Android 通过adb禁止某个应用上网

最新推荐文章于 2022-11-04 15:12:55 发布
最新推荐文章于 2022-11-04 15:12:55 发布
阅读量1.4w 收藏 28
点赞数 5
分类专栏: Android
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/ytuglt/article/details/114198376
版权 
#通过包名查找应用的uid
➜  apk adb shell cat /data/system/packages.xml | grep com.xzh.hbls
    <package name="com.xzh.hbls" codePath="/data/app/com.xzh.hbls-htP4fJSjJ2QQGmIifZ6xpA==" nativeLibraryPath="/data/app/com.xzh.hbls-htP4fJSjJ2QQGmIifZ6xpA==/lib" publicFlags="940064324" privateFlags="0" ft="177e2c42790" it="177e2c434ca" ut="177e2c434ca" version="80" userId="10106">
#关闭某个uid的上网权限
➜  apk adb shell iptables -I fw_OUTPUT -m owner --uid-owner 10106 -j DROP
➜  apk adb shell iptables -I fw_INPUT -m owner --uid-owner 10106 -j DROP

注意命令行中的uid需要替换,uid如下图所示
在这里插入图片描述
详细信息请参考: https://blog.csdn.net/cyj88jyc/article/details/87985219

为防止作者后期删除,copy一份:
iptables是Linux的一个命令行工具,通过设置一些规则可以直接把指定uid或网址的数据包从ip层过滤掉,从而实现网络防火墙的功能,这部分已经比较成熟,android或厂商只是对iptables命令进行了封装,让android app可以通过iptables命令进行防火墙设置,iptables有很多复杂的功能,我们主要看看怎么设置白名单只让指定的uid app可以联网和设置黑名单让指定的uid app不能联网,我们通过代码流程来分析,代码是mtk android8.1。

root后通过adb shell iptables -L可以查看当前的规则列表,Chain INPUT,OUTPUT就是控制数据包的输入输出,没做任何设置前应该张下面这个样子,Chain OUTPUT的数据包通过Chain fw_OUTPUT控制, Chain fw_OUTPUT的规则是空的,所以当前对网络不做限制。

$ adb shell iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
bw_INPUT all – anywhere anywhere
fw_INPUT all – anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
oem_fwd all – anywhere anywhere
fw_FORWARD all – anywhere anywhere
bw_FORWARD all – anywhere anywhere
natctrl_FORWARD all – anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
oem_out all – anywhere anywhere
firewall all – anywhere anywhere
fw_OUTPUT all – anywhere anywhere
st_OUTPUT all – anywhere anywhere
bw_OUTPUT all – anywhere anywhere

Chain fw_FORWARD (1 references)
target prot opt source destination

Chain fw_INPUT (1 references)
target prot opt source destination

Chain fw_OUTPUT (1 references)
target prot opt source destination

//android app层

INetworkManagementService networkService = INetworkManagementService.Stub.asInterface(ServiceManager.getService(Context.NETWORKMANAGEMENT_SERVICE));

public void WhiteListMode(INetworkManagementService networkService) {
    FireWallUtils.setFirewallEnabled(networkService, true);//白名单模式
    FireWallUtils.setFirewallUidRule(networkService, 0, 1016, 0); //重置vpn uid rule
    FireWallUtils.setFirewallUidRule(networkService, 0, 1016, 1); //设置vpn uid为白名单
    FireWallUtils.setFirewallUidRule(networkService, 0, 0, 0); //重置root uid rule
    FireWallUtils.setFirewallUidRule(networkService, 0, 0, 1); //设置root uid为白名单

// List whitelistApp = new ArrayList<>();
// whitelistApp.add(“com.nuts.extremspeedup”);
// PackageManager pm = mContext.getPackageManager();
// for (String pkgName : whitelistApp) {
// int uid = FireWallUtils.getUidFromPackageName(pm, pkgName);
// if (uid > 0) {
// FireWallUtils.setFirewallUidRule(networkService, 0, uid, 0); //重置 uid rule
// FireWallUtils.setFirewallUidRule(networkService, 0, uid, 1); //设置白名单
// }
// }
}

public void BlackListMode(INetworkManagementService networkService) {
    FireWallUtils.setFirewallEnabled(networkService, false); //黑名单模式
    
