最近公司要折腾系统通话录音,先写个录音Demo试试水。结果在运行代码的时候提示录音权限不足,一看原来这个是只能系统调用的权限类型。
recorder.setAudioSource(MediaRecorder.AudioSource.VOICE_CALL);
java.lang.RuntimeException: start failed.
at android.media.MediaRecorder.start(Native Method)
at com.dimowner.audiorecorder.audio.recorder.AudioRecorder.startRecording(AudioRecorder.java:81)
at com.dimowner.audiorecorder.app.AppRecorderImpl.startRecording(AppRecorderImpl.java:229)
没办法了上Xposed吧,然后自己写了个插件Hook权限检验代码,但是用IXposedHookLoadPackage死活抓不到系统Service实力。研究了下源码才知道IXposedHookLoadPackage是在加载App的时候才调用,根本走不到系统Service的进程中,果断换IXposedHookZygoteInit。具体代码如下
public class MainHook implements IXposedHookZygoteInit {
@Override
public void initZygote(StartupParam startupParam) throws Throwable {
XposedHelpers.findAndHookMethod("android.app.ActivityThread", null, "systemMain", new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
super.beforeHookedMethod(param);
System.out.println("gscgsc beforeHookedMethod");
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
super.afterHookedMethod(param);
System.out.println("gscgsc afterHookedMethod");
final Class<?> clazz;
clazz = XposedHelpers.findClass("com.android.server.am.ActivityManagerService$PermissionController", Thread.currentThread().getContextClassLoader());
System.out.println("gscgsc" + "clazz " + clazz.toString());
XposedHelpers.findAndHookMethod(clazz, "checkPermission", String.class, int.class, int.class, new XC_MethodHook() {
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
System.out.println("gscgsc afterHookedMethod ActivityManagerService" + param.method.getName());
param.setResult(true);
}
});
}
});
}
}
加载完插件后记得重启手机,因为这个是hook android系统启动时的systemMain方法。同理这段代码修改下目标可以hook其他系统Service
