return false;
+}
unique_fd StartCommandInProcess(std::string name, Command command, SubprocessProtocol protocol) {
- LOG(INFO) << "StartCommandInProcess(" << dump_hex(name.data(), name.size()) << ")";
+ std::string namestring;
+ std::string install_flag="package.install";
+ std::string::size_type idx;
+ namestring = dump_hex(name.data(), name.size());
+
+ LOG(INFO) << "StartCommandInProcess(" << namestring << ")";
constexpr auto terminal_type = "";
constexpr auto type = SubprocessType::kRaw;
constexpr auto make_pty_raw = false;
auto subprocess = std::make_unique<Subprocess>(std::move(name), terminal_type, type, protocol,
- make_pty_raw);
+ make_pty_raw);
+ idx=namestring.find(install_flag);
+ if(idx == std::string::npos )
+ LOG(ERROR) << "the command do not include package.install string";
+ else
+ {
+ if(CheckThirdAppProhibit()) {
+ LOG(ERROR) << "Prohibit to install third app" ;
+ return ReportError(protocol, "Prohibit to install third app by adb install command");
+ }else
+ LOG(ERROR) << "Allow to install third app" ;
+ }
+
if (!subprocess) {
LOG(ERROR) << "failed to allocate new subprocess";
return ReportError(protocol, "failed to allocate new subprocess");
2、测试看一下效果 ,可以看到当用setprop把属性写成true,用户就没办法用adb install 安装app了。
四、静默安装文章Android Apk安装过程解析 - 简书