实战-系统权限白名单授权

2024-05-25 14:58
文章标签 实战 系统 授权 权限 白名单

本文主要是介绍实战-系统权限白名单授权,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

需求:

针对一些系统的应用或者第三方预置的应用,开机时默认授予权限,通知预置一个授权白名单文件,对文件内容的所有包名进行授权

预置授权文件

pms_sysapp_grant_permission_list.txt

com.gankao.gkwxhd

device/amlogic-o/u202/preinstall/preinstall.mk

PRODUCT_COPY_FILES += \$(LOCAL_PATH)/files/pms_sysapp_grant_permission_list.txt:system/etc/permissions/pms_sysapp_grant_permission_list.txt
方案1 ,增加一个FunPackageManagerUtil 类,在PackageManagerService.java 启动的时候,启动默认授权

frameworks/base / services/core/java/com/android/server/pm/PackageManagerService.java

public void systemReady() {// add for system app grant permission Sif (mFirstBoot) {FunPackageManagerUtil.slientGrantRuntimePermission(mContext, mPermissionManager);}// add for system app grant permission E
}

frameworks/base/services/core/java/com/android/server/pm/FunPackageManagerUtil.java

package com.android.server.pm;import android.content.Context;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.os.Environment;
import android.os.Process;
import android.text.TextUtils;
import android.util.Log;import com.android.server.pm.permission.BasePermission;
import com.android.server.pm.permission.PermissionManagerInternal;
import android.content.pm.IPackageManager;
import android.app.AppGlobals;
import android.app.AppOpsManager;
import android.Manifest;
import com.android.internal.util.ArrayUtils;import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;public class FunPackageManagerUtil{private static String TAG = "FunPackageManagerUtil";private static final File GRANT_SYS_APP_LIST_SYSTEM = Environment.buildPath(Environment.getRootDirectory(), "etc", "permissions","pms_sysapp_grant_permission_list.txt");private static HashSet<String> sGrantSystemAppSet = new HashSet<String>();private static HashSet<String> sGrantPermissionSet = new HashSet<String>();private static  IPackageManager mIpm;private static  AppOpsManager mAppOpsManager;public static void slientGrantRuntimePermission(Context mContext,PermissionManagerInternal mPermissionManager){sGetGrantSystemAppFromFile(sGrantSystemAppSet, GRANT_SYS_APP_LIST_SYSTEM);PackageManager mPackageManager = mContext.getPackageManager();mIpm = AppGlobals.getPackageManager();mAppOpsManager = (AppOpsManager) mContext.getSystemService(Context.APP_OPS_SERVICE);Iterator<String> it = sGrantSystemAppSet.iterator();Log.d(TAG, "sGrantSystemAppSet:");while (it.hasNext()) {sGrantPermissionSet.clear();String pkgName = it.next();Log.d(TAG, "pkgName="+pkgName);try {PackageInfo mPackageInfo =   mPackageManager.getPackageInfo(pkgName, PackageManager.GET_PERMISSIONS);for (String permission : mPackageInfo.requestedPermissions){int status = mPackageManager.checkPermission(permission, pkgName);//final BasePermission bp = mSettings.mPermissions.get(permission);final BasePermission bp = (BasePermission) mPermissionManager.getPermissionTEMP(permission);if (status != PackageManager.PERMISSION_GRANTED && bp != null) {if (!bp.isRuntime() /*&& !bp.isDevelopment()*/) {Log.d(TAG, "Permission " + bp.getName() + " is not a changeable permission type");continue;}sGrantPermissionSet.add(permission);}}Log.e(TAG, " need grantRuntimePermission size:"+sGrantPermissionSet.size());for (String permission : sGrantPermissionSet) {mPackageManager.grantRuntimePermission(pkgName,permission, Process.myUserHandle());}if (checkInstallPackagesPermission(pkgName, mPackageInfo)) {Log.e(TAG, pkgName + " need grant INSTALL_PACKAGES permission");mAppOpsManager.setMode(AppOpsManager.OP_REQUEST_INSTALL_PACKAGES,mPackageInfo.applicationInfo.uid, pkgName, AppOpsManager.MODE_ALLOWED);Log.e(TAG, "grant INSTALL_PACKAGES permission done");}} catch (Exception e) {//e.printStackTrace();Log.d(TAG, e.getMessage());}}}private static boolean checkInstallPackagesPermission(String packageName, PackageInfo mPackageInfo){int uid = mPackageInfo.applicationInfo.uid;//boolean permissionGranted = hasPermission(Manifest.permission.REQUEST_INSTALL_PACKAGES, uid);boolean permissionRequested = hasRequestedAppOpPermission(Manifest.permission.REQUEST_INSTALL_PACKAGES, packageName);int appOpMode = getAppOpMode(AppOpsManager.OP_REQUEST_INSTALL_PACKAGES, uid, packageName);return appOpMode != AppOpsManager.MODE_DEFAULT || permissionRequested;}private static int getAppOpMode(int appOpCode, int uid, String packageName) {return mAppOpsManager.checkOpNoThrow(appOpCode, uid, packageName);}private static boolean hasRequestedAppOpPermission(String permission, String packageName) {try {String[] packages = mIpm.getAppOpPermissionPackages(permission);return ArrayUtils.contains(packages, packageName);} catch (Exception exc) {Log.e(TAG, "PackageManager dead. Cannot get permission info");return false;}}private static boolean hasPermission(String permission, int uid) {try {int result = mIpm.checkUidPermission(permission, uid);return result == PackageManager.PERMISSION_GRANTED;} catch (Exception e) {Log.e(TAG, "PackageManager dead. Cannot get permission info");return false;}}/*** Get removable system app list from config file** @param resultSet*            Returned result list* @param file*            The config file*/private static void sGetGrantSystemAppFromFile(HashSet<String> resultSet, File file) {resultSet.clear();FileReader fr = null;BufferedReader br = null;try {if (file.exists()) {fr = new FileReader(file);} else {Log.d(TAG, "file in " + file + " does not exist!");return;}br = new BufferedReader(fr);String line;while ((line = br.readLine()) != null) {line = line.trim();if (!TextUtils.isEmpty(line)) {Log.d(TAG, "read line " + line);resultSet.add(line);}}Log.e(TAG,"GRANT_SYS_APP_LIST_SYSTEM size="+resultSet.size());} catch (Exception io) {Log.d(TAG, io.getMessage());} finally {try {if (br != null) {br.close();}if (fr != null) {fr.close();}} catch (IOException io) {Log.d(TAG, io.getMessage());}}}
}
方案2,在PackageInstaller 里面增加一个服务,进行授权

