实战-系统权限白名单授权

2024-05-25 14:58
文章标签 实战 系统 授权 权限 白名单

本文主要是介绍实战-系统权限白名单授权,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

需求:

针对一些系统的应用或者第三方预置的应用,开机时默认授予权限,通知预置一个授权白名单文件,对文件内容的所有包名进行授权

预置授权文件

pms_sysapp_grant_permission_list.txt

com.gankao.gkwxhd

device/amlogic-o/u202/preinstall/preinstall.mk

PRODUCT_COPY_FILES += \$(LOCAL_PATH)/files/pms_sysapp_grant_permission_list.txt:system/etc/permissions/pms_sysapp_grant_permission_list.txt
方案1 ,增加一个FunPackageManagerUtil 类,在PackageManagerService.java 启动的时候,启动默认授权

frameworks/base / services/core/java/com/android/server/pm/PackageManagerService.java

public void systemReady() {// add for system app grant permission Sif (mFirstBoot) {FunPackageManagerUtil.slientGrantRuntimePermission(mContext, mPermissionManager);}// add for system app grant permission E
}

frameworks/base/services/core/java/com/android/server/pm/FunPackageManagerUtil.java

package com.android.server.pm;import android.content.Context;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.os.Environment;
import android.os.Process;
import android.text.TextUtils;
import android.util.Log;import com.android.server.pm.permission.BasePermission;
import com.android.server.pm.permission.PermissionManagerInternal;
import android.content.pm.IPackageManager;
import android.app.AppGlobals;
import android.app.AppOpsManager;
import android.Manifest;
import com.android.internal.util.ArrayUtils;import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;public class FunPackageManagerUtil{private static String TAG = "FunPackageManagerUtil";private static final File GRANT_SYS_APP_LIST_SYSTEM = Environment.buildPath(Environment.getRootDirectory(), "etc", "permissions","pms_sysapp_grant_permission_list.txt");private static HashSet<String> sGrantSystemAppSet = new HashSet<String>();private static HashSet<String> sGrantPermissionSet = new HashSet<String>();private static  IPackageManager mIpm;private static  AppOpsManager mAppOpsManager;public static void slientGrantRuntimePermission(Context mContext,PermissionManagerInternal mPermissionManager){sGetGrantSystemAppFromFile(sGrantSystemAppSet, GRANT_SYS_APP_LIST_SYSTEM);PackageManager mPackageManager = mContext.getPackageManager();mIpm = AppGlobals.getPackageManager();mAppOpsManager = (AppOpsManager) mContext.getSystemService(Context.APP_OPS_SERVICE);Iterator<String> it = sGrantSystemAppSet.iterator();Log.d(TAG, "sGrantSystemAppSet:");while (it.hasNext()) {sGrantPermissionSet.clear();String pkgName = it.next();Log.d(TAG, "pkgName="+pkgName);try {PackageInfo mPackageInfo =   mPackageManager.getPackageInfo(pkgName, PackageManager.GET_PERMISSIONS);for (String permission : mPackageInfo.requestedPermissions){int status = mPackageManager.checkPermission(permission, pkgName);//final BasePermission bp = mSettings.mPermissions.get(permission);final BasePermission bp = (BasePermission) mPermissionManager.getPermissionTEMP(permission);if (status != PackageManager.PERMISSION_GRANTED && bp != null) {if (!bp.isRuntime() /*&& !bp.isDevelopment()*/) {Log.d(TAG, "Permission " + bp.getName() + " is not a changeable permission type");continue;}sGrantPermissionSet.add(permission);}}Log.e(TAG, " need grantRuntimePermission size:"+sGrantPermissionSet.size());for (String permission : sGrantPermissionSet) {mPackageManager.grantRuntimePermission(pkgName,permission, Process.myUserHandle());}if (checkInstallPackagesPermission(pkgName, mPackageInfo)) {Log.e(TAG, pkgName + " need grant INSTALL_PACKAGES permission");mAppOpsManager.setMode(AppOpsManager.OP_REQUEST_INSTALL_PACKAGES,mPackageInfo.applicationInfo.uid, pkgName, AppOpsManager.MODE_ALLOWED);Log.e(TAG, "grant INSTALL_PACKAGES permission done");}} catch (Exception e) {//e.printStackTrace();Log.d(TAG, e.getMessage());}}}private static boolean checkInstallPackagesPermission(String packageName, PackageInfo mPackageInfo){int uid = mPackageInfo.applicationInfo.uid;//boolean permissionGranted = hasPermission(Manifest.permission.REQUEST_INSTALL_PACKAGES, uid);boolean permissionRequested = hasRequestedAppOpPermission(Manifest.permission.REQUEST_INSTALL_PACKAGES, packageName);int appOpMode = getAppOpMode(AppOpsManager.OP_REQUEST_INSTALL_PACKAGES, uid, packageName);return appOpMode != AppOpsManager.MODE_DEFAULT || permissionRequested;}private static int getAppOpMode(int appOpCode, int uid, String packageName) {return mAppOpsManager.checkOpNoThrow(appOpCode, uid, packageName);}private static boolean hasRequestedAppOpPermission(String permission, String packageName) {try {String[] packages = mIpm.getAppOpPermissionPackages(permission);return ArrayUtils.contains(packages, packageName);} catch (Exception exc) {Log.e(TAG, "PackageManager dead. Cannot get permission info");return false;}}private static boolean hasPermission(String permission, int uid) {try {int result = mIpm.checkUidPermission(permission, uid);return result == PackageManager.PERMISSION_GRANTED;} catch (Exception e) {Log.e(TAG, "PackageManager dead. Cannot get permission info");return false;}}/*** Get removable system app list from config file** @param resultSet*            Returned result list* @param file*            The config file*/private static void sGetGrantSystemAppFromFile(HashSet<String> resultSet, File file) {resultSet.clear();FileReader fr = null;BufferedReader br = null;try {if (file.exists()) {fr = new FileReader(file);} else {Log.d(TAG, "file in " + file + " does not exist!");return;}br = new BufferedReader(fr);String line;while ((line = br.readLine()) != null) {line = line.trim();if (!TextUtils.isEmpty(line)) {Log.d(TAG, "read line " + line);resultSet.add(line);}}Log.e(TAG,"GRANT_SYS_APP_LIST_SYSTEM size="+resultSet.size());} catch (Exception io) {Log.d(TAG, io.getMessage());} finally {try {if (br != null) {br.close();}if (fr != null) {fr.close();}} catch (IOException io) {Log.d(TAG, io.getMessage());}}}
}
方案2,在PackageInstaller 里面增加一个服务,进行授权