      List<String> whitelistApp = new ArrayList<>();
      whitelistApp.add("com.iflytek.inputmethod");//com.iflytek.inputmethod
      PackageManager pm = getPackageManager();
        for (String pkgName : whitelistApp) {
            int uid = FireWallUtils.getUidFromPackageName(pm, pkgName); //获取app的uid
            if (uid > 0) {
                FireWallUtils.setFirewallUidRule(networkService, 0, uid, 0); //重置 uid rule
                FireWallUtils.setFirewallUidRule(networkService, 0, uid, 2); //设置uid为黑名单
            }
        }
}

public void DisableMobileMode(INetworkManagementService networkService) {
    FireWallUtils.setFirewallEnabled(networkService, false); //黑名单模式
    
      List<String> whitelistApp = new ArrayList<>();
      whitelistApp.add("com.iflytek.inputmethod");//com.iflytek.inputmethod
      PackageManager pm = getPackageManager();
        for (String pkgName : whitelistApp) {
            int uid = FireWallUtils.getUidFromPackageName(pm, pkgName);
            if (uid > 0) {
                FireWallUtils.setFirewallUidChainRule(networkService, uid, 0, false); //(networkType == 1) ? WIFI : MOBILE; , 禁止此uid连mobile
            }
        }
}

import android.content.BroadcastReceiver;
import android.content.ContentResolver;
import android.content.Context;
import android.content.Intent;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.os.INetworkManagementService;
import android.os.Process;
import android.os.RemoteException;
import android.os.ServiceManager;
import android.os.SystemProperties;
import android.provider.Settings;
import android.util.Log;

import java.util.ArrayList;
import java.util.List;

public class FireWallUtils {
private static final String TAG = “FireWallUtils”;

public static void setFirewallEnabled(INetworkManagementService networkService, boolean enable) {
    try {
        networkService.setFirewallEnabled(enable);
    } catch (RemoteException e) {
        Log.e(TAG, "setFirewallEnabled RemoteException e:" + Log.getStackTraceString(e));
    } catch (Exception e) {
        Log.e(TAG, "setFirewallEnabled Exception e:" + Log.getStackTraceString(e));
    }
}

public static void setFirewallUidRule(INetworkManagementService networkService, int chain, int uid, int rule) {
    try {
        networkService.setFirewallUidRule(chain, uid, rule);
    } catch (RemoteException e) {
        Log.e(TAG, "setFirewallUidRule RemoteException e:" + Log.getStackTraceString(e));
    } catch (Exception e) {
        Log.e(TAG, "setFirewallUidRule Exception e:" + Log.getStackTraceString(e));
    }
}

public static int getUidFromPackageName(PackageManager pm, String pkgName) {
    try {
        ApplicationInfo appInfo = pm.getApplicationInfo(pkgName, PackageManager.MATCH_ALL);
        if (appInfo != null) {
            return appInfo.uid;
        }
    } catch (PackageManager.NameNotFoundException e) {
        //e.printStackTrace();
    }
    return -1;
}

}

public static void setFirewallUidChainRule(INetworkManagementService networkService, int uid, int networkType, boolean allow) {
    try {
        networkService.setFirewallUidChainRule(uid, networkType, allow);
    } catch (RemoteException e) {
        Log.d(TAG, "setFirewallEnabled RemoteException e:" + Log.getStackTraceString(e));
    } catch (Exception e) {
        Log.d(TAG, "setFirewallEnabled Exception e:" + Log.getStackTraceString(e));
    }
}
public static void clearFirewallChain(INetworkManagementService networkService, String chain) {
    try {
        networkService.clearFirewallChain(chain);
    } catch (RemoteException e) {
        Log.d(TAG, "setFirewallEnabled RemoteException e:" + Log.getStackTraceString(e));
    } catch (Exception e) {
        Log.d(TAG, "setFirewallEnabled Exception e:" + Log.getStackTraceString(e));
    }
}

frameworks/base/core/java/android/os/INetworkManagementService.aidl

void setFirewallEnabled(boolean enabled);
boolean isFirewallEnabled();
void setFirewallInterfaceRule(String iface, boolean allow);
void setFirewallUidRule(int chain, int uid, int rule);
void setFirewallUidRules(int chain, in int[] uids, in int[] rules);
void setFirewallChainEnabled(int chain, boolean enable);

