Android PMS赋予应用权限流程---安装默认赋予流程

最新推荐文章于 2024-04-08 12:18:56 发布
最新推荐文章于 2024-04-08 12:18:56 发布
阅读量865 收藏 1
点赞数 2
分类专栏: SystemUI 文章标签: android java 开发语言
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_42196034/article/details/127966095
版权

base/services/core/java/com/android/server/pm/PackageManagerService.java

    @Override
    public void systemReady() {
        enforceSystemOrRoot("Only the system can claim the system is ready");

        ......

        mUserManager.systemReady();

        // Watch for external volumes that come and go over time
        final StorageManager storage = mInjector.getSystemService(StorageManager.class);
        storage.registerListener(mStorageListener);

        mInstallerService.systemReady();
        mPackageDexOptimizer.systemReady();

        // Now that we're mostly running, clean up stale users and apps
        mUserManager.reconcileUsers(StorageManager.UUID_PRIVATE_INTERNAL);
        reconcileApps(StorageManager.UUID_PRIVATE_INTERNAL);

        mPermissionManager.onSystemReady();

        int[] grantPermissionsUserIds = EMPTY_INT_ARRAY;
        final List<UserInfo> livingUsers = mInjector.getUserManagerInternal().getUsers(
                /* excludePartial= */ true,
                /* excludeDying= */ true,
                /* excludePreCreated= */ false);
        final int livingUserCount = livingUsers.size();
        for (int i = 0; i < livingUserCount; i++) {
            final int userId = livingUsers.get(i).id;
             if (mPmInternal.isPermissionUpgradeNeeded(userId)) {
                grantPermissionsUserIds = ArrayUtils.appendInt(
                        grantPermissionsUserIds, userId);
             }
        }//权限处理
        // If we upgraded grant all default permissions before kicking off.
        for (int userId : grantPermissionsUserIds) {
            mLegacyPermissionManager.grantDefaultPermissions(userId);
        }
        if (grantPermissionsUserIds == EMPTY_INT_ARRAY) {
            // If we did not grant default permissions, we preload from this the
            // default permission exceptions lazily to ensure we don't hit the
            // disk on a new user creation.
            mLegacyPermissionManager.scheduleReadDefaultPermissionExceptions();
        }

        if (mInstantAppResolverConnection != null) {
            mContext.registerReceiver(new BroadcastReceiver() {
                @Override
                public void onReceive(Context context, Intent intent) {
                    mInstantAppResolverConnection.optimisticBind();
                    mContext.unregisterReceiver(this);
                }
            }, new IntentFilter(Intent.ACTION_BOOT_COMPLETED));
        }

        ......
    }

base/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java

grantPermissionsToSysComponentsAndPrivApps(pm, userId);//为sys组件和private-app赋予权限

    public void grantDefaultPermissions(int userId) {
        Log.d(TAG,  " grantDefaultPermissions: " + Log.getStackTraceString(new Throwable()));
        Log.d(TAG, "grantDefaultPermissions " + userId);

        DelayingPackageManagerCache pm = new DelayingPackageManagerCache();

        grantPermissionsToSysComponentsAndPrivApps(pm, userId);
        grantDefaultSystemHandlerPermissions(pm, userId);
        grantDefaultPermissionExceptions(pm, userId);

        // Apply delayed state
        pm.apply();
    }

/*********************************************************************************/

    private void grantPermissionsToSysComponentsAndPrivApps(DelayingPackageManagerCache pm,
            int userId) {
        Log.i(TAG, "Granting permissions to platform components for user " + userId);
        List<PackageInfo> packages = mContext.getPackageManager().getInstalledPackagesAsUser(
                DEFAULT_PACKAGE_INFO_QUERY_FLAGS, UserHandle.USER_SYSTEM);//获取包的相关信息
        for (PackageInfo pkg : packages) {
            if (pkg == null) {
                continue;
            }

            // Package info is already loaded, cache it
            Log.d(TAG, "pkg.packageNamer " + pkg.packageName);

            pm.addPackageInfo(pkg.packageName, pkg);

            if (!pm.isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
                    || !doesPackageSupportRuntimePermissions(pkg)
                    || ArrayUtils.isEmpty(pkg.requestedPermissions)) {
                continue;
            }
            grantRuntimePermissionsForSystemPackage(pm, userId, pkg);//赋予权限
        }

