Monkey源代码分析番外篇WindowManager如何出的喷射事件的进程间的安全限制

在分析monkey源代码时的一些背景知识不明确，例如看到monkey它是用windowmanager的injectKeyEvent的喷射事件时的方法。我发现自己陷入疙瘩，这种方法不仅能够在当前的应用程序，注入的事件它？Google在国外找到下一个大牛离开的问题的叙述性说明痕迹，特意摘录下来并做对应部分的翻译，其它部分大家喜欢就看下。我就不翻译了。

How it works

Behind the scenes, Monkey uses several private interfaces to communicate with three essential system services:

1. Package Manager: Monkey uses the package manager to get a list of Activities for a given Intent. This enables Monkey to randomly switch between Activities while testing an application.
2. Activity Manager: Monkey calls the very powerful setActivityController function on the Activity Manager. This effectively gives Monkey complete control over the activity life-cycle for the duration of the test.
3. Window Manager: Monkey calls a series of functions on the Window Manager to inject events into the application. This enables Monkey to simulate touches and key-presses. Because Monkey communicates at this level, there is no obvious difference between events
   which have arrived from Monkey and events which have arrived from an actual user. In fact, the distinction is so seamless that it is sometimes necessary to manually check who is in control — hence the famous isUserAMonkey() method in the Android

Window Manager: Monkey通过调用WindowManager的一系列方法来注入事件到应用中。

这样monkey能够模拟触摸和按键等用户行为。正是由于monkey是在这个层面和应用交互的，所以你的应用接收到的事件哪个是来自真有用户。哪个是来自monkey模拟的已经没有非常明显的界限了。其实正是由于这样的近似无缝的差别，我们有时不得不去推断到底是谁在控制着我们的设备了－－这就是为什么android系统提供的isUserAMonkey()方法变得这么流行的原因了。

Monkey sends random events to any application you choose. In order to ensure that this doesn’t cause a security hole, Android uses several techniques to ensure that only monkey can send events, and only when the phone’s user is asking it to.

Monkey随机的往不同的的app发送随机事件。为了防止这样的行为导致android自家的安全漏洞出来，android使用了几个技术来保证仅仅有monkey能够，且在改手机设备用户同意的情况下才干够，往不同的app发送事件。

Firstly, Monkey itself can only be run by root, or by someone in the “shell” Unix group. Normally, only “adb shell” runs as the “shell group”. This means that the only way to run monkey is to do so through “adb shell”.

首先，monkey本身仅仅能一是被root执行，二是被属于shell这个组的成员执行。而正常来说，仅仅有”adb shell“是在shell这个组下执行的。

这就意味着执行monkey的唯一方法就是通过‘adb shell’了。

Secondly, the Monkey application, which is mostly written in Java, asks for two special manifest
permissions. The first, SET_ACTIVITY_WATCHER, allows Monkey to take control of the activity life-cycle. The second, INJECT_EVENTS, allows Monkey to simulate touches and key presses. Importantly, no normal Android application can request these permissions
— they are only granted to applications supplied with the Android system. So there is little danger of a rogue APK taking control of an Android device using Monkey.

其次，monkey这个android自身提供的应用，大部分是用android的native语言java来编写的，它会向系统请求两个特背的manifest权限。第一个就是SET_ACTIVITY_WATCHER这个权限。它同意monkey对activity的生命周期进行全权控制。第二个就是INJECT_EVENTS这个权限它同意monkey去模拟触摸和按键事件。

重要的是，正常的安卓app是不能请求到这些权限的--仅仅有android系统同意的应用才会得到同意获得这些权限（译者注：事实上就是须要android系统的AOSP系统签名。monkey是android自己维护编写的工具，当然是同意了）

下面是本人摘录的INJECT_EVENTS这个manifest选项的官方解析：

INJECT_EVENTS:Allows an application to inject user events (keys, touch, trackball) into the event stream and deliver
them to ANY window.

Monkey events

What is an event?

In Android, events are sent in  response to user input, or due to system events, such as power management. Monkey supports quite a few event types, but only three of them are of interest for automated testing:

• KeyEvent: these events are sent by the window manager in response to hardware button presses, and also presses on the keyboard — whether hardware, or on-screen.
• MotionEvent: sent by the window manager in response to presses on the touchscreen.
• FlipEvent: sent when the user flips out the hardware keyboard on the HTC Dream. On that device, this would imply an orientation change. Unfortunately, Monkey does not simulate orientation changes on other devices.

作者	自主博客	微信	CSDN
天地会珠海分舵	http://techgogogo.com	服务号:TechGoGoGo 扫描码:	http://blog.csdn.net/zhubaitian