当前位置: 首页 > news >正文

观察应用宝进程的自启动行为

news 2025/7/15 11:05:48

摘要

观察应用宝进程的自启动行为

自启动方式

触发场景/原理

进程标识

拦截策略

BindService绑定服务

通过bindService()绑定系统/其他应用服务,被杀后重新绑定拉活(高频触发)

:live、:privileged_process0

Service拦截策略(含startService和bindService)

ContentProvider拉活

注册ContentProvider,其他应用访问时自动唤醒

:daemon

ContentProvider广播拦截

AccountManager同步

利用系统账户同步机制定期唤醒(同步间隔≥60秒)

:live

Service拦截策略(含startService和bindService)

Broadcast广播拉活

监听系统广播(如开机、网络变化)或第三方应用广播

主进程

广播拦截

NDK守护进程

Native层fork()子进程监控主进程,通过am startservice拉活

:daemon

Service拦截策略(含startService和bindService)

WebView沙箱拉活

绑定WebView沙箱服务(SandboxedProcessService)间接拉活

:sandboxed_process0

Service拦截策略(含startService和bindService)

MediaRoute媒体路由

通过MediaRoute2ProviderServiceProxy绑定服务(本质仍为bindService)

:live

Service拦截策略(含startService和bindService)

JobScheduler定时任务

利用JobScheduler定时唤醒(Android 5.0+替代方案)

主进程

Service拦截策略(含startService和bindService)

startInstrumentation

Instrumentation测试组件

:daemon

startInStrumentation拦截策略

1. 添加观察点-Process.start()

    AMS启动进程最终都会调用Process.start()方法,通过socket向zygote进程发送创建新进程的请求,例如ProcessList.startProcess新增trace调查

0

import android.os.Debug;@GuardedBy("mService")boolean startProcessLocked(ProcessRecord app, HostingRecord hostingRecord,        int zygotePolicyFlags, boolean disableHiddenApiChecks, boolean disableTestApiChecks,        String abiOverride) {    if (app.isPendingStart()) {        return true;    }    if ("com.tencent.android.qqdownloader".equals(app.info.packageName)            || "com.ayst.helloapptype".equals(app.info.packageName)) {        String callers = Debug.getCallers(10);        Slog.i(TAG, "startProcessLocked " + app.processName, new Throwable());    }

2. 命令强杀应用宝观察自启动行为

adb shell am force-stop com.tencent.android.qqdownloader

3.日志观察应用宝自启动行为

重启静静等应用宝装逼就行了哈

3.1 [bindService后台自启动]com.tencent.android.qqdownloader:live或privileged_process0或sandboxed_process0

开机触发,应用宝后从通知栏划掉应用宝的通知触发,后台随时随地触发,高频触发

2025-07-14 16:24:53.637  1626-3165  ActivityManager         system_server                        I  startProcessLocked com.tencent.android.qqdownloader:livejava.lang.Throwableat com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:1860)at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2655)at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2801)at com.android.server.am.ActivityManagerService.startProcessLocked(ActivityManagerService.java:3076)at com.android.server.am.ActiveServices.bringUpServiceInnerLocked(ActiveServices.java:5927)at com.android.server.am.ActiveServices.bringUpServiceLocked(ActiveServices.java:5736)at com.android.server.am.ActiveServices.bindServiceLocked(ActiveServices.java:4319)at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:14367)at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:14327)at android.app.IActivityManager$Stub.onTransact(IActivityManager.java:3089)at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:2865)at android.os.Binder.execTransactInternal(Binder.java:1500)at android.os.Binder.execTransact(Binder.java:1444) 2025-07-14 16:32:49.088  1626-3163  ActivityManager         system_server                        I  startProcessLocked com.google.android.webview:sandboxed_process0:org.chromium.content.app.SandboxedProcessService0:0java.lang.Throwableat com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:1860)at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2655)at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2801)at com.android.server.am.ActivityManagerService.startProcessLocked(ActivityManagerService.java:3076)at com.android.server.am.ActiveServices.bringUpServiceInnerLocked(ActiveServices.java:5927)at com.android.server.am.ActiveServices.bringUpServiceLocked(ActiveServices.java:5736)at com.android.server.am.ActiveServices.bindServiceLocked(ActiveServices.java:4319)at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:14367)at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:14327)at android.app.IActivityManager$Stub.onTransact(IActivityManager.java:3089)at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:2865)at android.os.Binder.execTransactInternal(Binder.java:1500)at android.os.Binder.execTransact(Binder.java:1444)

