Android 5.1 AppOps总结

    • 什么是AppOps
    • 涉及的类
    • 常用名词
    • 权限管理是如何触发的
    • 系统默认应用权限
    • AppOps Policy 文件
    • AppOpsService准备工作
    • 详细分析权限管理的触发
    • 应用层对权限的设置

什么是AppOps

Android App在AndroidManifest.xml中申请了很多运行时需要获取的权限,例如



用户在使用某个新安装的App的时候,经常会有弹窗弹出是否允许App获取某个权限,当确认获取后,用户才能正常使用该功能。而AppOps是framework提供给用户,确切点说是开发人员,更多操作应用权限的一个途径。用户可以对某个App的权限根据自己的需求进行禁止或者放行等。
在我理解,android系统中涉及App应用权限的主要涉及3个部分:

1. 系统默认的应用权限; 
2. AppOps Policy文件;
3. 通过调用AppOpsManager中的接口对某一权限进行设置;

开发人员可以利用Policy文件和AppOpsManager中的接口对默认的应用权限进行修改。后续文章将会按照上面三部分进行展开。

涉及的类

以AppOps名字开始的类包括

Settings上层

packages/apps/Settings/src/com/android/settings/applications/AppOpsCategory.java
packages/apps/Settings/src/com/android/settings/applications/AppOpsDetails.java
packages/apps/Settings/src/com/android/settings/applications/AppOpsState.java
packages/apps/Settings/src/com/android/settings/applications/AppOpsSummary.java

frameworks/base/cmds/appops下面有个appops的应用程序

frameworks/native/libs/binder/AppOpsManager.cpp
frameworks/native/include/binder/AppOpsManager.h

Appops核心实现类,AppOpsService是功能具体实现,AppOpsManager是Service相关的Manager,是SDK中的一部分。AppOpsPolicy大概意思是,系统出厂时预制的系统App(System-app)和用户app(User-app)的一些默认的权限。非常有用,我们可以把我们一些预制的信任apk的权限都设置为允许,而不用老是弹窗提示。

frameworks/base/services/core/java/com/android/server/AppOpsService.java
frameworks/base/services/core/java/com/android/server/AppOpsPolicy.java
frameworks/base/core/java/android/app/AppOpsManager.java 

常用名词

在framework中,
将某一权限称为Op,即operation,操作的意思。在AppOpsManager类中用以OP_开头的int表示具体权限,例如OP_COARSE_LOCATION,既表示coarse gps权限;
将某一权限的所对应的动作称为mode。在AppOpsManager类中用以MODE_开头的int表示动作,例如MODE_ALLOWED,表示允许相关权限的执行,即获取了相应的权限。

权限管理是如何触发的

当我们第一次在使用App的时候,访问某些系统权限时,例如访问wifi,都会弹出一个对话框询问用户是否允许访问wifi等。下面是WifiManager.java中打开WiFi的代码,

    public boolean setWifiEnabled(boolean enabled) {
        if (mAppOps.noteOp(AppOpsManager.OP_WIFI_CHANGE) !=
                AppOpsManager.MODE_ALLOWED)
            return false;
        try {
            return mService.setWifiEnabled(enabled);
        } catch (RemoteException e) {
            return false;
        }
    }

在打开wifi前,首先会去调用AppOpsManager中的noteOp函数,如果返回值不是允许,即MODE_ALLOWED,直接返回false,不允许打开wifi。从MODE_ALLOWED的注释我们就能看出,系统一般都是通过checkOp、noteOp、startOp去检测权限,但是使用的地方不同。关于noteOp,见后文。

/**
 * Result from {@link #checkOp}, {@link #noteOp}, {@link #startOp}: the given caller is
 * allowed to perform the given operation.
 */
public static final int MODE_ALLOWED = 0;

系统默认应用权限

android系统中包含了strict模式和普通模式。什么是strict模式?
在AppOpsService类中有个变量,顾名思义,判断系统是否开启strict模式。

final boolean mStrictEnable;

mStrictEnable = AppOpsManager.isStrictEnable();
    public static boolean isStrictEnable() {
        return SystemProperties.getBoolean("persist.sys.strict_op_enable", false);
    }

可以看出,通过设置persist.sys.strict_op_enable为true,即开启了strict模式。那么strict模式和普通模式有什么差异?我们下面接着上一段(权限管理是如何触发的)分析。
调用–>

    public int noteOp(int op) {
        return noteOp(op, Process.myUid(), mContext.getOpPackageName());
    }

