Android T(13) The app is granted permissions by default
对比Android11,frameworks\base\services\core\java\com\android\server\pm\permission文件夹下,多了个PermissionManagerServiceImpl.java.
有一部分关于权限的处理,移到了这个文件中.比如:restorePermissionState(...)
all app granted permissions by default
+++ b/frameworks/base/services/core/java/com/android/server/pm/permission/Permission.java
@@ -206,12 +206,18 @@ public final class Permission {
}
public boolean isNormal() {
- return (mPermissionInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE)
- == PermissionInfo.PROTECTION_NORMAL;
+ //add text
+ /*return (mPermissionInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE)
+ == PermissionInfo.PROTECTION_NORMAL;*/
+ return true;
+ //add text
}
public boolean isRuntime() {
- return (mPermissionInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE)
- == PermissionInfo.PROTECTION_DANGEROUS;
+ //add text
+ /*return (mPermissionInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE)
+ == PermissionInfo.PROTECTION_DANGEROUS;*/
+ return false;
+ //add text
}
customer's app granted permissions by default
/**
* Restore the permission state for a package.
*
* <ul>
* <li>During boot the state gets restored from the disk</li>
* <li>During app update the state gets restored from the last version of the app</li>
* </ul>
*
* @param pkg the package the permissions belong to
* @param replace if the package is getting replaced (this might change the requested
* permissions of this package)
* @param packageOfInterest If this is the name of {@code pkg} add extra logging
* @param callback Result call back
* @param filterUserId If not {@link UserHandle.USER_ALL}, only restore the permission state for
* this particular user
*/
private void restorePermissionState(@NonNull AndroidPackage pkg, boolean replace,
@Nullable String packageOfInterest, @Nullable PermissionCallback callback,
@UserIdInt int filterUserId) {
...
else if (bp.isRuntime()) {
boolean hardRestricted = bp.isHardRestricted();
boolean softRestricted = bp.isSoftRestricted();
...
if (wasChanged) {
updatedUserIds = ArrayUtils.appendInt(updatedUserIds, userId);
}
uidState.updatePermissionFlags(bp, MASK_PERMISSION_FLAGS_ALL, flags);
+ //add text
+ String packageName_t = pkg.getPackageName();
+ if(packageName_t.equals("android.xx.xxx")){
+ uidState.revokePermission(bp);//先撤销
+ uidState.updatePermissionFlags(bp, MASK_PERMISSION_FLAGS_ALL, 0);//在更新
+ updatedUserIds = ArrayUtils.appendInt(updatedUserIds, userId);
+ if(uidState.grantPermission(bp)){
+ changedInstallPermission = true;//让RunTime Permission 走 Install Permission 的路
+ }
+ }
+ //add text
} else {
Slog.wtf(LOG_TAG, "Unknown permission protection " + bp.getProtection()
+ " for permission " + bp.getName());
...
}
About Special Permissions
1、普通权限: 不用申请直接能获取到;
比如:INTERNET 网络权限
2、动态权限:普通应用需要动态申请,系统应用直接能获取到;
比如:WRITE_EXTERNAL_STORAGE 读写权限
3、私有权限:也叫特殊权限,声明包名和权限(系统应用才能使用),如果不声明系统无法正确启动
在 frameworks\base\data\etc\privapp-permissions-platform.xml
比如:RECEIVE_WIFI_CREDENTIAL_CHANGE wifi 凭证更改监听 和 CHANGE_OVERLAY_PACKAGES overlay配置权限
<privapp-permissions package="com.android.shell">
<!-- Needed for test only -->
<permission name="android.permission.MODIFY_DAY_NIGHT_MODE"/>
<permission name="android.permission.ACCESS_LOWPAN_STATE"/>
<permission name="android.permission.INSTALL_DYNAMIC_SYSTEM"/>
<permission name="android.permission.INSTALL_LOCATION_PROVIDER"/>
<permission name="android.permission.INSTALL_PACKAGES"/>
<!-- Needed for test only -->
4、特殊应用权限:普通应用需要向系统申请(和动态申请不一样),系统应用直接能获取到;
比如:SYSTEM_ALERT_WINDOW 悬浮框权限 和 FINE_LOCATION 定位权限
私有权限影响比较大会导致系统一直重启,特殊应用权限最多导致应用崩溃.二者区别.