拦截建议

0

3.2 [provider后台自启动]com.tencent.android.qqdownloader:daemon 

​​​​​​​

2025-07-14 16:24:56.506  1626-3060  ActivityManager         system_server                        I  startProcessLocked com.tencent.android.qqdownloader:daemonjava.lang.Throwable	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:1860)	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2655)	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2801)	at com.android.server.am.ActivityManagerService.startProcessLocked(ActivityManagerService.java:3076)	at com.android.server.am.ContentProviderHelper.getContentProviderImpl(ContentProviderHelper.java:581)	at com.android.server.am.ContentProviderHelper.getContentProvider(ContentProviderHelper.java:150)	at com.android.server.am.ActivityManagerService.getContentProvider(ActivityManagerService.java:7223)	at android.app.IActivityManager$Stub.onTransact(IActivityManager.java:2966)	at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:2865)	at android.os.Binder.execTransactInternal(Binder.java:1500)	at android.os.Binder.execTransact(Binder.java:1444)

拦截建议

0

3.3 [startInstrumentation]com.tencent.android.qqdownloader:daemon

startInstrumentation方法用于启动一个Instrumentation组件,通常在测试应用程序时使用。当需要对应用程序进行自动化测试、性能测试或UI测试时,可以通过startInstrumentation方法启动一个Instrumentation组件。这个方法通常由测试框架或测试工具调用,而不是应用程序本身​​​​

2025-07-14 16:32:32.018  1626-1789  ActivityManager         system_server                        I  startProcessLocked com.tencent.android.qqdownloader:daemonjava.lang.Throwable	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:1860)	at com.android.server.am.ActivityManagerService.addAppLocked(ActivityManagerService.java:7479)	at com.android.server.am.ActivityManagerService.addAppLocked(ActivityManagerService.java:7410)	at com.android.server.am.ActivityManagerService.startInstrumentation(ActivityManagerService.java:16784)	at android.app.IActivityManager$Stub.onTransact(IActivityManager.java:3182)	at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:2865)	at android.os.Binder.execTransactInternal(Binder.java:1500)	at android.os.Binder.execTransact(Binder.java:1444)

0

3.4 [sync]com.tencent.android.qqdownloader:live

AccountManagerService.addAccount的bindService方式

​​​​​​​

2025-07-14 16:32:31.921  1626-10518 ActivityManager         system_server                        I  startProcessLocked com.tencent.android.qqdownloader:livejava.lang.Throwable	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:1860)	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2655)	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2801)	at com.android.server.am.ActivityManagerService.startProcessLocked(ActivityManagerService.java:3076)	at com.android.server.am.ActiveServices.bringUpServiceInnerLocked(ActiveServices.java:5927)	at com.android.server.am.ActiveServices.bringUpServiceLocked(ActiveServices.java:5736)	at com.android.server.am.ActiveServices.bindServiceLocked(ActiveServices.java:4319)	at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:14367)	at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:14327)	at android.app.ContextImpl.bindServiceCommon(ContextImpl.java:2195)	at android.app.ContextImpl.bindServiceAsUser(ContextImpl.java:2115)	at com.android.server.accounts.AccountManagerService$Session.bindToAuthenticator(AccountManagerService.java:5400)	at com.android.server.accounts.AccountManagerService$Session.bind(AccountManagerService.java:5168)	at com.android.server.accounts.AccountManagerService.addAccountAndLogMetrics(AccountManagerService.java:3508)	at com.android.server.accounts.AccountManagerService.addAccount(AccountManagerService.java:3415)	at android.accounts.IAccountManager$Stub.onTransact(IAccountManager.java:726)	at com.android.server.accounts.AccountManagerService.onTransact(AccountManagerService.java:1143)	at android.os.Binder.execTransactInternal(Binder.java:1505)	at android.os.Binder.execTransact(Binder.java:1444)

