Java 类android.os.IInterface 实例源码

@Override
public Object call(Object who, Method method, Object... args) throws Throwable {
    String creator = (String) args[1];
    String[] resolvedTypes = (String[]) args[6];
    int type = (int) args[0];
    int flags = (int) args[7];
    if ((PendingIntent.FLAG_UPDATE_CURRENT & flags) != 0) {
        flags = (flags & ~(PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_NO_CREATE)) | PendingIntent.FLAG_CANCEL_CURRENT;
    }
    if (args[5] instanceof Intent[]) {
        Intent[] intents = (Intent[]) args[5];
        if (intents.length > 0) {
            Intent intent = intents[intents.length - 1];
            if (resolvedTypes != null && resolvedTypes.length > 0) {
                intent.setDataAndType(intent.getData(), resolvedTypes[resolvedTypes.length - 1]);
            }
            Intent targetIntent = redirectIntentSender(type, creator, intent);
            if (targetIntent != null) {
                args[5] = new Intent[]{targetIntent};
            }
        }
    }
    args[7] = flags;
    args[1] = getHostPkg();
    // Force userId to 0
    if (args[args.length - 1] instanceof Integer) {
        args[args.length - 1] = 0;
    }
    IInterface sender = (IInterface) method.invoke(who, args);
    if (sender != null && creator != null) {
        VActivityManager.get().addPendingIntent(sender.asBinder(), creator);
    }
    return sender;
}

public HookHandler(IBinder base, Class<?> stubClass,
                   InvocationHandler InvocationHandler) {
    mInvocationHandler = InvocationHandler;

    try {
        Method asInterface = stubClass.getDeclaredMethod("asInterface", IBinder.class);
        this.mBase = asInterface.invoke(null, base);

        Class clazz = mBase.getClass();
        Field mRemote = clazz.getDeclaredField("mRemote");
        mRemote.setAccessible(true);
        //新建一个 BinderProxy 的代理对象
        Object binderProxy = Proxy.newProxyInstance(mBase.getClass().getClassLoader(),
                new Class[] {IBinder.class}, new TransactionWatcherHook((IBinder) mRemote.get(mBase), (IInterface) mBase));
        mRemote.set(mBase, binderProxy);
    } catch (Exception e) {
        e.printStackTrace();
    }
}

public static final IInterface getInterface(int type, IBinder binder) {
    switch (type) {
        case 0:
            return SystemOptimizeStub.asInterface(binder);
        case 1:
            return VirusScanStub.asInterface(binder);
        case 2:
            return DisturbInterceptStub.asInterface(binder);
        case 3:
            return FileSafeEncryptStub.asInterface(binder);
        case 4:
            return PassWordSystemStub.asInterface(binder);
        case 5:
            return RootServiceStub.asInterface(binder);
        case 6:
            return PaySecureStub.asInterface(binder);
        case 7:
            return SoftMoveServiceStub.asInterface(binder);
        case 8:
            return NetworkMgrServiceStub.asInterface(binder);
        case 9:
            return AccountSecureStub.asInterface(binder);
        default:
            return null;
    }
}

/**
 * Search for the fields marked with @{@link ServiceInfo}
 */
private void initServiceHandlers(Class targetClass, Object target, Context context) throws IllegalArgumentException {
    Field[] fields = targetClass.getDeclaredFields();
    for (Field field : fields) {
        ServiceInfo serviceInfo = field.getAnnotation(ServiceInfo.class);
        if (serviceInfo != null) {
            if (IInterface.class.isAssignableFrom(field.getType())) {
                addServiceHandler(serviceInfo, (Class<? extends IInterface>) field.getType(), context);
                addFieldInfo(serviceInfo, field, target);
            } else if (isRemoter(field.getType())) {
                addRemoterServiceHandler(serviceInfo, field.getType(), context);
                addFieldInfo(serviceInfo, field, target);

            } else {
                throw new IllegalArgumentException(field.getName() + " is not a field of type IInterface or Remoter");
            }
        }
    }
}

