android6 的权限分为几个级别,普通的第三方应用一般会用到 normal dangerous 。系统应用可能会用到 signature|system signature|privileged signature,详细的信息在Manifest中定义
vim frameworks/base/core/res/AndroidManifest.xml
其中,只有定义为dangerous 的才会要求”检查权限”,normal级别的,只要在应用的Manifest中有声明,就会自动允许。所以一般开发者要重地关注dangerous的权限.
“检查权限” 是这样的,
1,如果设备运行的是 Android 5.1(API 级别 22)或更低版本,并且应用的 targetSdkVersion 是 22 或更低版本,则系统会在安装时要求用户授予权限
2,targetSdkVersion>=23 && 设备系统是android6+。需要动态申请
3,动态申请 之后,用户会允许或者拒绝,拒绝的话,就不能使用相关功能,强行调用的话,会抛出SerurityException
dangerous的权限有:
参考 https://developer.android.com/guide/topics/security/permissions.html#normal-dangerous
| 权限组 | 权限 |
|---|---|
| CALENDAR | READ_CALENDAR 、WRITE_CALENDAR |
| CAMERA | CAMERA |
| CONTACTS | READ_CONTACTS、WRITE_CONTACTS、GET_ACCOUNTS |
| LOCATION | ACCESS_FINE_LOCATION、ACCESS_COARSE_LOCATION |
| MICROPHONE | RECORD_AUDIO |
| PHONE | READ_PHONE_STATE、CALL_PHONE、READ_CALL_LOG、WRITE_CALL_LOG、ADD_VOICEMAIL、USE_SIP、PROCESS_OUTGOING_CALLS |
| SENSORS | BODY_SENSORS |
| SMS | SEND_SMS、RECEIVE_SMS、READ_SMS、RECEIVE_WAP_PUSH、RECEIVE_MMS |
| STORAGE | READ_EXTERNAL_STORAGE、WRITE_EXTERNAL_STORAGE |
好了,游戏规则就是这样。从应用开发者来说,github上也有不少辅助的第三方库,直接拿来用就可以了。颗粒度的控制权限,当然对用户来说是好事。
背景介绍完
不过每开一个app就要弹窗授权什么的,我觉得有点麻烦,所以先看看源码,改一下这个部分的功能。
以静默安装应用为例
vim ./frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
@Override
public void installPackageAsUser(String originPath, IPackageInstallObserver2 observer,
int installFlags, String installerPackageName, VerificationParams verificationParams,
String packageAbiOverride, int userId) {
mContext.enforceCallingOrSelfPermission(android.Manifest.permission.INSTALL_PACKAGES, null);
final int callingUid = Binder.getCallingUid();
enforceCrossUserPermission(callingUid, userId, true, true, "installPackageAsUser");
// ...
}enforceCrossUserPermission 里面调用了
mContext.enforceCallingOrSelfPermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, message);
绕了几圈,最后是在ActivityManager.java 中落地
vim ./frameworks/base/core/java/android/app/ActivityManager.java
/** @hide */
public static int checkComponentPermission(String permission, int uid,
int owningUid, boolean exported) {
// Root, system server get to do everything.
final int appId = UserHandle.getAppId(uid);
if (appId == Process.ROOT_UID || appId == Process.SYSTEM_UID) {
return PackageManager.PERMISSION_GRANTED;
}
// Isolated processes don't get any permissions.
if (UserHandle.isIsolated(uid)) {
return PackageManager.PERMISSION_DENIED;
}
// If there is a uid that owns whatever is being accessed, it has
// blanket access to it regardless of the permissions it requires.
if (owningUid >= 0 && UserHandle.isSameApp(uid, owningUid)) {
return PackageManager.PERMISSION_GRANTED;
}
// If the target is not exported, then nobody else can get to it.
if (!exported) {
/*
RuntimeException here = new RuntimeException("here");
here.fillInStackTrace();
Slog.w(TAG, "Permission denied: checkComponentPermission() owningUid=" + owningUid,
here);
*/
return PackageManager.PERMISSION_DENIED;
}
if (permission == null) {
return PackageManager.PERMISSION_GRANTED;
}
try {
return AppGlobals.getPackageManager()
.checkUidPermission(permission, uid);
} catch (RemoteException e) {
// Should never happen, but if it does... deny!