/**
 * agold
 * Cnfigure firewall rule by uid and chain
 * @hide
 */
void setFirewallUidChainRule(int uid, int networkType, boolean allow);

/** @} */

/**
 * agold
 * Delete all rules in  chain or all chains
 * @hide
 */
void clearFirewallChain(String chain);

frameworks/base/services/core/java/com/android/server/NetworkManagementService.java

@Override
public void setFirewallEnabled(boolean enabled) {
    enforceSystemUid();
    try {
        mConnector.execute("firewall", "enable", enabled ? "whitelist" : "blacklist");
        mFirewallEnabled = enabled;
    } catch (NativeDaemonConnectorException e) {
        throw e.rethrowAsParcelableException();
    }
}

@Override
public void setFirewallUidRule(int chain, int uid, int rule) {
    enforceSystemUid();
    synchronized (mQuotaLock) {
        setFirewallUidRuleLocked(chain, uid, rule);
    }
}

private void setFirewallUidRuleLocked(int chain, int uid, int rule) {
    if (updateFirewallUidRuleLocked(chain, uid, rule)) {
        try {
            mConnector.execute("firewall", "set_uid_rule", getFirewallChainName(chain), uid,
                    getFirewallRuleName(chain, rule));
        } catch (NativeDaemonConnectorException e) {
            throw e.rethrowAsParcelableException();
        }
    }
}

/**
 * agold
 * @Configure firewall rule by uid and chain
 * @hide
 */
public void setFirewallUidChainRule(int uid, int networkType, boolean allow) {
    android.util.Log.i("linyuan_NMS", "setFirewallUidChainRule uid = " + uid + ", networkType = " + networkType + ", allow = " + allow);
    //enforceSystemUid();
    final String MOBILE = "mobile";
    final String WIFI = "wifi";

    final String rule = allow ? "allow" : "deny";
    final String chain = (networkType == 1) ? WIFI : MOBILE;

    try {
        mConnector.execute("firewall", "set_uid_fw_rule", uid, chain, rule);
    } catch (NativeDaemonConnectorException e) {
        throw e.rethrowAsParcelableException();
    }
}

/**
 * agold
 * @Configure firewall rule by uid and chain
 * @hide
 */
public void clearFirewallChain(String chain) {
    //enforceSystemUid();
    try {
        mConnector.execute("firewall", "clear_fw_chain", chain);
    } catch (NativeDaemonConnectorException e) {
        throw e.rethrowAsParcelableException();
    }
}

system/netd/server/CommandListener.cpp

int CommandListener::FirewallCmd::runCommand(SocketClient *cli, int argc,
char **argv) {
if (argc < 2) {
cli->sendMsg(ResponseCode::CommandSyntaxError, “Missing command”, false);
return 0;
}

if (!strcmp(argv[1], "enable")) {
    if (argc != 3) {
        cli->sendMsg(ResponseCode::CommandSyntaxError,
                    "Usage: firewall enable <whitelist|blacklist>", false);
        return 0;
    }
    FirewallType firewallType = parseFirewallType(argv[2]);

    int res = gCtls->firewallCtrl.enableFirewall(firewallType);
    return sendGenericOkFail(cli, res);
}
if (!strcmp(argv[1], "disable")) {
    int res = gCtls->firewallCtrl.disableFirewall();
    return sendGenericOkFail(cli, res);
}
if (!strcmp(argv[1], "is_enabled")) {
    int res = gCtls->firewallCtrl.isFirewallEnabled();
    return sendGenericOkFail(cli, res);
}

if (!strcmp(argv[1], "set_uid_rule")) {
    if (argc != 5) {
        cli->sendMsg(ResponseCode::CommandSyntaxError,
                     "Usage: firewall set_uid_rule <dozable|standby|none> <1000> <allow|deny>",
                     false);
        return 0;
    }

