search

Genymobile / scrcpy

Display and control your Android device
Apache License 2.0
108.56k stars 10.45k forks source link

If can bindService or startService ? #3531

Open hytTony opened 1 year ago

hytTony commented 1 year ago

`private static Context getContext(){ try { Class<?> activityThreadClass = Class.forName("android.app.ActivityThread"); Constructor<?> activityThreadConstructor = activityThreadClass.getDeclaredConstructor(); activityThreadConstructor.setAccessible(true); Object activityThread = activityThreadConstructor.newInstance();

        // ActivityThread.sCurrentActivityThread = activityThread;
        Field sCurrentActivityThreadField = activityThreadClass.getDeclaredField("sCurrentActivityThread");
        sCurrentActivityThreadField.setAccessible(true);
        sCurrentActivityThreadField.set(null, activityThread);

        // ActivityThread.AppBindData appBindData = new ActivityThread.AppBindData();
        Class<?> appBindDataClass = Class.forName("android.app.ActivityThread$AppBindData");
        Constructor<?> appBindDataConstructor = appBindDataClass.getDeclaredConstructor();
        appBindDataConstructor.setAccessible(true);
        Object appBindData = appBindDataConstructor.newInstance();

        ApplicationInfo applicationInfo = new ApplicationInfo();
        applicationInfo.packageName = "com.xhuwei.firstview";
        applicationInfo.theme = R.style.AppTheme;

        // appBindData.appInfo = applicationInfo;
        Field appInfoField = appBindDataClass.getDeclaredField("appInfo");
        appInfoField.setAccessible(true);
        appInfoField.set(appBindData, applicationInfo);

        // activityThread.mBoundApplication = appBindData;
        Field mBoundApplicationField = activityThreadClass.getDeclaredField("mBoundApplication");
        mBoundApplicationField.setAccessible(true);
        mBoundApplicationField.set(activityThread, appBindData);

        Method getSystemContextMethod = activityThreadClass.getDeclaredMethod("getSystemContext");
        Context ctx = (Context) getSystemContextMethod.invoke(activityThread);
        Ln.i(ctx.toString());

        return ctx;
    } catch (Throwable throwable) {
        // this is a workaround, so failing is not an error
        Ln.d("Could not fill app info: " + throwable.getMessage());
        return null;
    }
}`

`private static void bindAIDLService(){ try{ Context context = getContext(); /Intent intent = new Intent(); intent.setPackage("com.xhuwei.firstview"); intent.setAction("org.xhuwei.shixun.RemoteService"); context.bindService(intent, connection, context.BIND_AUTO_CREATE);/

        Intent service = new Intent(context, RemoteService.class);
        context.startService(service);
    }catch (Exception e){
        Ln.e("bindAIDLService : " + e.toString());
        e.printStackTrace();
    }
}`

bindService and startService got errors: java.lang.SecurityException: Unable to find app for caller android.app.IApplicationThread$Stub$Proxy@f838900 (pid=9750) when binding service Intent { act=org.xhuwei.shixun.RemoteService pkg=com.xhuwei.firstview }

java.lang.SecurityException: Unable to find app for caller android.app.IApplicationThread$Stub$Proxy@680d95b (pid=2246) when starting service Intent { cmp=android/com.xhuwei.firstview.RemoteService }

How to do this ? Thanks!

twaik commented 1 year ago
  1. Context created this way is not full. You can not use it for sending intents.
  2. Android will not start service if apk is not installed via package manager (pm). There is no way to bypass this security restriction.
hytTony commented 1 year ago
  1. Context created this way is not full. You can not use it for sending intents.
  2. Android will not start service if apk is not installed via package manager (pm). There is no way to bypass this security restriction.

OK, thanks. I try to use ContentProvider in stead of this

twaik commented 1 year ago

@rom1v I think this issue can be closed.