我们在进行Android组件安全测试时,如果遇到声明了权限的组件,在编写PoC时,可能会遇到如下错误提示:
INSTALL_FAILED_DUPLICATE_PERMISSION perm=com.myapp.permission.C2D_MESSAGE pkg=com.myapp
假设申明权限的manifest文件如下:
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE"/> <uses-permission android:name="com.yourpackage.name.permission.C2D_MESSAGE"/> <permission android:name="com.yourpackage.name.permission.C2D_MESSAGE" android:protectionLevel="normal"/> <permission android:name="com.yourpackage.name.permission.MAPS_RECEIVE" android:protectionLevel="normal"/>
我们需要把它修改为:
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE"/> <uses-permission android:name="${applicationId}.permission.C2D_MESSAGE"/> <permission android:name="${applicationId}.permission.C2D_MESSAGE" android:protectionLevel="normal"/> <permission android:name="${applicationId}.permission.MAPS_RECEIVE" android:protectionLevel="normal"/>
然后在build.gradle文件中设置applicationId:
android { compileSdkVersion 28 defaultConfig { applicationId "com.attack.provider" minSdkVersion 15 targetSdkVersion 28 versionCode 1 versionName "1.0" testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner" } buildTypes { release { minifyEnabled false proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro' } } }