a.系统应用代码中设置某个应用获取特殊权限/通过某个开机启动时必走的路径给予权限
import android.app.AppOpsManager;
import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
private void initOppPermission(Context context) {
try {
setPackageAppOpsPermission(context, "com.xx.xx", AppOpsManager.OPSTR_SYSTEM_ALERT_WINDOW);
} catch (Exception e) {
e.printStackTrace();
}
}
//设置特殊权限通过
private void setPackageAppOpsPermission(Context context, String packageName, String opsString) {
AppOpsManager mAppOps = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE);
PackageManager manager = context.getPackageManager();
int uid = 1;
try {
ApplicationInfo packageInfo = manager.getApplicationInfo(packageName, 0);
uid = packageInfo.uid;
} catch (Exception e) {
e.printStackTrace();
return;
}
DebugLog.debug("uid = " + uid);
mAppOps.setUidMode(opsString, uid, AppOpsManager.MODE_ALLOWED);
}
// opsString 是特殊权限在AppOpsManager 里面定义的对应的字符串
// uid 应用的uid值
AppOpsManager.setUidMode(opsString, uid, AppOpsManager.MODE_ALLOWED);
//在系统源码中,有的特殊权限是用 setMode 方法设置的
mAppOps.setMode(AppOpsManager.OP_SYSTEM_ALERT_WINDOW, uid,
packageName, AppOpsManager.MODE_ALLOWED);
b.源头处申明
./frameworks/base/core/java/android/app/AppOpsManager.java
private static String[] sOpPerms = new String[] {
android.Manifest.permission.ACCESS_COARSE_LOCATION,
android.Manifest.permission.ACCESS_FINE_LOCATION,
...
AppOpsManager.MODE_ALLOWED, // READ_PHONE_NUMBERS
- AppOpsManager.MODE_DEFAULT, // REQUEST_INSTALL_PACKAGES
+ AppOpsManager.MODE_ALLOWED, // REQUEST_INSTALL_PACKAGES
AppOpsManager.MODE_ALLOWED, // PICTURE_IN_PICTURE
AppOpsManager.MODE_DEFAULT, // INSTANT_APP_START_FOREGROUND
...
}
1.MODE_ALLOWED:访问者可以访问该敏感操作;
2.MODE_IGNORED:访问者不可以访问该敏感操作,但是不会引发crash;
3.MODE_ERRORED:访问者不可以访问该敏感操作,会引发crash;
4.MODE_DEFAULT:访问者来决定访问该敏感操作的准入规则。
c. Android 14 app权限信息
static final AppOpInfo[] sAppOpInfos = new AppOpInfo[]{
...
new AppOpInfo.Builder(OP_READ_PHONE_NUMBERS, OPSTR_READ_PHONE_NUMBERS, "READ_PHONE_NUMBERS")
.setPermission(Manifest.permission.READ_PHONE_NUMBERS)
.setDefaultMode(AppOpsManager.MODE_ALLOWED).build(),
new AppOpInfo.Builder(OP_REQUEST_INSTALL_PACKAGES, OPSTR_REQUEST_INSTALL_PACKAGES,
"REQUEST_INSTALL_PACKAGES").setSwitchCode(OP_REQUEST_INSTALL_PACKAGES)
- .setPermission(Manifest.permission.REQUEST_INSTALL_PACKAGES).build(),
+ .setPermission(Manifest.permission.REQUEST_INSTALL_PACKAGES)
+ .setDefaultMode(AppOpsManager.MODE_ALLOWED).build(),
...
}
系统签名应用uid=1000的应用,可以设置打开特殊权限,不能关闭特殊权限,否则应用会崩溃报错.