    ChildChain childChain = parseChildChain(argv[2]);
    if (childChain == INVALID_CHAIN) {
        cli->sendMsg(ResponseCode::CommandSyntaxError,
                     "Invalid chain name. Valid names are: <dozable|standby|none>",
                     false);
        return 0;
    }
    int uid = atoi(argv[3]);
    FirewallRule rule = parseRule(argv[4]);
    int res = gCtls->firewallCtrl.setUidRule(childChain, uid, rule);
    return sendGenericOkFail(cli, res);
}



//agold start
if (!strcmp(argv[1], "set_uid_fw_rule")) {
    ALOGD("set_uid_fw_rule");
    if (argc != 5) {
        cli->sendMsg(ResponseCode::CommandSyntaxError,
                     "Usage: firewall set_uid_fw_rule <uid> <mobile|wifi> <allow|deny>",
                     false);
        return 0;
    }

    int uid = atoi(argv[2]);
    FirewallChinaRule chain = parseChain(argv[3]);
    FirewallRule rule = parseRule(argv[4]);

    int res = gCtls->firewallCtrl.setUidFwRule(uid, chain, rule);
    return sendGenericOkFail(cli, res);
}

if (!strcmp(argv[1], "clear_fw_chain")) {
    if (argc != 3) {
        cli->sendMsg(ResponseCode::CommandSyntaxError,
                     "Usage: firewall clear_fw_chain <chain>",
                     false);
        return 0;
    }

    FirewallChinaRule chain = parseChain(argv[2]);

    int res = gCtls->firewallCtrl.clearFwChain(chain);
    return sendGenericOkFail(cli, res);
}
//agold end

cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown command", false);
return 0;

}

system/netd/server/FirewallController.cpp

int FirewallController::enableFirewall(FirewallType ftype) {
int res = 0;
if (mFirewallType != ftype) {
// flush any existing rules
disableFirewall();

    if (ftype == WHITELIST) {
        // create default rule to drop all traffic
        std::string command =
            "*filter\n"
            "-A fw_INPUT -j DROP\n"
            "-A fw_OUTPUT -j REJECT\n"
            "-A fw_FORWARD -j REJECT\n"
            "COMMIT\n";
        res = execIptablesRestore(V4V6, command.c_str());
    }

    // Set this after calling disableFirewall(), since it defaults to WHITELIST there
    mFirewallType = ftype;
}
return res;

}

int FirewallController::disableFirewall(void) {
mFirewallType = WHITELIST;
mIfaceRules.clear();

// flush any existing rules
std::string command =
    "*filter\n"
    ":fw_INPUT -\n"
    ":fw_OUTPUT -\n"
    ":fw_FORWARD -\n"
    "COMMIT\n";

return execIptablesRestore(V4V6, command.c_str());

}

int FirewallController::setUidRule(ChildChain chain, int uid, FirewallRule rule) {
const char* op;
const char* target;
FirewallType firewallType = getFirewallType(chain);
if (firewallType == WHITELIST) {
target = “RETURN”;
// When adding, insert RETURN rules at the front, before the catch-all DROP at the end.
op = (rule == ALLOW)? “-I” : “-D”;
} else { // BLACKLIST mode
target = “DROP”;
// When adding, append DROP rules at the end, after the RETURN rule that matches TCP RSTs.
op = (rule == DENY)? “-A” : “-D”;
}

std::vector<std::string> chainNames;
switch(chain) {
    case DOZABLE:
        chainNames = { LOCAL_DOZABLE };
        break;
    case STANDBY:
        chainNames = { LOCAL_STANDBY };
        break;
    case POWERSAVE:
        chainNames = { LOCAL_POWERSAVE };
        break;
    case NONE:
        chainNames = { LOCAL_INPUT, LOCAL_OUTPUT };
        break;
    default:
        ALOGW("Unknown child chain: %d", chain);
        return -1;
}

std::string command = "*filter\n";
for (std::string chainName : chainNames) {
    StringAppendF(&command, "%s %s -m owner --uid-owner %d -j %s\n",
                  op, chainName.c_str(), uid, target);
}
StringAppendF(&command, "COMMIT\n");

return execIptablesRestore(V4V6, command);

