本文主要是介绍Android P包管理机制之PackageManagerService授予权限流程解析,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
PackageManagerService中默认给系统app授予相关需要的权限。
PackageManagerService中的systemReady是在SystemServer中执行的。
\frameworks\base\services\java\com\android\server\SystemServer.java
/**
* Starts a miscellaneous grab bag of stuff that has yet to be refactored
* and organized.
*/
private void startOtherServices() {//省略一部分代码//...traceBeginAndSlog("MakePackageManagerServiceReady");mPackageManagerService.systemReady();traceEnd();//省略一部分代码//...
}
\frameworks\base\services\core\java\com\android\server\pm\PackageManagerService.java
@Override
public void systemReady() {int[] grantPermissionsUserIds = EMPTY_INT_ARRAY;synchronized (mPackages) {// Verify that all of the preferred activity components actually// exist. It is possible for applications to be updated and at// that point remove a previously declared activity component that// had been set as a preferred activity. We try to clean this up// the next time we encounter that preferred activity, but it is// possible for the user flow to never be able to return to that// situation so here we do a sanity check to make sure we haven't// left any junk around.ArrayList<PreferredActivity> removed = new ArrayList<PreferredActivity>();for (int i=0; i<mSettings.mPreferredActivities.size(); i++) {PreferredIntentResolver pir = mSettings.mPreferredActivities.valueAt(i);removed.clear();for (PreferredActivity pa : pir.filterSet()) {if (mActivities.mActivities.get(pa.mPref.mComponent) == null) {removed.add(pa);}}if (removed.size() > 0) {for (int r=0; r<removed.size(); r++) {PreferredActivity pa = removed.get(r);Slog.w(TAG, "Removing dangling preferred activity: "+ pa.mPref.mComponent);pir.removeFilter(pa);}mSettings.writePackageRestrictionsLPr(mSettings.mPreferredActivities.keyAt(i));}}for (int userId : UserManagerService.getInstance().getUserIds()) {/* 为了方便授予权限修改了此处,注释掉了grantPermissionsUserIds初始化的条件* areDefaultRuntimePermissionsGrantedLPr(userId)的判断条件的含义:* true,正常启动,没有发生升级的情况* false,表示升级后第一次启动* 所以,该出的意思是,只有升级后第一次启动,发生了升级,才满足条件,执行赋予权限grantPermissionsUserIds *///modify by sunxiaolin 20190912//if (!mSettings.areDefaultRuntimePermissionsGrantedLPr(userId)) {grantPermissionsUserIds = ArrayUtils.appendInt(grantPermissionsUserIds, userId);//}}}sUserManager.systemReady();/* 跟上面的grantPermissionsUserIds条件有关,没有发生升级,grantPermissionsUserIds 为null,不执行 grantDefaultPermissions赋予权限* 发生升级,才执行mDefaultPermissionPolicy.grantDefaultPermissions(userId),执行默认授予权限的处理*/// If we upgraded grant all default permissions before kicking off.for (int userId : grantPermissionsUserIds) {Log.d(TAG, "sunxiaolin,systemReady,grantDefaultPermissions,userId:" + userId);mDefaultPermissionPolicy.grantDefaultPermissions(userId);}/** 没有发生升级,grantPermissionsUserIds 为null* mDefaultPermissionPolicy.scheduleReadDefaultPermissionExceptions()为执行读取默认权限xml的处理* xml路径为:/system/etc/default-permissions/default-car-permissions.xml*/if (grantPermissionsUserIds == EMPTY_INT_ARRAY) {// If we did not grant default permissions, we preload from this the// default permission exceptions lazily to ensure we don't hit the// disk on a new user creation.Log.d(TAG, "sunxiaolin,systemReady,grantPermissionsUserIds == EMPTY_INT_ARRAY");mDefaultPermissionPolicy.scheduleReadDefaultPermissionExceptions();}
}
授予权限的处理主要是在DefaultPermissionGrantPolicy中处理的。
\frameworks\base\services\core\java\com\android\server\pm\permission\DefaultPermissionGrantPolicy.java
public void grantDefaultPermissions(int userId) {//给系统组件和priv-app应用授予权限grantPermissionsToSysComponentsAndPrivApps(userId);//给系统中重要的应用包授予权限grantDefaultSystemHandlerPermissions(userId);//处理权限授予异常的情况,会去读default-car-permissions.xml的权限配置grantDefaultPermissionExceptions(userId);
}
不管grantPermissionsToSysComponentsAndPrivApps,grantDefaultSystemHandlerPermissions还是grantDefaultPermissionExceptions,最终都是执行了grantRuntimePermissions()方法,在grantRuntimePermissions中执行授权操作。
关于给第三方应用授权问题:
