ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

Android bug hunting from finding bugs to getting bounty 2017-06-03

?Download as PPT, PDF?
?
Jun LI
Jun LI

In the talk Hanxiang Wen talks about how to hunt bugs in Android and how to report bugs to affected vendors to get the bounty money

1 of 27
Downloaded 11 times
Hanxiang Wen C0RE Team 2017.06.03 Vulnerabilities In Android
About Me & C0RE Team ¨C Hanxiang Wen, ÎÂå«Ïè (arnow117) ? Security researcher @ C0RE Team ? Focus on Android vulnerability research and exploit development ¨C C0RE Team ? A security-focused group started in mid-2015, with a recent focus on the Android/Linux platform ? The team aims to discover zero-day vulnerabilities, develop proof-of-concept and exploit ? 118 public CVEs for AOSP and Linux Kernel currently ? Android op researcher team for submitting high quality reports to Google VRP.
Agenda ? Android Vulnerabilities Overview ? Common Vulnerabilities Type ? Some Examples ? AOSP ? Kernel ? How 2 Report ? More profit ?
Android Vulnerabilities Overview Statistics by layer (2017/01-2017/05)
Common Vulnerabilities Type ? Heap/Stack Overflow (CVE-2017-0541) ? Integer Overflow (CVE-2017-0597)
? Type Confusion (CVE-2017-0546) ? NPD (Null Pointer Dereference) (CVE-2016-6765) Common Vulnerabilities Type
? TOCTOU (Time Of Check Time Of Use) (CVE-2017-0419) ? Missing Permission Check (CVE-2017-0490) Common Vulnerabilities Type
AOSP Vulnerabilities Overview ? Based on Vulnerabilities Position ? System services ? Frameworks libraries ? 3rd-party / Cross-platform libraries ? Vendor¡¯s libraries ? Based on Trigger Path ? Local Binder IPC with privileged process ? Parsing file in privileged/unprivileged process
AOSP Vulnerabilities Overview Statistics of remote problems in AOSP (2017/01-2017/05)
Kernel Vulnerabilities Overview ? Based on vulnerabilities Position ? Subsystem (filesystem, network, memory) ? Drivers (Qualcomm, MediaTek, Nvidia) ? Based on Trigger Path ? Multiple file operations on a file descriptor which relates to a device node.
Kernel Vulnerabilities Overview Statistics of problems in Android Kernel (2017/01-2017/05)
Binder Looking into Source Code: BpRefbase --- IInterface --- BBinder Bpxxx --- Ixxx --- Bnxxx