@Override
public Object call(Object who, Method method, Object... args) throws Throwable {
    IInterface sender = (IInterface) args[0];
    if (sender != null) {
        IBinder binder = sender.asBinder();
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR2) {
            PendingIntent pendingIntent = PendingIntentData.readPendingIntent(binder);
            Intent intent = PendingIntentJBMR2.getIntent.call(pendingIntent);
            if (intent != null) {
                String creator = intent.getStringExtra("_VA_|_creator_");
                if (creator != null) {
                    return creator;
                }
            }
        } else {
            PendingIntentData data = VActivityManager.get().getPendingIntent(binder);
            if (data != null) {
                return data.creator;
            }
        }
    }
    return super.call(who, method, args);
}

@Override
public Object call(Object who, Method method, Object... args) throws Throwable {
    IInterface caller = (IInterface) args[0];
    IBinder token = (IBinder) args[1];
    Intent service = (Intent) args[2];
    String resolvedType = (String) args[3];
    IServiceConnection conn = (IServiceConnection) args[4];
    int flags = (int) args[5];
    int userId = VUserHandle.myUserId();
    if (isServerProcess()) {
        userId = service.getIntExtra("_VA_|_user_id_", VUserHandle.USER_NULL);
    }
    if (userId == VUserHandle.USER_NULL) {
        return method.invoke(who, args);
    }
    ServiceInfo serviceInfo = VirtualCore.get().resolveServiceInfo(service, userId);
    if (serviceInfo != null) {
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
            service.setComponent(new ComponentName(serviceInfo.packageName, serviceInfo.name));
        }
        conn = ServiceConnectionDelegate.getDelegate(conn);
        return VActivityManager.get().bindService(caller.asBinder(), token, service, resolvedType,
                conn, flags, userId);
    }
    return method.invoke(who, args);
}

@Override
public IBinder getService(final Context context, ClassLoader classLoader, IBinder binder) {
    return new StubBinder(classLoader, binder) {
        @Override
        public InvocationHandler createHandler(Class<?> interfaceClass, final IInterface base) {
            return new InvocationHandler() {
                @Override
                public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
                    try {
                        return method.invoke(base, args);
                    } catch (InvocationTargetException e) {
                        if (e.getCause() != null) {
                            throw e.getCause();
                        }
                        throw e;
                    }
                }
            };
        }
    };
}

@Override
public IBinder getService(final Context context, ClassLoader classLoader, IBinder binder) {
    return new StubBinder(classLoader, binder) {

        @Override
        public InvocationHandler createHandler(Class<?> interfaceClass, final IInterface base) {
            return new InvocationHandler() {
                @Override
                public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
                    try {
                        return method.invoke(base, args);
                    } catch (InvocationTargetException e) {
                        if (e.getCause() != null) {
                            throw e.getCause();
                        }
                        throw e;
                    }
                }
            };
        }

    };
}

@Override
public IBinder getService(final Context context, ClassLoader classLoader, IBinder binder) {
    return new StubBinder(classLoader, binder) {
        @Override
        public InvocationHandler createHandler(Class<?> interfaceClass, final IInterface base) {
            return new InvocationHandler() {
                @Override
                public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
                    try {
                        return method.invoke(base, args);
                    } catch (InvocationTargetException e) {
                        if (e.getCause() != null) {
                            throw e.getCause();
                        }
                        throw e;
                    }
                }
            };
        }
    };
}

@Override
public Object call(Object who, Method method, Object... args) throws Throwable {
    IInterface appThread = (IInterface) args[0];
    Intent service = (Intent) args[1];
    String resolvedType = (String) args[2];
    if (service.getComponent() != null
            && getHostPkg().equals(service.getComponent().getPackageName())) {
        // for server process
        return method.invoke(who, args);
    }
    int userId = VUserHandle.myUserId();
    if (service.getBooleanExtra("_VA_|_from_inner_", false)) {
        userId = service.getIntExtra("_VA_|_user_id_", userId);
        service = service.getParcelableExtra("_VA_|_intent_");
    } else {
        if (isServerProcess()) {
            userId = service.getIntExtra("_VA_|_user_id_", VUserHandle.USER_NULL);
        }
    }
    service.setDataAndType(service.getData(), resolvedType);
    ServiceInfo serviceInfo = VirtualCore.get().resolveServiceInfo(service, VUserHandle.myUserId());
    if (serviceInfo != null) {
        return VActivityManager.get().startService(appThread, service, resolvedType, userId);
    }
    return method.invoke(who, args);
}

public static IBinder factory(Context context, String name, IBinder binder) {
    String descriptor = null;
    try {
        descriptor = binder.getInterfaceDescriptor();
    } catch (RemoteException e) {
        if (DEBUG) {
            Log.d(TAG, "getInterfaceDescriptor()", e);
        }
    }
    android.os.IInterface iin = binder.queryLocalInterface(descriptor);
    if (iin != null) {
        /**
         * If the requested interface has local implementation, meaning that
         * it's living in the same process as the one who requests for it,
         * return the binder directly since in such cases our wrapper does
         * not help in any way.
         */
        return binder;
    }
    return new ServiceWrapper(context, name, binder);
}