private void grantDefaultPermissionExceptions(int userId) {mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);synchronized (mLock) {// mGrantExceptions is null only before the first read and then// it serves as a cache of the default grants that should be// performed for every user. If there is an entry then the app// is on the system image and supports runtime permissions.if (mGrantExceptions == null) {mGrantExceptions = readDefaultPermissionExceptionsLocked();}}Set<String> permissions = null;final int exceptionCount = mGrantExceptions.size();for (int i = 0; i < exceptionCount; i++) {String packageName = mGrantExceptions.keyAt(i);//modify by sunxiaolin 20190912//PackageParser.Package pkg = getSystemPackage(packageName);PackageParser.Package pkg = getPackage(packageName);List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i);final int permissionGrantCount = permissionGrants.size();for (int j = 0; j < permissionGrantCount; j++) {DefaultPermissionGrant permissionGrant = permissionGrants.get(j);if (permissions == null) {permissions = new ArraySet<>();} else {permissions.clear();}permissions.add(permissionGrant.name);grantRuntimePermissions(pkg, permissions,permissionGrant.fixed, userId);}}
}
修改:
PackageParser.Package pkg = getSystemPackage(packageName);
为:
PackageParser.Package pkg = getPackage(packageName);
private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>outGrantExceptions) throws IOException, XmlPullParserException {final int outerDepth = parser.getDepth();int type;while ((type = parser.next()) != XmlPullParser.END_DOCUMENT&& (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {continue;}if (TAG_EXCEPTION.equals(parser.getName())) {String packageName = parser.getAttributeValue(null, ATTR_PACKAGE);Log.i(TAG, "sunxiaolin,parseExceptions packageName:" + packageName);List<DefaultPermissionGrant> packageExceptions =outGrantExceptions.get(packageName);if (packageExceptions == null) {// The package must be on the system image//modify by sunxiaolin getSystemPackage()-->getPackage()PackageParser.Package pkg = getPackage(packageName);//PackageParser.Package pkg = getSystemPackage(packageName);if (pkg == null) {Log.w(TAG, "Unknown package:" + packageName);XmlUtils.skipCurrentTag(parser);continue;}// The package must support runtime permissionsif (!doesPackageSupportRuntimePermissions(pkg)) {Log.w(TAG, "Skipping non supporting runtime permissions package:" + packageName);XmlUtils.skipCurrentTag(parser);continue;}packageExceptions = new ArrayList<>();outGrantExceptions.put(packageName, packageExceptions);}
Log.i(TAG, "sunxiaolin,parseExceptions packageName:" + packageName);parsePermission(parser, packageExceptions);} else {Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>");}}
}
修改:
PackageParser.Package pkg = getSystemPackage(packageName);
为:
PackageParser.Package pkg = getPackage(packageName);
默认权限文件xml解析
private File[] getDefaultPermissionFiles() {ArrayList<File> ret = new ArrayList<File>();File dir = new File(Environment.getRootDirectory(), "etc/default-permissions");if (dir.isDirectory() && dir.canRead()) {Collections.addAll(ret, dir.listFiles());}dir = new File(Environment.getVendorDirectory(), "etc/default-permissions");if (dir.isDirectory() && dir.canRead()) {Collections.addAll(ret, dir.listFiles());}dir = new File(Environment.getOdmDirectory(), "etc/default-permissions");if (dir.isDirectory() && dir.canRead()) {Collections.addAll(ret, dir.listFiles());}dir = new File(Environment.getProductDirectory(), "etc/default-permissions");if (dir.isDirectory() && dir.canRead()) {Collections.addAll(ret, dir.listFiles());}// For IoT devices, we check the oem partition for default permissions for each app.if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {dir = new File(Environment.getOemDirectory(), "etc/default-permissions");if (dir.isDirectory() && dir.canRead()) {Collections.addAll(ret, dir.listFiles());}}return ret.isEmpty() ? null : ret.toArray(new File[0]);
}
default-car-permissions.xml中添加应用权限方法:
packages/services/Car/car_product/build/default-car-permissions.xml:system/etc/default-permissions/default-car-permissions.xml
packages\services\Car\car_product\build\default-car-permissions.xml
<exceptions><!-- This is an example of an exception:<exceptionpackage="foo.bar.permission"<permission name="android.permission.READ_CONTACTS" fixed="true"/><permission name="android.permission.READ_CALENDAR" fixed="false"/></exception>--><exceptionpackage="com.android.car.messenger"><!-- Contacts --><permission name="android.permission.READ_CONTACTS" fixed="false"/><!-- SMS --><permission name="android.permission.SEND_SMS" fixed="false"/><permission name="android.permission.READ_SMS" fixed="false"/></exception></exceptions>
这篇关于Android P包管理机制之PackageManagerService授予权限流程解析的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