拦截建议同service的拦截

3.5 [broadcast]com.tencent.android.qqdownloader

​​​​​​​

2025-07-14 16:36:00.138  1626-1689  ActivityManager         system_server                        I  startProcessLocked com.tencent.android.qqdownloaderjava.lang.Throwable	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:1860)	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2655)	at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2801)	at com.android.server.am.ActivityManagerService.startProcessLocked(ActivityManagerService.java:3076)	at com.android.server.am.BroadcastQueueModernImpl.scheduleReceiverColdLocked(BroadcastQueueModernImpl.java:1026)	at com.android.server.am.BroadcastQueueModernImpl.updateRunningListLocked(BroadcastQueueModernImpl.java:561)	at com.android.server.am.BroadcastQueueModernImpl.updateRunningList(BroadcastQueueModernImpl.java:449)	at com.android.server.am.BroadcastQueueModernImpl.lambda$new$0(BroadcastQueueModernImpl.java:299)	at com.android.server.am.BroadcastQueueModernImpl.$r8$lambda$d79aYiK04-SKNC9AXzRIc2ug0aQ(BroadcastQueueModernImpl.java:0)	at com.android.server.am.BroadcastQueueModernImpl$$ExternalSyntheticLambda12.handleMessage(R8$$SyntheticClass:0)	at android.os.Handler.dispatchMessage(Handler.java:103)	at android.os.Looper.loopOnce(Looper.java:232)	at android.os.Looper.loop(Looper.java:317)	at android.os.HandlerThread.run(HandlerThread.java:85)	at com.android.server.ServiceThread.run(ServiceThread.java:46)

拦截建议

0

3.6 [NDK守护进程拉活]com.tencent.android.qqdownloader:daemon​

2025-07-14 17:45:58.957  1626-1677  ActivityManager         system_server                        I  startProcessLocked com.tencent.android.qqdownloader:daemonjava.lang.Throwableat com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:1860)at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2655)at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2801)at com.android.server.am.ActivityManagerService.startProcessLocked(ActivityManagerService.java:3076)at com.android.server.am.ActivityManagerService$LocalService.startProcess(ActivityManagerService.java:19655)at com.android.server.wm.ActivityTaskManagerService$$ExternalSyntheticLambda20.accept(R8$$SyntheticClass:0)at com.android.internal.util.function.pooled.PooledLambdaImpl.doInvoke(PooledLambdaImpl.java:363)at com.android.internal.util.function.pooled.PooledLambdaImpl.invoke(PooledLambdaImpl.java:204)at com.android.internal.util.function.pooled.OmniFunction.run(OmniFunction.java:87)at android.os.Handler.handleCallback(Handler.java:959)at android.os.Handler.dispatchMessage(Handler.java:100)at android.os.Looper.loopOnce(Looper.java:232)at android.os.Looper.loop(Looper.java:317)at android.os.HandlerThread.run(HandlerThread.java:85)at com.android.server.ServiceThread.run(ServiceThread.java:46)

拦截建议

0

3.7 [com.google.android.webview拉活]com.google.android.webview:sandboxed_process0

同bindService拦截​​​​​

2025-07-14 17:57:01.305  1450-2960  ActivityManager         system_server                        I  startProcessLocked com.google.android.webview:sandboxed_process0:org.chromium.content.app.SandboxedProcessService0:0                                                                                                    java.lang.Throwableat com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:1860)at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2655)at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2801)at com.android.server.am.ActivityManagerService.startProcessLocked(ActivityManagerService.java:3076)at com.android.server.am.ActiveServices.bringUpServiceInnerLocked(ActiveServices.java:5927)at com.android.server.am.ActiveServices.bringUpServiceLocked(ActiveServices.java:5736)at com.android.server.am.ActiveServices.bindServiceLocked(ActiveServices.java:4319)at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:14367)at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:14327)at android.app.IActivityManager$Stub.onTransact(IActivityManager.java:3089)at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:2865)at android.os.Binder.execTransactInternal(Binder.java:1500)at android.os.Binder.execTransact(Binder.java:1444)

