<!-- @page { margin: 2cm } P { margin-bottom: 0.21cm } -->
在init.rc文件里,可以看到加载下面的服务:
service keystore /system/bin/keystore /data/misc/keystore
user keystore
group keystore
socket keystore stream 666
keystore服务的代码在目录:
Android-2.0/frameworks/base/cmds/keystore
keystore服务是加解密储存键值的服务。它主要作用就是验证应用程序与签名文件是否一致。
它的主要入口函数代码如下:
int main(int argc, char **argv)
{
获取加密服务的SOCKET。
int control_socket = android_get_control_socket("keystore");
if (argc < 2) {
LOGE("A directory must be specified!");
return 1;
}
if (chdir(argv[1]) == -1) {
LOGE("chdir: %s: %s", argv[1], strerror(errno));
return 1;
}
if ((the_entropy = open(RANDOM_DEVICE, O_RDONLY)) == -1) {
LOGE("open: %s: %s", RANDOM_DEVICE, strerror(errno));
return 1;
}
监听这个服务。
if (listen(control_socket, 3) == -1) {
LOGE("listen: %s", strerror(errno));
return 1;
}
signal(SIGPIPE, SIG_IGN);
if (access(MASTER_KEY_FILE, R_OK) == 0) {
state = LOCKED;
}
接收到连接。
while ((the_socket = accept(control_socket, NULL, 0)) != -1) {
struct timeval tv = {.tv_sec = 3};
struct ucred cred;
socklen_t size = sizeof(cred);
int8_t request;
setsockopt(the_socket, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv));
setsockopt(the_socket, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
if (getsockopt(the_socket, SOL_SOCKET, SO_PEERCRED, &cred, &size)) {
LOGW("getsockopt: %s", strerror(errno));
} else if (recv_code(&request)) {
接收到请求后,就开始进行加密验证处理。
int8_t old_state = state;
int8_t response;
uid = cred.uid;
if ((response = process(request)) > 0) {
send_code(response);
response = -response;
}
LOGI("uid: %d action: %c -> %d state: %d -> %d retry: %d",
cred.uid, request, -response, old_state, state, retry);
}
close(the_socket);
}
LOGE("accept: %s", strerror(errno));
return 1;
}