? Elevation of Privilege Vulnerabilities in libstagefright ? Type: OOB (Out Of Boundary) ? Severity: High CVE-2015-6620 Boom !
Kernel Overview
? Elevation of privilege vulnerability in Realtek sound driver ? Type: UAF (Use After Free) ? Severity: High CVE-2017-0444
? Heap/Stack Overflow (CVE-2017-0541) ? Integer Overflow (CVE-2017-0597) ? UAF (CVE-2017-0744) ? OOB (CVE-2015-6620) ? Type Confusion (CVE-2017-0546) ? TOCTOU (CVE-2017-0419) ? Missing Permission Check (CVE-2017-0490) ? NPD (CVE-2016-6765) Common Vulnerabilities Type
Crash Crash ! ? Trigger Path ? POC/Exploit ? Internal Severity ? Target process ? Persistence of effect ? Crash logs on up-to-date device ? AOSP: logcat |grep ¡°DEBUG¡± ? kernel: last_kmsg ? kernel: adb bugreport
How 2 Report ? Report Vulnerability ? Issue description ? Additional repro steps ? Crash dumps ? Attachment (buildable POC) ? Rewards Program ? Pixel and Pixel XL ? Pixel C ASAP !!! https://sites.google.com/site/bughunteruniversity/improve/ho w-to-submit-an-android-platform-bug-report
Report Timeline
Response Speed
Response Speed
Rating Rating Reduce Rating Reduce Constrained process DOS Arbitrary code execution Unprivileged process Remote Unprivileged process Privileged process Trusted Execution Environment Access data Permission bypass Critical High Moderate Low TCB Rating Reduce temporary permanent Vulnerability Severity
Rating Rating Reduce Rating Reduce Constrained process Vulnerability Severity https://source.android.com/security/overview/updates-resources DOS Arbitrary code execution Unprivileged process Remote Unprivileged process Privileged process Trusted Execution Environment Access data Permission bypass Critical High Moderate Low TCB Rating Reduce temporary permanent
More Profit ? https://www.google.com/about/appsecurity/android-rewards/ Severity Complete Report* + PoC Payment range (if report includes an exploit leading to Kernel compromise)** Payment range (if report includes an exploit leading to TEE compromise)** Critical Required Up to $150,000 Up to $200,000 High Required Up to $75,000 Up to $100,000 Moderate Required Up to $20,000 Up to $35,000 Low Required Up to $330 Up to $330 Severity Bug Report* + Proof of concept + CTS + patch Bug Report* + Proof of concept + (CTS or patch) Bug Report* + Proof of concept Critical $8,000 $7,000 $6,000 High $4,500 $3,500 $2,500 Moderate - - $1,000 Low - - $333 Patch and CTS tests submissions may qualify for a reward up to $1000 each
