Android 10 添加安装白名单和卸载黑名单

最新推荐文章于 2024-04-24 17:15:01 发布
最新推荐文章于 2024-04-24 17:15:01 发布
阅读量2.8k 收藏 10
点赞数 7
文章标签: android
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/a546036242/article/details/124920865
版权

实现思路

1、提供 ContentProvider 保存我需要添加安装白名单和卸载黑名单列表

2、找到安装、卸载应用的系统核心源码,

3、查询ContentProvider 获取安装白名单列表和卸载黑名单列表

4、根据列表拦截需要拦截的白名单以及黑名单列表并给出相应提示

说明:a.安装卸载的核心代码都在 PackageManagerService.java 中

b.其中手动点击 apk 调用安装代码在 PackageInstaller 中

需要修改的文件清单

frameworks\base\packages\PackageInstaller\AndroidManifest.xml
frameworks\base\packages\PackageInstaller\src\com\android\packageinstaller\wear\AppPkgListProvider.java
frameworks\base\packages\PackageInstaller\src\com\android\packageinstaller\wear\DBHelper.java
frameworks\base\packages\PackageInstaller\src\com\android\packageinstaller\PackageInstallerActivity.java
frameworks\base\services\core\java\com\android\server\pm\PackageManagerService.java
 

一、在 PackageInstaller 中增加 ContentProvider

frameworks\base\packages\PackageInstaller\AndroidManifest.xml

   <provider  android:name=".wear.AppPkgListProvider"
	          android:authorities="com.android.packageinstaller.app.provider"
	          android:exported="true" />

frameworks\base\packages\PackageInstaller\src\com\android\packageinstaller\wear\AppPkgListProvider.java

package com.android.packageinstaller.wear;

import android.content.ContentProvider;
import android.content.ContentValues;
import android.content.UriMatcher;
import android.database.Cursor;
import android.database.sqlite.SQLiteDatabase;
import android.net.Uri;

public class AppPkgListProvider extends ContentProvider {
    static UriMatcher matcher = new UriMatcher(UriMatcher.NO_MATCH);
	static String authorities = "com.android.packageinstaller.app.provider";

    static{  
        matcher.addURI(authorities, "install_app_whitelist", 0);  
        matcher.addURI(authorities, "uninstall_app_blacklist", 1);  
     }  

    DBHelper mDBHelper;
    SQLiteDatabase db;

    @Override
    public boolean onCreate() {
        mDBHelper = new DBHelper(getContext());
        return true;
    }

    @Override
    public Cursor query( Uri uri,  String[] projection,  String selection,  String[] selectionArgs,  String sortOrder) {
        String tableName=getTableName(uri);
        db = mDBHelper.getReadableDatabase();
        return db.query(tableName,
                projection,
                selection,
                selectionArgs,
                null,
                null,
                sortOrder);
    }

    @Override
    public String getType( Uri uri) {
        return null;
    }

    @Override
    public Uri insert( Uri uri,  ContentValues values) {
        String tableName=getTableName(uri);
        db = mDBHelper.getWritableDatabase();
        db.insertWithOnConflict(tableName, null, values,SQLiteDatabase.CONFLICT_REPLACE);
        db.close();
        return null;
    }

    @Override
    public int delete( Uri uri,  String selection,  String[] selectionArgs) {
        String tableName=getTableName(uri);
        db = mDBHelper.getWritableDatabase();
        int row = db.delete(tableName, selection, selectionArgs);
        db.close();
        return row;
    }

    @Override
    public int update( Uri uri,  ContentValues values,  String selection,  String[] selectionArgs) {
        return 0;
    }

    private String getTableName(Uri uri){
        String tableName="installapp_whitelist";
        int match = matcher.match(uri);  
        switch(match){
            case 0:
                tableName="installapp_whitelist";
                break;
            case 1:
                tableName="uninstallapp_blacklist";
                break;
            default:
                break;
        }

        return tableName;
    }
}

frameworks\base\packages\PackageInstaller\src\com\android\packageinstaller\wear\DBHelper.java

package com.android.packageinstaller.wear;

import android.content.Context;
import android.database.sqlite.SQLiteDatabase;
import android.database.sqlite.SQLiteOpenHelper;

public class DBHelper extends SQLiteOpenHelper {
    public DBHelper(Context context){
        super(context, "apppkglist.db", null, 1);
    }