在AMS 中启动授权服务
frameworks/base/services/core/java/com/android/server/am/ActivityManagerService.java

 final void finishBooting() {startPermisionService();}

private void startPermisionService() {try{Log.d(TAG, "startPermisionService ...");Intent intent = new Intent();intent.setPackage("com.android.packageinstaller");intent.setAction("android.permission.PackagePermissionGrantService");mContext.startService(intent);}catch (Exception e){e.printStackTrace();}}

Background start not allowed

frameworks/base/services/core/java/com/android/server/am/ActivityManagerService.java

int getAppStartModeLocked() {if(packageName.equalsIgnoreCase("com.android.packageinstaller")){return ActivityManager.APP_START_MODE_NORMAL;}
}

PackageInstaller/src/com/android/packageinstaller/permission/service/PackagePermissionGrantService.java

package com.android.packageinstaller.permission.service;import android.app.Service;
import android.content.Intent;
import android.os.IBinder;
import android.os.Handler;
import android.os.Message;
import android.util.Log;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.text.TextUtils;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;
import android.os.Environment;import com.android.packageinstaller.permission.model.AppPermissionGroup;
import com.android.packageinstaller.permission.model.AppPermissions;
import com.android.packageinstaller.permission.model.Permission;
import com.android.packageinstaller.permission.utils.ArrayUtils;public class PackagePermissionGrantService extends Service {private static final  String TAG = "PackagePermission";private static final File GRANT_SYS_APP_LIST_SYSTEM = new File(Environment.getRootDirectory(),"/etc/permissions/pms_sysapp_grant_permission_list.txt");private static HashSet<String> sGrantSystemAppSet = new HashSet<String>();Permissionhandler handler;@Overridepublic void onCreate() {super.onCreate();Log.i(TAG, "onCreate OK");handler = new Permissionhandler();}@Overridepublic IBinder onBind(Intent arg0) {return null;}@Overridepublic int onStartCommand(Intent intent, int flags, int startId) {handler.sendEmptyMessageDelayed(100,8000);return Service.START_NOT_STICKY;}@Overridepublic void onDestroy() {Log.e(TAG, " stop self onDestroy=");handler.removeCallbacksAndMessages(null);super.onDestroy();}class Permissionhandler extends Handler {@Overridepublic void handleMessage(Message msg) {switch (msg.what) {case 100:Log.e(TAG, "start grant permission");FunSlientGrantRuntimePermission();sendEmptyMessageDelayed(101,15000);break;case 101:stopSelf();break;}}}public void FunSlientGrantRuntimePermission(){sGetGrantSystemAppFromFile(sGrantSystemAppSet, GRANT_SYS_APP_LIST_SYSTEM);Iterator<String> it = sGrantSystemAppSet.iterator();while (it.hasNext()) {String pkgName = it.next();Log.d(TAG, "pkgName="+pkgName);slientGrantRuntimePermission(pkgName);}}public void slientGrantRuntimePermission(String packageName){PackageInfo packageInfo;try {Log.e(TAG, "PackageInfo for packageName="+ packageName);packageInfo =  getPackageManager().getPackageInfo(packageName, PackageManager.GET_PERMISSIONS);} catch (PackageManager.NameNotFoundException e) {Log.e(TAG, "can't get PackageInfo for packageName="+ packageName);return;}AppPermissions mAppPermissions = new AppPermissions(this, packageInfo, null, false,new Runnable() {@Overridepublic void run() {stopSelf();}});Log.e(TAG, " AppPermissionGroup size==" + mAppPermissions.getPermissionGroups().size());if (mAppPermissions.getPermissionGroups().isEmpty()) {Log.e(TAG, "mAppPermissions size isEmpty");return;}for (AppPermissionGroup group : mAppPermissions.getPermissionGroups()) {String[] permissionsToGrant = null;final int permissionCount = group.getPermissions().size();for (int j = 0; j < permissionCount; j++) {final Permission permission = group.getPermissions().get(j);Log.e(TAG, "permissionName=" +permission.getName()+",isGranted="+ permission.isGranted());if (!permission.isGranted()) {permissionsToGrant = ArrayUtils.appendString(permissionsToGrant, permission.getName());Log.e(TAG, "permissionName=" + permission.getName());}}if (permissionsToGrant != null) {group.grantRuntimePermissions(false, permissionsToGrant);Log.i(TAG, "grantRuntimePermissions permissionsToGrant");}}}private static void sGetGrantSystemAppFromFile(HashSet<String> resultSet, File file) {resultSet.clear();FileReader fr = null;BufferedReader br = null;try {if (file.exists()) {fr = new FileReader(file);} else {Log.d(TAG, "file in " + file + " does not exist!");return;}br = new BufferedReader(fr);String line;while ((line = br.readLine()) != null) {line = line.trim();if (!TextUtils.isEmpty(line)) {Log.d(TAG, "read line " + line);resultSet.add(line);}}Log.e(TAG,"GRANT_SYS_APP_LIST_SYSTEM size="+resultSet.size());} catch (Exception io) {Log.d(TAG, io.getMessage());} finally {try {if (br != null) {br.close();}if (fr != null) {fr.close();}} catch (IOException io) {Log.d(TAG, io.getMessage());}}}
}

AndroidManifest.xml

<service android:name="com.android.permissioncontroller.permission.service.PackagePermissionGrantService">
<intent-filter android:priority="1"><action android:name="android.permission.PackagePermissionGrantService"/></intent-filter>
</service>

这篇关于实战-系统权限白名单授权的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!


http://www.chinasem.cn/article/1001828

相关文章

Mysql用户授权(GRANT)语法及示例解读

Mysql用户授权(GRANT)语法及示例解读

《Mysql用户授权(GRANT)语法及示例解读》:本文主要介绍Mysql用户授权(GRANT)语法及示例,具有很好的参考价值,希望对大家有所帮助,如有错误或未考虑完全的地方,望不吝赐教... 目录mysql用户授权(GRANT)语法授予用户权限语法GRANT语句中的<权限类型>的使用WITH GRANT
阅读更多...
Spring Security+JWT如何实现前后端分离权限控制