Security CTS CTS (Compatibility Test Suite) : ?Path: cts/tests/tests/security ?Android's Code Style Guidelines ?AOSP's master branch https://source.android.com/compatibility/cts/ ~/$:make -j4 cts ~/$:out/host/linux-x86/bin/cts-tradefed cts > run cts ¨Cm CtsSecurityTestCases -t android.security.cts.<YourTestCases>
CVE-2017-0564,CVE-2017-0483,CVE-2017-0526,CVE-2017-0527,CVE-2017-0333,CVE-2017-0479,CVE-2017-0480, CVE-2017-0450,CVE-2017-0448,CVE-2017-0436,CVE-2017-0444,CVE-2017-0435,CVE-2017-0429,CVE-2017-0428, CVE-2017-0425,CVE-2017-0418,CVE-2017-0417,CVE-2017-0402,CVE-2017-0401,CVE-2017-0400,CVE-2017-0398, CVE-2017-0385,CVE-2017-0384,CVE-2017-0383,CVE-2016-10291,CVE-2016-8481,CVE-2016-8480,CVE-2016-8449, CVE-2016-8435,CVE-2016-8432,CVE-2016-8431,CVE-2016-8426,CVE-2016-8425,CVE-2016-8400,CVE-2016-8392, CVE-2016-8391,CVE-2016-6791,CVE-2016-6790,CVE-2016-6789,CVE-2016-6786,CVE-2016-6780,CVE-2016-6777, CVE-2016-6775,CVE-2016-6765,CVE-2016-6761,CVE-2016-6760,CVE-2016-6759,CVE-2016-6758,CVE-2016-6746, CVE-2016-6736,CVE-2016-6735,CVE-2016-6734,CVE-2016-6733,CVE-2016-6732,CVE-2016-6731,CVE-2016-6730, CVE-2016-6720,CVE-2016-3933,CVE-2016-3932,CVE-2016-3909,CVE-2016-5342,CVE-2016-3895,CVE-2016-3872, CVE-2016-3871,CVE-2016-3870,CVE-2016-3857,CVE-2016-3844,CVE-2016-3835,CVE-2016-3825,CVE-2016-3824, CVE-2016-3823,CVE-2016-3774,CVE-2016-3773,CVE-2016-3772,CVE-2016-3771,CVE-2016-3770,CVE-2016-3765, CVE-2016-3747,CVE-2016-3746,CVE-2016-2486,CVE-2016-2485,CVE-2016-2484,CVE-2016-2483,CVE-2016-2482, CVE-2016-2481,CVE-2016-2480,CVE-2016-2479,CVE-2016-2478,CVE-2016-2477,CVE-2016-2452,CVE-2016-2451, CVE-2016-2450,CVE-2016-2449,CVE-2016-2448,CVE-2016-2442,CVE-2016-2441,CVE-2016-2437,SVE-2016-5393, CVE-2015-1805,CVE-2016-0826,CVE-2016-0804,CVE-2015-8681,CVE-2015-8318,CVE-2015-8307,CVE-2015-5524, CVE-2015-8089,CVE-2015-3869,CVE-2015-3868,CVE-2015-3865,CVE-2015-3862,CVE-2015-0573,CVE-2015-0568 Q&A Thanks !