}

//agold start
const char* FirewallController::FIREWALL = “firewall”;
const char* FirewallController::FIREWALL_MOBILE = “mobile”;
const char* FirewallController::FIREWALL_WIFI = “wifi”;
//agold end

int FirewallController::setupIptablesHooks(void) {
int res = 0;
//agold start
std::string command = “*filter\n”;
StringAppendF(&command, “-F firewall \n”);
StringAppendF(&command, “-A firewall -o ppp+ -j mobile\n”);
StringAppendF(&command, “-A firewall -o ccmni+ -j mobile\n”);
StringAppendF(&command, “-A firewall -o ccemni+ -j mobile\n”);
StringAppendF(&command, “-A firewall -o usb+ -j mobile\n”);
StringAppendF(&command, “-A firewall -o cc2mni+ -j mobile\n”);
StringAppendF(&command, “-A firewall -o wlan+ -j wifi\n”);
StringAppendF(&command, “COMMIT\n”);
res |= execIptablesRestore(V4V6, command.c_str());
//agold end
res |= createChain(LOCAL_DOZABLE, getFirewallType(DOZABLE));
res |= createChain(LOCAL_STANDBY, getFirewallType(STANDBY));
res |= createChain(LOCAL_POWERSAVE, getFirewallType(POWERSAVE));
return res;
}

//agold start
int FirewallController::setUidFwRule(int uid, FirewallChinaRule chain, FirewallRule rule) {
ALOGD(“setUidFwRule”);
std::string command = "filter\n";
char uidStr[16];
const char op;
const char* fwChain;

sprintf(uidStr, "%d", uid);

if (rule == DENY) {
    op = "-I";
} else {
    op = "-D";
}

if(chain == MOBILE) {
    fwChain = "mobile";
}else{
    fwChain = "wifi";
}

/*
if(chain == MOBILE) {
if(rule == ALLOW)
blacklistUsers.insert(uid);
else
blacklistUsers.erase(uid);
}
*/

ALOGD("setUidFwRule op = %s, chain = %s, uid = %s", op, fwChain, uidStr);
StringAppendF(&command, "%s %s -m owner --uid-owner %s -j REJECT\n", op, fwChain, uidStr);
StringAppendF(&command, "COMMIT\n");

return execIptablesRestore(V4V6, command.c_str());

}

int FirewallController::clearFwChain(FirewallChinaRule chain) {
std::string command = "filter\n";
const char fwChain;
if(chain == MOBILE) {
fwChain = “mobile”;
}else{
fwChain = “wifi”;
}
StringAppendF(&command, “-F %s \n”, fwChain);
StringAppendF(&command, “COMMIT\n”);
return execIptablesRestore(V4V6, command.c_str());
}
//agold end

运行到最后就是调用iptables命令去添加或删除一些规则,如果没有接口可以参考上面的接口增加,熟悉下iptables的规则就知道怎么添加了。

WhiteListMode函数其实就调的下面的iptables命令

adb shell iptables -A fw_INPUT -j DROP ; // -A表示要添加规则到fw_INPUT链, -j DROP表示添加丢弃规则,丢弃所有输入包
adb shell iptables -A fw_OUTPUT -j REJECT // -A表示要添加规则到fw_OUTPU链, -j REJECT表示添加拒绝规则,拒绝所有输出包
adb shell iptables -A fw_FORWARD -j REJECT

adb shell iptables -I fw_OUTPUT -m owner --uid-owner 1016 -j ACCEPT // -I表示插入一条规则到fw_OUTPUT链,是一条白名单规则,允许uid 1016的数据包通过

adb shell iptables -I fw_INPUT -m owner --uid-owner 1016 -j ACCEPT

调用后iptables张下面这个样子,Chain OUTPUT的数据包通过Chain fw_OUTPUT控制, Chain fw_OUTPUT的规则是reject所有数据包,只允许uid 1016 vpn。