    @Override
    public void onCreate(SQLiteDatabase db) {
        db.execSQL("CREATE TABLE IF NOT EXISTS installapp_whitelist  ( pkg_name TEXT primary key not null,app_name TEXT  )"
        );
        db.execSQL("CREATE TABLE IF NOT EXISTS uninstallapp_blacklist  ( pkg_name TEXT primary key not null,app_name TEXT  )"
        );
    }

    @Override
    public void onUpgrade(SQLiteDatabase db, int oldVersion, int newVersion) {
    }
}

二、在 PackageInstallerActivity 中查询包名列表进行拦截

在包名清单中查询不到,则提示安装失败,不显示安装界面

frameworks\base\packages\PackageInstaller\src\com\android\packageinstaller\PackageInstallerActivity.java


 /**
     * Check if it is allowed to install the package and initiate install if allowed. If not allowed
     * show the appropriate dialog.
     */
    private void checkIfAllowedAndInitiateInstall() {//
        // Check for install apps user restriction first.
        final int installAppsRestrictionSource = mUserManager.getUserRestrictionSource(
                UserManager.DISALLOW_INSTALL_APPS, Process.myUserHandle());
        if ((installAppsRestrictionSource & UserManager.RESTRICTION_SOURCE_SYSTEM) != 0) {
            showDialogInner(DLG_INSTALL_APPS_RESTRICTED_FOR_USER);
            return;
        } else if (installAppsRestrictionSource != UserManager.RESTRICTION_NOT_SET) {
            startActivity(new Intent(Settings.ACTION_SHOW_ADMIN_SUPPORT_DETAILS));
            finish();
            return;
        }

        //add for installer white list start 新增内容
        boolean caninstall =true;
        if(mPkgInfo.applicationInfo.packageName != null 
            && !isInstallerEnable(mPkgInfo.applicationInfo.packageName)){
            caninstall = false;  
        }
        if(!caninstall){
            Log.w(TAG, "caninstall "+caninstall);
            setPmResult(PackageManager.INSTALL_FAILED_INVALID_APK);
            Toast.makeText(this, R.string.install_failed_invalid_apk, Toast.LENGTH_LONG).show();
            finish();
            return;
        }
        //add for installer white list end 新增内容

        if (mAllowUnknownSources || !isInstallRequestFromUnknownSource(getIntent())) {
            initiateInstall();
        } else {
            // Check for unknown sources restrictions.
            final int unknownSourcesRestrictionSource = mUserManager.getUserRestrictionSource(
                    UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, Process.myUserHandle());
            final int unknownSourcesGlobalRestrictionSource = mUserManager.getUserRestrictionSource(
                    UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY, Process.myUserHandle());
            final int systemRestriction = UserManager.RESTRICTION_SOURCE_SYSTEM
                    & (unknownSourcesRestrictionSource | unknownSourcesGlobalRestrictionSource);
            if (systemRestriction != 0) {
                showDialogInner(DLG_UNKNOWN_SOURCES_RESTRICTED_FOR_USER);
            } else if (unknownSourcesRestrictionSource != UserManager.RESTRICTION_NOT_SET) {
                startAdminSupportDetailsActivity(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
            } else if (unknownSourcesGlobalRestrictionSource != UserManager.RESTRICTION_NOT_SET) {
                startAdminSupportDetailsActivity(
                        UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY);
            } else {
                handleUnknownSources();
            }
        }
    }