Spring Security+JWT如何实现前后端分离权限控制

《SpringSecurity+JWT如何实现前后端分离权限控制》本篇将手把手教你用SpringSecurity+JWT搭建一套完整的登录认证与权限控制体系,具有很好的参考价值,希望对大家... 目录Spring Security+JWT实现前后端分离权限控制实战一、为什么要用 JWT?二、JWT 基本结构
阅读更多...
Python列表去重的4种核心方法与实战指南详解

Python列表去重的4种核心方法与实战指南详解

《Python列表去重的4种核心方法与实战指南详解》在Python开发中,处理列表数据时经常需要去除重复元素,本文将详细介绍4种最实用的列表去重方法,有需要的小伙伴可以根据自己的需要进行选择... 目录方法1:集合(set)去重法(最快速)方法2:顺序遍历法(保持顺序)方法3:副本删除法(原地修改)方法4:
阅读更多...
在Spring Boot中浅尝内存泄漏的实战记录

在Spring Boot中浅尝内存泄漏的实战记录

《在SpringBoot中浅尝内存泄漏的实战记录》本文给大家分享在SpringBoot中浅尝内存泄漏的实战记录,结合实例代码给大家介绍的非常详细,感兴趣的朋友一起看看吧... 目录使用静态集合持有对象引用,阻止GC回收关键点:可执行代码:验证:1,运行程序(启动时添加JVM参数限制堆大小):2,访问 htt
阅读更多...
利用Python快速搭建Markdown笔记发布系统

利用Python快速搭建Markdown笔记发布系统

《利用Python快速搭建Markdown笔记发布系统》这篇文章主要为大家详细介绍了使用Python生态的成熟工具,在30分钟内搭建一个支持Markdown渲染、分类标签、全文搜索的私有化知识发布系统... 目录引言:为什么要自建知识博客一、技术选型:极简主义开发栈二、系统架构设计三、核心代码实现(分步解析
阅读更多...
SpringSecurity6.0 如何通过JWTtoken进行认证授权

SpringSecurity6.0 如何通过JWTtoken进行认证授权

《SpringSecurity6.0如何通过JWTtoken进行认证授权》:本文主要介绍SpringSecurity6.0通过JWTtoken进行认证授权的过程,本文给大家介绍的非常详细,感兴趣... 目录项目依赖认证UserDetailService生成JWT token权限控制小结之前写过一个文章,从S
阅读更多...
Spring Security基于数据库的ABAC属性权限模型实战开发教程

Spring Security基于数据库的ABAC属性权限模型实战开发教程

《SpringSecurity基于数据库的ABAC属性权限模型实战开发教程》:本文主要介绍SpringSecurity基于数据库的ABAC属性权限模型实战开发教程,本文给大家介绍的非常详细,对大... 目录1. 前言2. 权限决策依据RBACABAC综合对比3. 数据库表结构说明4. 实战开始5. MyBA
阅读更多...
Python FastAPI+Celery+RabbitMQ实现分布式图片水印处理系统

Python FastAPI+Celery+RabbitMQ实现分布式图片水印处理系统

《PythonFastAPI+Celery+RabbitMQ实现分布式图片水印处理系统》这篇文章主要为大家详细介绍了PythonFastAPI如何结合Celery以及RabbitMQ实现简单的分布式... 实现思路FastAPI 服务器Celery 任务队列RabbitMQ 作为消息代理定时任务处理完整
阅读更多...
Linux系统中卸载与安装JDK的详细教程

Linux系统中卸载与安装JDK的详细教程

《Linux系统中卸载与安装JDK的详细教程》本文详细介绍了如何在Linux系统中通过Xshell和Xftp工具连接与传输文件,然后进行JDK的安装与卸载,安装步骤包括连接Linux、传输JDK安装包... 目录1、卸载1.1 linux删除自带的JDK1.2 Linux上卸载自己安装的JDK2、安装2.1
阅读更多...
Spring Boot + MyBatis Plus 高效开发实战从入门到进阶优化(推荐)

Spring Boot + MyBatis Plus 高效开发实战从入门到进阶优化(推荐)

《SpringBoot+MyBatisPlus高效开发实战从入门到进阶优化(推荐)》本文将详细介绍SpringBoot+MyBatisPlus的完整开发流程,并深入剖析分页查询、批量操作、动... 目录Spring Boot + MyBATis Plus 高效开发实战:从入门到进阶优化1. MyBatis
阅读更多...

Copyright China编程 23002807@qq.com

沪ICP备2023033072号-2