On android, I can see a service running with service list:
Let's say:
# service list | grep dropbox
87 dropbox: [com.android.internal.os.IDropBoxManagerService]
How do I map this to the APK that is serving it?
These are system services, and are part of the system server.
App services don't show here.
Note that dropbox service is not related to the Dropbox commercial service.
The way to go to the code would be to simply search for that name on the codebase. If you don't have AOSP checkout, you can use https://cs.android.com
For your example, this is the code:
https://cs.android.com/android/platform/superproject/+/master:frameworks/base/services/core/java/com/android/server/DropBoxManagerService.java;l=52?q=IDropBoxManagerService&sq=
If you want to check "Services component" in apks.
adb shell dumpsys activity services
P.S. dropbox is a system service, and system services are totally different things with service components in apk.
Related
First of all, please note that this question is not same as all the "android foreground app" questions I found on SO, please read on :-)
I'm trying to write an android app for my own use, using golang, without using android-sdk or ndk (this is the KEY point). It is pretty simple, just use golang to write a http service, compile it for arm CPU and voila my app is running and can be access by simply visit http://localhost.
For the purpose of my app, I need to know the currently running foreground application, to define it precisely:
Foreground application is the application that occupies the screen, or has an "activity" what-so-ever (forgive me I'm not an android developer).
Anything that that is depended by the foreground application (e.g. services) is NOT what I am interested in.
If the phone is LOCKED/screen turned off, I want the solution to tell me there is NO foreground app.
And since I do not use anything android, just treat the phone as a LINUX machine, I want the solution to use native LINUX ways, e.g. by inspect /proc, or by calling any installed android command line tool (including sending messages via these command line tools), but NOT using any SDK/NDK way so that I have to use java or incorporate these thing into my app.
Starting from Android SDK 26 (if I remember well) Apps are executed on -one-User-per-App, so (i.e.) WhatsApp is running on UID=30 and Telegram on UID=76, so executing a ROOT command of "ps -A -o PID,USER,NAME" you can parse output and then Kill all Processes that you don't want to be executed.
36119 u30_a149 <WhatsApp_packagename>
36203 u76_a211 <Telegram_packagename>
37399 root [kworker/1:2H]
37423 u0_a329 su
38069 root sh
Without Root Permissions nothing of what you're trying to achieve is possible simply because is not possibile to denied an application to be executed or to kill it without Superuser privilege.
I had earlier written a standalone daemon to access a custom device (/dev/mydev0). Looking at AOSP source, I figured I needed setup policies in following files to make it work:
new file device.te containing:
type mydev_device, dev_type;
new file mydevsrvc.te containing
# service flash_recovery in init.rc
type mydevsrvc_type, domain;
type mydevsrvc_type_exec, exec_type, file_type;
init_daemon_domain(mydevsrvc_type)
allow mydevsrvc_type mydev_device:chr_file rw_file_perms;
edited file_contexts to add:
/dev/mydev[0-9]* u:object_r:mydev_device:s0
edited service_contexts to add:
mydevsrvc u:object_r:mydevsrvc_type:s0
And started the daemon by editing init.flo.rc to include these lines:
service mydevsrvc /system/bin/mydevsrvc
class main
user system
group system
seclabel u:r:mydevsrvc_type:s0
oneshot
Now, I need to access the device in android apps, so I must change the daemon into an android system service.
I can startup the service (thread) using BOOT_COMPLETED intent as explained in a previous question
I am not able to figure out how to setup SELinux policies so that this java service is also able to access the dev file.
[Update] I have continued using privileged daemon for this purpose. My java service connects to daemon through sockets. I don't have a better solution.
I finally figured out the answer. Posting it here, because there sure will be SEPolicy noobs like me looking for similar answers.
For this work, I needed to be able to access my device file from my java app that implements my service.
I needed to add following rule in my sepolicy directory, in a new file:
allow system_app mydev_device:chr_file rw_file_perms;
Also, needed to make my service app run in system_app domain. For this, I need to:
Install in priv_app during Android build.