Response Speed AOSP Kernel Vendors

More Related Content

Android bug hunting from finding bugs to getting bounty 2017-06-03

Editor's Notes

  • #2: ´ó¼ÒºÃ£¬ÎÒÊǽñÌìµÄÑݽ²ÕßÎÂå«Ï裬ÎÒ´øÀ´µÄ·ÖÏíÊÇ´¡²Ô»å°ù´Ç¾±»åϵͳ©¶´ÍÚ¾ò´ÓÈëÃŵ½ÍÚ¶´µ½»ã±¨µ½Äý±½ðµÄÕû¸öÁ÷³Ì¡£
  • #3: ÏÈ×öÒ»ÏÂ×ÔÎÒ½éÉÜ£¬ÎÒ½ÐÎÂå«Ï裬ÊÇÈ¥Äê¼ÓÈëC0RE TeamµÄгÉÔ±£¬µ±Ç°Ñо¿·½ÏòÊÇAOSP©¶´ÍÚ¾òÓ멶´ÀûÓᣠÔÙÀ´½éÉÜÒ»ÏÂÎÒÃÇÍŶӡ£C0RE Team³ÉÁ¢ÓÚ2015ÄêÖУ¬Á¥ÊôÓÚ360ÎÞÏß°²È«Ñо¿Ôº¡£Ö÷Òª·½ÏòÊÇÑо¿AndroidÓëLinuxÄں˰²È«¡£ÍŶÓÄ¿±êÊÇ·¢ÏÖAndroidÒÔ¼°linuxÄں˵ݲȫÎÊÌâ¡£·¢ÏÖ²¢Ìύ©¶´£¬²¢ÇÒÄܶÔÄܹ»ÀûÓõÄÌáȨ©¶´ÖÆ×÷root·½°¸£¬Îª360³¬¼¶rootÌṩroot¼¼ÊõÖ§³Å¡£¡£ÔÚ17ÄêÎåÔ·Ý֮ǰÎÒÃÇÒ»¹²´ÓGoogle´¦»ñµÃÁË118¸ö¹«¿ªµÄCVE±àºÅ¡£¾ÍÔÚÉϸöÔÂÖÐÑ®£¬ÎÒÃÇÊÕµ½Google VRPµÄ֪ͨ£¬ÎÒÃÇÊÇ16ÄêÖÐ-17ÄêÖеÄ×î¼Ñ°²È«Ñо¿ÍŶӣ¬Õâ¸öÊâÈÙ½ñÄêÖ»ÓÐÒ»¸ö£¬¸øÁËÎÒÃÇ¡£
  • #4: ½ñÌìµÄÑݽ²£¬Ö÷ÒªµÄÄ¿µÄÊÇΪÁËÈôó¼Ò¶Ô´¡²Ô»å°ù´Ç¾±»å©¶´ÍÚ¾òÓÐÒ»¸ö³õ²½µÄÁ˽⣬°üÀ¨³£¼ûµÄ©¶´ÀàÐÍ£¬´¥·¢Â·¾¶£¬ÒÔ¼°¼¸¸öʵÀý¡£»¹ÓоÍÊÇ·¢ÏÖ©¶´ºó¸ÃÔõôÌá½»£¬ÈçºÎ»ñµÃ¸ü¶àµÄÉͽð¡£ÄÚÈݱȽϻù´¡ÊµÓá£
  • #5: Ê×ÏȽ²½²µ±Ç°´¡²Ô»å°ù´Ç¾±»å©¶´µÄ¸Å¿ö£¬¾­¹ýÈ¥ÄêµÄ´¡²Ô»å°ù´Ç¾±»å©¶´´óÍÚ¾ò£¬´¡°¿³§±Ê©¶´°üÀ¨¹¥»÷Ã涼¼õÉÙÁ˲»ÉÙ£¬ÄÚºËÖÐÓÉÓÚÒ²°üº¬Á˳§É̵ÄÇý¶¯ÎÊÌ⣬ËùÒԳҴǴDzµ±ô±ðÒ²»áÈÏ£¬ËùÒÔ±¨¸æµÄ°­±ð°ù²Ô±ð±ôµÄ©¶´³ÊÉÏÉýÇ÷ÊÆ¡£ÕâÊÇÎÒÃÇÄÚ²¿Í³¼ÆµÄ17Äê1Ô·ݵ½5Ô·ݵÄ©¶´ÊýÁ¿Çé¿ö¡£¿ÉÒÔ¿´µ½°ì±ð°ù²Ô±ð±ô©¶´ÊýÁ¿±È´¡°¿³§±ÊµÄÒª¶à¡£µ«ÊÇÆäʵ´¡°¿³§±ÊÖеÄ©¶´Ò²ÖÖÀàÆëÈ«Ò»Ñù²»ÉÙ£¬ÏÂÃæÎÒÃÇÀ´¿´¿´´¡²Ô»å°ù´Ç¾±»åÖеij£¼û©¶´ÀàÐÍ¡£
  • #6: ÏÂÃæÀ´½²Ò»¼þAndroidÖеij£¼û©¶´ÀàÐÍ£¬Ê×ÏÈÊǶÑ/Õ»Òç³ö¡£±ÈÈçÕâ¸öÀý×Ó£¬2017-0541£¬ÕâÊǸöXMFÎļþ½âÎöʱºòµ¼ÖµÄÕ»Òç³ö©¶´£¬¿ÉÒÔ¿´µ½ÕâÀïÃæcheckµÄÊÇstackpointerÕâ¸öÖ¸Õ룬ȻºóÒÔÕâ¸öÖ¸ÕëµÄÖµ¼ÓÒ»×÷ΪË÷Òý¶ÔÊý×é½øÐзÃÎÊÁË£¬µ«ÊDz¢Ã»ÓÐcheck stack+1µÄÖµÊDz»Êǵ½´ïÁË×î´ó³¤¶È¡£Èç¹û+1ºóµ½´ïÁ˵Ļ°£¬¾Í»áµ¼ÖÂÒ»¸öÕ»Òç³öµÄÎÊÌ⣻ ÏÂÃæÕâ¸öÊÇÕûÐÎÒç³ö£¬¹¹ÔìTrackBase¶ÔÏóµÄʱºò´«ÈëµÄ²ÎÊýframecountûÓкܺõÄУÑ飬µ¼ÖÂbuffersize¿ÉÒÔ±»Òç³ö±ä³ÉÒ»¸ö½ÏСµÄÖµ£¬Õâ¸öÒç³öºóµÄbuffersizeºóÃæ±»ÓÃ×÷ÉêÇëһƬºÜСµÄmemory£¬ÄÇô¶ÔÕâ¿émemoryµÄ·ÃÎʾͶ¼»á³öÎÊÌâÁË¡£ ÕâÀïÌáһϣ¬stagefrightÄÇÒ»Åú©¶´ºóAndroid¸øºÜ¶à½âÂë¿âÒÔ¼°mediaserver¶¼ÓÃclang±àÒë²¢´ò¿ªÁËÕûÐÎÒç³ö¼ì²âµÄ±àÒëÑ¡Ïî¡£ËùÒÔÕâÑùµÄ©¶´ÔÚ×îаæÒѾ­±»»º½â²»ÉÙ¡£
