如何修改smali代码以删除java代码中的1行

Question

我想删除下面java代码中的第580行和第581行。这个文件在android设备的system/framework/services.jar中，所以我做的步骤是：

1. 将jar反编译成smali

2. 更改 smali 文件

3. 重新编译smali文件为dex文件

4. 将其打包到 services.jar 中。

5. 将services.jar推送到安卓手机

   问题在第2步，如何更改smali文件，我试图删除:line580和它下面的代码，但它不起作用，编译时抛出了一个nullPointerExecption......我可以看到/ 错误/ 在 jd-gui 工具中 有人请给我一些建议，我对 smali 完全陌生，在此先感谢。

java代码是：

568    public void registerUiTestAutomationService(IBinder owner,
569            IAccessibilityServiceClient serviceClient,
570            AccessibilityServiceInfo accessibilityServiceInfo) {
571            mSecurityPolicy.enforceCallingPermission(Manifest.permission.RETRIEVE_WINDOW_CONTENT,
572                FUNCTION_REGISTER_UI_TEST_AUTOMATION_SERVICE);
573
574        accessibilityServiceInfo.setComponentName(sFakeAccessibilityServiceComponentName);
575
576        synchronized (mLock) {
577            UserState userState = getCurrentUserStateLocked();
578
579            if (userState.mUiAutomationService != null) {
580                throw new IllegalStateException("UiAutomationService " + serviceClient
581                        + "already registered!");
582            }
583
584            try {
585                owner.linkToDeath(userState.mUiAutomationSerivceOnwerDeathRecipient, 0);
586            } catch (RemoteException re) {
587                Slog.e(LOG_TAG, "Couldn't register for the death of a"
588                        + " UiTestAutomationService!", re);
589                return;
590            }
591
592            userState.mUiAutomationServiceOwner = owner;
593            userState.mUiAutomationServiceClient = serviceClient;
594
595            // Set the temporary state.
596            userState.mIsAccessibilityEnabled = true;
597            userState.mIsTouchExplorationEnabled = false;
598            userState.mIsEnhancedWebAccessibilityEnabled = false;
599            userState.mIsDisplayMagnificationEnabled = false;
600            userState.mInstalledServices.add(accessibilityServiceInfo);
601            userState.mEnabledServices.clear();
602            userState.mEnabledServices.add(sFakeAccessibilityServiceComponentName);
603            userState.mTouchExplorationGrantedServices.add(sFakeAccessibilityServiceComponentName);
604
605            // Use the new state instead of settings.
606            onUserStateChangedLocked(userState);
607        }
608    }

反编译后的smali代码：

.line 579
.local v1, "userState":Lcom/android/server/accessibility/AccessibilityManagerService$UserState;
# getter for: Lcom/android/server/accessibility/AccessibilityManagerService$UserState;->mUiAutomationService:Lcom/android/server/accessibility/AccessibilityManagerService$Service;
invoke-static {v1}, Lcom/android/server/accessibility/AccessibilityManagerService$UserState;->access$300(Lcom/android/server/accessibility/AccessibilityManagerService$UserState;)Lcom/android/server/accessibility/AccessibilityManagerService$Service;

move-result-object v2

if-eqz v2, :cond_3d

.line 580
new-instance v2, Ljava/lang/IllegalStateException;

new-instance v4, Ljava/lang/StringBuilder;

invoke-direct {v4}, Ljava/lang/StringBuilder;-><init>()V

const-string v5, "UiAutomationService "

invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

move-result-object v4

invoke-virtual {v4, p2}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder;

move-result-object v4

const-string v5, "already registered!"

invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

move-result-object v4

invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

move-result-object v4

invoke-direct {v2, v4}, Ljava/lang/IllegalStateException;-><init>(Ljava/lang/String;)V

throw v2

.line 607
.end local v1    # "userState":Lcom/android/server/accessibility/AccessibilityManagerService$UserState;
:catchall_3a
move-exception v2

monitor-exit v3
:try_end_3c
.catchall {:try_start_11 .. :try_end_3c} :catchall_3a

throw v2

.line 585
.restart local v1    # "userState":Lcom/android/server/accessibility/AccessibilityManagerService$UserState;
:cond_3d
:try_start_3d
# getter for: Lcom/android/server/accessibility/AccessibilityManagerService$UserState;->mUiAutomationSerivceOnwerDeathRecipient:Landroid/os/IBinder$DeathRecipient;
invoke-static {v1}, Lcom/android/server/accessibility/AccessibilityManagerService$UserState;->access$1200(Lcom/android/server/accessibility/AccessibilityManagerService$UserState;)Landroid/os/IBinder$DeathRecipient;

move-result-object v2

const/4 v4, 0x0

invoke-interface {p1, v2, v4}, Landroid/os/IBinder;->linkToDeath(Landroid/os/IBinder$DeathRecipient;I)V
:try_end_45
.catch Landroid/os/RemoteException; {:try_start_3d .. :try_end_45} :catch_74
.catchall {:try_start_3d .. :try_end_45} :catchall_3a

Answer 1

尝试删除

.line 580
new-instance v2, Ljava/lang/IllegalStateException;

new-instance v4, Ljava/lang/StringBuilder;

invoke-direct {v4}, Ljava/lang/StringBuilder;-><init>()V

const-string v5, "UiAutomationService "

invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

move-result-object v4

invoke-virtual {v4, p2}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder;

move-result-object v4

const-string v5, "already registered!"

invoke-virtual {v4, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;

move-result-object v4

invoke-virtual {v4}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;

move-result-object v4

invoke-direct {v2, v4}, Ljava/lang/IllegalStateException;-><init>(Ljava/lang/String;)V

throw v2

我不确定。但是 AFAIK 这应该删除第 580 和 581 行。请尝试并告诉我。