Sign it with platform key
Declare shared user id in manifest: android.uid.system. I found that without this, app runs in platform-app domain and wasn't able to access my device file even with corresponding change in SEPolicy rule. Not sure why though, I didn't bother to debug.
It might also be possible to run my Service app in mydevsrvc_type domain. I didn't find out how to do that, or whether that will work.
Here is a brief summary of the steps needed to implement SELinux on your Android device:
Add SELinux support in the kernel and configuration.
Grant each service (process or daemon) started from init its own domain.
Identify these services by:
Reviewing the init..rc file and finding all services.
Examining warnings of the form init: Warning! Service name needs a SELinux domain defined; please fix! in dmesg output.
Checking ps -Z | grep init output to see which services are running in the init domain.
Label all new processes, drivers, sockets, etc. All objects need to be labeled properly to ensure they interact properly with the policies you apply. See the labels used in AOSP for examples to follow in label name creation.
Institute security policies that fully cover all labels and restrict permissions to their absolute minimum.
Ideally, OEMs start with the policies in the AOSP and then build upon them for their own customizations.
for more https://source.android.com/security/selinux/implement.html
In response of your question to start service from init rc
you can just write one rc file like below. Where it will start your service on receiving of boot_completed
on property:sys.boot_completed=1
start mydevsrvc
for reference http://androidxref.com/9.0.0_r3/xref/device/generic/qemu/init.ranchu.rc#60
Possibly add a line in your ueventd.rc file or project specific to give the permission
I did tried some sample code for service and installed the same on device and started the app. I tried to list this service with adb command, which was running now (could see my logs for the same in logcat)
adb shell service list
But, above command lists only system service and could not see my service listed there.
So, my question,
1. Does all services need to register for service manager or it is only the "system services"
2. If i have aidl implemented for this same service will it behave like system service (i mean, get displayed for command like "adb shell service list")
thanks for reading and appreciate any response for my question
-regards,
Manju
Android system services are different from the sort of services you create within an app. You don't need to worry that they don't appear within adb shell service list.
System services are provided in the ROM of the phone and are core parts of the Android OS, for example the "surface flinger" (graphics compositor), "package manager" etc. They are accessed within the Android frameworks so that a typical Android application developer never contacts them directly. They are looked up based on a simple string.
Normal services inherit from the Service class and you connect to them from within application code using an Intent and typically Context.bindService.
I am writing an application to add all our apps to the homescreen of our devices. I need it to skip the apps that are services or contentproviders that just run in the background and are never "launched" by the user.
Any ideas? Right now i am specifying the apps, but would like to have it more automated.
Thanks!
See this thread for information on finding launchable Intent instances from the package manager.
I have developed an android service. Any android app can use it's API's to get some kind of news updates from this service. I want to distribute this service so that any android app on the phone can use this service. My questions here are :
When some android application try to use its API on the phone and suppose that service is not available on the phone then what will happen ?
How will android application developer will make sure that the service is available on the phone ?
Does application developer has to bundle service with his application ? If yes then wont be there multiple instances of same service on phone if multiple application contains same service on the phone ?
Thanks
Dalvin
When some android application try to use its API on the phone and suppose that service is not available on the phone then what will happen?
If they are smart, they will use PackageManager to see if you are installed first. Otherwise, their attempt to call startService() or bindService() will fail.
How will android application developer will make sure that the service is available on the phone ?
Use PackageManager.
Does application developer has to bundle service with his application?
How are we supposed to know? You are the person who wrote it.
If yes then wont be there multiple instances of same service on phone if multiple application contains same service on the phone ?
Possibly. It is difficult to answer this question in the abstract, as there are multiple ways to distribute this service (as an APK, as an Android library project, as a JAR, as just a hunk of source code) and multiple ways to integrate it (change the source code, use the source/JAR/library as-is, reference the existing APK).