$ adb shell iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
bw_INPUT all – anywhere anywhere
fw_INPUT all – anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
oem_fwd all – anywhere anywhere
fw_FORWARD all – anywhere anywhere
bw_FORWARD all – anywhere anywhere
natctrl_FORWARD all – anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
oem_out all – anywhere anywhere
firewall all – anywhere anywhere
fw_OUTPUT all – anywhere anywhere
st_OUTPUT all – anywhere anywhere
bw_OUTPUT all – anywhere anywhere

Chain fw_FORWARD (1 references)
target prot opt source destination
REJECT all – anywhere anywhere reject-with icmp-port-unreachable

Chain fw_INPUT (1 references)
target prot opt source destination
RETURN all – anywhere anywhere owner UID match vpn
DROP all – anywhere anywhere

Chain fw_OUTPUT (1 references)
target prot opt source destination
RETURN all – anywhere anywhere owner UID match vpn
REJECT all – anywhere anywhere reject-with icmp-port-unreachable

BlackListMode函数其实就调的下面的iptables命令

adb shell iptables -F fw_INPUT

adb shell iptables -F fw_OUTPUT //清除fw_OUTPUT链上所有规则,允许所有数据包通过

adb shell iptables -D fw_INPUT -m owner --uid-owner 10086 -j DROP // -D表示删除一条规则

adb shell iptables -I fw_OUTPUT -m owner --uid-owner 10086 -j DROP // -I表示插入一条规则到fw_OUTPUT链,是一条黑名单规则,只禁止uid 10086的数据包通过

adb shell iptables -I fw_INPUT -m owner --uid-owner 10086 -j DROP

调用后iptables张下面这个样子,Chain OUTPUT的数据包通过Chain fw_OUTPUT控制, Chain fw_OUTPUT的规则是只丢弃

uid 为u11_a83(10086)的数据包,就是前面设置的app的uid 10086

~$adb shell iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
bw_INPUT all – anywhere anywhere
fw_INPUT all – anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
oem_out all – anywhere anywhere
firewall all – anywhere anywhere
fw_OUTPUT all – anywhere anywhere
st_OUTPUT all – anywhere anywhere
bw_OUTPUT all – anywhere anywhere

Chain fw_INPUT (1 references)
target prot opt source destination
DROP all – anywhere anywhere owner UID match u11_a83

Chain fw_OUTPUT (1 references)
target prot opt source destination
DROP all – anywhere anywhere owner UID match u11_a83

如果需要单独控制wifi或移动数据,看DisableMobileMode里面setFirewallUidChainRule接口,这部分是厂商加的,如果没有可以按上面的内容进行添加,参考agold关键字,对照adb shell iptables -L的输出调试问题就不大了。

调用后iptables张下面这个样子,Chain OUTPUT的数据包通过Chain fw_OUTPUT 和Chain firewall控制, Chain fw_OUTPUT的规则为空就是不限制,Chain firewall通过mobile和wifi链控制wifi/mobile, Chain wifi为空,Chain mobile为reject owner UID match u0_a79

~$ adb shell iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
bw_INPUT all – anywhere anywhere
fw_INPUT all – anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
oem_out all – anywhere anywhere
firewall all – anywhere anywhere
fw_OUTPUT all – anywhere anywhere
st_OUTPUT all – anywhere anywhere
bw_OUTPUT all – anywhere anywhere

Chain firewall (1 references)
target prot opt source destination
mobile all – anywhere anywhere
mobile all – anywhere anywhere
mobile all – anywhere anywhere
mobile all – anywhere anywhere
mobile all – anywhere anywhere
wifi all – anywhere anywhere

Chain fw_INPUT (1 references)
target prot opt source destination

Chain fw_OUTPUT (1 references)
target prot opt source destination

Chain mobile (5 references)
target prot opt source destination
REJECT all – anywhere anywhere owner UID match u0_a79 reject-with icmp-port-unreachable