    //add for installer white list start  新增方法
    private boolean isInstallerEnable(String packagename){
        Log.i(TAG, "isInstallerEnable packagename  "+packagename);
        boolean flag=true;
        if(TextUtils.isEmpty(packagename)){
            return flag;
        }
       
        try{
 			Uri mUri = Uri.parse("content://com.android.packageinstaller.app.provider/install_app_whitelist");
            Cursor c = getContentResolver().query(mUri, null, null, null, null);
            if(c == null){
                Log.w(TAG, "isInstallerEnable "+mUri+" no exists ");
                return flag;
            }
            if(c.getCount()!=0){
                flag=false;
                while(c.moveToNext()){
                    String pkgname=c.getString(c.getColumnIndex("pkg_name"));
                    Log.i(TAG, "isInstallerEnable c.moveToNext() "+pkgname);
                    if(packagename.equals(pkgname)){
                        flag=true;
                        break;
                    }
                }
           
            }else{
                Log.i(TAG, "isInstallerEnable no whiltelist ");
            }
            c.close();
            }catch(Exception e){
                Log.e(TAG, "isInstallerEnable query  Exception",e);
                flag=true;
            }
        return flag;
    }
    //20180503  add for installer white list end

三、在 PackageManagerService 类中拦截安装

adb 安装最终会走到 preparePackageLI()

frameworks\base\services\core\java\com\android\server\pm\PackageManagerService.java

    // add for installer white list start
	  private boolean isInstallerEnable(String packagename){
	      Log.i(TAG, "isInstallerEnable packagename  "+packagename);
	      boolean flag=true;
	      if(TextUtils.isEmpty(packagename)){
	          return flag;
	      }

	      try{
	      	  Uri mUri = Uri.parse("content://com.android.packageinstaller.app.provider/install_app_whitelist");
	          Cursor c = mContext.getContentResolver().query(mUri, null, null, null, null);
	          if(c == null){
	              Log.w(TAG, "isInstallerEnable "+mUri+" no exists ");
	              return flag;
	          }
	          if(c.getCount()!=0){
	              flag=false;
	              while(c.moveToNext()){
	                  String pkgname=c.getString(c.getColumnIndex("pkg_name"));
	                  Log.i(TAG, "isInstallerEnable c.moveToNext() "+pkgname);
	                  if(packagename.equals(pkgname)){
	                      flag=true;
	                      break;
	                  }
	              }
	         
	          }else{
	              Log.i(TAG, "isInstallerEnable no whiltelist ");
	          }
	          c.close();
	          }catch(Exception e){
	              Log.e(TAG, "isInstallerEnable query  Exception",e);
	              flag=true;
	          }
	      return flag;
	  }
	  // add for installer white list end

	@GuardedBy("mInstallLock")
    private PrepareResult preparePackageLI(InstallArgs args, PackageInstalledInfo res)
            throws PrepareFailure {
        final int installFlags = args.installFlags;
        final String installerPackageName = args.installerPackageName;
        final String volumeUuid = args.volumeUuid;
        final File tmpPackageFile = new File(args.getCodePath());
        final boolean onExternal = args.volumeUuid != null;
		......

		
          //add for installer white list start
	      boolean caninstall =true;
	      Log.i(TAG, "installPackageLI pkg.packageName "+pkg.packageName);
	      if(pkg.packageName != null && !isInstallerEnable(pkg.packageName)){
	          caninstall = false;
	      }
	      if(!caninstall){
	          // Toast.makeText(mContext, R.string.install_error, Toast.LENGTH_LONG).show();
	          //res.returnCode = PackageManager.INSTALL_FAILED_INVALID_APK;
	          throw new PrepareFailure(PackageManager.INSTALL_FAILED_INVALID_APK,
	                              "Package " + pkg.packageName + " is a forbidden app. "
	                                      + "Forbidden apps are not installs.");
	      }
	      //add for installer white list end

        // If package doesn't declare API override, mark that we have an install
        // time CPU ABI override.
        if (TextUtils.isEmpty(pkg.cpuAbiOverride)) {
            pkg.cpuAbiOverride = args.abiOverride;
        }

        String pkgName = res.name = pkg.packageName;
        if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_TEST_ONLY) != 0) {
            if ((installFlags & PackageManager.INSTALL_ALLOW_TEST) == 0) {
                throw new PrepareFailure(INSTALL_FAILED_TEST_ONLY, "installPackageLI");
            }
        }
	
		......

