美文网首页
iOS MDM设备底层工作原理

iOS MDM设备底层工作原理

作者: 烽火连天x | 来源:发表于2020-11-24 10:05 被阅读0次

    MDM执行命令工作原理:(如下图1)

    1.png

    如下发锁定设备、禁用摄像头、禁止截屏等,具体步骤如下:

    步骤1: MDM服务器发送一个MDM推送信息,告诉设备服务器需要你执行的命令了。
    步骤2: 苹果推送通知给iOS设备
    步骤3: 当设备空闲和有网络时,去连接MDM服务器并告诉服务器其状态
    步骤4: MDM服务器根据设备状态返回给设备需要执行的命令
    步骤5: 设备执行了命令,并将执行的结果给MDM服务器

    本文我们主要讲的是步骤2,设备怎么收到Apple APNS通知的,以及收到MDM通知之后要做的事情。

    一. 对apsd进程的分析
    1. 我们先看一段设备日志
    iphone apsd(CommonUtilities)[95] <Notice>: Created power assertion {identifier: APSCourier(tcpStream:dataReceived:)}
iphone apsd[95] <Notice>: <private>: Outstanding data received: <private> (length 198) onInterface: WWAN. Connected on 1 interfaces.
iphone apsd[95] <Notice>: <private>: Stream processing: complete yes, invalid no, length parsed 198, parameters <private>
iphone apsd(CommonUtilities)[95] <Notice>: Created power assertion {identifier: APSCourier(tcpStream:dataReceived:)}
iphone apsd[95] <Notice>: copyTokenForDomain push.apple.com (null)
iphone apsd[95] <Notice>: <private> timestampForTopic? <private> token <private>
iphone apsd[95] <Notice>: <private> receivedPushWithTopic <private> token <private> payload <private> timestamp Wed Jun 10 16:18:29 2020
iphone apsd[95] <Notice>: <private>: Received message for enabled topic '<private>' onInterface: WWAN with payload '<private>' with priority 10 for device token: YES
iphone apsd[95] <Notice>: <private> asked to store incoming message <private> with guid <private> environment <private>
iphone apsd[95] <Notice>: APSMessageStore - New message record [<private>] has ID [23469].
iphone apsd[95] <Notice>: <private>: Sending acknowledgement message with response 0 and messageId <private> (426590595)
iphone apsd(PersistentConnection)[95] <Notice>: <private> isLTEWithCDRX? Unknown  --  powerlog value 0
iphone apsd[95] <Notice>: <private>:APSNetworkMonitor decaying cost (0 - 15) = 0 for 54.468050 seconds
iphone apsd[95] <Notice>: <private>:APSNetworkMonitor addCost: 100 - _currentCost is now 100
iphone apsd[95] <Notice>: <private> _notifyForIncomingMessage <private> with guid <private>
iphone apsd[95] <Notice>: Pinging client via mach since we are not currently connected for port <private>
iphone apsd[95] <Notice>: <private>: Calling into AWD for PushReceived
iphone apsd[95] <Notice>: submitted metric <private>
iphone apsd[95] <Notice>: <private>: AWD for PushReceived finished
iphone apsd[95] <Notice>: <private>: Stream processing: complete no, invalid no, length parsed 0, parameters (null)
iphone apsd[95] <Notice>: Created metric container: 0x130004 succeeded? YES
iphone apsd[95] <Notice>: Successfully pinged client
iphone apsd[95] <Notice>: Submitted metric: 0x130004 succeeded? YES
iphone apsd(CommonUtilities)[95] <Notice>: Created power assertion {identifier: APSCourier(tcpStream:dataReceived:)}
iphone apsd[95] <Notice>: <private>: Outstanding data received: <private> (length 4) onInterface: WWAN. Connected on 1 interfaces.
iphone apsd[95] <Notice>: <private>: Stream processing: complete yes, invalid no, length parsed 4, parameters <private>
iphone apsd[95] <Notice>: <private>: Received keep-alive response 1 on interface WWAN: <private>
iphone apsd(CommonUtilities)[95] <Notice>: Releasing power assertion {identifier: APSCourier(tcpStream:dataReceived:)}
iphone apsd(CommonUtilities)[95] <Notice>: Created power assertion {identifier: APSCourier(tcpStream:dataReceived:)}
iphone apsd[95] <Notice>: <private>: Stream processing: complete no, invalid no, length parsed 0, parameters (null)

    从上面日志我们可以看到上面的apsd进程,apsd是一个长链接进程,每当MDM服务器推送MDM指令,此进程就会工作处理VPNS消息。

    1. apsd进程会把当前的任务存储下来例如:
    iphone apsd[95] <Notice>: APSMessageStore - New message record [<private>] has ID [23469].
iphone apsd[95] <Notice>: <private>: Sending acknowledgement message with response 0 and messageId <private> (426590595)

