Skip to content

avoid getting incorrect path from other plugin apk #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
xwf20050250 opened this issue Jun 1, 2019 · 6 comments
Open

avoid getting incorrect path from other plugin apk #7

xwf20050250 opened this issue Jun 1, 2019 · 6 comments

Comments

@xwf20050250
Copy link

xwf20050250 commented Jun 1, 2019
edited
Loading 

char *pathHelperGetPath() {

    char *package = getPackageName();
    if (NULL == package) {
        return NULL;
    }

    FILE *fp = fopen("/proc/self/maps", "r");
    if (NULL == fp) {
        free(package);
        return NULL;
    }
    const size_t BUFFER_SIZE = 256;
    char buffer[BUFFER_SIZE] = "";
    char path[BUFFER_SIZE] = "";

    bool find = false;
    while (fgets(buffer, BUFFER_SIZE, fp)) {
        if (sscanf(buffer, "%*llx-%*llx %*s %*s %*s %*s %s", path) == 1) {
            **if (strstr(path, package) && (strstr(path, "/data/app/") || strstr(path, "/mnt/"))) {**
                char *bname = basename(path);
                NSV_LOGI("check basename[%s]", bname);
                if (strcasecmp(getFilenameExt(bname), "apk") == 0) {
                    find = true;
                    break;
                }
            }
        }
    }
    fclose(fp);
    free(package);
    if (find) {
        return strdup(path);
    }
    return NULL;
}
@emileb
Copy link

emileb commented Nov 14, 2019

@xwf20050250 Thanks for this, Just wondering if you know how robust this is, have you tested on many devices or in the wild? Are we sure it will always reside in /data/app or /mnt/?

@alexcohn
Copy link

alexcohn commented Jan 8, 2020
edited
Loading

will always reside in /data/app or /mnt/?

Well, yes. It will be either under /data/app or /mnt/asec… But there may be more matching lines in your /proc/self/maps. E.g. experitest injects the tester APK into your process. Another concern is that for app bundles, you must find the 'base' APK.

@alexcohn
Copy link

alexcohn commented Jan 8, 2020

another concern is that if you have process attribute, it will override /proc/self/cmdline.

@emileb
Copy link

emileb commented Jan 8, 2020

Thanks for the info @alexcohn. In my limited testing it appears the non 'base' APKs are also signed with the same key, so I believe it's acceptable to find any of the APKs in the bundle (which appears to happen randomly on my test devices)

@alexcohn
Copy link

alexcohn commented Jan 9, 2020

the non 'base' APKs are also signed with the same key

Sure they are, unless there has been some tampering. I am not sure what you are looking for, but if you care about malicious or accidental inconsistencies, you must analyze all of them.

@xwf20050250
Copy link
Author

xwf20050250 commented Nov 26, 2020
edited
Loading

@xwf20050250 Thanks for this, Just wondering if you know how robust this is, have you tested on many devices or in the wild? Are we sure it will always reside in /data/app or /mnt/?

@emileb
yes, in some of lowlevel android devices(e.g. Bird M6...) the path of base apk is in /mnt/...

if there is some plugin apk in our package, maybe we will get incorrect path(e.g. /data/data/com.dw.fff.uc/ucgamesdk/modules/update-1/cn.uc.gamesdk.loader.apk) which is matched to the plugin.

therefore, we should restrict path to /data/app or /mnt/.

of course, it works fine on production env until now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@emileb @alexcohn @xwf20050250