在AMS 中启动授权服务
frameworks/base/services/core/java/com/android/server/am/ActivityManagerService.java

 final void finishBooting() {startPermisionService();}

private void startPermisionService() {try{Log.d(TAG, "startPermisionService ...");Intent intent = new Intent();intent.setPackage("com.android.packageinstaller");intent.setAction("android.permission.PackagePermissionGrantService");mContext.startService(intent);}catch (Exception e){e.printStackTrace();}}

Background start not allowed

frameworks/base/services/core/java/com/android/server/am/ActivityManagerService.java

int getAppStartModeLocked() {if(packageName.equalsIgnoreCase("com.android.packageinstaller")){return ActivityManager.APP_START_MODE_NORMAL;}
}

PackageInstaller/src/com/android/packageinstaller/permission/service/PackagePermissionGrantService.java

package com.android.packageinstaller.permission.service;import android.app.Service;
import android.content.Intent;
import android.os.IBinder;
import android.os.Handler;
import android.os.Message;
import android.util.Log;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.text.TextUtils;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;
import android.os.Environment;import com.android.packageinstaller.permission.model.AppPermissionGroup;
import com.android.packageinstaller.permission.model.AppPermissions;
import com.android.packageinstaller.permission.model.Permission;
import com.android.packageinstaller.permission.utils.ArrayUtils;public class PackagePermissionGrantService extends Service {private static final  String TAG = "PackagePermission";private static final File GRANT_SYS_APP_LIST_SYSTEM = new File(Environment.getRootDirectory(),"/etc/permissions/pms_sysapp_grant_permission_list.txt");private static HashSet<String> sGrantSystemAppSet = new HashSet<String>();Permissionhandler handler;@Overridepublic void onCreate() {super.onCreate();Log.i(TAG, "onCreate OK");handler = new Permissionhandler();}@Overridepublic IBinder onBind(Intent arg0) {return null;}@Overridepublic int onStartCommand(Intent intent, int flags, int startId) {handler.sendEmptyMessageDelayed(100,8000);return Service.START_NOT_STICKY;}@Overridepublic void onDestroy() {Log.e(TAG, " stop self onDestroy=");handler.removeCallbacksAndMessages(null);super.onDestroy();}class Permissionhandler extends Handler {@Overridepublic void handleMessage(Message msg) {switch (msg.what) {case 100:Log.e(TAG, "start grant permission");FunSlientGrantRuntimePermission();sendEmptyMessageDelayed(101,15000);break;case 101:stopSelf();break;}}}public void FunSlientGrantRuntimePermission(){sGetGrantSystemAppFromFile(sGrantSystemAppSet, GRANT_SYS_APP_LIST_SYSTEM);Iterator<String> it = sGrantSystemAppSet.iterator();while (it.hasNext()) {String pkgName = it.next();Log.d(TAG, "pkgName="+pkgName);slientGrantRuntimePermission(pkgName);}}public void slientGrantRuntimePermission(String packageName){PackageInfo packageInfo;try {Log.e(TAG, "PackageInfo for packageName="+ packageName);packageInfo =  getPackageManager().getPackageInfo(packageName, PackageManager.GET_PERMISSIONS);} catch (PackageManager.NameNotFoundException e) {Log.e(TAG, "can't get PackageInfo for packageName="+ packageName);return;}AppPermissions mAppPermissions = new AppPermissions(this, packageInfo, null, false,new Runnable() {@Overridepublic void run() {stopSelf();}});Log.e(TAG, " AppPermissionGroup size==" + mAppPermissions.getPermissionGroups().size());if (mAppPermissions.getPermissionGroups().isEmpty()) {Log.e(TAG, "mAppPermissions size isEmpty");return;}for (AppPermissionGroup group : mAppPermissions.getPermissionGroups()) {String[] permissionsToGrant = null;final int permissionCount = group.getPermissions().size();for (int j = 0; j < permissionCount; j++) {final Permission permission = group.getPermissions().get(j);Log.e(TAG, "permissionName=" +permission.getName()+",isGranted="+ permission.isGranted());if (!permission.isGranted()) {permissionsToGrant = ArrayUtils.appendString(permissionsToGrant, permission.getName());Log.e(TAG, "permissionName=" + permission.getName());}}if (permissionsToGrant != null) {group.grantRuntimePermissions(false, permissionsToGrant);Log.i(TAG, "grantRuntimePermissions permissionsToGrant");}}}private static void sGetGrantSystemAppFromFile(HashSet<String> resultSet, File file) {resultSet.clear();FileReader fr = null;BufferedReader br = null;try {if (file.exists()) {fr = new FileReader(file);} else {Log.d(TAG, "file in " + file + " does not exist!");return;}br = new BufferedReader(fr);String line;while ((line = br.readLine()) != null) {line = line.trim();if (!TextUtils.isEmpty(line)) {Log.d(TAG, "read line " + line);resultSet.add(line);}}Log.e(TAG,"GRANT_SYS_APP_LIST_SYSTEM size="+resultSet.size());} catch (Exception io) {Log.d(TAG, io.getMessage());} finally {try {if (br != null) {br.close();}if (fr != null) {fr.close();}} catch (IOException io) {Log.d(TAG, io.getMessage());}}}
}

AndroidManifest.xml

<service android:name="com.android.permissioncontroller.permission.service.PackagePermissionGrantService">
<intent-filter android:priority="1"><action android:name="android.permission.PackagePermissionGrantService"/></intent-filter>
</service>

这篇关于实战-系统权限白名单授权的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!


http://www.chinasem.cn/article/1001828

相关文章

MyBatis分页查询实战案例完整流程

MyBatis分页查询实战案例完整流程

《MyBatis分页查询实战案例完整流程》MyBatis是一个强大的Java持久层框架,支持自定义SQL和高级映射,本案例以员工工资信息管理为例,详细讲解如何在IDEA中使用MyBatis结合Page... 目录1. MyBATis框架简介2. 分页查询原理与应用场景2.1 分页查询的基本原理2.1.1 分
阅读更多...
使用Python批量将.ncm格式的音频文件转换为.mp3格式的实战详解

