铭望法律知识 > 法律条款 > 文章页

ColorOS短信漏洞修复方案

文章正文

发布时间：2025-11-16 23:42

介绍短信修复方案的代码细节

https://github.com/yuuouu/ColorOS-CVE-2025-10184

拦截应用调用android.content.ContentResolver中的update方法

判断是否为系统应用

判断插入的Uri是否需要拦截

弹toast提示用户短信漏洞正在被利用

将调用信息记录到log文件

1 拦截应用调用 update XposedBridge.hookAllMethods(ContentResolver::class.java, "update", object: XC_MethodHook() { override fun beforeHookedMethod(param: MethodHookParam) { } }) 2 判断是否为系统应用 private fun isSystemAppByUid(context: Context): Boolean { return try { val uid = Binder.getCallingUid() val pm = context.packageManager val packages = pm.getPackagesForUid(uid) ?: return false for (pkg in packages) { val appInfo = pm.getApplicationInfo(pkg, 0) if ((appInfo.flags and ApplicationInfo.FLAG_SYSTEM) != 0 || (appInfo.flags and ApplicationInfo.FLAG_UPDATED_SYSTEM_APP) != 0) { return true } } false } catch (e: Throwable) { XposedBridge.log("ContentResolverGuard isSystemAppByUid error: $e") false } } 3 判断Uri是否需要拦截 val allowedUris = setOf("content://service-number/service_number", "content://push-mms/push", "content://push-shop/push_shop") if (uri.toString() !in allowedUris) { XposedBridge.log("ContentResolver uri $uri not in target list, skip") return } 4 弹toast提示 private fun notifyUser(context: Context, packageName: String) { val now = System.currentTimeMillis() if (now - oldTime < RATE_LIMIT_MS) { XposedBridge.log("ContentResolverGuard skip notifyUser for $packageName, ${(now - oldTime)}ms since last") return } oldTime = now val message = "${packageName}正在获取短信漏洞" Handler(Looper.getMainLooper()).post { try { Toast.makeText(context, message, Toast.LENGTH_LONG).show() } catch (throwable: Throwable) { XposedBridge.log(throwable) } } } 5 将调用信息记录到log文件 private fun logAttempt(context: Context, packageName: String, uri: String, values: String) { try { val externalDir = context.getExternalFilesDir(null) val logFile = File(externalDir, "yuu.log") val formatter = SimpleDateFormat("yyyy-MM-dd HH:mm:ss", Locale.getDefault()) val time = formatter.format(Date()) FileWriter(logFile, true).use { writer -> writer.append(time).append(" ").append(packageName).append(", uri:").append(uri).append(", values:").append(values).append('\n') XposedBridge.log("ContentResolverGuard logAttempt file=${logFile.absolutePath}") } } catch (e: Exception) { XposedBridge.log("ContentResolverGuard logAttempt error: $e") } }

具体代码

免费评分参与人数 8吾爱币 +15 热心值 +7 理由