        // Grant READ_PHONE_STATE to all system apps that have READ_PRIVILEGED_PHONE_STATE
        // R: CTA requirement - permission control
        if(!CTA_MANAGER.isCtaSupported()) {
           // Re-grant READ_PHONE_STATE as non-fixed to all system apps that have
           // READ_PRIVILEGED_PHONE_STATE and READ_PHONE_STATE granted -- this is to undo the fixed
           // grant from R.
           for (PackageInfo pkg : packages) {
               if (pkg == null
                       || !doesPackageSupportRuntimePermissions(pkg)
                       || ArrayUtils.isEmpty(pkg.requestedPermissions)
                       || !pm.isGranted(Manifest.permission.READ_PRIVILEGED_PHONE_STATE,
                               pkg, UserHandle.of(userId))
                       || !pm.isGranted(Manifest.permission.READ_PHONE_STATE, pkg,
                               UserHandle.of(userId))) {
                   continue;
               }

               pm.updatePermissionFlags(Manifest.permission.READ_PHONE_STATE, pkg,
                       PackageManager.FLAG_PERMISSION_SYSTEM_FIXED,
                       0,
                       UserHandle.of(userId));
           }
        }
    }

/*******************************************************************************/

   private void grantRuntimePermissionsForSystemPackage(PackageManagerWrapper pm,
            int userId, PackageInfo pkg) {
        Set<String> permissions = new ArraySet<>();
        for (String permission : pkg.requestedPermissions) {
            final PermissionInfo perm = pm.getPermissionInfo(permission);
            if (perm == null) {
                continue;
            }
            Log.d(TAG,"protectionLevel perm.protectionLevel: " +  perm.protectionLevel);
            Log.d(TAG,"permission: " +  permission);

            if (perm.isRuntime()) {
                permissions.add(permission);
            }
        }
        if (!permissions.isEmpty()) {
            grantRuntimePermissions(pm, pkg, permissions, true /*systemFixed*/, userId);//权限
        }
    }

/*******************************************************************************/


    private void grantRuntimePermissions(PackageManagerWrapper pm, PackageInfo pkg,
            Set<String> permissions, boolean systemFixed, int userId) {
        grantRuntimePermissions(pm, pkg, permissions, systemFixed, false,
                true /*whitelistRestrictedPermissions*/, userId);
    }
/*******************************************************************************/

grantDefaultSystemHandlerPermissions(pm, userId);//为系统的指定的应用提供相应的特殊权限

    private void grantDefaultSystemHandlerPermissions(PackageManagerWrapper pm, int userId) {
        Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);

        final PackagesProvider locationPackagesProvider;
        final PackagesProvider locationExtraPackagesProvider;
        final PackagesProvider voiceInteractionPackagesProvider;
        final PackagesProvider smsAppPackagesProvider;
        final PackagesProvider dialerAppPackagesProvider;
        final PackagesProvider simCallManagerPackagesProvider;
        final PackagesProvider useOpenWifiAppPackagesProvider;
        final SyncAdapterPackagesProvider syncAdapterPackagesProvider;
        //config.xml中定义了具体的包名,例如    <string name="config_defaultDialer" translatable="false">com.android.dialer</string>

        synchronized (mLock) {
            locationPackagesProvider = mLocationPackagesProvider;
            locationExtraPackagesProvider = mLocationExtraPackagesProvider;
            voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider;
            smsAppPackagesProvider = mSmsAppPackagesProvider;
            dialerAppPackagesProvider = mDialerAppPackagesProvider;
            simCallManagerPackagesProvider = mSimCallManagerPackagesProvider;
            useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider;
            syncAdapterPackagesProvider = mSyncAdapterPackagesProvider;
        }

        String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null)
                ? voiceInteractionPackagesProvider.getPackages(userId) : null;
        String[] locationPackageNames = (locationPackagesProvider != null)
                ? locationPackagesProvider.getPackages(userId) : null;
        String[] locationExtraPackageNames = (locationExtraPackagesProvider != null)
                ? locationExtraPackagesProvider.getPackages(userId) : null;
        String[] smsAppPackageNames = (smsAppPackagesProvider != null)
                ? smsAppPackagesProvider.getPackages(userId) : null;
        String[] dialerAppPackageNames = (dialerAppPackagesProvider != null)
                ? dialerAppPackagesProvider.getPackages(userId) : null;
        String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null)
                ? simCallManagerPackagesProvider.getPackages(userId) : null;
        String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null)
                ? useOpenWifiAppPackagesProvider.getPackages(userId) : null;
        String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
                syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null;
        String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
                syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null;

