-
-
[原创]结合init源码剖析android root提权漏洞(CVE-2010-EASY)
-
发表于:
2011-9-4 21:41
19018
-
[原创]结合init源码剖析android root提权漏洞(CVE-2010-EASY)
转载请注明出处:http://hi.baidu.com/androidhacker/blog/item/59faabfda34b71f57709d707.html
这篇文章是上一篇博客的后续分析,主要介绍向init进程发送热拔插信息后init进程的处理流程
首先我们来了解一个数据结构,uevent,如下
struct uevent {
const char *action;
const char *path;
const char *subsystem;
const char *firmware;
int major;
int minor;
};
static void parse_event(const char *msg, struct uevent *uevent)
{
while(*msg) {
if(!strncmp(msg, "ACTION=", 7)) {
msg += 7;
uevent->action = msg;
} else if(!strncmp(msg, "DEVPATH=", 8)) {
msg += 8;
uevent->path = msg;
} else if(!strncmp(msg, "SUBSYSTEM=", 10)) {
msg += 10;
uevent->subsystem = msg;
} else if(!strncmp(msg, "FIRMWARE=", 9)) {
msg += 9;
uevent->firmware = msg;
} else if(!strncmp(msg, "MAJOR=", 6)) {
msg += 6;
uevent->major = atoi(msg);
} else if(!strncmp(msg, "MINOR=", 6)) {
msg += 6;
uevent->minor = atoi(msg);
}
while(*msg++);
}
}
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!