Slog.e(TAG, "PackageManager is dead?!?", e);
}
return PackageManager.PERMISSION_DENIED;
}vim ./frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
@Override
public int checkUidPermission(String permName, int uid) {
final int userId = UserHandle.getUserId(uid);
if (!sUserManager.exists(userId)) {
return PackageManager.PERMISSION_DENIED;
}
synchronized (mPackages) {
Object obj = mSettings.getUserIdLPr(UserHandle.getAppId(uid));
if (obj != null) {
final SettingBase ps = (SettingBase) obj;
final PermissionsState permissionsState = ps.getPermissionsState();
if (permissionsState.hasPermission(permName, userId)) {
return PackageManager.PERMISSION_GRANTED;
}
// Special case: ACCESS_FINE_LOCATION permission includes ACCESS_COARSE_LOCATION
if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && permissionsState
.hasPermission(Manifest.permission.ACCESS_FINE_LOCATION, userId)) {
return PackageManager.PERMISSION_GRANTED;
}
} else {
ArraySet<String> perms = mSystemPermissions.get(uid);
if (perms != null) {
if (perms.contains(permName)) {
return PackageManager.PERMISSION_GRANTED;
}
if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && perms
.contains(Manifest.permission.ACCESS_FINE_LOCATION)) {
return PackageManager.PERMISSION_GRANTED;
}
}
}
}
return PackageManager.PERMISSION_DENIED;
}细节代码完
弄通了之后就动手改一下,一开始改的是frameworks/base/core/res/AndroidManifest.xml 一开始,改掉了 STORAGE ,把READ_EXTERNAL_STORAGE、WRITE_EXTERNAL_STORAGE 的级别都变成了normal,然后存储权限就默认赋予了(PERMISSION_GRANTED), 之后就不会弹窗了。
再改了 SMS 然后系统就起不来了
adb connect 192.168.0.67 && adb shell logcat
报这个错误
09-20 16:16:25.907 5653 5653 E AndroidRuntime: *** FATAL EXCEPTION IN SYSTEM PROCESS: main
09-20 16:16:25.907 5653 5653 E AndroidRuntime: java.lang.SecurityException: Permission android.permission.READ_SMS is not a changeable permission type
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.server.pm.PackageManagerService.enforceDeclaredAsUsedAndRuntimeOrDevelopmentPermission(PackageManagerService.java:3468)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.server.pm.PackageManagerService.grantRuntimePermission(PackageManagerService.java:3501)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.server.pm.DefaultPermissionGrantPolicy.grantRuntimePermissionsLPw(DefaultPermissionGrantPolicy.java:828)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.server.pm.DefaultPermissionGrantPolicy.grantDefaultPermissionsToDefaultSmsAppLPr(DefaultPermissionGrantPolicy.java:616)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.server.pm.PackageManagerService$PackageManagerInternalImpl.grantDefaultPermissionsToDefaultSmsApp(PackageManagerService.java:17006)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.server.telecom.TelecomLoaderService$TelecomServiceConnection.onServiceConnected(TelecomLoaderService.java:86)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at android.app.LoadedApk$ServiceDispatcher.doConnected(LoadedApk.java:1223)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at android.app.LoadedApk$ServiceDispatcher$RunConnection.run(LoadedApk.java:1240)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at android.os.Handler.handleCallback(Handler.java:739)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at android.os.Handler.dispatchMessage(Handler.java:95)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at android.os.Looper.loop(Looper.java:148)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.server.SystemServer.run(SystemServer.java:283)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.server.SystemServer.main(SystemServer.java:168)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at java.lang.reflect.Method.invoke(Native Method)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:745)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:635)目测是 PackageManagerService.java 抛异常,SystemServer起不来,然后就不停的重启。
待续
904
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