使用Python批量将.ncm格式的音频文件转换为.mp3格式的实战详解

《使用Python批量将.ncm格式的音频文件转换为.mp3格式的实战详解》本文详细介绍了如何使用Python通过ncmdump工具批量将.ncm音频转换为.mp3的步骤,包括安装、配置ffmpeg环... 目录1. 前言2. 安装 ncmdump3. 实现 .ncm 转 .mp34. 执行过程5. 执行结
阅读更多...
SpringBoot 多环境开发实战(从配置、管理与控制)

SpringBoot 多环境开发实战(从配置、管理与控制)

《SpringBoot多环境开发实战(从配置、管理与控制)》本文详解SpringBoot多环境配置,涵盖单文件YAML、多文件模式、MavenProfile分组及激活策略,通过优先级控制灵活切换环境... 目录一、多环境开发基础(单文件 YAML 版)(一)配置原理与优势(二)实操示例二、多环境开发多文件版
阅读更多...
Three.js构建一个 3D 商品展示空间完整实战项目

Three.js构建一个 3D 商品展示空间完整实战项目

《Three.js构建一个3D商品展示空间完整实战项目》Three.js是一个强大的JavaScript库,专用于在Web浏览器中创建3D图形,:本文主要介绍Three.js构建一个3D商品展... 目录引言项目核心技术1. 项目架构与资源组织2. 多模型切换、交互热点绑定3. 移动端适配与帧率优化4. 可
阅读更多...
JWT + 拦截器实现无状态登录系统

JWT + 拦截器实现无状态登录系统

《JWT+拦截器实现无状态登录系统》JWT(JSONWebToken)提供了一种无状态的解决方案:用户登录后,服务器返回一个Token,后续请求携带该Token即可完成身份验证,无需服务器存储会话... 目录✅ 引言 一、JWT 是什么? 二、技术选型 三、项目结构 四、核心代码实现4.1 添加依赖(pom
阅读更多...
从原理到实战解析Java Stream 的并行流性能优化

从原理到实战解析Java Stream 的并行流性能优化

《从原理到实战解析JavaStream的并行流性能优化》本文给大家介绍JavaStream的并行流性能优化:从原理到实战的全攻略,本文通过实例代码给大家介绍的非常详细,对大家的学习或工作具有一定的... 目录一、并行流的核心原理与适用场景二、性能优化的核心策略1. 合理设置并行度:打破默认阈值2. 避免装箱
阅读更多...
Maven中生命周期深度解析与实战指南

Maven中生命周期深度解析与实战指南

《Maven中生命周期深度解析与实战指南》这篇文章主要为大家详细介绍了Maven生命周期实战指南,包含核心概念、阶段详解、SpringBoot特化场景及企业级实践建议,希望对大家有一定的帮助... 目录一、Maven 生命周期哲学二、default生命周期核心阶段详解(高频使用)三、clean生命周期核心阶
阅读更多...
基于Python实现自动化邮件发送系统的完整指南

基于Python实现自动化邮件发送系统的完整指南

《基于Python实现自动化邮件发送系统的完整指南》在现代软件开发和自动化流程中,邮件通知是一个常见且实用的功能,无论是用于发送报告、告警信息还是用户提醒,通过Python实现自动化的邮件发送功能都能... 目录一、前言:二、项目概述三、配置文件 `.env` 解析四、代码结构解析1. 导入模块2. 加载环
阅读更多...
Python实战之SEO优化自动化工具开发指南

Python实战之SEO优化自动化工具开发指南

《Python实战之SEO优化自动化工具开发指南》在数字化营销时代,搜索引擎优化(SEO)已成为网站获取流量的重要手段,本文将带您使用Python开发一套完整的SEO自动化工具,需要的可以了解下... 目录前言项目概述技术栈选择核心模块实现1. 关键词研究模块2. 网站技术seo检测模块3. 内容优化分析模
阅读更多...
linux系统上安装JDK8全过程

linux系统上安装JDK8全过程

《linux系统上安装JDK8全过程》文章介绍安装JDK的必要性及Linux下JDK8的安装步骤,包括卸载旧版本、下载解压、配置环境变量等,强调开发需JDK,运行可选JRE,现JDK已集成JRE... 目录为什么要安装jdk?1.查看linux系统是否有自带的jdk:2.下载jdk压缩包2.解压3.配置环境
阅读更多...

Copyright China编程 23002807@qq.com

沪ICP备2023033072号-2