调用–>

    /**
     * Make note of an application performing an operation.  Note that you must pass
     * in both the uid and name of the application to be checked; this function will verify
     * that these two match, and if not, return {@link #MODE_IGNORED}.  If this call
     * succeeds, the last execution time of the operation for this app will be updated to
     * the current time.
     */
    public int noteOp(int op, int uid, String packageName) {
        try {
            int mode = mService.noteOperation(op, uid, packageName);
            if (mode == MODE_ERRORED) {
                throw new SecurityException(buildSecurityExceptionMsg(op, uid, packageName));
            }
            return mode;
        } catch (RemoteException e) {
        }
        return MODE_IGNORED;
    }

从上面的注释我们也能证实我们前面的描述,noteOp主要是在一个app执行某个operation时需要note,即检验是否能够执行该操作,拥有该权限。函数中实际的实现还是调用了AppOps的实现类AppOpsService的noteOperation方法。
调用–>

  @Override
    public int noteOperation(int code, int uid, String packageName) {
            //我们这里只看getOpLocked函数,其他省略
            Op op = getOpLocked(ops, code, true);
            if (isOpRestricted(uid, code, packageName)) {
                return AppOpsManager.MODE_IGNORED;
            }
    }

调用–>

    private Op getOpLocked(Ops ops, int code, boolean edit) {
        int mode;
        //如果该app是第一次使用,肯定返回空
        Op op = ops.get(code);
        if (op == null) {
            if (!edit) {
                return null;
            }
            mode = getDefaultMode(code, ops.uid, ops.packageName);
            op = new Op(ops.uid, ops.packageName, code, mode);
            ops.put(code, op);
        }
        if (edit) {
            scheduleWriteLocked();
        }
        return op;
    }

调用–>

   private int getDefaultMode(int code, int uid, String packageName) {
        int mode = AppOpsManager.opToDefaultMode(code,
                isStrict(code, uid, packageName));
        //首先检查某个op是否在strict模式下,mPolicy就是上面提到的policy文件
        //如果op在strict模式下,同时mPolicy存在,则从mPolicy中取默认权限
        if (AppOpsManager.isStrictOp(code) && mPolicy != null) {
            int policyMode = mPolicy.getDefualtMode(code, packageName);
            if (policyMode != AppOpsManager.MODE_ERRORED) {
                mode = policyMode;
            }
        }
        return mode;
    }
   public static int opToDefaultMode(int op, boolean isStrict) {
        //是strict模式,返回sOpDefaultStrictMode数组
        if (isStrict)
            return sOpDefaultStrictMode[op];
        //普通模式,返回sOpDefaultMode数组
        return sOpDefaultMode[op];
    }
    //mStrictEnable是enable的,同时是app,则返回true
    private boolean isStrict(int code, int uid, String packageName) {
        if (!mStrictEnable)
            return false;

        return UserHandle.isApp(uid);
    }

从上面的分析,我们可以看出在strict模式下,op的对应默认mode在sOpDefaultStrictMode数组中查找,而普通模式下mode在sOpDefaultMode找。例如对于OP_COARSE_LOCATION,在strict模式下默认是询问AppOpsManager.MODE_ASK,而在普通模式下默认是AppOpsManager.MODE_ALLOWED。

AppOps Policy 文件

由上文可知,在获取某个op的默认权限时,如果在strict模式下,同时mPolicy不为null的时候,会去从mPolicy中读取权限。下面分析AppOps Policy 文件,
在AppOpsService中,有个默认的policy文件/system/etc/appops_policy.xml,

static final String DEFAULT_POLICY_FILE = "/system/etc/appops_policy.xml";

同时,在AppOpsService中有个AppOpsPolicy的instance,

AppOpsPolicy mPolicy;
    private void readPolicy() {
        if (mStrictEnable) {
            mPolicy = new AppOpsPolicy(new File(DEFAULT_POLICY_FILE), mContext);
            mPolicy.readPolicy();
            mPolicy.debugPoilcy();
        } else {
            mPolicy = null;
        }
    }

在strict模式下,实例化了一个AppOpsPolicy类,一个参数为默认的policy文件

   public AppOpsPolicy(File file, Context context) {
        super();
        mFile = file;
        mContext = context;
    }

