android - 在应用程序中运行 adb 命令会导致权限被拒绝

Question

我正在构建一个应用程序，尝试执行一些命令，例如“top”等。 我正在开发 Android 7.0。 我在较旧的 Android 版本中尝试此代码，但当我在牛轧糖上尝试时，出现以下错误:权限被拒绝:

E/AndroidRuntime: FATAL EXCEPTION: AsyncTask #1
              Process: com.example.matant.cmdlineapp, PID: 7662
              java.lang.RuntimeException: An error occurred while executing doInBackground()
                  at android.os.AsyncTask$3.done(AsyncTask.java:325)
                  at java.util.concurrent.FutureTask.finishCompletion(FutureTask.java:354)
                  at java.util.concurrent.FutureTask.setException(FutureTask.java:223)
                  at java.util.concurrent.FutureTask.run(FutureTask.java:242)
                  at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:243)
                  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
                  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
                  at java.lang.Thread.run(Thread.java:761)
               Caused by: java.lang.RuntimeException: java.io.IOException: Cannot run program "adb shell top": error=13, Permission denied
                  at com.example.matant.cmdlineapp.MainActivity$RunningTopCommand.doInBackground(MainActivity.java:88)
                  at com.example.matant.cmdlineapp.MainActivity$RunningTopCommand.doInBackground(MainActivity.java:36)
                  at android.os.AsyncTask$2.call(AsyncTask.java:305)
                  at java.util.concurrent.FutureTask.run(FutureTask.java:237)
                  at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:243) 
                  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133) 
                  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607) 
                  at java.lang.Thread.run(Thread.java:761) 
               Caused by: java.io.IOException: Cannot run program "adb shell top": error=13, Permission denied
                  at java.lang.ProcessBuilder.start(ProcessBuilder.java:983)
                  at com.example.matant.cmdlineapp.MainActivity$RunningTopCommand.doInBackground(MainActivity.java:62)
                  at com.example.matant.cmdlineapp.MainActivity$RunningTopCommand.doInBackground(MainActivity.java:36) 
                  at android.os.AsyncTask$2.call(AsyncTask.java:305) 
                  at java.util.concurrent.FutureTask.run(FutureTask.java:237) 
                  at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:243) 
                  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133) 
                  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607) 
                  at java.lang.Thread.run(Thread.java:761) 
               Caused by: java.io.IOException: error=13, Permission denied
                  at java.lang.UNIXProcess.forkAndExec(Native Method)
                  at java.lang.UNIXProcess.<init>(UNIXProcess.java:133)
                  at java.lang.ProcessImpl.start(ProcessImpl.java:128)
                  at java.lang.ProcessBuilder.start(ProcessBuilder.java:964)
                  at com.example.matant.cmdlineapp.MainActivity$RunningTopCommand.doInBackground(MainActivity.java:62) 
                  at com.example.matant.cmdlineapp.MainActivity$RunningTopCommand.doInBackground(MainActivity.java:36) 
                  at android.os.AsyncTask$2.call(AsyncTask.java:305) 
                  at java.util.concurrent.FutureTask.run(FutureTask.java:237) 
                  at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:243) 
                  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133) 
                  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607) 
                  at java.lang.Thread.run(Thread.java:761) 

我正在执行的代码是:

protected Void doInBackground(String... params) {
        //Execution en BackGround
        Log.d("BACKGROUND", "START");
        Log.d("BACK PARAM 0", params[0]);
        //Log.d("BACK PARAM 1", params[1]);

        try {
            // Executes the command.
            //Process process = Runtime.getRuntime().exec("adb version");
            ProcessBuilder processBuilder = new ProcessBuilder("adb shell top");
            Process process = processBuilder.start();

            // Reads stdout.
            // NOTE: You can write to stdin of the command using
            //       process.getOutputStream().
            BufferedReader reader = new BufferedReader(
                    new InputStreamReader(process.getInputStream()));

            int read;
            char[] buffer = new char[4096];
            StringBuffer output = new StringBuffer();
            while ((read = reader.read(buffer)) > 0) {
                output.append(buffer, 0, read);
                Log.d("reader val: ",output.toString());
                publishProgress(output.toString());
            }
            reader.close();

            return null;

        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

Answer 1

来自this

/sys and /proc are well known for leaking side channel information about processes, information which can be used to infer state about the processes. For instance, it's been documented for years that /proc access can be used to monitor for app launching, enabling phishing attacks.

因此，随着 N 的发布，开发团队有意限制了 /sys 和 /proc 的访问。如果我没记错的话，adb top 命令也仅依赖于 /proc 状态的读取。我认为，因此不可能通过 ProcessBuilder 执行 top 命令，而不会遇到从 Android N 开始的权限被拒绝错误。