yjiang's cake

解锁命令

    adb root
    adb disable-verity
    adb reboot

如果提示diable-verity命令找不到,是adb版本太低

重新上锁

    adb root
    adb enable-verity
    adb reboot

HTTPS

这个不需要多说,一切为了信息安全.

CSP策略

对于HTTPS站点,其可能包含一些非HTTPS的内容或资源(即混合内容).
例如css js使用cdn的情况,本站是https,而cdn不是.
csp策略的作用就是让指定的css js可以执行,而没指定的就被block了.
csp策略,既可以定义在服务端(例如php中/nginx中),也可以定义在web端.

简单举个例子(只允许引用https的资源):

    #php服务端
    header("Content-Security-Policy: default-src https:");
    #nginx
    add_header Content-Security-Policy "default-src https:"
    #html
    <meta http-equiv="Content-Security-Policy" content=" default-src https:">

对于定义在web端还是服务端,各有各自的优势;比如服务端更容易控制及修改,但是容易被运营商给过滤掉.

关于详细的csp策略介绍,建议看看mozilla官方的文档[CSP策略指令].

当页面使用https混合http内容

例如:

    <link href="http://libs.baidu.com/bootstrap/3.0.3/css/bootstrap.css" rel="stylesheet">

当使用百度CDN公共库中的css样式时,由于百度CDN并不支持ssl协议,就会报Provisional headers are shown;网络请求提示blocked:mixed-content;

修复这种混合内容的错误提示,可能需要耗费大量时间去发现,但可以针对不同的情况对待;

如果是个人,对于内容安全性并不是特别的重视,可以用Upgrading insecure requests来强制浏览器使用安全的请求.

如图,可以看到请求已经自动转为http:

谷歌对此的解释是: One of the newest and best tools to automatically fix mixed content is the upgrade-insecure-requests CSP directive.
既然谷歌说这么好,那就用吧:

    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

当然也可以一刀切,禁止所有非https内容;

    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">

如果是企业、大型网站,还是需要一个健全的csp策略,可以大大减少xss攻击的情况.

参考引用:

• https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content
• Using CSP violation reports

root@cubier:~# ls /dev/nan*
/dev/nand  /dev/nanda  /dev/nandb  /dev/nandc
root@cubier:~# df -lh
文件系统        容量  已用  可用 已用% 挂载点
/dev/root       1.8G  1.5G  266M   85% /
devtmpfs        382M  4.0K  382M    1% /dev
tmpfs            20M  4.0K   20M    1% /tmp
none             96M  252K   96M    1% /run
none            5.0M     0  5.0M    0% /run/lock
none            478M     0  478M    0% /run/shm
none            100M   12K  100M    1% /run/user
root@cubier:~# nand-part -f a20 /dev/nand
check partition table copy 0: mbr: version 0x00000200, magic softw411
OK
check partition table copy 1: mbr: version 0x00000200, magic softw411
BAD!
check partition table copy 2: mbr: version 0x00000200, magic softw411
BAD!
check partition table copy 3: mbr: version 0x00000200, magic softw411
BAD!
mbr: version 0x00000200, magic softw411
3 partitions
partition  1: class =         DISK, name =   bootloader, partition start =    32768, partition size =   131072 user_type=0
partition  2: class =         DISK, name =       rootfs, partition start =   163840, partition size =  6291456 user_type=0
partition  3: class =         DISK, name =        UDISK, partition start =  6455296, partition size =  1277952 user_type=0
root@cubier:~# nand-part -f a20 /dev/nand 32768 "bootloader 131072" "rootfs 7569408"
check partition table copy 0: mbr: version 0x00000200, magic softw411
OK
check partition table copy 1: mbr: version 0x00000200, magic softw411
BAD!
check partition table copy 2: mbr: version 0x00000200, magic softw411
BAD!
check partition table copy 3: mbr: version 0x00000200, magic softw411
BAD!
mbr: version 0x00000200, magic softw411
3 partitions
partition  1: class =         DISK, name =   bootloader, partition start =    32768, partition size =   131072 user_type=0
partition  2: class =         DISK, name =       rootfs, partition start =   163840, partition size =  6291456 user_type=0
partition  3: class =         DISK, name =        UDISK, partition start =  6455296, partition size =  1277952 user_type=0
check partition table copy 0: mbr: version 0x00000200, magic softw411
check partition table copy 1: mbr: version 0x00000200, magic softw411
check partition table copy 2: mbr: version 0x00000200, magic softw411
check partition table copy 3: mbr: version 0x00000200, magic softw411

ready to write new partition tables:
mbr: version 0x00000200, magic softw411
2 partitions
partition  1: class =         DISK, name =   bootloader, partition start =    32768, partition size =   131072 user_type=0
partition  2: class =         DISK, name =       rootfs, partition start =   163840, partition size =  7569408 user_type=0

write new partition tables? (Y/N)
y
Failed rereading partition table: Device or resource busy

verifying new partition tables:
check partition table copy 0: mbr: version 0x00000200, magic softw411
OK
check partition table copy 1: mbr: version 0x00000200, magic softw411
OK
check partition table copy 2: mbr: version 0x00000200, magic softw411
OK
check partition table copy 3: mbr: version 0x00000200, magic softw411
OK
mbr: version 0x00000200, magic softw411
2 partitions
partition  1: class =         DISK, name =   bootloader, partition start =    32768, partition size =   131072 user_type=0
partition  2: class =         DISK, name =       rootfs, partition start =   163840, partition size =  7569408 user_type=0
rereading partition table... returned -1
root@cubier:~#
root@cubier:~# resize2fs /dev/nandb
resize2fs 1.42.5 (29-Jul-2012)
Filesystem at /dev/nandb is mounted on /; on-line resizing required
old_desc_blocks = 1, new_desc_blocks = 1
The filesystem on /dev/nandb is now 786432 blocks long.

root@cubier:~# df -lh
文件系统        容量  已用  可用 已用% 挂载点
/dev/root       3.0G  1.5G  1.4G   51% /
devtmpfs        382M  4.0K  382M    1% /dev
tmpfs            20M  4.0K   20M    1% /tmp
none             96M  252K   96M    1% /run
none            5.0M     0  5.0M    0% /run/lock
none            478M     0  478M    0% /run/shm
none            100M   12K  100M    1% /run/user