AOSP(Android 开源项目)内的文件frameworks/native/cmds/servicemanager/service_manager.c
你可以找到以下方法:
int svc_can_register(uid_t uid, const uint16_t *name)
{
size_t n;
if ((uid == 0) || (uid == AID_SYSTEM))
return 1;
for (n = 0; n < sizeof(allowed) / sizeof(allowed[0]); n++)
if ((uid == allowed[n].uid) && str16eq(name, allowed[n].name))
return 1;
return 0;
}
上面一点:
/* TODO:
* These should come from a config file or perhaps be
* based on some namespace rules of some sort (media
* uid can register media.*, etc)
*/
static struct {
uid_t uid;
const char *name;
} allowed[] = {
{ AID_MEDIA, "media.audio_flinger" },
{ AID_MEDIA, "media.log" },
{ AID_MEDIA, "media.player" },
{ AID_MEDIA, "media.camera" },
{ AID_MEDIA, "media.audio_policy" },
{ AID_DRM, "drm.drmManager" },
{ AID_NFC, "nfc" },
{ AID_BLUETOOTH, "bluetooth" },
{ AID_RADIO, "radio.phone" },
{ AID_RADIO, "radio.sms" },
{ AID_RADIO, "radio.phonesubinfo" },
{ AID_RADIO, "radio.simphonebook" },
/* TODO: remove after phone services are updated: */
{ AID_RADIO, "phone" },
{ AID_RADIO, "sip" },
{ AID_RADIO, "isms" },
{ AID_RADIO, "iphonesubinfo" },
{ AID_RADIO, "simphonebook" },
{ AID_MEDIA, "common_time.clock" },
{ AID_MEDIA, "common_time.config" },
{ AID_KEYSTORE, "android.security.keystore" },
};
再往下:
if (!svc_can_register(uid, s)) {
ALOGE("add_service('%s',%x) uid=%d - PERMISSION DENIED\n",
str8(s), handle, uid);
return -1;
}
结论:/system/bin/servicemanager 中的系统二进制文件不允许这样做。 (出于安全原因)
可能的解决方案:
- 杀死并重用列出的 PID 和服务名称
- 重新编译您自己的 servicemanager 二进制文件并使用这个
- 将您的代码注入此二进制文件中,以允许每个人
- 更改 PID servicemanager 读取(更改 servicemanager 在binder.h(同一目录)中获取的 ioctl 响应)
- 或者只是以具有 root 权限的二进制文件启动服务器。客户端无需 root 即可连接,但服务器需要它。
