Android 11 禁止从SD卡上安装第三方应用
找到负责安装app的类:
./frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
修改日志变量,打印日志,顺着日志看流程:
public static final boolean DEBUG_INSTALL = true;
05-28 09:12:12.462 4123 4184 I PackageManager: init_copy: InstallParams{6d90a79 file=/data/app/vmdl366151461.tmp}
05-28 09:12:12.463 4123 4184 I PackageManager: startCopy UserHandle{0}: InstallParams{6d90a79 file=/data/app/vmdl366151461.tmp}
05-28 09:12:12.549 4123 4184 I PackageManager: Integrity check passed for file:///data/app/vmdl366151461.tmp
05-28 09:12:14.880 4123 4184 D PackageManager: /data/app/vmdl366151461.tmp already staged; skipping copy
05-28 09:12:14.881 4123 4184 D PackageManager: installPackageLI: path=/data/app/vmdl366151461.tmp
05-28 09:12:15.023 4123 4184 D PackageManager: Renaming /data/app/vmdl366151461.tmp to /data/app/~~2rk1hOBIh8fnqGdBKDN00Q==/sogo.app-EhY7mM0vfr2P2-UgsmKeFg==
05-28 09:12:15.043 4123 4184 D PackageManager: installNewPackageLI: Package{549c800 sogo.app}
05-28 09:12:15.053 4123 4184 D PackageManager: New package installed in /data/app/~~2rk1hOBIh8fnqGdBKDN00Q==/sogo.app-EhY7mM0vfr2P2-UgsmKeFg==
05-28 09:12:15.059 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.ACCESS_COARSE_LOCATION: BasePermission{77b6d9d android.permission.ACCESS_COARSE_LOCATION}
05-28 09:12:15.059 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.ACCESS_FINE_LOCATION: BasePermission{aa173c8 android.permission.ACCESS_FINE_LOCATION}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.NFC: BasePermission{4c4e26c android.permission.NFC}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.CAMERA: BasePermission{c0382df android.permission.CAMERA}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.INTERNET: BasePermission{14c986f android.permission.INTERNET}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.ACCESS_NETWORK_STATE: BasePermission{9e8869b android.permission.ACCESS_NETWORK_STATE}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.ACCESS_WIFI_STATE: BasePermission{44ae386 android.permission.ACCESS_WIFI_STATE}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.USE_BIOMETRIC: BasePermission{7620b96 android.permission.USE_BIOMETRIC}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.USE_FINGERPRINT: BasePermission{a2eeab1 android.permission.USE_FINGERPRINT}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking com.google.android.c2dm.permission.RECEIVE: BasePermission{d8f1227 com.google.android.c2dm.permission.RECEIVE}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.FOREGROUND_SERVICE: BasePermission{9d4af4e android.permission.FOREGROUND_SERVICE}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE: BasePermission{9250b50 com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.RECEIVE_BOOT_COMPLETED: BasePermission{50725a android.permission.RECEIVE_BOOT_COMPLETED}
05-28 09:12:16.440 4123 4184 V PackageManager: restoreAndPostInstall userId=0 package=Package{549c800 sogo.app}
05-28 09:12:16.440 4123 4184 V PackageManager: + starting restore round-trip 1
05-28 09:12:16.441 4123 4184 V PackageManager: token 1 to BM for possible restore for user 0
05-28 09:12:16.443 4123 4184 V PackageManager: BM finishing package install for 1
05-28 09:12:16.443 4123 4184 V PackageManager: Handling post-install for 1
试了adb安装和 sd安装,发现两者的日志打印时差不多的都走了 preparePackageLI()函数,这个函数也做了很多关于app是否能安装的检查。
@GuardedBy("mInstallLock")
private PrepareResult preparePackageLI(InstallArgs args, PackageInstalledInfo res)
throws PrepareFailure {
...
if (DEBUG_INSTALL) Slog.d(TAG, "installPackageLI: path=" + tmpPackageFile);
// Sanity check
if (instantApp && onExternal) {
Slog.i(TAG, "Incompatible ephemeral install; external=" + onExternal);
throw new PrepareFailure(PackageManager.INSTALL_FAILED_INSTANT_APP_INVALID);
}
// Retrieve PackageSettings and parse package
//检索PackageSettings并解析包
@ParseFlags final int parseFlags = mDefParseFlags | PackageParser.PARSE_CHATTY
| PackageParser.PARSE_ENFORCE_CODE
| (onExternal ? PackageParser.PARSE_EXTERNAL_STORAGE : 0);
Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "parsePackage");
ParsedPackage parsedPackage;
try (PackageParser2 pp = new PackageParser2(mSeparateProcesses, false, mMetrics, null,
mPackageParserCallback)) {
parsedPackage = pp.parsePackage(tmpPackageFile, parseFlags, false);
AndroidPackageUtils.validatePackageDexMetadata(parsedPackage);
} catch (PackageParserException e) {
throw new PrepareFailure("Failed parse during installPackageLI", e);
} finally {
Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);
}
// Instant apps have several additional install-time checks.