}

四、在 PackageManagerService 中拦截卸载

不论是 adb 卸载还是通过系统设置拖拽卸载最终都会走 deletePackageX()

  //  add for uninstaller black list start
  private boolean isUnInstallerEnable(String packagename){
      Log.i(TAG, "isUnInstallerEnable packagename  "+packagename);
      boolean flag=true;
      if(TextUtils.isEmpty(packagename)){
          return flag;
      }

      try{
      	  Uri mUri = Uri.parse("content://com.android.packageinstaller.app.provider/uninstall_app_blacklist");
          Cursor c = mContext.getContentResolver().query(mUri, null,"pkg_name = ? ", new String[]{packagename}, null);
          if(c == null){
              Log.w(TAG, "isUnInstallerEnable "+mUri+" no exists ");
              return flag;
          }
          if(c.moveToFirst()){
              String pkgname=c.getString(c.getColumnIndex("pkg_name"));
              Log.i(TAG, "isUnInstallerEnable c.moveToFirst() "+pkgname);
              flag=false;
         
          }else{
              Log.i(TAG, "isUnInstallerEnable "+ packagename +" doesn't exists in the blacklist ");
          }
          c.close();
      }catch(Exception e){
          Log.e(TAG, "isUnInstallerEnable query  Exception",e);
          flag=true;
      }
      return flag;
  }
  //  add for uninstaller black list end

    /**
     *  This method is an internal method that could be get invoked either
     *  to delete an installed package or to clean up a failed installation.
     *  After deleting an installed package, a broadcast is sent to notify any
     *  listeners that the package has been removed. For cleaning up a failed
     *  installation, the broadcast is not necessary since the package's
     *  installation wouldn't have sent the initial broadcast either
     *  The key steps in deleting a package are
     *  deleting the package information in internal structures like mPackages,
     *  deleting the packages base directories through installd
     *  updating mSettings to reflect current status
     *  persisting settings for later use
     *  sending a broadcast if necessary
     */
    public int deletePackageX(String packageName, long versionCode, int userId, int deleteFlags) {
        final PackageRemovedInfo info = new PackageRemovedInfo(this);
        final boolean res;

        final int removeUser = (deleteFlags & PackageManager.DELETE_ALL_USERS) != 0
                ? UserHandle.USER_ALL : userId;

        if (isPackageDeviceAdmin(packageName, removeUser)) {
            Slog.w(TAG, "Not removing package " + packageName + ": has active device admin");
            return PackageManager.DELETE_FAILED_DEVICE_POLICY_MANAGER;
        }

        //  add for uninstaller black list start
        if(!isUnInstallerEnable(packageName)){
            return PackageManager.DELETE_FAILED_INTERNAL_ERROR;
        }
        //  add for uninstaller black list end

        final PackageSetting uninstalledPs;
        final PackageSetting disabledSystemPs;
        final PackageParser.Package pkg;

        // for the uninstall-updates case and restricted profiles, remember the per-
        // user handle installed state
        int[] allUsers;


		......

}

最后附带一个增、删包名的工具类 AppListHelper.java

package cn.test.app.util;

import android.content.ContentResolver;
import android.content.ContentValues;
import android.content.Context;
import android.database.Cursor;
import android.net.Uri;
import android.text.TextUtils;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;


public class AppListHelper {

    private static AppListHelper appListHelper;
  
    private static final Uri INSTALL_APP_WHITELIST_URI=Uri.parse("content://com.android.packageinstaller.app.provider/install_app_whitelist");
    private static final Uri UNINSTALL_APP_BLACKLIST_URI=Uri.parse("content://com.android.packageinstaller.app.provider/uninstall_app_blacklist");

    public static AppListHelper getInstance(){
        if (appListHelper == null){
            appListHelper = new AppListHelper();
        }
        return appListHelper;
    }

    public void addInstallPackage(Context context, String number){
        ContentResolver contentResolver = context.getContentResolver();
        ContentValues newValues = new ContentValues();
        newValues.put("pkg_name", number);
        contentResolver.insert(INSTALL_APP_WHITELIST_URI, newValues);
    }