        // Installer
        grantSystemFixedPermissionsToSystemPackage(pm,
                ArrayUtils.firstOrNull(getKnownPackages(
                        PackageManagerInternal.PACKAGE_INSTALLER, userId)),
                userId, STORAGE_PERMISSIONS);//关注最后一个参数,是需要的权限组

......

//其余的不分析,基本调用相似,都是为了给特定的应用赋予特定的权限

}


/******************************************************************************/

    @SafeVarargs
    private final void grantSystemFixedPermissionsToSystemPackage(PackageManagerWrapper pm,
            String packageName, int userId, Set<String>... permissionGroups) {
        grantPermissionsToSystemPackage(pm, packageName, userId, true /* systemFixed */,
                permissionGroups);
    }

/******************************************************************************/
    @SafeVarargs
    private final void grantSystemFixedPermissionsToSystemPackage(PackageManagerWrapper pm,
            String packageName, int userId, Set<String>... permissionGroups) {
        grantPermissionsToSystemPackage(pm, packageName, userId, true /* systemFixed */,
                permissionGroups);
    }

/******************************************************************************/

    @SafeVarargs
    private final void grantPermissionsToSystemPackage(PackageManagerWrapper pm, String packageName,
            int userId, boolean systemFixed, Set<String>... permissionGroups) {
        if (!pm.isSystemPackage(packageName)) {
            return;
        }
        grantPermissionsToPackage(pm, pm.getSystemPackageInfo(packageName),
                userId, systemFixed, false /* ignoreSystemPackage */,
                true /*whitelistRestrictedPermissions*/, permissionGroups);
    }

/******************************************************************************/
    @SafeVarargs
    private final void grantPermissionsToPackage(PackageManagerWrapper pm, PackageInfo packageInfo,
            int userId, boolean systemFixed, boolean ignoreSystemPackage,
            boolean whitelistRestrictedPermissions, Set<String>... permissionGroups) {
        if (packageInfo == null) {
            return;
        }
        if (doesPackageSupportRuntimePermissions(packageInfo)) {
            for (Set<String> permissionGroup : permissionGroups) {
                grantRuntimePermissions(pm, packageInfo, permissionGroup, systemFixed,
                        ignoreSystemPackage, whitelistRestrictedPermissions, userId);//重点此函数
            }
        }
    }



/******************************************************************************/

grantDefaultPermissionExceptions(pm, userId);//从指定文件读取需要赋予的权限

    private void grantDefaultPermissionExceptions(PackageManagerWrapper pm, int userId) {
        mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
        Log.d(TAG,"grantDefaultPermissionExceptions");
        synchronized (mLock) {
            // mGrantExceptions is null only before the first read and then
            // it serves as a cache of the default grants that should be
            // performed for every user. If there is an entry then the app
            // is on the system image and supports runtime permissions.
            if (mGrantExceptions == null) {
                mGrantExceptions = readDefaultPermissionExceptionsLocked(pm);//获取那些权限需要被赋予
            }
        }

        Set<String> permissions = null;
        final int exceptionCount = mGrantExceptions.size();
        for (int i = 0; i < exceptionCount; i++) {
            String packageName = mGrantExceptions.keyAt(i);
            Logd(TAG,"grantDefaultPermissionExceptions packageName: " + packageName);
            PackageInfo pkg = pm.getSystemPackageInfo(packageName);
            List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i);
            final int permissionGrantCount = permissionGrants.size();
            for (int j = 0; j < permissionGrantCount; j++) {
                DefaultPermissionGrant permissionGrant = permissionGrants.get(j);
                if (!pm.isPermissionDangerous(permissionGrant.name)) {
                    Log.w(TAG, "Ignoring permission " + permissionGrant.name
                            + " which isn't dangerous");
                    continue;
                }
                if (permissions == null) {
                    permissions = new ArraySet<>();
                } else {
                    permissions.clear();
                }
                permissions.add(permissionGrant.name);


                grantRuntimePermissions(pm, pkg, permissions, permissionGrant.fixed,
                        permissionGrant.whitelisted, true /*whitelistRestrictedPermissions*/,
                        userId);//赋予权限
            }
        }
    }