  • #7: Õâ¸ö©¶´ÊÇÒ»¸öÀàÐÍ»ìÏý©¶´£¬stateÊÇÎÒÃÇÄÜ¿ØÖƵÄÒ»¸öÏòÁ¿ÒýÓã¬sÖеÄclient¶ÔÏóÊÇÒ»¸öIbinder¶ÔÏóµÄÖ¸Õ룬¼ÈÈ»ÊÇÖ¸Õ룬ÄÇô¾Í²»ÄÜËæ±ã×öÀàÐÍת»»£¬ÄÇôת»»֮ǰ£¬¼ì²éÒ»ÏÂÕâ¸öÖ¸ÕëÖ¸Ïò¶ÔÏóµÄ½Ó¿ÚÉùÃ÷°É£¬¿´ÉÏȥû벡¡£¿ÉÊÇ¿´Ò»Ï£¬½Ó¿ÚÉùÃ÷ÊÇÒ»¸ö×Ö·û´®¡£ÎÒÃÇ¿ÉÒÔ¹¹ÔìÒ»¸ö¶ÔÏó£¬Ò²È¥ÉùÃ÷Âú×ãÐèÇóµÄ½Ó¿Ú£¬ÄÇô¾Í¿ÉÒÔÈƹýÕâ¸ö¼ì²é£¬Ê¹µÃclientÖ¸Õ뱻ǿתΪÁíÒ»ÖÖ²»°²È«µÄÖ¸ÕëµÄÇé¿öÁË¡£¶ø±»Ç¿×ªºóµÄclientÖ¸ÕëÔÚÖ®ºó¾Í»áµ÷Óõ½×Ô¼ºµÄÀຯÊý£¬ÓÉÓÚÐé±íµÄ²»¶ÔµÈ£¬¾Í»áµ¼ÖÂÏà¹ØÎÊÌâµÄ³öÏÖ¡£ÕâÖÖ©¶´ÔÚAndroidÖмûµÄ²»¶à£¬µ«ÊǺÜÓÐÒâ˼¡£ ÏÂÃæÕâ¸ö©¶´¿ÉÒÔ˵ËãÊÇ×î³£¼ûµÄÁË£¬¿ÕÖ¸ÕëÒýÓá£ÕâÀï¾ÙµÄÀý×ÓÊÇstagefrightÔÚЪϢMP4ÎļþʱºòÓö¼ûµÄNPD£¬Èç¹ûËûÖ±½Ó½âÎöµ½Ò»¸öbtrtÀàÐ͵Ächunk£¬ÄÇôÓÉÓÚmLastTrackÊÇÒ»¸ö¿ÕÖ¸Õ룬ÄÇô¶ÔÆäÖ¸ÏòµÄ¶ÔÏóÖеıäÁ¿µÄ·ÃÎʾÍÊÇ¿ÕÖ¸ÕëÒýÓÃÁË¡£Google×îеĩ¶´ÆÀ¶¨ÒѾ­Ò²ÊÇ°ÑNPD´ó´ó½µ¼¶£¬°Ñϵͳ·þÎñ´ò±ÀÀ£µÄNPDÒѾ­²»ÈÏÁË¡£
  • #8: ÔÙÀ´¿´Á½¸öÀàÐÍ£¬ µÚÒ»¸öTOCTOU,¾ÍÊÇʹÓÃʱ»úÓë¼ì²éʱ»ú²»Ò»Öµ¼ÖµÄÎÊÌâ¡£ÕâÀï¿´¶ÔmCblkÖеÄclientindexÓëserverindex¶¼×öÁ˼ì²é£¬¿´ÉÏȥûÎÊÌ⣬µ«ÊÇÆäʵÎÒÃÇÊÇ¿ÉÒÔͨ¹ý½ø³Ì¼äͨÐÅ¿ØÖÆmCblkÕâ¸ö¶ÔÏóµÄ£¬ËùÒÔ¿ØÖÆÆäֵͨ¹ýcheck£¬ÔÚʹÓõÄʱºòÔÙÐ޸ijÉΪ¶ñÒâµÄÖµ¾Í¿ÉÒÔÁË¡£½â¾öÕâ¸öÎÊÌâµÄ¹Ø¼ü¾ÍÊÇÔÚµÚÒ»´ÎÈ¡µ½IPC¶Ô¶ËÖµ²¢»º´æÏÂÀ´£¬¶ø²»ÊÇÿһ´Î¶¼È¥¶ÁÈ¡¡£ µÚ¶þ¸öÊÇȱÉÙȨÏÞ¼ì²é£¬ÕâÊdz£ÔÚAndroid java²ãÖдæÔÚµÄÎÊÌ⣬ÎÒÃÇÀ´¿´¿´0490Õâ¸ö©¶´¡£buildConfigÊÇwifiserviceϵÄÒ»¸ö½ø³Ì¼äͨÐźóµÄµ÷Óú¯Êý¡£ÔÚbuildconfigÖУ¬´«ÈëµÄURIÔÚ½âÎöºóÖ±½Ó±»µ÷ÓÃÁËɾ³ýdropfile¡£È±ÉÙÁËȨÏÞ¼ì²é¡£ÕâÒ»ÀàÎÊÌâÍùÍùÔÚJava²ã¶àһЩ£¬µ«ÊÇnative²ãÒ²ÓС£
  • #9: ½²ÁËÕâô¶à©¶´ÀàÐÍ£¬ÕâÀïÓм¸¸ö¶ÔÓÚAOSPÖЩ¶´µÄ¹æÂÉ¡£Í¨¹ýÁ½¸ö·½ÃæÀ´½²¡£ Ò»·½ÃæÊÇ©¶´Ô´ÂëλÖã¬Ö÷ÒªÊÇÔÚϵͳ·þÎñÖбÈÈçmediaplayerservice£¬audioflinger£¬surfaceflingerÖ®ÀàµÄ£»¿ò¼Ü²ãµÄ¿â±ÈÈ磬libstagefright, libmedia, ÒÔ¼°omxÏà¹ØµÄ¿â£¬½ÓÏÂÀ´ÊǵÚÈý·½»òÕßÊÇ¿çƽ̨ʹÓõĿâ±ÈÈçchromeÒ²ÓõÄlibskia,»òÕßavc,hevcµÈ¸ñʽµÄ¶àýÌåÎļþ½âÎö¿â£¬ÔÙ¾ÍÊÇоƬ³§ÉÌΪÁËʹÓÃоƬ¼ÓËÙ»æͼÒÔ¼°ÒôÊÓƵ½âÂëÒ²»áʹÓÃ×Ô¼ºµÄ¿â£¬ÔÚAOSPÔ´ÂëÖиßͨÁª·¢¿ÆӢΰ´ï¶¼ÓÐ×Ô¼ºµÄ¿ªÔ´¿â¡£ ÁíÒ»¸ö·½ÃæÊdz£¼ûµÄ´¥·¢µÄ·¾¶£¬AOSPÕâ±ßÓÐÁ½Ìõ£¬Í¨¹ýbinder£¬Óë¸ßȨÏ޵Ľø³ÌͨÐÅÊÇÆäÒ»¡£ÔÙ¾ÍÊÇͨ¹ýÎļþ£¬Ê¹Ä¿±ê½ø³Ì½ø³ÌÔÚÎļþ½âÎö¹ý³ÌÖгöÏÖÎÊÌâ¡£
  • #10: Õâ¸öÊÇÎÒÃÇ×ܽáµÄ1Ôµ½ÎåÔ·ݴ¡°¿³§±Ê©¶´µÄ·Ö²¼Î»Ö㬿ÉÒÔ¿´µ½³¾±ð»å¾±²¹»¹ÊÇÕ¼Á˺ܴóÒ»¿éµÄ·Ý¶î¡£ÒòΪÒôÊÓƵ±à½âÂë¿ò¼Ü¸´ÔÓ£¬½âÂë¹ý³Ì¸´ÔÓ£¬ÇÒÓÐʱºò»áÉæ¼°µ½Ó볧¼ÒоƬ´ò½»µÀ£¬ËùÒÔÎÊÌâ²»ÔÚÉÙÊý£¬ÎÒÃÇ֮ǰ·¢ÏֵĹ¥»÷Ãæ°¿²Ñ³ÝÒ²ÊÇÊôÓÚ³¾±ð»å¾±²¹½âÂëÖеÄÒ»¸öͨÓýӿڲ㡣´ÓÎÒÃÇÏÖÔÚ©¶´ÍÚ¾òµÄÊÕ»ñÀ´¿´£¬²Ñ±ð»å¾±²¹Ïà¹ØµÄ²¿·ÖÓÉÓÚÉè¼Æ¸´ÔÓ£¬ÓÐʱ»¹ÐèÒªÓ볧¼Ò¶Ô½Ó£¬ËùÒÔÎÊÌâºÜ¶à¡£
  • #11: ½²ÁËÕâô¾ÃAOSPµÄ£¬ÕâÀïÔÙ½²Ò»½²ÄÚºËÏà¹ØµÄ£¬ÓÉÓÚÎÒÊÇ×öAOSP©¶´ÍÚ¾òµÄ£¬ËùÒÔ¶ÔÄÚºËÒ²Ö»ÊdzõѧÕߣ¬ÈçÓв»µ±£¬»¶Ó­´ó¼ÒÖ¸Õý°¡¡£ Äں˩¶´Ö÷ÒªÊÇ·ÖΪÁ½·½Ã棬ÏȽ²½²³öÎÊÌâµÄÔ´ÂëλÖá£ÎÊÌâÔ´ÂëµÄλÖÃÒ»°ãÓÐÁ½ÀàλÖ㬵ÚÒ»ÊǸ÷ÖÖ×ÓϵͳÖеĸöÎÊÌ⣬±ÈÈçÎļþ×ÓϵͳVFS£¬ÓÖ»òÕßÊÇÍøÂçÏà¹Ø×Óϵͳ£¬ÄÚ´æ¹ÜÀí×ÓϵͳµÈ¡£µÚ¶þ¸ö·½ÃæÊǽӴ¥±È½Ï¶àµÄ£¬Ò²ÊÇ´æÔÚÎÊÌâÊýÁ¿¶àµÄµØ·½£¬¼´É豸Çý¶¯£¬¸÷´ó³§É̶¼ÓÐʵÏÖ×Ô¼ºµÄÇý¶¯£¬¶øÇÒÆäÇý¶¯µÄ´úÂëÒ²ÊÇ¿ªÔ´µÄ¡£ÓÉÓÚÕⲿ·Ö´úÂëдµÄÈ˲»ÊÇGoogleµÄÔ±¹¤£¬ËùÒÔ´úÂëÖÊÁ¿Ò²ÊDzβÆë¡£ËùÒÔÎÊÌâ²¢²»ÉÙ¡£ ÔÙ½²½²Ò»°ãµÄ´¥·¢Â·¾¶£¬ÓëÄÚºËͨÐÅ£¬Ò»°ã¶¼ÊÇͨ¹ýϵͳµ÷ÓÃÒÔ¼°Óë´ò¿ªµÄÉ豸×öioctlÖ®À࣬¸´Ôӵĵط½ÊÇ´ò¿ªÉ豸ÒÔ¼°µ÷ÓÃÐèÒªÓÐʱÐòµÄ°²ÅÅ¡£
