android p 权限控制,android 权限控制
android6 的權(quán)限分為幾個級別,普通的第三方應(yīng)用一般會用到 normal dangerous 。系統(tǒng)應(yīng)用可能會用到 signature|system signature|privileged signature,詳細(xì)的信息在Manifest中定義
vim frameworks/base/core/res/AndroidManifest.xml
其中,只有定義為dangerous 的才會要求”檢查權(quán)限”,normal級別的,只要在應(yīng)用的Manifest中有聲明,就會自動允許。所以一般開發(fā)者要重地關(guān)注dangerous的權(quán)限.
“檢查權(quán)限” 是這樣的,
1,如果設(shè)備運(yùn)行的是 Android 5.1(API 級別 22)或更低版本,并且應(yīng)用的 targetSdkVersion 是 22 或更低版本,則系統(tǒng)會在安裝時要求用戶授予權(quán)限
2,targetSdkVersion>=23 && 設(shè)備系統(tǒng)是android6+。需要動態(tài)申請
3,動態(tài)申請 之后,用戶會允許或者拒絕,拒絕的話,就不能使用相關(guān)功能,強(qiáng)行調(diào)用的話,會拋出SerurityException
dangerous的權(quán)限有:
權(quán)限組
權(quán)限
CALENDAR
READ_CALENDAR 、WRITE_CALENDAR
CAMERA
CAMERA
CONTACTS
READ_CONTACTS、WRITE_CONTACTS、GET_ACCOUNTS
LOCATION
ACCESS_FINE_LOCATION、ACCESS_COARSE_LOCATION
MICROPHONE
RECORD_AUDIO
PHONE
READ_PHONE_STATE、CALL_PHONE、READ_CALL_LOG、WRITE_CALL_LOG、ADD_VOICEMAIL、USE_SIP、PROCESS_OUTGOING_CALLS
SENSORS
BODY_SENSORS
SMS
SEND_SMS、RECEIVE_SMS、READ_SMS、RECEIVE_WAP_PUSH、RECEIVE_MMS
STORAGE
READ_EXTERNAL_STORAGE、WRITE_EXTERNAL_STORAGE
好了,游戲規(guī)則就是這樣。從應(yīng)用開發(fā)者來說,github上也有不少輔助的第三方庫,直接拿來用就可以了。顆粒度的控制權(quán)限,當(dāng)然對用戶來說是好事。
背景介紹完
不過每開一個app就要彈窗授權(quán)什么的,我覺得有點(diǎn)麻煩,所以先看看源碼,改一下這個部分的功能。
以靜默安裝應(yīng)用為例
vim ./frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
@Override
public void installPackageAsUser(String originPath, IPackageInstallObserver2 observer,
int installFlags, String installerPackageName, VerificationParams verificationParams,
String packageAbiOverride, int userId) {
mContext.enforceCallingOrSelfPermission(android.Manifest.permission.INSTALL_PACKAGES, null);
final int callingUid = Binder.getCallingUid();
enforceCrossUserPermission(callingUid, userId, true, true, "installPackageAsUser");
// ...
}
enforceCrossUserPermission 里面調(diào)用了
mContext.enforceCallingOrSelfPermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL, message);
繞了幾圈,最后是在ActivityManager.java 中落地
vim ./frameworks/base/core/java/android/app/ActivityManager.java
/**@hide */
public static int checkComponentPermission(String permission, int uid,
int owningUid, boolean exported) {
// Root, system server get to do everything.
final int appId = UserHandle.getAppId(uid);
if (appId == Process.ROOT_UID || appId == Process.SYSTEM_UID) {
return PackageManager.PERMISSION_GRANTED;
}
// Isolated processes don't get any permissions.
if (UserHandle.isIsolated(uid)) {
return PackageManager.PERMISSION_DENIED;
}
// If there is a uid that owns whatever is being accessed, it has
// blanket access to it regardless of the permissions it requires.
if (owningUid >= 0 && UserHandle.isSameApp(uid, owningUid)) {
return PackageManager.PERMISSION_GRANTED;
}
// If the target is not exported, then nobody else can get to it.
if (!exported) {
/* RuntimeException here = new RuntimeException("here"); here.fillInStackTrace(); Slog.w(TAG, "Permission denied: checkComponentPermission() owningUid=" + owningUid, here); */
return PackageManager.PERMISSION_DENIED;
}
if (permission == null) {
return PackageManager.PERMISSION_GRANTED;
}
try {
return AppGlobals.getPackageManager()
.checkUidPermission(permission, uid);
} catch (RemoteException e) {
// Should never happen, but if it does... deny!