/********************************************************************************/

    private @NonNull ArrayMap<String, List<DefaultPermissionGrant>>
            readDefaultPermissionExceptionsLocked(PackageManagerWrapper pm) {
        File[] files = getDefaultPermissionFiles();
        if (files == null) {
            return new ArrayMap<>(0);
        }

        ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>();

        // Iterate over the files in the directory and scan .xml files
        for (File file : files) {
            if (!file.getPath().endsWith(".xml")) {
                Slog.i(TAG, "Non-xml file " + file
                        + " in " + file.getParent() + " directory, ignoring");
                continue;
            }
            if (!file.canRead()) {
                Slog.w(TAG, "Default permissions file " + file + " cannot be read");
                continue;
            }
            try (InputStream str = new FileInputStream(file)) {
                TypedXmlPullParser parser = Xml.resolvePullParser(str);
                parse(pm, parser, grantExceptions);
            } catch (XmlPullParserException | IOException e) {
                Slog.w(TAG, "Error reading default permissions file " + file, e);
            }
        }

        return grantExceptions;
    }


/********************************************************************************/

    private File[] getDefaultPermissionFiles() {
        ArrayList<File> ret = new ArrayList<File>();
        File dir = new File(Environment.getRootDirectory(), "etc/default-permissions");
        if (dir.isDirectory() && dir.canRead()) {
            Collections.addAll(ret, dir.listFiles());
            Log.d(TAG,"getDefaultPermissionFiles dir.listFiles(): " + dir.listFiles().toString());
        }
        dir = new File(Environment.getVendorDirectory(), "etc/default-permissions");
        if (dir.isDirectory() && dir.canRead()) {
            Collections.addAll(ret, dir.listFiles());
        }
        dir = new File(Environment.getOdmDirectory(), "etc/default-permissions");
        if (dir.isDirectory() && dir.canRead()) {
            Collections.addAll(ret, dir.listFiles());
        }
        dir = new File(Environment.getProductDirectory(), "etc/default-permissions");
        if (dir.isDirectory() && dir.canRead()) {
            Collections.addAll(ret, dir.listFiles());
        }
        dir = new File(Environment.getSystemExtDirectory(), "etc/default-permissions");
        if (dir.isDirectory() && dir.canRead()) {
            Collections.addAll(ret, dir.listFiles());
        }
        // For IoT devices, we check the oem partition for default permissions for each app.
        if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {
            dir = new File(Environment.getOemDirectory(), "etc/default-permissions");
            if (dir.isDirectory() && dir.canRead()) {
                Collections.addAll(ret, dir.listFiles());
            }
        }
        return ret.isEmpty() ? null : ret.toArray(new File[0]);
    }


/********************************************************************************/