Chain wifi (1 references)
target prot opt source destination

iptables命令可以参考 https://blog.csdn.net/l1028386804/article/details/47356011

https://blog.csdn.net/reyleon/article/details/12976341

————————————————
版权声明:本文为CSDN博主「cyj88jyc」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/cyj88jyc/article/details/87985219

ytuglt
关注
  • 5
    点赞
  • 28
    收藏
    觉得还不错? 一键收藏
  • 3
    评论
专栏目录
Android 13.0 系统system模块开启禁用adb push和adb pull传输文件功能
安卓兼职framework和app工程师的博客
06-23 210
在13.0的系统ROM定制化开发中,在一些产品中由于一些开发的功能比较重要,防止技术点外泄在出货产品中,禁用 adb pull 和adb push等命令 来获取系统system下的jar 和apk 等文件,所以需要禁用这些命令,接下来实现这些功能
adb 禁止app联网_是否有一个ADB命令启用/禁用移动数据?(root权限的设备)
weixin_29040367的博客
12-28 2121
I'm looking for an adb shell command to enable/disable mobile data. The app is only being tested on rooted devices so I have adb root privileges. I looked around and found that wifi can be enabled/dis...
ADB 网络调试 禁用 说明
qq_40315144的博客
11-04 1557
通过分析adbd 源码 禁用掉网络调试
禁止应用程序联网工具 Firewall App Blocker
04-20
禁止应用程序联网工具 Firewall App Blocker。使用方便,快捷,小巧灵活。
ADB禁用/启用APP
wangluonanhai的专栏
07-12 3802
ADB禁用/启用APP adb shell pm disable-user '包名' adb shell pm enable '包名'
adb 禁止app联网_通过ADB启用和禁用系统应用
weixin_39846361的博客
03-03 6935
无论该应用程序是系统应用程序还是第三方应用程序(已安装用户),它都应该起作用。请参阅“ 确定应用程序的程序包名称”以获取相关应用程序的程序包名称,并使用adb shell执行以下命令(需要root访问权限):亚行外壳supm disable PACKAGE#禁用应用程序并将其隐藏在“设置”->“应用程序”中pm hide PACKAGE#替代;适用于Android Lollipop及更高版本...
adb修改什么文件获取root权限_ADB大法好!无需ROOT也可以使用APP Ops来管理手机应用权限...
weixin_39895881的博客
11-27 1422
得益于智能手机的各类APP,我们的生活变得更加丰富多彩,购物、打车、订票······现在的我们只需一部手机就能出门了。但同时我们应该意识到手机内安装的APP并不都是向善的,由于各方面原因,往往需要我们开通足够的权限才能正常运行,而这些权限的开启很可能泄露我们的隐私,尤其在安卓手机鱼龙混杂的应用市场。针对这一情况,安卓平台也有不少应用支持对应用的权限进行管理,关闭应用申请的不必要权限,并且不影响AP...
Android应用网络限制功能(网络白名单)实现
xiaoxsen的博客
09-19 2万+
在之前的博文Android防火墙功能实现与原理分析中分析了Android防火墙实现原理,这里继续讲解Android 应用网络限制实现流程。 先看看需求:现在4G流量费用比较昂贵,为了避免流量的消耗,我们可以限制某个应用连接网络,或者限制某个app只能使用wifi等等。 当我们使用流量上网时,会发现此时谷歌浏览器无法连接网...
浅析Android调试桥adb应用.pdf
09-21
Android调试桥(adb)是Android开发者不可或缺的重要工具,它主要用于管理设备或模拟器的状态,帮助开发者进行应用的调试和验证。adb由客户端、服务器和守护程序三部分组成,分别在开发计算机、后台服务和设备或...
Android安卓 ADB 9版本和11版本
02-18
Android开发过程中,ADBAndroid Debug Bridge)是一个至关重要的工具,它构成了Android开发者与设备之间的桥梁,用于进行数据传输、设备控制以及应用调试等操作。本文将深入探讨ADB的9版本和11版本,以及它们在...
Android Adb工具
05-30
