一种有效管控APP隐私权限的解决方案，android最新面试题

mainManifest: File,

manifestOverlays: List,

dependencies: List,

navigationFiles: List,

featureName: String?,

packageOverride: String?,

versionCode: Int,

versionName: String?,

minSdkVersion: String?,

targetSdkVersion: String?,

maxSdkVersion: Int?,

outManifestLocation: String,

outAaptSafeManifestLocation: String?,

outMetadataFeatureManifestLocation: String?,

outBundleManifestLocation: String?,

outInstantAppManifestLocation: String?,

mergeType: ManifestMerger2.MergeType,

placeHolders: Map<String, Any>,

optionalFeatures: Collection<ManifestMerger2.Invoker.Feature>,

reportFile: File?,

logger: ILogger

): MergingReport {

try {

//ManifestMerger2是 manifest-merger库提供的辅助类

val manifestMergerInvoker = ManifestMerger2.newMerger(mainManifest, logger, mergeType)

.setPlaceHolderValues(placeHolders)

.addFlavorAndBuildTypeManifests(*manifestOverlays.toTypedArray())

.addManifestProviders(dependencies)

.addNavigationFiles(navigationFiles)

.withFeatures(*optionalFeatures.toTypedArray())

.setMergeReportFile(reportFile)

.setFeatureName(featureName)

if (mergeType == ManifestMerger2.MergeType.APPLICATION) {

manifestMergerInvoker.withFeatures(ManifestMerger2.Invoker.Feature.REMOVE_TOOLS_DECLARATIONS)

}

if (outAaptSafeManifestLocation != null) {

manifestMergerInvoker.withFeatures(ManifestMerger2.Invoker.Feature.MAKE_AAPT_SAFE)

}

setInjectableValues(

manifestMergerInvoker,

packageOverride, versionCode, versionName,

minSdkVersion, targetSdkVersion, maxSdkVersion

)

//关注这里的调用

val mergingReport = manifestMergerInvoker.merge()

//省略其他对merge结果处理代码

… …

return mergingReport

} catch (e: ManifestMerger2.MergeFailureException) {

// TODO: unacceptable.

throw RuntimeException(e)

}

}

接着看manifestMergerInvoker.merge()的实现

package com.android.manifmerger;

/**

• merges android manifest files, idempotent.

*/

@Immutable

public class ManifestMerger2 {

public static class Invoker<T extends Invoker>{

@NonNull

public MergingReport merge() throws MergeFailureException {

// provide some free placeholders values.

ImmutableMap<ManifestSystemProperty, Object> systemProperties = mSystemProperties.build();

… …

FileStreamProvider fileStreamProvider = mFileStreamProvider != null

? mFileStreamProvider : new FileStreamProvider();

ManifestMerger2 manifestMerger =

new ManifestMerger2(

mLogger,

mMainManifestFile,

mLibraryFilesBuilder.build(),

mFlavorsAndBuildTypeFiles.build(),

mFeaturesBuilder.build(),

mPlaceholders.build(),

new MapBasedKeyBasedValueResolver(

systemProperties),

mMergeType,

mDocumentType,

Optional.fromNullable(mReportFile),

mFeatureName,

fileStreamProvider,

mNavigationFilesBuilder.build());

//调用下面的 private MergingReport merge()方法

return manifestMerger.merge();

}

}

/**

• Perform high level ordering of files merging and delegates actual merging to

• {@link XmlDocument#merge(XmlDocument, com.android.manifmerger.MergingReport.Builder)}

• @return the merging activity report.

• @throws MergeFailureException if the merging cannot be completed (for instance, if xml

• files cannot be loaded).

*/

@NonNull

private MergingReport merge() throws MergeFailureException {

// initiate a new merging report

MergingReport.Builder mergingReportBuilder = new MergingReport.Builder(mLogger);

//一系列merge manifest规则处理

… …

MergingReport mergingReport = mergingReportBuilder.build();

if (mReportFile.isPresent()) {

writeReport(mergingReport);

}

return mergingReport;

}

//最终写入Log文件方法

/**

• Creates the merging report file.

• @param mergingReport the merging activities report to serialize.

