[英]Control access of third party APIs to Android system resources?
When you import third party APIs (packet dependency injection, generated libraries, source code, etc) in your Android project, you assume they will behave as advertised. 在您的Android项目中导入第三方API(数据包依赖注入,生成的库,源代码等)时,您会假定它们的行为与广告中所宣传的一样。 Most of the times code is not open source, it is obfuscated or just compiled. 大多数时候,代码不是开源的,它们被混淆或只是被编译。
Is there a way to control the access of this APIs to important system resources such as network, contacts, video and audio, location? 有没有办法控制此API对重要系统资源(例如网络,联系人,视频和音频,位置)的访问?
The best approach would be to provide a proxy
to them for the system resources. 最好的方法是为它们提供系统资源的proxy
。 This would have the following benefits: 这将具有以下好处:
I have failed to find how one such solution can be implemented since the user's defined activities and services can not control the services of the third party APIs or even prevent them for making direct calls to any Android public interface. 由于用户定义的活动和服务无法控制第三方API的服务,甚至无法阻止它们直接调用任何Android公共接口,因此我无法找到解决方案的实现方式。
The solution should not require root access, since you do not want to have this control outside the boundaries of your own app. 该解决方案不需要root用户访问权限,因为您不想让此控件超出您自己的应用程序的范围。
The content of this question is linked to several questions which address particularities of this broad question ( log data of content providers , network requests - that got me to think of this problem while researching an answer for it) 这个问题的内容与解决这个广泛问题的特殊性的几个问题相关联( 内容提供商的日志数据 , 网络请求 -使我在研究答案时考虑这个问题)
Note : The short answer is no, but one can be creative enough (maybe going for native level hacks may resolve this issue - idk) 注意 :简短的答案是“否”,但一个人可能足够有创意(也许进行本机级黑客攻击可能会解决此问题-idk)
Build proxy class for your desired android resource you want to protect in a package named com.myproxies (eg MediaRecorder, SensorManager, Camera, java.net.HTTPURLConnection).In the proxy you need to implement all of the public methods of the class you are mocking and you need to implemented logic to allow for access (forward to appropriate method) or deny. 在名为com.myproxies的包中(例如MediaRecorder,SensorManager,Camera,java.net.HTTPURLConnection)为要保护的所需Android资源构建代理类。在代理中,您需要实现该类的所有公共方法在嘲笑,您需要实施逻辑以允许访问(转发到适当的方法)或拒绝。 One helpful step would be to check the caller of the method . 一个有用的步骤是检查方法的调用者 。
If you plan to import source code, refactor code to change package to your proxy (proguard can help with this). 如果您打算导入源代码,请重构代码以将包更改为代理(Proguard可以提供帮助)。
If you are using a library, get Jar Jar Links ,a utility that makes it easy to repackage Java libraries and embed them into your own distribution, and change the package names internally to that of a class in your package that will serve as a proxy. 如果您使用的是库,请获取Jar Jar Links ,该实用程序可以轻松地重新打包Java库并将其嵌入到您自己的发行版中,并将内部包名称更改为包中用作代理的类的名称。 。
If you are using Maven or Gradle package dependency injection, you can also try to import Jar Jar Links and perform the package refactoring at compile time (not very sure it can be done) 如果您使用的是Maven或Gradle软件包依赖项注入,则还可以尝试导入Jar Jar Links并在编译时执行软件包重构(不是很确定可以做到)。
Unfortunately it is very easy to break the API, as I experienced myself, and there is a lot of manual labour involved. 不幸的是,按照我的经验,很容易破坏API,并且涉及大量的体力劳动。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.