@Override
public IBinder getService(final Context context, ClassLoader classLoader, IBinder binder) {
    return new StubBinder(classLoader, binder) {
        @Override
        public InvocationHandler createHandler(Class<?> interfaceClass, final IInterface base) {
            return new InvocationHandler() {
                @Override
                public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
                    try {
                        return method.invoke(base, args);
                    } catch (InvocationTargetException e) {
                        if (e.getCause() != null) {
                            throw e.getCause();
                        }
                        throw e;
                    }
                }
            };
        }
    };
}

@Override
public IBinder getService(final Context context, ClassLoader classLoader, IBinder binder) {
    return new StubBinder(classLoader, binder) {

        @Override
        public InvocationHandler createHandler(Class<?> interfaceClass, final IInterface base) {
            return new InvocationHandler() {
                @Override
                public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
                    try {
                        return method.invoke(base, args);
                    } catch (InvocationTargetException e) {
                        if (e.getCause() != null) {
                            throw e.getCause();
                        }
                        throw e;
                    }
                }
            };
        }

    };
}

@Override
public Object call(Object who, Method method, Object... args) throws Throwable {
    Object session = method.invoke(who, args);
    if (session instanceof IInterface) {
        return patchSession((IInterface) session);
    }
    return session;
}

/**
 * Initialize this {@link RemoteEventListener_Stub} with the given {@link RemoteEventListener} implementation
 *
 * @param serviceImpl An implementation of {@link RemoteEventListener}
 */
public RemoteEventListener_Stub(RemoteEventListener serviceImpl) {
    this.serviceImpl = serviceImpl;
    this.attachInterface(new IInterface() {
                             public IBinder asBinder() {
                                 return RemoteEventListener_Stub.this;
                             }
                         }
            , DESCRIPTOR);
}

/**
 * Initialize this {@link RemoteEventManager_Stub} with the given {@link RemoteEventManager} implementation
 *
 * @param serviceImpl An implementation of {@link RemoteEventManager}
 */
public RemoteEventManager_Stub(RemoteEventManager serviceImpl) {
    this.serviceImpl = serviceImpl;
    this.attachInterface(new IInterface() {
                             public IBinder asBinder() {
                                 return RemoteEventManager_Stub.this;
                             }
                         }
            , DESCRIPTOR);
}

public static ICustomTabsService asInterface(IBinder obj) {
    if (obj == null) {
        return null;
    } else {
        IInterface iin = obj.queryLocalInterface("android.support.customtabs.ICustomTabsService");
        return (iin != null && iin instanceof ICustomTabsService ? (ICustomTabsService) iin : new ICustomTabsService.Stub.Proxy(obj));
    }
}

/**
 * Cast an IBinder object into an ILicensingService interface,
 * generating a proxy if needed.
 */
public static com.google.android.vending.licensing.ILicensingService asInterface(android.os.IBinder obj)
{
if ((obj==null)) {
return null;
}
android.os.IInterface iin = (android.os.IInterface)obj.queryLocalInterface(DESCRIPTOR);
if (((iin!=null)&&(iin instanceof com.google.android.vending.licensing.ILicensingService))) {
return ((com.google.android.vending.licensing.ILicensingService)iin);
}
return new com.google.android.vending.licensing.ILicensingService.Stub.Proxy(obj);
}

/**
 * Cast an IBinder object into an ILicenseResultListener interface,
 * generating a proxy if needed.
 */
public static com.google.android.vending.licensing.ILicenseResultListener asInterface(android.os.IBinder obj)
{
if ((obj==null)) {
return null;
}
android.os.IInterface iin = (android.os.IInterface)obj.queryLocalInterface(DESCRIPTOR);
if (((iin!=null)&&(iin instanceof com.google.android.vending.licensing.ILicenseResultListener))) {
return ((com.google.android.vending.licensing.ILicenseResultListener)iin);
}
return new com.google.android.vending.licensing.ILicenseResultListener.Stub.Proxy(obj);
}

public static IApkManager asInterface(IBinder obj) {
    if (obj == null) {
        return null;
    }
    IInterface iin = obj.queryLocalInterface(DESCRIPTOR);
    if (iin == null || !(iin instanceof IApkManager)) {
        return new Proxy(obj);
    }
    return (IApkManager) iin;
}

public static void scheduleCreateService(IInterface appThread, IBinder token, ServiceInfo info,
        int processState) throws RemoteException {