    public void removeInstallPackages(Context context, String number) {
        ContentResolver contentResolver = context.getContentResolver();
        contentResolver.delete(INSTALL_APP_WHITELIST_URI,
                "pkg_name = ?",
                new String[] {number});
    }

    public void addUnInstallPackage(Context context, String number){
        ContentResolver contentResolver = context.getContentResolver();
        ContentValues newValues = new ContentValues();
        newValues.put("pkg_name", number);
        contentResolver.insert(UNINSTALL_APP_BLACKLIST_URI, newValues);

    }

    public void removeUnInstallPackages(Context context, String number) {
        ContentResolver contentResolver = context.getContentResolver();
        contentResolver.delete(UNINSTALL_APP_BLACKLIST_URI,
                "pkg_name = ?",
                new String[] {number});
    }

}

说明:当前功能在没有添加一个白名单时 不会做任何拦截 只有当白名单存在至少有一个数据时 白名单才能生效

青春给了狗
关注
  • 7
    点赞
  • 10
    收藏
    觉得还不错? 一键收藏
  • 2
    评论
Android 系统配置第三方应用不可以卸载
qq_24940907的博客
05-12 780
android系统重启,PackageManagerService具有scanPackageLI 过程,在扫描/data/app目录时,会判断非系统应用的Package中是否存在改目录中,如果不存在,会删除对应/data/app目录下数据。在云机系统/data/local/config/路径下配置不可卸载应用NoDeleteApp列表项,根据配置列表,应用安装解析应用包和云机重启扫描解析应用包过程中,标记改应用为系统应用,应用在卸载时,设置不可卸载。内置应用配置过多,会导致system.img镜像过大。
android 8.1 9.0 10.0 app安装黑名单(限制app安装
安卓兼职framework和app工程师的博客
08-01 1860
10.0的产品定制化开发中,客户需求要实现对某些app应用限制也就是app安装黑名单功能,在黑名单之中的应用会被限制安装,PMS就是负责管理app安装卸载的,所以接下来看下PackManagerService.java的源码。
android 10.0 app安装白名单.txt
07-31
android 10.0定制化开发过程中,针对现在安装的app做了定制,在白名单列表的可以安装app 不在列表的app就拒绝安装
android 10.0 app安装黑名单.txt
07-31
android 10 限制app安装列表 ,包名在黑名单列表就不能被安装 无论是adb install 还是 代码安装安装不成功
android12指定应用白名单默认授权
最新发布
随缘
04-24 422
1.路径frameworks/base/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java尾部加入如下代码。5.这是重新刷机,应用就可以面授权直接进入了。进入设置权限页面也可以看到。3.新建sys_app_grant_permission_list.txt文件,写入白名单授权包名。4.在mk中构建加入sys_app_grant_permission_list.conf拷贝。
App安装黑名单白名单补丁.patch
05-18
Android系统限制第三方Apk安装行为,可以启用apk白名单黑名单模式Android系统限制第三方Apk安装行为,可以启用apk白名单黑名单模式
Android 10 添加应用权限白名单
wq892373445的博客
03-14 1126
添加应用权限白名单
改版本号,型号,内置apk白名单,后台不可清除,不可卸载
youthking1314的博客
12-21 500
改版本号,型号,内置apk白名单,后台不可清除,不可卸载
Android包管理机制(一) PackageInstaller的初始化
heng615975867的专栏
09-22 959
