CTA 认证 android平台 彩信/ MMS 受控原理
背景
CTA:China Type Approval,即工信部的入网认证测试
彩信受控
Android 平台中 彩信受控的原理是对经过彩信网关的数据包进行丢包操作
基本原理是netd 控制iptables 过滤彩信网关数据包
彩信网关
“10.0.0.172” # 中国移动, 中国联通 彩信网关
“10.0.0.200” # 中国电信 彩信网关
App端控制
private static void enableApps(String funName, String uids) {
Log.i(L.DATA_TAG, "uid:" + uids);
synchronized (mConn) {
if (!mConnected) {
connectToSocket();
}
String cmdString = makeCommand("bandwidth", funName, uids);
byte[] buf = new byte[BUF_SIZE];
try {
mOutStream.write(cmdString.getBytes());
mOutStream.flush();
int length = mInStream.read(buf, 0, BUF_SIZE);
if (length > 0) {
final String inMsg = new String(buf, 0, length, StandardCharsets.UTF_8);
Log.i(L.DATA_TAG, "input:" + inMsg);
} else {
Log.e(L.DATA_TAG, "input length :" + length);
}
} catch (IOException ex) {
Log.e(L.DATA_TAG, "exception when write to socket");
} finally {
if (mOutStream != null) {
try {
mOutStream.close();
} catch (IOException e) {
Log.e(L.DATA_TAG, "closing OutStream error: " + e);
}
mOutStream = null;
if (mInStream != null) {
try {
mInStream.close();
} catch (IOException e) {
Log.e(L.DATA_TAG, "closing InStream error: " + e);
}
mInStream = null;
}
}
closeSocket();
}
}
}
netd 控制
const char *DataCtl::IPTABLES_PATH = "/system/bin/iptables";
const char *DataCtl::IP6TABLES_PATH = "/system/bin/ip6tables";
bool DataCtl::enableMms(char *blackListUids) {
ALOGI("%s: start with ", __FUNCTION__);
std::string name = "blacklist-mms";
if (blackListUids == NULL) {
ALOGE("enableMms NULL point exit!");
return false;
}
int res = prepare(name);
if (!res) {
ALOGE("enableMms res: %d, prepare failed exit!", res);
return false;
}
char *outer_ptr = NULL;
char *s = strtok_r(blackListUids, "|", &outer_ptr);
std::string iptCmd = "";
while (s) {
ALOGE("current uid is :%s", s);
iptCmd = "-A " + name + " -m owner --uid-owner " + std::string(s)
+ " -d 10.0.0.200 -j DROP";
res = runIptablesCmd(iptCmd.c_str(), IptIpV4);
if (res) {
ALOGE("enableMms res: %d, 200 exit!", res);
return false;
}
iptCmd = "-A " + name + " -m owner --uid-owner " + std::string(s)
+ " -d 10.0.0.172 -j DROP";
res = runIptablesCmd(iptCmd.c_str(), IptIpV4);
if (res) {
ALOGE("enableMms res: %d, 172 exit!", res);
return false;
}
s = strtok_r(NULL, "|", &outer_ptr);
}
return 0;
}
简单讲解
以上为Android 10 之前 高通的工作原理。app通过socket与framework的netd服务进行通信
在Android 10之后 netd 的工作原理发生了变化. 需要根据android 平台定义的新协议进行交互
Android 10中netd 服务也采用了通用的binder与app进行通信