  • #12: ÕâÊÇÎÒÃÇ×ܽáµÄÒ»Ôµ½ÎåÔ·ÝÄں˩¶´µÄ³§ÉÌ·Ö²¼Çé¿ö£¬Ó¢Î°´ïÓëÁª·¢¿Æ¶¼Óв»ÉÙµÄÎÊÌâ¡£
  • #13: ÏÂÃ潫Ïêϸ½²½âÁ½¸öʵÀý£¬AOSPÓëkernel¸÷Ò»¸ö¡£ ÔÚ½²AOSP©¶´֮ǰ£¬Ïȸú´ó¼Ò˵˵binder°É£¬BinderÊÇAndroidÖвÉÓõÄÖ÷Á÷½ø³Ì¼äͨÐÅ¿ò¼Ü£¬binderͨÐŵĵײ㱾ÖÊÊÇͨ¹ý¹²ÏíͬһƬÎïÀíÄÚ´æÀ´´«µÝÊý¾Ý¡£ËùÓеÄbinderµ÷Óö¼ÊÇͨ¹ý°ÑÊý¾Ý·â×°ÔÚparcelÀïÃæÈ»ºóÐòÁл¯·¢Ë͸øbinderÇý¶¯£¬ÔÙÓÉbinderÇý¶¯·¢Ë͸ø¶Ô¶ËserviceµÄ¡£ClientΪÁ˽¨Á¢ÆðÓëÆäËûserviceµÄÁªÏµ£¬ÐèҪͨ¹ýÏòsystemserverÖеÄservice_manager·¢ËÍÇëÇóÀ´µÃµ½´úÀíÒýÓõġ£ ÔÙ´ÓÔ´ÂëµÄ½Ç¶È¿´¿´binderͨÐÅ£¬Ò»°ãserviceµÄÂß¼­´úÂëÔÚbnxxxÀàµÄʵÏÖÖУ¬ÇëÇóserviceµÄclient¶Ë´úÂëÔÚbpxxxÀàµÄʵÏÖÖС£Ò»°ã³Æclinet¶ËΪbp¶Ë,³Æservice¶ËΪbn¶Ë¡£ÕâÁ½¸öÀàͨʵÏÖÁËͬһ¸ö½Ó¿ÚIxxxÀ´±£Ö¤Ò»ÖÂÐÔ¡£Ò²¾ÍÊÇ˵Äãbp¶Ëµ÷ÓÃÁ˺¯Êýa(),ÄÇô bn¶ËÔÚ²ð°üºóÒ²»áµ÷Óú¯Êýa()£¬È»ºóÕâÈý¸öÀàÒ²¼Ì³ÐÁËÏà¹ØµÄ¸¸ÀàBpRefbase,IinterfaceÒÔ¼°Bbinder,´Ó¶øʵÏÖÁËÀûÓõײãbinder¿ò¼ÜµÄͨÐÅ¡£ËùÒÔÈç¹ûÄãÏëÕÒµ½mediaplayerserviceµÄ´¦ÀíÂß¼­´úÂ룬ÄÇô¾ÍÈ¥ÕÒBnmediaplayerserviceµÄÔ´Âë¾Í¿ÉÒÔ¡£
  • #14: ÏÂÃæÀ´¿´¿´Õâ¸öÀý×Ó£¬2015-6620£¬Õâ¸öÊÇflanker¹¨¹ãÎÒÃÇÏȺó·¢ÏÖ²¢±¨¸øGoogleµÄÊÇÒ»¸ö¾­µäµÄÔ½½ç·ÃÎʵÄÎÊÌâ¿ÉÒÔ¿´µ½getcodecinfoÕâ¸öbinder callºó,ÔÚBn¶Ë£¬Ïȼì²éÁ˽ӿÚÃû³Æ£¬È»ºó´ÓparcelÖжÁÈ¡ÁËË÷Òýindex£¬Ö®ºó¾Íµ÷ÓÃÁËbn¶ËµÄgetcondecinfo, getcondecinfoµÄ´úÂëʵÏÖÔÚBnMediaCodecListµÄ×ÓÀàMediaCodecListÖУ¬Ëù¿ÉÒÔ¿´µ½Ã»ÓжÔË÷Òý×öÈκÎУÑé¾ÍÈ¥·ÃÎÊÁËÏòÁ¿mcodecinfos¡£itemAtµÄ·µ»ØÖµÊÇÒÔÓ¦Ë÷×÷Ϊ±ãÒËÁ¿¼ÆËã³öµÄ¶ÔÏóµÄÖ¸Õë¡£ËùÒԻص½Õâ¸öbn¶ËµÄµ÷Óã¬Ö®ºóÕâ¸ö¶ÔinfoµÄµ÷ÓûáÈ¥²éÕÒËùÖ¸Ïò¶ÔÏóµÄÐé±í£¬È»ºóÕÒµ½¶ÔÓ¦µÄwritetoparcelº¯Êý£¬ËùÒÔÎÒÃǾÍÓлú»á¿ØÖÆÕâ¸öË÷ÒýÖ¸Ïòµ½ÎÒÃǶÑÅçµÄÄڴ棬´Ó¶ø¿ØÖÆÐé±íÖ¸Õ룬ÒÔ¼°³¢ÊÔ¿ØÖÆÐé±íÖеÄÄÚÈÝ£¬×îºó¿ØÖƺ¯ÊýÖ´ÐÐÁ÷³Ì¡£ Õâ¸öÊǽ«Ë÷ÒýÉèÖÃΪָÏòûÓб»Ó³ÉäµÄmemoryʱºòµÄ±ÀÀ£ÈÕÖ¾¡£
  • #15: ÏÂÃæÔÙÀ´½²Ò»¸öÄں˵ÄÀý×Ó£¬Õâ¸öÊÇÄں˵ļܹ¹¸ÅÀÀ£¬ÎÒÃÇÒª½²Â©¶´³öÏÖÔÚÉ豸Çý¶¯ÖУ¬ËùÒÔÒ²ËãÊÇÉ豸¿ØÖƵĵÄÒ»²¿·Ö¡£