*/

private void writeReport(@NonNull MergingR
eport mergingReport) {

FileWriter fileWriter = null;

… …

fileWriter = new FileWriter(mReportFile.get());

mergingReport.getActions().log(fileWriter);

}

}

到目前为止,从代码层面看到了Log文件是如何生成的。

方案实现

---

【manifest-merger-${variantname}-report.txt】文件大致内容如下：

– Merging decision tree log —

manifest

ADDED from /somepath/AndroidManifest.xml❌x-xx:xx

MERGED from [dependencies sdk] /somepath/AndroidManifest.xml❌x-xx:xx

INJECTED from /somepath/AndroidManifest.xml❌x-xx:xx

…

uses-permission#android.permission.INTERNET

方案代码实现很简单：

1.自定义一个Extension，列出暂禁用的权限；

2.实现相应Plugin和Task；

Extension定义可以如下所示：

host{

//明确暂禁用的权限列表

forbiddenPermissions = [‘android.permission.GET_ACCOUNTS’,

‘android.permission.SEND_SMS’,

‘android.permission.CALL_PHONE’,

‘android.permission.BLUETOOTH’,

… …]

}

Plugin简单示例：

public class HostPlugin implements Plugin {

@Override

final void apply(Project project) {

if (!project.getPlugins().hasPlugin(‘com.android.application’) && !project.getPlugins().hasPlugin(‘com.android.library’)) {

throw new GradleException(‘apply plugin: ‘com.android.application’ or apply plugin: ‘com.android.library’ is required’)

}

HostExtension hostExtension = project.getExtensions().create(‘host’, HostExtension.class)

project.afterEvaluate {

def variants = null;

if (project.plugins.hasPlugin(‘com.android.application’)) {

variants = android.getApplicationVariants()

} else if (project.plugins.hasPlugin(‘com.android.library’)) {

variants = android.getLibraryVariants()

}

variants?.all { BaseVariant variant ->

MergeHostManifestTask taskConfiguration= new MergeHostManifestTask.CreationAction()

project.getTasks().create(taskConfiguration.getName(), taskConfiguration.getType(), taskConfiguration)

}

}

}

}

Task简单示例：

import org.gradle.util.GFileUtils

import com.android.utils.FileUtils

class MergeHostManifestTask extends DefaultTask {

List forbiddenPermissions //禁用的权限列表

VariantScope scope

@TaskAction

def doFullTaskAction() {

File logFile = FileUtils.join(

scope.getGlobalScope().getOutputsDir(),

“logs”,

“manifest-permissions-validate-”

• scope.getVariantConfiguration().getBaseName()

• “-report.txt”)

GFileUtils.mkdirs(logFile.getParentFile())

GFileUtils.deleteQuietly(logFile)

checkHostManifest(forbiddenPermissions,logFile,scope)

if (logFile.exists() && logFile.length() > 0) {

throw new GradleException(“Has forbidden permissions in host, please check it in file ${logFile.getAbsolutePath()}”)

}

}

/**

• 检测host manifest 是否含有禁用权限列表

• @param forbiddenPermissions

• @param logFile

• @param variantScope

*/

public static void checkHostManifest(List forbiddenPermissions, File logFile, def variantScope) {

if (forbiddenPermissions == null || forbiddenPermissions.isEmpty()) {

return

}

File reportFile =

FileUtils.join(

variantScope.getGlobalScope().getOutputsDir(),

“logs”,

“manifest-merger-”

• variantScope.getVariantConfiguration().getBaseName()

• “-report.txt”)

if (!reportFile.exists()) {

return

}

reportFile.withReader { reader ->

String line

while ((line = reader.readLine()) != null) {

forbiddenPermissions.each { p ->

if (line.contains(“uses-permission#${p.trim()}”)) {

logFile.append("${p.trim()}\n")

logFile.append(reader.readLine())

FileUtils.join(

variantScope.getGlobalScope().getOutputsDir(),

“logs”,

“manifest-merger-”

• variantScope.getVariantConfiguration().getBaseName()

• “-report.txt”)

if (!reportFile.exists()) {

return

}

reportFile.withReader { reader ->

String line

while ((line = reader.readLine()) != null) {

forbiddenPermissions.each { p ->

if (line.contains(“uses-permission#${p.trim()}”)) {

logFile.append("${p.trim()}\n")

logFile.append(reader.readLine())