grantRuntimePermissions分析

weixin_42196034
关注
  • 2
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Android pms权限管理,Android权限机制
weixin_35045973的博客
05-26 802
为什么有权限机制我们知道 Android 应用程序是沙箱隔离的,每个应用都有一个只有自己具有读写权限的专用数据目录。但是如果应用要访问别人的组件或者一些设备上全局可访问的资源,这时候权限机制就能系统化地规范并强制各类应用程序的行为准则。权限的本质在 Android 中,一个权限,本质上是一个字符串,一个可以表示执行特定操作的能力的字符串。比如说:访问 SD 卡的能力,访问通讯录的能力,启动或访问一...
android10 根据包名默认通过“未知应用安装权限
随缘
08-11 615
aosp29系统开发,某些内置三方应用要求默认授予安装权限用于升级,但是Android10出于安全考虑,默认安装升级包需要用户授权。出现如下提示:设置通过后还会提示确认框。
Android11中系统原生电话应用未设置为默认应用
qq_36507723的博客
04-22 2028
Android11中系统原生电话应用未设置为默认应用 以下两种方法针对本人遇到的情况进行解决: 方法一: 遇到此类问题,建议抓取一个刷新版本后,首次开机启动的log。接下来搜索关键字"dialer",或许这时你就已经找到原因了。 Cannot get ApplicationInfo for default holder: org.codeaurora.dialer (log中的关键信息) 出现了这种问题就是设置的默认电话应用包名和系统原生的不一致,找到设置“org.codeaurora.dialer”(
Android12 授予APK默认权限
qq_44844314的博客
01-18 1354
Android12 权限适配
Android 动态权限默认设置
tq501501的博客
10-21 1556
1、给预置APP设置默认权限 framework/base/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java 270 public void grantDefaultPermissions(int userId) { 271 grantPermissionsToSysComponentsAndPrivApps(userId); 272 grantDefaul
Android 在Framework默认授予launcher runtime权限
csdnxialei的博客
06-25 1947
Android版本: 8.1 问题描述: 要在launcher显示通话记录calllog 和未读短信等内容,涉及运行时权限,导致必须申请运行时权限,这样就会弹窗提示,客户的需求当然是不许弹窗咯,第一次开机就要默认授权。 一,privapp-permissions-mediatek.xml无效了 记得以前做这种权限问题,都是直接在privapp-permissions权限白名单里加上对应权限,但是...
Android - AMS/PMS
06-20
流程
PMS-git:PMS-git
05-10
为了保护项目的安全性,PMS-git可能支持角色和权限的设定,不同角色的成员拥有不同的操作权限,如只读、读写或管理员权限,这可以防止未经授权的更改。 6. **集成与API**: 作为一个现代的项目管理系统,PMS-git...
PMS-Android-App
03-28
PMS-Android-App
pms-tech-supplyvoltage-start.yml
01-11
pms-tech-supplyvoltage-start.yml
远方PMS-50P软件备份
08-27
1. **安装程序**:这可能是一个可执行文件,用于在用户的计算机上安装PMS-50P软件。 2. **配置文件**:这些文件保存了系统的设置和参数,使得软件能适应不同的环境和需求。 3. **数据库文件**:PMS-50P可能涉及到...
Android6.0 PackageManagerService(PMS)-安装
Dr_Unknown的博客
08-21 2442
目录见上↑↑↑,整个安装过程可分为三步:     1.权限检查     2.复制文件     3.装载应用 1.权限检查 调用installPackageAsUser函数 public void installPackageAsUser(String originPath, IPackageInstallObserver2 observer, int i
Android 开机权限默认授予Runtime权限
csdnxialei的博客
04-13 3649
背景:这几天在处理关于工厂测试app的授权问题,按照之前的把权限添加到权限白名单方式,使用app时,依然会发现无法打开录音,照相机等功能,去setting查看app权限管理,发现这些权限没有授予。现在问题解决了 首先,前面我写了这个博客,Android 开机权限白名单默认授予系统app权限, 里面提到默认授权时 private void restorePermissionState(@NonNull AndroidPackage pkg, boolean replace, @Nullabl
安卓权限预置设置
最新发布
冷冷清清里风风火火是我
04-08 1170
安卓权限预置设置
android 权限默认授予,AOSP 权限默认授予
weixin_39581972的博客
05-30 1203
AOSP 权限默认授予环境Android 8.1Android权限等级分为normal,dangerous,signature,signatureOrSystemnormal是在AndroidManifest中声明即可获取的低风险权限;dangerous是需要在获取时提示用户的高风险权限,也就是Runtime权限;signature是request权限的app和声明权限的app签名一致的时候才...
Android11系统默认给第三方应用授权方法
xiaoxiaowu520的博客
12-05 2332
Android 11 系统默认给第三方APK进行授权系统权限
Android 6.0 运行时权限检查分析
热门推荐
hehui1860的专栏
08-27 1万+
Android版本升级到6.0之后,为了一改往日安全受人诟病的形象,将权限授权的安装时授予的基础上,对于一部分危险的权限采用动态控制授权的方式。类似国内手机安全助手权限控制的功能。 本篇会从源码的角度给大家进行说明,不会说得太深入,各位看官跟着就行了。
拨号流程梳理
github_28948711的博客
11-11 1262
###在拨号盘Dialer中点击拨号按钮
Android8.1 MTK平台 系统需求定制
cczhengv
08-23 2496
1、清空短信记录接口 vendor\mediatek\proprietary\packages\apps\Mms\src\com\android\mms\transaction\NoneService.java public class NoneService extends Service { private static final String TAG = "NoneService"...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值