调用–>

   void readPolicy() {
        FileInputStream stream;
        synchronized (mFile) {
            try {
                stream = new FileInputStream(mFile);
            } catch (FileNotFoundException e) {
                Slog.i(TAG, "App ops policy file (" + mFile.getPath()
                        + ") not found; Skipping.");
                return;
                    String tagName = parser.getName();
                    if (tagName.equals("user-app")
                            || tagName.equals("system-app")) {
                        readDefaultPolicy(parser, tagName);
                    } else if (tagName.equals("application")) {
                        readApplicationPolicy(parser);
                    } else {
                        Slog.w(TAG, "Unknown element under : "
                                + parser.getName());
                        XmlUtils.skipCurrentTag(parser);
                    }

    }

上面的函数就是读Policy文件的函数,,其实主要包括2个函数readDefaultPolicy(parser, tagName)和readApplicationPolicy(parser),我们也可以从函数中推测出policy文件的格式,起码包含user-app、system-app、application三个tag,user-app和system-app这两个tag对应的函数是readDefaultPolicy(parser, tagName),application tag对应的是readApplicationPolicy(parser),即


    
    

    
    
        
            
        
        
            
        
   

其中permission可以有allowed,ignored,ask和其他值,如下代码

   /** @hide */
    public static int stringToMode(String permission) {
        if ("allowed".equalsIgnoreCase(permission)) {
            return AppOpsManager.MODE_ALLOWED;
        } else if ("ignored".equalsIgnoreCase(permission)) {
            return AppOpsManager.MODE_IGNORED;
        } else if ("ask".equalsIgnoreCase(permission)) {
            return AppOpsManager.MODE_ASK;
        }
        return AppOpsManager.MODE_ERRORED;
    }

分别对应AppOpsManager.MODE_ALLOWED,AppOpsManager.MODE_IGNORED,AppOpsManager.MODE_ASK,其他字符串都会返回AppOpsManager.MODE_ERRORED。
而show表示是否将该权限show给用户,让用户去修改权限,如下所示,true和false分别对应CONTROL_SHOW,CONTROL_NOSHOW,如果为其他值,则对应CONTROL_UNKNOWN。

public static int stringToControl(String show) {
    if ("true".equalsIgnoreCase(show)) {
        return CONTROL_SHOW;
    } else if ("false".equalsIgnoreCase(show)) {
        return CONTROL_NOSHOW;
    }
    return CONTROL_UNKNOWN;
}

下面我们分析下推测出的AppOps Policy文件,首先在application标签外,有两个user-app,system-app的标签,分别的意思是:默认user-app(/data/app)的权限是,permission=”ask”,ask即AppOpsManager.MODE_ASK,意思是会有弹出框提示用户去点击是否允许该权限。show=”true”,允许用户去修改该权限,默认user-app的权限是true,允许修改(可以参考设置—安全—应用操作,点开某个app后,即可以修改权限是允许、提示、还是禁止)。同理,system-app(/system/app),permission=”allowed”,默认权限是允许,show=”false”,不允许用户操作。
以上两个是系统和用户app的默认权限,在application标签内,用户可以自定义添加自己app规则(如果没有自定义app规则,默认就是执行上面两个默认规则,如果有当前app自定义规则,则执行该规则,好理解吧),以搜狗输入法为例:

    <pkg name="com.sohu.inputmethod.sogou" type="user-app" permission="allowed" show="true">
    pkg>

pkg标签包围, name=”com.sohu.inputmethod.sogou”,name是app的包名,type为user-app或者system-app,permission=”allowed”,所有申请的权限默认允许,show=”true”,同时指出用户去修改,show就是展示出来的意思。
通过添加上面的规则,你会发现,搜狗输入法再也不弹出位置这些权限的窗口让你来选择了。
在 AppOpsPolicy中有个成员,用来保存Policy文件所描述的这些规则,HashMap保存的格式为(packageName,PolicyPkg),每个App是其中的一项。

HashMap<String, PolicyPkg> mPolicy = new HashMap<String, PolicyPkg>();

其中PolicyPkg为AppOpsPolicy中的内部类,

//该内部类就是用来保存上面的 
public final static class PolicyOp {
        public int op;
        public int mode;
        public int show;

        public PolicyOp(int op, int mode, int show) {
            this.op = op;
            this.mode = mode;
            this.show = show;
        }

