-
-
[原创]结合init源码剖析android root提权漏洞(CVE-2010-EASY)
-
发表于:
2011-9-4 21:41
19194
-
[原创]结合init源码剖析android root提权漏洞(CVE-2010-EASY)
转载请注明出处:152K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3S2A6i4K6u0W2j5X3q4A6k6s2g2Q4x3X3g2U0L8$3#2Q4x3V1k6S2L8X3c8J5L8$3W2V1K9r3q4U0K9$3g2J5i4K6u0r3j5X3I4G2k6#2)9J5c8X3W2@1k6h3#2Q4x3V1j5#2z5h3k6S2j5h3u0X3k6r3p5K6y4r3t1%4x3h3j5#2y4K6M7H3z5h3b7%4x3o6N6Q4x3X3g2Z5N6r3#2D9
这篇文章是上一篇博客的后续分析,主要介绍向init进程发送热拔插信息后init进程的处理流程
首先我们来了解一个数据结构,uevent,如下
struct uevent {
const char *action;
const char *path;
const char *subsystem;
const char *firmware;
int major;
int minor;
};
static void parse_event(const char *msg, struct uevent *uevent)
{
while(*msg) {
if(!strncmp(msg, "ACTION=", 7)) {
msg += 7;
uevent->action = msg;
} else if(!strncmp(msg, "DEVPATH=", 8)) {
msg += 8;
uevent->path = msg;
} else if(!strncmp(msg, "SUBSYSTEM=", 10)) {
msg += 10;
uevent->subsystem = msg;
} else if(!strncmp(msg, "FIRMWARE=", 9)) {
msg += 9;
uevent->firmware = msg;
} else if(!strncmp(msg, "MAJOR=", 6)) {
msg += 6;
uevent->major = atoi(msg);
} else if(!strncmp(msg, "MINOR=", 6)) {
msg += 6;
uevent->minor = atoi(msg);
}
while(*msg++);
}
}
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