3.8 [MediaRoute拉活]com.tencent.android.qqdownloader:live

本质还是bindService哈

通过MediaRoute2ProviderServiceProxy的bindService方式

​​​​​​​

通过MediaRoute2ProviderServiceProxy的bindService方式01-26 03:00:16.621  7461  7461 I ActivityManager: startProcessLocked com.tencent.android.qqdownloader:live01-26 03:00:16.621  7461  7461 I ActivityManager: java.lang.Throwable01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:1697)01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2418)01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.am.ProcessList.startProcessLocked(ProcessList.java:2558)01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.am.ActivityManagerService.startProcessLocked(ActivityManagerService.java:2858)01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.am.ActiveServices.bringUpServiceLocked(ActiveServices.java:4278)01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.am.ActiveServices.bindServiceLocked(ActiveServices.java:2956)01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:12782)01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.am.ActivityManagerService.bindServiceInstance(ActivityManagerService.java:12729)01-26 03:00:16.621  7461  7461 I ActivityManager:         at android.app.ContextImpl.bindServiceCommon(ContextImpl.java:2035)01-26 03:00:16.621  7461  7461 I ActivityManager:         at android.app.ContextImpl.bindServiceAsUser(ContextImpl.java:1974)01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.media.MediaRoute2ProviderServiceProxy.bind(MediaRoute2ProviderServiceProxy.java:243)01-26 03:00:16.621  7461  7461 I ActivityManager:         at com.android.server.media.MediaRoute2ProviderServiceProxy.onBindingDied(MediaRoute2ProviderServiceProxy.java:312)01-26 03:00:16.621  7461  7461 I ActivityManager:         at android.app.LoadedApk$ServiceDispatcher.doConnected(LoadedApk.java:2184)01-26 03:00:16.621  7461  7461 I ActivityManager:         at android.app.LoadedApk$ServiceDispatcher$RunConnection.run(LoadedApk.java:2221)

http://www.lryc.cn/news/588209.html

相关文章:

  • JAVA经典单例模式
  • 分布式系统中设计临时节点授权的自动化安全审计
  • 生信技能74 - WGS插入片段长度分布数据提取与绘图
  • Vue3 学习教程,从入门到精通,Vue 3 表单控件绑定详解与案例(7)
  • Linux连接跟踪Conntrack:原理、应用与内核实现
  • 分布式一致性协议
  • 零基础 “入坑” Java--- 十一、多态
  • 详解同步、异步、阻塞、非阻塞
  • 12.4 Hinton与Jeff Dean突破之作:稀疏门控MoE如何用1%计算量训练万亿参数模型?
  • UM680A模块接地与散热和封装推荐设计
  • MIPI DSI(三) MIPI DSI 物理层和 D-PHY
  • 2D和3D激光slam的点云去运动畸变
  • SLAM 前端
  • Doll靶机渗透
  • openEuler系统PCIE降速方法简介
  • 基于YOLOV8的烟火检测报警系统的设计与实现【全网独一、报警声音机制、实时画面、系统交互、日志记录】
  • SSM框架学习——day1
  • MySQL窗口函数详讲
  • VUE3 添加长按手势
  • Web 前端面试
  • C++-linux 7.文件IO(一)系统调用
  • Day34 Java方法05 可变参数
  • OSPF高级特性之GR
  • 现有医疗AI记忆、规划与工具使用的创新路径分析
  • 【Java笔记】七大排序
  • Android Studio C++/JNI/Kotlin 示例 二
  • 清除 Android 手机 SIM 卡数据的4 种简单方法
  • 如何将数据从一部手机传输到另一部手机?
  • SSH 登录失败,封禁IP脚本
  • Oracle 学习笔记