Android包管理机制(一) PackageInstaller的初始化 前言 包管理机制是Android中的重要机制,是应用开发和系统开发需要掌握的知识点之一。 包指的是Apk、jar和so文件等等,它们被加载到Android内存中,由一个包转变成可执行的代码,这就需要一个机制来进行包的加载、解析、管理等操作,这就是包管理机制。包管理机制由许多类一起组成,其中核心为PackageManagerService(PMS),它负责对包进行管理,如果直接讲PMS会比较难以理解,因此我们需要一个切入点,这个切入
android 9.0 10.0设置上网白名单
08-10
9.0 10.0设置上网app白名单白名单内的app可以上网 其他的app不能上网
Android编程之软件的安装卸载方法
01-20
本文实例讲述了Android编程之软件的安装卸载方法。分享给大家供大家参考,具体如下: 安装:从sdcard String fileName = Environment.getExternalStorageDirectory() + /myApp.apk; Intent intent = new Intent...
android新建用户删除app
qq_33240707的博客
03-24 3474
​ 一、android Q 1.创建用户 newUserInfo = userManager.createUser(addingUserName, 0); 为新用户添加app(app主用或其他户已安装) iPackageManager.installExistingPackageAsUser(packageName, userHandle.getIdentifier(),0,PackageManager.INSTALL_REASON_UNKNOWN, null); 为新用户删除app(app主用或其他户已安
Android权限系统(二):开机授予运行时权限
Invoker123的博客
06-16 6765
  Android开机后,除了根据上次开机的记录(runtime-permissions.xml)授予运行时权限外,一些系统重要的组件也需要提前授予运行时权限。例如,系统会为默认的浏览器提前授予位置相关的运行时权限 ...
Android 10 添加权限白名单
a546036242的博客
05-24 1734
一、需要修改的source code 位置: frameworks/ base/ core/ res/ res/ values/ config.xml frameworks/ base/ core/ res/ res/ values/ symbols.xml frameworks/base/services/core/java/com/android/server/pm/permission/PermissionManagerService.java 二、具体修改...
Android添加APP到白名单
aidou1314的博客
01-14 1529
APP加入白名单,后台保活
android 8.1 9.0 10.0 app应用卸载黑名单
安卓兼职framework和app工程师的博客
08-01 681
10.0的产品进行定制化开发中,对于限制app卸载的功能也是常有的功能,就是常说的app卸载黑名单功能,而app的安装卸载都是有pms进行管理的。
Android 特许权限白名单
u012514113的专栏
06-27 4566
Android 特许权限白名单配置方法
展锐Android10,R,lmk怎么添加白名单
Android
11-26 1118
请在device/sprd目录中搜索lmkd_param.conf文件,然后确定出和你们项目对应的lmkd_param.conf文件。原文链接:https://blog.csdn.net/bestwu0666/article/details/122860045。lmkd_param.conf文件是lmkd杀进程的白名单配置文件,其中配置的应用是不会被lmkd杀掉的。注意,要在linux下,使用vi编辑修改lmkd_param.conf文件.展锐Android10,R,lmk怎么添加白名单
android 13.0 设置上网应用白名单(上网app白名单)
安卓兼职framework和app工程师的博客
12-18 1107
在13.0的产品rom定制开发中,在对产品进行网络模块开发中,有功能需要要求设置某些app可以上网,某些app不可以上网,就是所谓的网络应用白名单功能 接下来就来分析下相关的网络模块,来具体实现相关功能的开发
android 10 应用安装白名单
06-06
Android 10 应用安装白名单是一项安全措施,旨在限制用户在设备上安装软件的权限。它允许设备管理员或所有者控制在设备上安装或升级应用时所需的权限和条件。具体来说,它允许管理员设置一个名单,只有特定的应用程序才能被安装。 这项安全措施非常适合企业和教育机构,在这些组织中,管理员需要控制员工或学生在设备上安装的应用程序。通过白名单,管理员可以防止员工/学生安装任何未经批准的应用程序,从而减少设备被攻击的风险。 在 Android 10 上,管理员可以通过以下步骤设置应用安装白名单: 1.开启设备的设备管理员模式。 2.进入设备管理员控制面板,然后选择“应用安装”。 3.列出允许在设备上安装的应用程序。 4.如果您想为特定用户或设备组设置白名单,请选择“用户/组”,然后将它们添加到列表中。 需要注意的是,管理员需要对每个指定的应用程序进行评估和验证,以确保它们是安全的并且不会对系统或用户数据造成损害。因此,白名单应该被视为一个必要的工具,在安全风险评估和管理中的一个组成部分。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值