Slog.e(TAG, "PackageManager is dead?!?", e);
}
return PackageManager.PERMISSION_DENIED;
}
vim ./frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
@Override
public int checkUidPermission(String permName, int uid) {
final int userId = UserHandle.getUserId(uid);
if (!sUserManager.exists(userId)) {
return PackageManager.PERMISSION_DENIED;
}
synchronized (mPackages) {
Object obj = mSettings.getUserIdLPr(UserHandle.getAppId(uid));
if (obj != null) {
final SettingBase ps = (SettingBase) obj;
final PermissionsState permissionsState = ps.getPermissionsState();
if (permissionsState.hasPermission(permName, userId)) {
return PackageManager.PERMISSION_GRANTED;
}
// Special case: ACCESS_FINE_LOCATION permission includes ACCESS_COARSE_LOCATION
if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && permissionsState
.hasPermission(Manifest.permission.ACCESS_FINE_LOCATION, userId)) {
return PackageManager.PERMISSION_GRANTED;
}
} else {
ArraySet perms = mSystemPermissions.get(uid);
if (perms != null) {
if (perms.contains(permName)) {
return PackageManager.PERMISSION_GRANTED;
}
if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && perms
.contains(Manifest.permission.ACCESS_FINE_LOCATION)) {
return PackageManager.PERMISSION_GRANTED;
}
}
}
}
return PackageManager.PERMISSION_DENIED;
}
細(xì)節(jié)代碼完
弄通了之后就動手改一下,一開始改的是frameworks/base/core/res/AndroidManifest.xml 一開始,改掉了 STORAGE ,把READ_EXTERNAL_STORAGE、WRITE_EXTERNAL_STORAGE 的級別都變成了normal,然后存儲權(quán)限就默認(rèn)賦予了(PERMISSION_GRANTED), 之后就不會彈窗了。
再改了 SMS 然后系統(tǒng)就起不來了
adb connect 192.168.0.67 && adb shell logcat
報這個錯誤
09-20 16:16:25.907 5653 5653 E AndroidRuntime: *** FATAL EXCEPTION IN SYSTEM PROCESS: main
09-20 16:16:25.907 5653 5653 E AndroidRuntime: java.lang.SecurityException: Permission android.permission.READ_SMS is not a changeable permission type
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.server.pm.PackageManagerService.enforceDeclaredAsUsedAndRuntimeOrDevelopmentPermission(PackageManagerService.java:3468)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.server.pm.PackageManagerService.grantRuntimePermission(PackageManagerService.java:3501)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.server.pm.DefaultPermissionGrantPolicy.grantRuntimePermissionsLPw(DefaultPermissionGrantPolicy.java:828)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.server.pm.DefaultPermissionGrantPolicy.grantDefaultPermissionsToDefaultSmsAppLPr(DefaultPermissionGrantPolicy.java:616)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.server.pm.PackageManagerService$PackageManagerInternalImpl.grantDefaultPermissionsToDefaultSmsApp(PackageManagerService.java:17006)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.server.telecom.TelecomLoaderService$TelecomServiceConnection.onServiceConnected(TelecomLoaderService.java:86)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at android.app.LoadedApk$ServiceDispatcher.doConnected(LoadedApk.java:1223)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at android.app.LoadedApk$ServiceDispatcher$RunConnection.run(LoadedApk.java:1240)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at android.os.Handler.handleCallback(Handler.java:739)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at android.os.Handler.dispatchMessage(Handler.java:95)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at android.os.Looper.loop(Looper.java:148)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.server.SystemServer.run(SystemServer.java:283)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.server.SystemServer.main(SystemServer.java:168)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at java.lang.reflect.Method.invoke(Native Method)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:745)
09-20 16:16:25.907 5653 5653 E AndroidRuntime: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:635)
目測是 PackageManagerService.java 拋異常,SystemServer起不來,然后就不停的重啟。
待續(xù)
總結(jié)
以上是生活随笔為你收集整理的android p 权限控制,android 权限控制的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Exchange Server 2016
- 下一篇: 【机器学习笔记四】分类算法 - 逻辑回归