//即时应用程序还有几个额外的安装时间检查。
if (instantApp) {
if (parsedPackage.getTargetSdkVersion() < Build.VERSION_CODES.O) {
Slog.w(TAG, "Instant app package " + parsedPackage.getPackageName()
+ " does not target at least O");
throw new PrepareFailure(INSTALL_FAILED_INSTANT_APP_INVALID,
"Instant app package must target at least O");
}
if (parsedPackage.getSharedUserId() != null) {
Slog.w(TAG, "Instant app package " + parsedPackage.getPackageName()
+ " may not declare sharedUserId.");
throw new PrepareFailure(INSTALL_FAILED_INSTANT_APP_INVALID,
"Instant app package may not declare a sharedUserId");
}
}
if (parsedPackage.isStaticSharedLibrary()) {
// Static shared libraries have synthetic package names
renameStaticSharedLibraryPackage(parsedPackage);
// No static shared libs on external storage
if (onExternal) {
Slog.i(TAG, "Static shared libs can only be installed on internal storage.");
throw new PrepareFailure(INSTALL_FAILED_INVALID_INSTALL_LOCATION,
"Packages declaring static-shared libs cannot be updated");
}
}
//add start
boolean vito_can_install = true;
if (parsedPackage.getPackageName() != null) {
vito_can_install = false;
}
if (!vito_can_install) {
throw new PrepareFailure(INSTALL_FAILED_INSTANT_APP_INVALID,
"Package " + parsedPackage.getPackageName() + " ,this app are not allow installs.");
}
//add end
String pkgName = res.name = parsedPackage.getPackageName();
if (parsedPackage.isTestOnly()) {
if ((installFlags & PackageManager.INSTALL_ALLOW_TEST) == 0) {
throw new PrepareFailure(INSTALL_FAILED_TEST_ONLY, "installPackageLI");
}
}
...
}
//加了这段代码后打印的日志:
05-28 10:01:37.498 523 566 I PackageManager: init_copy: InstallParams{ac01ca6 file=/data/app/vmdl2059354562.tmp}
05-28 10:01:37.498 523 566 I PackageManager: startCopy UserHandle{0}: InstallParams{ac01ca6 file=/data/app/vmdl2059354562.tmp}
05-28 10:01:37.605 523 566 I PackageManager: Integrity check passed for file:///data/app/vmdl2059354562.tmp
05-28 10:01:39.872 523 566 D PackageManager: /data/app/vmdl2059354562.tmp already staged; skipping copy
05-28 10:01:39.873 523 566 D PackageManager: installPackageLI: path=/data/app/vmdl2059354562.tmp
05-28 10:01:39.895 523 566 W PackageManager: Package sogo.app ,this app are not allow installs.
05-28 10:01:39.955 523 566 V PackageManager: restoreAndPostInstall userId=0 package=null
05-28 10:01:39.955 523 566 V PackageManager: + starting restore round-trip 1
05-28 10:01:39.955 523 566 V PackageManager: No restore - queue post-install for 1
05-28 10:01:39.955 523 566 V PackageManager: Handling post-install for 1
这个功能禁止从SD卡上安装第三方应用,可以搞个白名单,安装写进白名单的app,其它的不让!!!
另外一个角度:
./frameworks/base/packages/PackageInstaller/src/com/android/packageinstaller/PackageInstallerActivity.java
//禁止从SD卡上安装第三方应用
private void checkIfAllowedAndInitiateInstall() {
// Check for install apps user restriction first.
final int installAppsRestrictionSource = mUserManager.getUserRestrictionSource(
UserManager.DISALLOW_INSTALL_APPS, Process.myUserHandle());
if ((installAppsRestrictionSource & UserManager.RESTRICTION_SOURCE_SYSTEM) != 0) {
showDialogInner(DLG_INSTALL_APPS_RESTRICTED_FOR_USER);
return;
} else if (installAppsRestrictionSource != UserManager.RESTRICTION_NOT_SET) {
startActivity(new Intent(Settings.ACTION_SHOW_ADMIN_SUPPORT_DETAILS));
finish();
return;
}
//add start
boolean vito_can_install =true;
Log.e(TAG, "vito_can_install false ="+ mPkgInfo.applicationInfo.packageName);
if(mPkgInfo.applicationInfo.packageName != null){
vito_can_install = false;
}
if(!vito_can_install){
Log.w(TAG, "vito_can_install "+vito_can_install);
setPmResult(PackageManager.INSTALL_FAILED_INVALID_APK);
Toast.makeText(this, "install_failed", Toast.LENGTH_LONG).show();
finish();
return;
}
//add end
...
}