  • #16: Õâ¸ö©¶´ÊÇÒ»¸öUAF©¶´£¬rt5677µÄÕâ¸öÉ豸µÄioctl´¦Àíº¯ÊýÖУ¬µ±·¢ÆðµÄÇëÇóÊÇCODEC DSPʱ£¬Èç¹ûmodel_buf£¬»áÏÈ°Ñmodel_bufÊͷŵô£¬È»ºóÔÙÉêÇëеÄÄÚ´æ¡£Ö®ºó½øÐÐcopy_from_user½«Óû§Ì¬µÄÊý¾Ý¿½±´¹ýÀ´¡£ µ«ÊǶÔmodel_bufÕâ¸ö±äÁ¿µÄ·ÃÎʲ¢Ã»ÓÐËøµÄ±£»¤¡£Ê×ÏȲ»Í¬Ï̼߳äÊǹ²Ïímodel_bufÕâ¸öÖ¸ÕëµÄ¡£ ËùÒÔµ±ÎÒÃÇÆðºÜ¶àÏ̵߳Äʱºò£¬ ¾Í¿ÉÒÔ·¢ÉúÒ»¸öioctlÏß³ÌfreeÁËmodel_buf¶øÔÚmodel_buf±»Éè³É0֮ǰ£¬ ÁíÒ»¸öÏß³ÌÓÖÉêÇëµ½ÁËÕâƬmemory£¬×¼±¸×ö±ðµÄÊÂÇé¡£ ÕâʱÁíÒ»¸öÏß³ÌÖеÄioctlÒѾ­Ö´ÐÐÁËcopy_from_user£¬ÄÇô´Ëʱ¾Í»áÏòmodel_bufËùÖ¸ÏòµÄmemory¿½±´Óû§Ì¬Êý¾Ý¡£ ÄÇôÎÒÃǾÍÄÜд»µÄ³Ð©¹Ø¼üÊý¾Ý½á¹¹£¬×îÖÕ¿ÉÄÜÔì³ÉÌáȨ¡£Õû¸ö¹ý³ÌÄѵãÔÚÓÚ¶ÔʱÐòµÄ׼ȷÅų̣¬µ«»¹ÊÇÓгɹ¦¸ÅÂʵġ£ÓÒϽÇÊǶԱ»freeµÄmemory½øÐÐcopy_from_userÊǵÄkernelÈÕÖ¾¡£
  • #17: ÖÁ´ËÎÒÃÇËùÓеij£¼û©¶´ÀàÐÍÒÔ¼°Ïà¹ØµÄÀý×ӾͶ¼½²ÍêÁË£¬´ó¼Ò¿ÉÒÔÕâÒ³×÷ΪËùÒÔȥѧϰ¡£¿û»¨±¦µä¾ÍÊÇ×Ô¼ºÀí½â©¶´µã²¢±àд±Ê°¿°ä¡£Ð´¹ýÒ»±éÖ®ºó£¬´¡²Ô»å°ù´Ç¾±»å©¶´ÍÚ¾òÒ²¾ÍÈëÃÅÁË¡£¶ÔÓÚ©¶´Ïà¹ØµÄ¸ÅÀÀºÍ·ÖÀà¾Íµ½ÕâÀïÁË¡£ÏÂÃæÀ´½²½²·¢ÏÖ©¶´ºó¸ÃÔõô×ö¡£
  • #18: ÏÂÃæÎÒÃÇÀ´½²½²µ±·¢ÏÖ©¶´ºóÐèÒª×öµÄ¼¸¼þÊÂÇ飬Ê×ÏÈÈç¹ûÄãÊÇ¿´Ô´Âë·¢ÏÖµÄÎÊÌ⣬ÐèÒª¹¹Ôì³öÒ»¸ö¿ÉÒÔµ÷Óõ½ÎÊÌâ´úÂëµÄÓÐЧµ÷Ó÷¾¶¡£ È»ºóÒÀ¾ÝÕâÌõµ÷Ó÷¾¶ÖÆ×÷POC£¬È»ºóÄ¿±ê½ø³Ì¾ÍcrashÁË Ö®ºóµÄ»°£¬¶ÔÕâ¸ö©¶´ÑÏÖØÐÔ½øÐÐÆÀ¶¨£¬Ô´ÂëÖеÄÎÊÌâ¿ÉÒÔµ¼ÖÂÄÄЩ½ø³Ì±ÀÀ££¬ÕÒ³ö×îÑÏÖصģ¬ÒÔ¼°ÕâÖÖ±ÀÀ£ÊDz»Êdz־õģ¬¼´ÐèÒªÖØÐÂË¢»ú²ÅÄܽâ¾ö¡£ »Ø´ðÁËÕâЩÎÊÌâÖ®ºóÄã¾ÍÓÐÒ»¸ö×Ô¼ºµÄ±¨¸æÁË£¬ÄÇôÔÚ±¨¸æµÄ×îºó£¬¸½ÉÏÔÚ×îÐÂAndroid°æ±¾µÄÉ豸»òÕßÐéÄâ»úÉϵıÀÀ£ÈÕÖ¾¡£ ÈçºÎ¹ýÈ¥±ÀÀ£ÈÕÖ¾ÄØ¡£AOSPµÄÊÇͨ¹ýlogcat£¬±ÀÀ£ÈÕÖ¾µÄtagÊÇ´óдµÄDEBUG,Äں˵Ļ°ÓеãÔÓÂÒ£¬µ«ÊÇÒ»°ã¾ÍÊÇÒÔÕÒµ½¶ÔÓ¦µÄ¼Ç¼last_kmsgµÄÎļþ£¬»òÕßͨ¹ýbugreportÒ²¿ÉÒÔ¡£
  • #19: ÔÚÌá½»¸øGoogleµÄ±¨¸æÖУ¬³öÏÖµÄÄÚÈÝ£¬Ö÷ÒªÓÐÈýµã£¬ÎÊÌâµÄÃèÊöÒÔ¼°´¥·¢Â·¾¶£¬±ÀÀ£ÈÕÖ¾£¬ÒÔ¼°¿ÉÒÔ¸´ÏֵĿÉÖ´ÐÐpoc,×îºÃ°ÑÔ´ÂëÒ²¸½ÉÏ¡£ ˵µ½ÕâÀÌáÒ»ÏÂGoogleµÄ©¶´½±Àø¼Æ»®£¬Googleµ±Ç°»á¸øPixelÒÔ¼°Pixel XL,Pixel CÉ豸ÖеÄ©¶´Ìṩ½±½ð½±Àø¡£ ×îºóÒ»µã£¬×öÕâÒ»ÇеÄËÙ¶ÈÒ»¶¨Òª¿ì£¬×²¶´ÊÇÒ»¼þºÜÞÏÞεÄÊÂÇé¡£¡£¡£
  • #20: ±¨ÍêÎÊÌâºó²»Òª»Å£¬Ê×ÏÈÄã»áµÃµ½issueidÒÔ¼°androidid£¬È»ºóµÈ´ý©¶´ÆÀ¼¶»òÕß±»¸æ֪ײ¶´¡£¡£¡£Õâ¶Îʱ¼äÒ»°ãÁ½ÖÜ×óÓÒ£¬²»¹ý×î½üʱ¼äÓеã¾ÃÁË¡£¡£¡£ ÔÚGoogleÈ·ÈÏÎÊÌâºó£¬Äã¿ÉÒÔ¼ÌÐøÌṩ©¶´µÄ²¹¶¡ÒÔ¼°¶ÔÓ¦µÄCTS²âÏͬʱGoogleÒ²»á¸ø³ö¶ÔÓ¦µÄCVE±àºÅ£¬ÒÔ¼°ÏòÄãÒªÖÂлÃûµ¥¡£ ×îºó¾ÍÊǸæËßÄã¿ÉÒԵõ½¶àÉÙ½±½ð£¬ÒÔ¼°ÔÚÕâ¸öԵݲȫ¸üÐÂÖÐÖÂл¡£
  • #21: Õâ¸öÊÇÎÒÃÇ×ܽáµÄ16ÄêÏò³Ò´Ç´Ç²µ±ô±ð±¨¸æ°¿²Ñ³ÝÏà¹Ø©¶´µÄʱ¼ä¼ä¸ô£¬·Ö±ðÊÇ£¬´Ó±¨¸æµ½³Ò´Ç´Ç²µ±ô±ðÈ·ÈÏ©¶´µÄʱ¼ä¼ä¸ô£¬ÒÔ¼°´ÓÈ·Èϵ½¹«¿ªµÄʱ¼ä¼ä¸ô£¬¿ÉÒÔ¿´µ½È·Èϲ¶àÈ·ÈÏÊÇ13Ìì×óÓÒ£¬¶øÐÞ¸´»ù±¾É϶¼ÊÇÁ½Èþ¸öÔºó¡£
  • #22: ÔÙÀ´¿´¿´Â©¶´ÑÏÖØÐÔ¶Ô´¦ÀíËٶȵÄÓ°Ï죬һ°ãÀ´ËµÔ½ÑÏÖصģ¬È϶¨ÒªÂýһЩ£¬µ«ÊÇÈ϶¨ºó£¬ÑÏÖصÄ©¶´ÐÞ£¬²¹ËٶȻá´ó´ó¼Ó¿ì¡£
