2 LocationManagerService API的Hook解析
LocationManagerService主要和定位有关,平时在android开发中,都是直接使用系统提供的API接口来间接使用系统服务,
这些API都是通过aidl跨进程调用系统服务的。使用定位服务步骤如下,
首先获取LocationManager,
mLocationManager = (LocationManager)getSystemService(Context.LOCATION_SERVICE);
然后调用requestLocationUpdates设置更新位置等信息,
mLocationManager.requestLocationUpdates(provider, 500, 0, mLocationListener);
最后看下LocationManager的requestLocationUpdates方法是如何实现的,
private void requestLocationUpdates(LocationRequest request, LocationListener listener,
Looper looper, PendingIntent intent) {
android.util.SeempLog.record(47);
String packageName = mContext.getPackageName();
// wrap the listener class
ListenerTransport transport = wrapListener(listener, looper);
try {
mService.requestLocationUpdates(request, transport, intent, packageName);
} catch (RemoteException e) {
Log.e(TAG, "RemoteException", e);
}
}
此mService对象就是LocationManagerService对象。
HookFactory的installHook方法中关于IlocationManagerBinderHook的代码如下,
installHook(new ILocationManagerBinderHook(context), classLoader);
首先调用IlocationManagerBinderHook的构造方法,然后调用其onInstall方法。
2.1 BinderHook构造方法
IlocationManagerBinderHook继承于BinderHook,
public class ILocationManagerBinderHook extends BinderHook {
BinderHook继承于抽象类Hook,并且实现了InvocationHandler接口,
abstract class Bin