Please advise if it is possible to intercept/monitor file I/Os on an Android device. E.g. on stock Linux we may use LSM or syscalls trap.
I hope to log the filenames of all newly created file开发者_运维知识库s - to a text file or SMS to another phone. Appreciate any help to get started. Thank you in advance.Cheers, Bill
You can use the FileObserver class:
"Monitors files (using inotify) to fire an event after files are accessed or changed by by any process on the device (including this one). FileObserver is an abstract class; subclasses must implement the event handler onEvent(int, String)."
http://developer.android.com/reference/android/os/FileObserver.html
Given that Android kernel supports inotify, you can compile some tools that report filesystem activity using inotify.
Or you can try pyinotify (http://pyinotify.sourceforge.net/)
The andriod SMS service is provided by another standalone java program and the SMS message may be stored in a SQLlite database. Usually a malware program that call service of the SMS manager to poll contents in it or to send SMS message. Even you intercept all disk io from kernel, it is hardly to know which program trigger this disk IO to the manager. And it is also hard to know an IO activit's intention from inceptted file name or data block.
If you want to try the intercept feature for adacamic purpose, you can try the ptrace function in Android. It is much like ptrace in standard Linux and can intercept every system call requests sending from a process.
精彩评论