  • #23: ÔÙÀ´¿´¿´GoogleµÄ©¶´ÆÀ¼¶È϶¨ÒÀ¾Ý£¬GoogleÒÔ©¶´µÄ´¥·¢Ô´Í·ÒÔ¼°Â©¶´Ä¿±ê½ø³ÌȨÏÞÀ´È·¶¨Â©¶´µÄÑÏÖØÐÔ¡£ËûÃÇÓÚ5ÔÂ8ºÅ¸üÐÂÁË©¶´ÆÀ¶¨ÒÀ¾Ý¡£Õâ·ùͼÊÇÎÒ×Ô¼º×ܽáµÄ©¶´ÆÀ¼¶ÒÀ¾Ýͼ£¬ÀïÃæչʾµÄÊÇÿһÖÖ©¶´ÀàÐÍÔì³É×îÑÏÖØÓ°ÏìµÄÇé¿ö¡£ÏÂÃæÀ´½²½²¼¸ÖÖ©¶´µÄ¶¨¼¶£ºÔÚ¸ßȨÏ޵Ľø³ÌÖÐÔ¶³Ì´úÂëÖ´ÐÐÊÇcritical £»¶ÔÊÖ»úµÄÔ¶³Ì³Ö¾Ã¾Ü¾ø·þÎñ¹¥»÷ÊÇcritical£¨¾ÍÊǵãÁËÒ»¸öÎļþºó£¬ÊÖ»ú¾ÍÔÙÒ²²»Õý³£¹¤×÷ÁË£¬³ýÁËË¢»ú²ÅÄܽâ¾ö£©£»¶ÔÓÚ¸ßȨÏÞ½ø³ÌµÄÔ¶³ÌȨÏÞÈƹýÒ²ÊÇcritical£»¶ÔteeµÄÔ¶³ÌÊý¾Ý·ÃÎÊÊǸßΣ£»µ«ÊÇÆäʵÔÚ±¾µØµÄÔÚteeµÄÈÎÒâ´úÂëÖ´ÐоÍÒѾ­ÊÇcritical£» ×¢Òâµ½ÕâÀïÃæµÄTCB£¬¿ÉÐżÆËã»ù´¡ÒÀÀµ£¬ÊÇÖ¸ÄÚºËÖеÄÒ»²¿·Ö£¬Ö÷ÒªÊÇÇý¶¯µÄ´úÂë¡£ÒÔ¼°ÉÙÊýµÄ¼¸¸ö±»ÈÏ×÷ÓëÄÚºËÒ»ÑùÖØÒªµÄ½ø³Ì£¬init ,user event daemonÒÔ¼°volume daemon¡£Google5ÔÂ8ºÅ½«TCB´ÓÄÚºËÖÐרÃÅÇø·Ö³öÀ´£¬È»ºó½µµÍÁËÆÀ¼¶£¬Ò²¾ÍÊÇ˵£¬ÒÔºóÇý¶¯ÖпÉÒÔÌáȨµÄÄں˩¶´£¬Ò²Ö»ÊǸßΣ¶ø²»ÊÇÑÏÖØÁË¡£¡£¡£
  • #24: ÔÙÀ´Ò»¸öÕâ¸öͼµÄʹÓõÄÀý×Ó£¬ÕâÀïÃæÊÇÔ¶³Ì´úÂëÖ´ÐУ¬Êdz¦°ù¾±³Ù¾±³¦²¹±ô£¬ÄÇô±¾µØµÄ¾ÍÊdz󾱲µ³óÁË¡£ÄÇôÈç¹ûÔ¶³ÌµÄÔÚ΢ÐÅÖеĴúÂëÖ´ÐУ¬ÄÇÒ²Êdz󾱲µ³ó¡£×îºóµÄ±ô¾±²Ô°ìÊdzҴǴDzµ±ô±ð¶ÔÕâЩ©¶´ÆÀ¼¶µÄÎÄ×ÖÃèÊö
  • #25: ½²ÁË©¶´ÆÀ¶¨¶¨¼¶£¬ÔÙÀ´¿´¿´Google¸øµÄ½±½ð¡£Android security teamÓÚÁùÔÂÒ»ºÅ¹«²¼ÁËеĽ±½ð¿ò¼Ü£¬ÕâÒ»Çл¹ÊǵÃÒæÓÚ¹¨´óʦÔÚsyscanÉ϶ÔGoogleµÄScottÌáµÄ½¨Òé¡£Google´ó´óÌá¸ßÁË©¶´ÀûÓõĽ±½ð¡£¶ÔÓÚ¶¨Îªcritical¼¶±ðµÄ©¶´ÀûÓã¬Èç¹û¿ÉÒÔÓ°Ïìµ½TEE£¬ÄÇô½±½ð¿ÉÒÔ×î¶à20Íòµ¶µÄÑù×Ó¡£ ÄÇô¶ÔÓÚûÓЩ¶´ÀûÓõÄÇéÐΣ¬GoogleÒ²ÓÐ×öһЩÐ޸ģ¬±ÈÈçËûÃÇÌá¸ßÁËcritical©¶´µÄ»ù´¡½±½ð£¬֮ǰÊÇ4000µ¶ÏÖÔÚÊÇ6000µ¶¡£HighµÄ»°Ò²ÌáÉýÁË500µ¶¡£µ«ÊǶÔÓÚpatchÒÔ¼°cts¸øµÄ¸½¼Ó½±½ðÓÐËù½µµÍ£¬×î¶àÖ»ÓÐ1000µ¶ÁË£¬²»¹ýÕâÓë֮ǰµÄcriticalûÀûÓÃÒ»¹²×î¶à¸ø8000µ¶µÄÇé¿ö»¹ÊÇÒ»Öµġ£ÄÇôҲ¾ÍÊÇ˵£¬×öÒ»¸öÍêÕûµÄ©¶´ÀûÓûáΪ½±½ð¼Ó·Ö²»ÉÙ£¬µ«ÊÇËùÃæÁٵĵÄÄѶÈÒ²²»Ð¡¡£¶øÇÒ©¶´ÀûÓÃÊôÓÚÎäÆ÷»¯µÄ¹¤³Ì£¬ÓÐʱºò¿¿Ç®¿ÉÄÜÒ²ÊÇÂò²»µ½µÄ¡£ÕâÀïÓиö½¨Ò飬ÊÇ¿ÉÒÔÏÈÌύ©¶´ÒÔ¼°poc±ÜÃâºóÆÚ±»×²¶´£¬ÔÙÌá½»¶ÔÓ¦µÄ©¶´ÀûÓá£ÄÇô½²µ½ÕâÀïÒ»Ö±ÓгöÏÖÒ»¸öÃû´ÊCTS£¬»¹¸ø½±½ð£¬ÄÇôÎÒÃÇÔÙÀ´ËµËµCTS¡£CTSÊÇAndroidÌØÓеÄÍêÕûÐÔ²âÊԵĿò¼Ü¡£Ö÷ÒªÓÃÓÚÑéÖ¤Android²Ù×÷ϵͳµÄ¹¦ÄÜÍêÕûÐÔ¡£LinkÊÇGoogle VRPµÄÆÀ¼¶ÒÀ¾ÝÎÄÕÂ
  • #26: Android ctsÔÚÔ´ÂëÖÐÓÐsecurity ctsµÄÄ£¿é£¬security cts´æÔÚµÄÄ¿µÄ¾ÍÊÇΪÁËÈ·ÈÏÕâЩ°²È«ÎÊÌⶼµÃµ½ÁËÐÞ¸´£¬ÄÇôдCTSÆäʵ¾ÍÏ൱ÓÚ°ÑÎÒÃǵÄ©¶´ÔÚctsµÄ¿ò¼ÜÖÐÔÙ³¢ÊÔ´¥·¢Ò»´Î£¬È·ÈÏ©¶´ÒѾ­±»ÐÞ²¹ÁË¡£Security ctsÔÚÔ´ÂëÖеÄÏà¶ÔĿ¼ÊÇÕâ¸ö¡£ÔÚ±àдCTSµÄʱºò£¬ÐèÒªÒÀÀµAndroidµÄ´úÂë¹æ·¶£¬±àд¶ÔÓ¦µÄnative»òÕßjava²âÏî¡£ÔÚÑé֤ͨ¹ýÖ®ºó£¬ÔÙ½«ctsµÄdiffÌá½»¸øGoogle£¬ÐèҪעÒâµÄÊÇdiffÊÇÓëAOSPÖ÷ÏßµÄdiff¶ø²»ÊÇ×îа汾·ÖÖ§µÄdiff¡£ÏÂÃæÕâ¸öÊÇÔËÐÐctsʱºòµÄÑùÀý´úÂë¡£LinkÊÇAndroid CTSµÄÏà¹Ø½éÉÜ¡£
  • #27: лл¸÷λñöÌý£¬ÎҵķÖÏí½áÊøÁË£¬ÓÐʲôÎÊÌ⣬»¶Ó­´ó¼ÒÌáÎÊ¡£
  • #28: ÔÙÀ´¿´¿´²»Í¬ÖÖÊôµÄ©¶´µÄ´¦ÀíËٶȣ¬ÄÚºËÓ볧É̵ÄÒ»°ãÒª¾ÃÒ»µã£¬ÒòΪÐèҪЭµ÷¹µÍ¨£¬¶ø´¡°¿³§±ÊµÄÒ»°ã»á±È½Ï¿ì¡£