AOSP默认授予权限
1. 特许权限许可名单
如何配置应用特许权限
- 预制应用并配置应用Android.mk 加入
LOCAL_PRIVILEGED_MODULE := true
LOCAL_PRODUCT_MODULE := true
LOCAL_PATH:= $(call my-dir)
include $(CLEAR_VARS)
LOCAL_MODULE := Workspace
LOCAL_MODULE_CLASS := APPS
LOCAL_SRC_FILES := $(LOCAL_MODULE).apk
LOCAL_CERTIFICATE := PRESIGNED
LOCAL_PRIVILEGED_MODULE := true
#LOCAL_DEX_PREOPT := false
LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_SUFFIX := $(COMMON_ANDROID_PACKAGE_SUFFIX)
LOCAL_PRODUCT_MODULE := true
include $(BUILD_PREBUILT)
这样,应用就内置到了 /system/product/priv-app 目录下
2. 创建白名单权限xml privapp-permissions-cxhh.xml
<?xml version="1.0" encoding="utf-8"?>
<permissions>
<privapp-permissions package="com.example.test">
<permission name="android.permission.SET_TIME_ZONE"/>
<permission name="android.permission.SHUTDOWN"/>
<permission name="android.permission.STATUS_BAR"/>
<permission name="android.permission.UPDATE_APP_OPS_STATS"/>
<permission name="android.permission.WRITE_APN_SETTINGS"/>
<permission name="android.permission.CONTROL_VPN"/>
</privapp-permissions>
</permissions>
- 将
privapp-permissions-cxhh.xml
根据xml配置到apk的同一分区目录下的***/etc/permissions
目录,在 device.mk 中加入
PRODUCT_COPY_FILES += \
device/rockchip/rk3288/ind3288_cxno/privapp-permissions-cxhh.xml:/system/product/etc/permissions/privapp-permissions-cxhh.xml \
因为当前应用在 /system/product/priv-app
目录下 ,所以要将 privapp-permissions-cxhh.xml
配置到 /system/product/etc/permissions/
目录下
- 设置
ro.control_privapp_permissions=log
配置是否打印log
2. 运行时(危险)权限
运行时权限默认授予的源码在 frameworks/base/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
其中有 grantDefaultPermissions(int userId)
方法
调用了 grantDefaultPermissionExceptions(int userId)
该方法会在各分区目录下的 etc/default-permissions
子目录下遍历权限配置,根据配置配置权限
- 新建运行时权限配置
default-permission.xml
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<exceptions>
<!-- This is an example of an exception:
<exception
package="foo.bar.permission"
<permission name="android.permission.READ_CONTACTS" fixed="true"/>
<permission name="android.permission.READ_CALENDAR" fixed="false"/>
</exception>
-->
<exception
package="com.example.test">
<permission name="android.permission.READ_CONTACTS" fixed="true"/>
<permission name="android.permission.WRITE_CONTACTS" fixed="true"/>
<permission name="android.permission.GET_ACCOUNTS" fixed="true"/>
<permission name="android.permission.READ_EXTERNAL_STORAGE" fixed="true"/>
<permission name="android.permission.WRITE_EXTERNAL_STORAGE" fixed="true"/>
<permission name="android.permission.CAMERA" fixed="true"/>
<permission name="android.permission.RECORD_AUDIO" fixed="true"/>
</exception>
</exceptions>
- 配置device.mk ,将
default-permission.xml
打包进镜像
PRODUCT_COPY_FILES += \
device/rockchip/rk3288/ind3288_cxno/default-permission.xml:/system/product/etc/default-permissions/default-permission.xml \
- 通过
adb shell pm dump com.xx.xxx | grep permission
验证权限是否默认授予