    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
        IApplicationThreadKitkat.scheduleCreateService.call(appThread, token, info, CompatibilityInfo.DEFAULT_COMPATIBILITY_INFO.get(),
                    processState);
    } else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.ICE_CREAM_SANDWICH_MR1) {
        IApplicationThreadICSMR1.scheduleCreateService.call(appThread, token, info, CompatibilityInfo.DEFAULT_COMPATIBILITY_INFO.get());
    } else {
        IApplicationThread.scheduleCreateService.call(appThread, token, info);
    }

}

public static DeviceCallback asInterface(IBinder obj) {
    if (obj == null) {
        return null;
    }
    IInterface iin = obj.queryLocalInterface(DESCRIPTOR);
    if (iin == null || !(iin instanceof DeviceCallback)) {
        return new Proxy(obj);
    }
    return (DeviceCallback) iin;
}

public static AIDLService asInterface(IBinder obj) {
    if (obj == null) {
        return null;
    }
    IInterface iin = obj.queryLocalInterface(DESCRIPTOR);
    if (iin == null || !(iin instanceof AIDLService)) {
        return new Proxy(obj);
    }
    return (AIDLService) iin;
}

public static AIDLActivity asInterface(IBinder obj) {
    if (obj == null) {
        return null;
    }
    IInterface iin = obj.queryLocalInterface(DESCRIPTOR);
    if (iin == null || !(iin instanceof AIDLActivity)) {
        return new Proxy(obj);
    }
    return (AIDLActivity) iin;
}

public static ITmsCallback asInterface(IBinder binder) {
    if (binder == null) {
        return null;
    }
    IInterface iInterface = binder.queryLocalInterface(ITmsCallback.DESCRIPTOR);
    if (iInterface == null || !(iInterface instanceof ITmsCallback)) {
        return new TmsCallbackProxy(binder);
    }
    return (ITmsCallback) iInterface;
}

public static IResultReceiver asInterface(IBinder obj) {
    if (obj == null) {
        return null;
    }
    IInterface iin = obj.queryLocalInterface(DESCRIPTOR);
    if (iin == null || !(iin instanceof IResultReceiver)) {
        return new Proxy(obj);
    }
    return (IResultReceiver) iin;
}

public static INotificationSideChannel asInterface(IBinder obj) {
    if (obj == null) {
        return null;
    }
    IInterface iin = obj.queryLocalInterface(DESCRIPTOR);
    if (iin == null || !(iin instanceof INotificationSideChannel)) {
        return new Proxy(obj);
    }
    return (INotificationSideChannel) iin;
}

public static IMediaControllerCallback asInterface(IBinder obj) {
    if (obj == null) {
        return null;
    }
    IInterface iin = obj.queryLocalInterface(DESCRIPTOR);
    if (iin == null || !(iin instanceof IMediaControllerCallback)) {
        return new Proxy(obj);
    }
    return (IMediaControllerCallback) iin;
}

public static b a(IBinder iBinder) {
    if (iBinder == null) {
        return null;
    }
    IInterface queryLocalInterface = iBinder.queryLocalInterface(z);
    return (queryLocalInterface == null || !(queryLocalInterface instanceof b)) ? new d(iBinder) : (b) queryLocalInterface;
}

public static void scheduleBindService(IInterface appThread, IBinder token, Intent intent, boolean rebind,
        int processState) throws RemoteException {
    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
        IApplicationThreadKitkat.scheduleBindService.call(appThread, token, intent, rebind, processState);
    } else {
        IApplicationThread.scheduleBindService.call(appThread, token, intent, rebind);
    }
}

