系统禁止安装apk,只允许指定的apk安装升级;在系统中添加whiteListApps.txt,里面放入允许安装的apk的包名;
代码逻辑基本是一样的,只是在不同地方拦截apk安装。patch链接如下:
https://download.csdn.net/download/m1126125223/10980997
具体代码如下:
复制whiteListApps到指定目录
device/rockchip/common/device.mk
PRODUCT_COPY_FILES += \
$(LOCAL_PATH)/whiteListApps.txt:system/etc/whiteListApps.txt
framework层拦截apk的安装
frameworks/base/cmds/pm/src/com/android/commands/pm/Pm.java
+ private static final int GET_SIGNATURES = 0x00000040;
+ private static final int MATCH_DIRECT_BOOT_UNAWARE = 0x00040000;
+ private static final int MATCH_DIRECT_BOOT_AWARE = 0x00080000;
+
private static final String PM_NOT_RUNNING_ERR =
"Error: Could not access the Package Manager. Is the system running?";
+ private boolean isWhiteListApp(String pkgName){ // pkgName和whiteListApps对比
+ final File systemDir;
+ final File whiteListFile;
+ final ArrayList<String> whiteListApps = new ArrayList<String>();
+ systemDir = new File("/system/", "etc");
+ whiteListFile = new File(systemDir, "whiteListApps.txt");
+
+ if (!whiteListFile.exists()) {
+ Log.e(TAG, "isWhiteListApp: whiteListApps.txt file no exists");
+ return false;
+ }
+ try {
+ whiteListApps.clear();
+ BufferedReader br = new BufferedReader(new FileReader(whiteListFile));
+ String line = br.readLine();
+ while (line != null) {
+ //Log.d(TAG, "whiteListApps readLine:" + line);
+ whiteListApps.add(line);
+ line = br.readLine();
+ }
+ br.close();
+ } catch (IOException e) {
+ Log.e(TAG, "IO Exception happened while reading whiteListApps");
+ e.printStackTrace();
+ return false;
+ }
+ Iterator<String> it = whiteListApps.iterator();
+ while (it.hasNext()) {
+ String whitelistItem = it.next();
+ if (pkgName.equals(whitelistItem)) {
+ Log.e(TAG, "isWhiteListApp: find matching package name "+pkgName);
+ return true;
+ }
+ }
+ Log.e(TAG, "isWhiteListApp: cann't find matching package name "+pkgName);
+ return false;
+ }
+
+ private PackageInfo getPackageInfoFromPath(String pkgFilePath, int flags) {
+ final PackageParser parser = new PackageParser();
+ final File apkFile = new File(pkgFilePath);
+ try {
+ if ((flags & (MATCH_DIRECT_BOOT_UNAWARE | MATCH_DIRECT_BOOT_AWARE)) != 0) {
+ // Caller expressed an explicit opinion about what encryption
+ // aware/unaware components they want to see, so fall through and
+ // give them what they want
+ } else {
+ // Caller expressed no opinion, so match everything
+ flags |= MATCH_DIRECT_BOOT_AWARE | MATCH_DIRECT_BOOT_UNAWARE;
+ }
+
+ PackageParser.Package pkg = parser.parseMonolithicPackage(apkFile, 0);
+ if ((flags & GET_SIGNATURES) != 0) {
+ PackageParser.collectCertificates(pkg, 0);
+ }
+ PackageUserState state = new PackageUserState();
+ return PackageParser.generatePackageInfo(pkg, null, flags, 0, 0, null, state);
+ } catch (PackageParserException e) {
+ return null;
+ }
+ }
+
public static void main(String[] args) {
int exitCode = 1;
try {
@@ -397,6 +475,19 @@ public final class Pm {
System.err.println("Error: must either specify a package size or an APK file");
return 1;
}
+
+ if (SystemProperties.getBoolean("persist.neo.WhiteList", false)) {
+ PackageInfo info = getPackageInfoFromPath(inPath, PackageManager.GET_ACTIVITIES);
+ String installerPackageName = info.packageName;
+ Log.e(TAG, "---lpz--- apkFilePath = "+inPath+", installerPackageName = "+installerPackageName);
+ if(!isWhiteListApp(installerPackageName)) {
+ System.err.println("Error: the app is not in app whitelist packageName " + installerPackageName);
+ return 1;
+ }
+ }
frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
同上面的方法 :isWhiteListApp(String pkgName)
+ if (SystemProperties.getBoolean("persist.neo.WhiteList", false)) {//拦截adb安卓的apk
+ if(!isWhiteListApp(pkg.packageName)) {
+ res.setError(PackageManager.INSTALL_FAILED_VERIFICATION_FAILURE,"app is not in the whitelist. packageName:" + pkg.packageName);
+ return;
+ }
+ }
// Get rid of all references to package scan path via parser.
pp = null;
String oldCodePath = null;
PackageInstaller 层拦截
packages/apps/PackageInstaller/src/com/android/packageinstaller/PackageInstallerActivity.java
同上面的方法 :isWhiteListApp(String pkgName)
private void startInstallConfirm() {
((TextView) findViewById(R.id.install_confirm_question))
.setText(R.string.install_confirm_question);
@@ -248,20 +298,6 @@ public class PackageInstallerActivity extends OverlayTouchActivity implements On
@Override
public Dialog onCreateDialog(int id, Bundle bundle) {
switch (id) {
case DLG_UNKNOWN_SOURCES:
return new AlertDialog.Builder(this)
@@ -510,6 +546,18 @@ public class PackageInstallerActivity extends OverlayTouchActivity implements On
*/
private void checkIfAllowedAndInitiateInstall(boolean ignoreUnknownSourcesSettings) {
// Block the install attempt on the Unknown Sources setting if necessary.
+ if (SystemProperties.getBoolean("persist.neo.WhiteList", false)) {
+ if (!isWhiteListApp(mPkgInfo.packageName)) {//拦截用户安卓的apk
+ Toast.makeText(this, R.string.unknown_apps_admin_dlg_text, Toast.LENGTH_LONG).show();//show unknown apps not allow install
+ Log.i(TAG, "is no White List App, cannt install allow !");
+ this.finish();
+ return;
+ }
+ }