一. 默认授予应用权限
PackageManagerService作为android的主要系统服务之一,包含处理应用权限相关的职责。源码地址如下:
1.1 预制不可卸载APP 方案1
frameworks/base/services/core/java/com/android/server/pm
在PMS成功启动时并收到回掉systemReady回进行应用权限授予。
@Override
public void systemReady() {
...
// If we upgraded grant all default permissions before kicking off.
for (int userId : grantPermissionsUserIds) {
mDefaultPermissionPolicy.grantDefaultPermissions(userId);
}
...
}
DefaultPermissionGrantPolicy为权限处理策略管理类。
services/core/java/com/android/server/pm/permissions/DefaultPermissionGrantPolicy.java
grantDefaultPermissions方法进行根据应用属性和白名单进行权限授予。
public void grantDefaultPermissions(int userId) {
grantPermissionsToSysComponentsAndPrivApps(userId);
grantDefaultSystemHandlerPermissions(userId);
grantDefaultPermissionExceptions(userId);
}
这里并没有赋予所有系统应用权限,所以当进行应用时还是会显示权限检查的弹框。
DefaultPermissionGrantPolicy中有个请求全部应用权限的私有方法grantAllRuntimePermissions
private void grantAllRuntimePermissions(int userId) {
Log.i(TAG, "Granting all runtime permissions for user " + userId);
final PackageList packageList = mServiceInternal.getPackageList();
for (String packageName : packageList.getPackageNames()) {
final PackageParser.Package pkg = mServiceInternal.getPackage(packageName);
if (pkg == null) {
continue;
}
grantRuntimePermissionsForPackage(userId, pkg);
}
}
可通过此方法进行所有应用权限赋予:
public void grantDefaultPermissions(int userId) {
if (inited) {
grantAllRuntimePermissions(userId);
} else {
grantPermissionsToSysComponentsAndPrivApps(userId);
grantDefaultSystemHandlerPermissions(userId);
grantDefaultPermissionExceptions(userId);
}
}
frameworks/base/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
private void grantDefaultSystemHandlerPermissions(PackageManagerWrapper pm, int userId) {
grantPermissionsToSystemPackage(pm,
"com.changjinglu.cameradriver",
userId, PHONE_PERMISSIONS, CAMERA_PERMISSIONS,STORAGE_PERMISSIONS);
// Camera
grantPermissionsToSystemPackage(pm,
getDefaultSystemHandlerActivityPackage(pm, MediaStore.ACTION_IMAGE_CAPTURE, userId),
userId, CAMERA_PERMISSIONS, MICROPHONE_PERMISSIONS, STORAGE_PERMISSIONS);
}
如果不想所有应用都授予权限,可考虑在system/etc下的权限相关xml文件添加应用包名和所需权限。
1.2 预制不可卸载APP 方案2
device/rockchip/rk3588/rk3588_t/default_custom_permissions.xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<!--
This file contains permissions to be granted by default. Default
permissions are granted to special platform components and to apps
that are approved to get default grants. The special components
are apps that are expected tto work out-of-the-box as they provide
core use cases such as default dialer, default email, etc. These
grants are managed by the platform. The apps that are additionally
approved for default grants are ones that provide carrier specific
functionality, ones legally required at some location, ones providing
alternative disclosure and opt-out UI, ones providing highlight features
of a dedicated device, etc. This file contains only the latter exceptions.
Fixed permissions cannot be controlled by the user and need a special
approval. Typically these are to ensure either legally mandated functions
or the app is considered a part of the OS.
-->
<exceptions>
<!-- This is an example of an exception:
<exception
package="foo.bar.permission"
<permission name="android.permission.READ_CONTACTS" fixed="true"/>
<permission name="android.permission.READ_CALENDAR" fixed="false"/>
</exception>
-->
<exception
package="com.google.android.inputmethod.pinyin">
<!-- Contacts -->
<permission name="android.permission.READ_CONTACTS" fixed="false"/>
<!-- STORAGE -->
<permission name="android.permission.READ_EXTERNAL_STORAGE" fixed="false"/>
<!-- DICTIONARY -->