@Override
public Object call(Object who, Method method, Object... args) throws Throwable {
    String creator = (String) args[1];
    String[] resolvedTypes = (String[]) args[6];
    int type = (int) args[0];
    int flags = (int) args[7];
    if (args[5] instanceof Intent[]) {
        Intent[] intents = (Intent[]) args[5];
        for (int i = 0; i < intents.length; i++) {
            Intent intent = intents[i];
            if (resolvedTypes != null && i < resolvedTypes.length) {
                intent.setDataAndType(intent.getData(), resolvedTypes[i]);
            }
            Intent targetIntent = redirectIntentSender(type, creator, intent);
            if (targetIntent != null) {
                intents[i] = targetIntent;
            }
        }
    }
    args[7] = flags;
    args[1] = getHostPkg();
    // Force userId to 0
    if (args[args.length - 1] instanceof Integer) {
        args[args.length - 1] = 0;
    }
    IInterface sender = (IInterface) method.invoke(who, args);
    if (sender != null && creator != null) {
        VActivityManager.get().addPendingIntent(sender.asBinder(), creator);
    }
    return sender;
}

private static IInterface createProxy(IInterface provider, ProviderHook hook) {
    if (provider == null || hook == null) {
        return null;
    }
    return (IInterface) Proxy.newProxyInstance(provider.getClass().getClassLoader(), new Class[]{
            IContentProvider.TYPE,
    }, hook);
}

private static HookFetcher fetchHook(String authority) {
    HookFetcher fetcher = PROVIDER_MAP.get(authority);
    if (fetcher == null) {
        fetcher = new HookFetcher() {
            @Override
            public ProviderHook fetch(boolean external, IInterface provider) {
                if (external) {
                    return new ExternalProviderHook(provider);
                }
                return new InternalProviderHook(provider);
            }
        };
    }
    return fetcher;
}

@Override
public Object call(Object who, Method method, Object... args) throws Throwable {
    Object session = method.invoke(who, args);
    if (session instanceof IInterface) {
        return proxySession((IInterface) session);
    }
    return session;
}

@Override
public void inject() throws Throwable {
    final IInterface hookedPM = getInvocationStub().getProxyInterface();
    ActivityThread.sPackageManager.set(hookedPM);

    BinderInvocationStub pmHookBinder = new BinderInvocationStub(getInvocationStub().getBaseInterface());
    pmHookBinder.copyMethodProxies(getInvocationStub());
    pmHookBinder.replaceService("package");
}

private static IInterface getInterface() {
    if (BuildCompat.isOreo()) {
        android.content.ClipboardManager cm = (android.content.ClipboardManager)
                VirtualCore.get().getContext().getSystemService(Context.CLIPBOARD_SERVICE);
        return ClipboardManagerOreo.mService.get(cm);
    } else {
        return ClipboardManager.getService.call();
    }
}

private static IInterface getInterface() {
    if (BuildCompat.isOreo()) {
        android.content.ClipboardManager cm = (android.content.ClipboardManager)
                VirtualCore.get().getContext().getSystemService(Context.CLIPBOARD_SERVICE);
        return ClipboardManagerOreo.mService.get(cm);
    } else {
        return ClipboardManager.getService.call();
    }
}

private static HookFetcher fetchHook(String authority) {
    HookFetcher fetcher = PROVIDER_MAP.get(authority);
    if (fetcher == null) {
        fetcher = new HookFetcher() {
            @Override
            public ProviderHook fetch(boolean external, IInterface provider) {
                if (external) {
                    return new ExternalProviderHook(provider);
                }
                return new InternalProviderHook(provider);
            }
        };
    }
    return fetcher;
}

public ComponentName startService(IInterface caller, Intent service, String resolvedType, int userId) {
    try {
        return getService().startService(caller != null ? caller.asBinder() : null, service, resolvedType, userId);
    } catch (RemoteException e) {
        return VirtualRuntime.crash(e);
    }
}

/**
 * Cast an IBinder object into an ILicenseResultListener interface,
 * generating a proxy if needed.
 */
public static com.google.android.vending.licensing.ILicenseResultListener asInterface(android.os.IBinder obj)
{
if ((obj==null)) {
return null;
}
android.os.IInterface iin = (android.os.IInterface)obj.queryLocalInterface(DESCRIPTOR);
if (((iin!=null)&&(iin instanceof com.google.android.vending.licensing.ILicenseResultListener))) {
return ((com.google.android.vending.licensing.ILicenseResultListener)iin);
}
return new com.google.android.vending.licensing.ILicenseResultListener.Stub.Proxy(obj);
}