    其中的(426590595)这个id,当MDM执行的时候会取这个id的任务。

    1. 如果日志里面有这样的日志如下:
    iphone apsd[95] <Notice>: Dispatching high priority message on server: <private>

    表明当前有MDM任务再执行,新来的MDM任务需要等待当前MDM任务执行完成才能执行,所有新来的MDM任务按照先后顺序依次执行。并且新来的任务apsd也都是先接收到进行APSMessageStore。

    二. 对mdmd进程的分析
    1. 接下来我们再看一下mdmd进程,mdmd是被apsd唤醒执行MDM任务的进程,(在MDM执行命令工作原理步骤3、4、5都是通过mdmd进程完成的)。来看一下mdmd设备的日志:
    (1)iphone mdmd(libdyld.dylib)[11636] <Notice>: mdmd starting...

iphone mdmd[11636] <Notice>: Starting power assertion: Start MCMDMServer
iphone mdmd(ApplePushService)[11636] <Notice>: Initializing APSConnection <private>: env=development port=com.apple.managedconfiguration.mdmdpush-dev queue=(null)
iphone mdmd[11636] <Notice>: Starting power assertion: Connection did receive public token: <dd9da111 1d1a8a1f 07ce12cb 87ed7123 123f1d4d f28a22a2 49eb111a dd9da456>
iphone mdmd(ApplePushService)[11636] <Notice>: <private> returned from <private> didReceivePublicToken:
(2)iphone mdmd(ApplePushService)[11636] <Notice>: <private> Delivering message from apsd: <private> 426590595 <private>
iphone mdmd(ApplePushService)[11636] <Notice>: <private> making delegate (<private>) calls to deliver message 426590595 <private> for topic <private>

iphone mdmd(ApplePushService)[11636] <Notice>: <private> calling <private> connection:didReceiveMessageForTopic:
(3)iphone mdmd[11636] <Notice>: Starting power assertion: Connection did receive message for topic: com.apple.mgmt.2222d9fe-a111-4111-b111-f11e1c1b222f,, user info: {
    aps =     {
    };
    identifier = "8346ee76-07b2-4377-a25e-b63b68368811";
    mdm = "0D034E67-DD6D-4328-939C-600096536611";
}
Jun 10 16:18:29 iPhone-XR mdmd(ApplePushService)[11636] <Notice>: Received push notification.

(4)iphone mdmd[11636] <Notice>: Polling MDM server https://host:port/server for next command.
…根据mdm指令做任务日志(省略了)

(5)iphone mdmd[11636] <Notice>: Command Status: Acknowledged

(6)iphone mdmd[11636] <Notice>: Polling MDM server https://host:port/server for next command.

(7)iphone mdmd(libobjc.A.dylib)[11636] <Notice>: Ending power assertion: Connection did receive message for topic: com.apple.mgmt.External.2222d9fe-a111-4111-b111-f11e1c1b222f, user info: {
    aps =     {
    };
    identifier = "8346ee76-07b2-4377-a25e-b63b68368811";
    mdm = "0D034E67-DD6D-4328-939C-600096536611";
}

(8)iphone mdmd(libdyld.dylib)[11636] <Notice>: mdmd preparing to stop.
    1. 对于(1)我们可以清除看的mdmd线程启动情况
    2. 对于(2)的Delivering message from apsd: <private> 426590595 <private> 其中426590595就是我们apsd进程sending的任务id,这里就一一对应起来了。
    3. 对于(3)这个就是我们(图1)中对应的步骤2收到的唤醒通知的信息,根据这个信息进行(4)。这句日志里有Starting power assertion:标志着开始。
    4. 对于(4)就是(图1)中对应的步骤3,向你的服务器polling MDM指令。
    5. 对于(5)中Acknowledged就是标志MDM指令处理完毕,要向服务器ack确认。
    6. 对于(6)在ack确认的时候,实际发的还是第(4)的polling,为了查看服务端是否还有MDM指令,若有继续执行拉取的MDM指令,若没有就进行(7)。
    7. 对于(7)这句日志里面有Ending power assertion:标志着此MDM命令结束,和(3)一一对应的。starting一条数据就会有ending一条数据。
    8. 对于(8)就是停止mdmd进程。如果再来MDM指令就会重新走整个流程。

    个人使用总结,若有疑问随时私信我沟通。

    相关文章

      网友评论

          本文标题:iOS MDM设备底层工作原理

          本文链接:https://www.haomeiwen.com/subject/sdavtktx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|iOS MDM设备底层工作原理|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!