ADB能够连接运行Android操作系统的设备,包括模拟器和物理手机,使得开发者可以进行数据传输、安装应用、运行shell命令以及进行远程调试。在“Android ADB工具”中,我们通常会包含ADB的各个版本,以适应不同Android...
Android adb投屏工具
12-23
ADBAndroid Debug Bridge)是Android开发者不可或缺的工具之一,它提供了一种命令行界面,允许用户与Android设备进行通信,执行各种操作,如安装应用、调试应用、查看设备状态等。在Android开发过程中,有时我们...
android 安卓ADB工具
12-12
- **故障排查**:当应用出现崩溃或错误时,通过`adb logcat`收集日志信息有助于定位问题。 - **性能分析**:使用`adb shell dumpsys`系列命令可以获取设备性能、内存、电池等信息,帮助优化应用性能。 - **无线调试*...
关于adb连接权限问题
永不秃头的程序员的博客
09-19 837
记录一次adb连接失败的问题
adb 禁止app联网,是否有一个ADB命令启用/禁用移动数据?(root权限的设备)
weixin_42510731的博客
12-28 1311
I'm looking for an adb shell command to enable/disable mobile data. The app is only being tested on rooted devices so I have adb root privileges. I looked around and found that wifi can be enabled/dis...
adb 禁止app联网_用好教育App,期待各方交出满意答卷
weixin_39997695的博客
12-03 131
评论君说 既要治理乱象,更要建立长效机制,建成科学高效的治理体系,引导教育App有序健康发展。作者 |杨三喜学校要求用的教育App不得收费,不得植入广告游戏。近日出台的《关于引导规范教育移动互联网应用有序健康发展的意见》(以下简称《意见》)明确提出了这一内容。《意见》由教育部、中央网信办、工业和信息化部、公安部、民政部、市场监管总局、国家新闻出版署、全国“扫黄打非”办公室八部...
adb命令禁用&启用APP及日常adb命令
热门推荐
weixin_46108670的博客
07-17 3万+
1、禁用APP adb shell pm disable-user '包名' 2、启动APP adb shell pm enable '包名'
android应用上网屏蔽
weixin_39694445的博客
12-03 5427
Android 4.3 为了实现当个应用上网控制,需要为Setting应用添加控制接口。 先说下原理,使用iptables控制应用uid访问网络,iptables命令的执行必须是root权限,也就是说不能在systemserver相关的系统服务中直接执行该命令,这个进程并不是root进程,执行命令不会生效。这样就有以下两个方案,简要说一下先: 1 . 原生方案: Android系统的防火墙或是带...
linux限制ip访问工具,Linux下通过iptables配置工具限制ip访问服务器
weixin_30871695的博客
05-09 836
参数 -m owner --uid-owner范例 iptables -A OUTPUT -m owner --uid-owner 500说明用来比对来自本机的封包,是否为某特定使用者所产生的,这样可以避免服务器使用 root 或其它身分将敏感数据传送出,可以降低系统被骇的损失。可惜这个功能无法比对出来自其它主机的封包。参数 -m owner --gid-owner范例 iptables -A O...
adb禁止安装应用程序
最新发布
01-15
adbAndroid Debug Bridge)是一种用于与Android设备进行通信和控制的工具。通过adb,用户可以在电脑上使用命令行来安装、调试和管理Android设备上的应用程序。 然而,有时候用户可能想要禁止通过adb安装应用程序,这可能是因为安全原因、限制使用权限或防止滥用。以下是一些可能的方法: 首先,用户可以通过在设备上更改系统设置来禁用adb安装应用程序。在设备的开发者选项中,用户可以找到一个名为"USB调试安装"或类似的选项,并禁用它。这将阻止通过adb在设备上安装应用程序。 另外,用户可以通过在设备上更改权限设置来禁用adb安装应用程序。这可以通过在设备的设置中找到"安全"或"应用权限"菜单,并针对adb设置适当的权限限制来实现。这将限制adb在设备上安装应用程序的权限。 此外,用户还可以通过在计算机上配置adb的访问权限来禁止安装应用程序。通过编辑计算机上的adb配置文件,用户可以设置adb只能访问设备的特定目录或文件,并限制了对安装应用程序的权限。 总的来说,通过在设备和计算机上进行设置和配置,用户可以禁止adb在设备上安装应用程序。这将有助于确保设备的安全性和应用程序的有效管理。
评论 3
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值