我正在学习android avd goldfish内核。我已经在金鱼内核中插入了一个内核。我可以挂钩阅读联系人API。
如何判断哪个应用程序调用Linux内核?
我的内核来源:
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/moduleparam.h>
#include <linux/unistd.h>
#include <linux/semaphore.h>
#include <linux/string.h>
#include <asm/cacheflush.h>
void **sys_call_table;
asmlinkage int (*original_call_open)(const char *, int, int);
asmlinkage int (*original_call_read)(unsigned int, char *, int);
asmlinkage int our_sys_read(unsigned int fd, char *buf, int count)
{
if (fd == 0 && count == 1)
printk("I have files being read: intercept 0x%02X", buf[0]);
return original_call_read(fd, buf, count);
}
asmlinkage int our_sys_open(const char *file, int flags, int mode)
{
/* Contacts:
* /data/data/com.android.providers.contacts/databases/contacts2.db
* Call records:
* /data/data/com.android.providers.telephony/databases/telephony.db
* SMS records:
* /data/data/com.android.providers.telephony/databases/mmssms.db
*/
char *contact ="/data/data/com.android.providers.contacts/databases/contacts2.db";
char *telephony = "/data/data/com.android.providers.telephony/databases/telephony.db";
char *sms = "/data/data/com.android.providers.telephony/databases/mmssms.db";
if (strcmp(file, contact) == 0)
printk("The application is reading phone contact records!\n");
if (strcmp(file, telephony) == 0)
printk("The application is reading the phone call records!\n");
if (strcmp(file, sms) == 0)
printk("The application is reading phone message recording!\n");
/* printk("A file was opened\n%s\n%d\n%d\n", file, flags, mode); */
return original_call_open(file, flags, mode);
}
int init_module(void)
{
sys_call_table = (void*)0xc0022f24;
original_call_open = sys_call_table[__NR_open];
original_call_read = sys_call_table[__NR_read];
sys_call_table[__NR_open] = our_sys_open;
sys_call_table[__NR_read] = our_sys_read;
return 0;
}
void cleanup_module(void)
{
/* Restore the original call */
sys_call_table[__NR_open] = original_call_open;
sys_call_table[__NR_read] = original_call_read;
}