If you don’t know what Zygote is, or are curious about how zygote starts, you can go to luo’s article, the Android system process Zygote start process source code analysis:http://blog.csdn.net/luoshengyang/article/details/6768304
Zygote forks all Android applications from zygote fork. The new fork still has root privileges, which is obviously not allowed, so the child of this fork needs to be demoted.
The execution path
The following runSelectLoop method is a member of the class ZygoteInit, it in the file “frameworks/base/core/Java/com/android/internal/OS/ZygoteInit. Java”, here are its source code:
In this method, Zygote waits for the client to tell it to start a new application, as detailed in the article listed in the introduction. Now what we care about isdone = peers.get(index).runOnce(); Statement that starts a new application process by calling the runOnce method, which is a member of the ZygoteConnection class.
ZygoteConnection. RunOnce method in the file “frameworks/base/core/Java/com/android/internal/OS/ZygoteConnection. Java”, here are its source code:
ParsedArgs holds information about the application you want to start, which is of type Arguments, which is the inner class of ZygoteConnection.
RunOnce method calls the Zygote forkAndSpecialize method, this method in the file “frameworks/base/core/Java/com/android/internal/OS/Zygote. Java”, here are its source code:
The nativeForkandWfriend method is called in this method.
NativeForkAndSpecialize is a native method whose function name in native code is com_android_internal_os_Zygote_nativeForkAndSpecialize
This function in the file “frameworks/base/core/jni/com_android_internal_os_Zygote CPP, here are its source code:
In this function, the ForkAndSpecializeCommon function is called.
Child process permission degradation function
ForkAndSpecializeCommon function in the file “frameworks/base/core/jni/com_android_internal_os_Zygote CPP”, in this function calls the fork function, And fork out the child process to downgrade its own privileges, the following is the source code:
In this function, the subprocess calls SetGids, SetRLimits, setresgid, and setresuID, setting the group ID and user ID to degrade its permissions.
Click “Read the original article” to see the full article, and more security technology articles can be found on Aliju security blog
Left left left