Android系統不光在host上為我們提供瞭一些好用的命令, 同時device也有一些隱藏著的命令, 通常它是被系統調用,但是由於權限設置的原因, 普通的進程也能通過命令行去使用它們.
比如,我之前提到的<Android性能測試工具之dumpsys>https://www.aiwalls.com/kf/201203/125340.html 及<Android調試工具之adbs>https://www.aiwalls.com/kf/201203/125341.html
在device中, 有一個service命令, 可以看到當前所有的service, 同時也可以使用它來往一些activity發送一些信息
如下所示, service的用法
[plain]
root@android:/ # service
Usage: service [-h|-?]
service list
service check SERVICE
service call SERVICE CODE [i32 INT | s16 STR] …
Options:
i32: Write the integer INT into the send parcel.
s16: Write the UTF-16 string STR into the send parcel.
當前運行的service
[plain]
root@android:/ # service list
Found 61 services:
0 sip: [android.net.sip.ISipService]
1 phone: [com.android.internal.telephony.ITelephony]
2 iphonesubinfo: [com.android.internal.telephony.IPhoneSubInfo]
3 simphonebook: [com.android.internal.telephony.IIccPhoneBook]
4 isms: [com.android.internal.telephony.ISms]
5 nfc: [android.nfc.INfcAdapter]
6 samplingprofiler: []
7 diskstats: []
8 appwidget: [com.android.internal.appwidget.IAppWidgetService]
9 backup: [android.app.backup.IBackupManager]
10 uimode: [android.app.IUiModeManager]
11 usb: [android.hardware.usb.IUsbManager]
12 audio: [android.media.IAudioService]
13 wallpaper: [android.app.IWallpaperManager]
14 dropbox: [com.android.internal.os.IDropBoxManagerService]
15 search: [android.app.ISearchManager]
16 country_detector: [android.location.ICountryDetector]
17 location: [android.location.ILocationManager]
18 devicestoragemonitor: []
19 notification: [android.app.INotificationManager]
20 mount: [IMountService]
21 throttle: [android.net.IThrottleManager]
22 connectivity: [android.net.IConnectivityManager]
……
使用service的phone來打電話
[plain]
root@android:/ # service call phone <span style="color:#FF0000;">2</span> s16 "123"
Result: Parcel(00000000 '….')
此時, 就直接撥號瞭:), 但是這裡註意, 緊急號碼在這裡是不work的.
下面再來一個用來發短信的
[plain]
root@android:/ # service call isms <span style="color:#FF0000;">4</span> s16 "12345678" s16 "" s16 "hello world!" s16 "" s16 ""
下面就說一下原理
大傢先找到代碼frameworks/base/telephony/java/com/android/internal/telephony/ITelephony.aidl和ISms.aidl,
這兩個文件都是給OEM廠商集成用的, 代碼我這裡就不貼瞭,細心的童鞋一眼就能看出來, 上面的"2", "4"就是指定瞭是哪一個函數
比如, 2 就是
[plain]
/**
* Place a call to the specified number.
* @param number the number to be called.
*/
void call(String number);
4就是
[plain]
/**
* Send an SMS.
*
* @param smsc the SMSC to send the message through, or NULL for the
* default SMSC
* @param text the body of the message to send
* @param sentIntent if not NULL this <code>PendingIntent</code> is
* broadcast when the message is sucessfully sent, or failed.
* The result code will be <code>Activity.RESULT_OK<code> for success,
* or one of these errors:<br>
* <code>RESULT_ERROR_GENERIC_FAILURE</code><br>
* <code>RESULT_ERROR_RADIO_OFF</code><br>
* <code>RESULT_ERROR_NULL_PDU</code><br>
* For <code>RESULT_ERROR_GENERIC_FAILURE</code> the sentIntent may include
* the extra "errorCode" containing a radio technology specific value,
* generally only useful for troubleshooting.<br>
* The per-application based SMS control checks sentIntent. If sentIntent
* is NULL the caller will be checked against all unknown applications,
* which cause smaller number of SMS to be sent in checking period.
* @param deliveryIntent if not NULL this <code>PendingIntent</code> is
* broadcast when the message is delivered to the recipient. The
* raw pdu of the status report is in the extended data ("pdu").
*/
void sendText(in String destAddr, in String scAddr, in String text,
in PendingIntent sentIntent, in PendingIntent deliveryIntent);
所以, 以後要想在後臺發短信,打電話,可以直接調用Java的Runtime Exec來調用service提供的命令, 這樣就可以部分繞過framework中的一些java service, 而直接跟更底層的c++/C實現的service直接交互:)
摘自 Melody_lu123