        @Override
        public String toString() {
            return "PolicyOp [op=" + op + ", mode=" + mode + ", show=" + show
                    + "]";
        }
    }

public final static class PolicyPkg extends SparseArray<PolicyOp> {
        public String packageName;
        public int mode;
        public int show;
        public String type;

        public PolicyPkg(String packageName, int mode, int show, String type) {
            this.packageName = packageName;
            this.mode = mode;
            this.show = show;
            this.type = type;
        }

        @Override
        public String toString() {
            return "PolicyPkg [packageName=" + packageName + ", mode=" + mode
                    + ", show=" + show + ", type=" + type + "]";
        }

    }

下面先介绍读取user-app和system-app这两个tag的函数,读取完成后,在mPolicy 中保存的格式为(“user-app”,PolicyPkg )或者(“system-app”,PolicyPkg ),

private void readDefaultPolicy(XmlPullParser parser, String packageName)
        throws NumberFormatException, XmlPullParserException, IOException {
     //必须是user-app或者system-app
    if (!"user-app".equalsIgnoreCase(packageName)
            && !"system-app".equalsIgnoreCase(packageName)) {
        return;
    }
    int mode = AppOpsManager.stringToMode(parser.getAttributeValue(null,
            "permission"));
    int show = stringToControl(parser.getAttributeValue(null, "show"));
    if (mode == AppOpsManager.MODE_ERRORED && show == CONTROL_UNKNOWN) {
        return;
    }
    /*如果mPolicy没default policy,则新建一个PolicyPkg,一个hash键值对,这个键值对的格式是("user-app",PolicyPkg )或者("system-app",PolicyPkg ),如果已经存在,则修改mode和show*/
    PolicyPkg pkg = this.mPolicy.get(packageName);
    if (pkg == null) {
        pkg = new PolicyPkg(packageName, mode, show, packageName);
        this.mPolicy.put(packageName, pkg);
    } else {
        Slog.w(TAG, "Duplicate policy found for package: " + packageName
                + " of type: " + packageName);
        pkg.mode = mode;
        pkg.show = show;
    }

接着是读取application tag下的元素,

 private void readApplicationPolicy(XmlPullParser parser)
            throws NumberFormatException, XmlPullParserException, IOException {
            ......
            /*读取下面的pkg tag*/
            String tagName = parser.getName();
            if (tagName.equals("pkg")) {
                readPkgPolicy(parser);
            } else {
                Slog.w(TAG,
                        "Unknown element under : "
                                + parser.getName());
                XmlUtils.skipCurrentTag(parser);
            }
        }

调用–>
读取pkg本身的元素,如果pkg tag下还有op tag,继续读op tag。

 private void readPkgPolicy(XmlPullParser parser)
            throws NumberFormatException, XmlPullParserException, IOException {
        String packageName = parser.getAttributeValue(null, "name");
        if (packageName == null)
            return;
        String appType = parser.getAttributeValue(null, "type");
        if (appType == null)
            return;
        int mode = AppOpsManager.stringToMode(parser.getAttributeValue(null,
                "permission"));
        int show = stringToControl(parser.getAttributeValue(null, "show"));
        String key = packageName + "." + appType;
        PolicyPkg pkg = this.mPolicy.get(key);
        /*可以看到这里的键值对的键是以packageName + "." + appType形式,例如sogou输入法的键就为com.sohu.inputmethod.sogou.user-app,和default policy相同,如果mPolicy中没有该元素,则新建,否则修改mode和show。*/
        if (pkg == null) {
            pkg = new PolicyPkg(packageName, mode, show, appType);
            this.mPolicy.put(key, pkg);
        } else {
            Slog.w(TAG, "Duplicate policy found for package: " + packageName
                    + " of type: " + appType);
            pkg.mode = mode;
            pkg.show = show;
        }

        int outerDepth = parser.getDepth();
        int type;
        while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
                && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
            if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
                continue;
            }
            String tagName = parser.getName();
            if (tagName.equals("op")) {
                readOpPolicy(parser, pkg);
            } else {
                Slog.w(TAG, "Unknown element under : " + parser.getName());
                XmlUtils.skipCurrentTag(parser);
            }
        }
    }

从上可以看出pkg下面的键值对形式为(“com.sohu.inputmethod.sogou.user-app”,PolicyPkg),下面接着读pkg下面的op tag。
调用–>
由于PolicyPkg extends SparseArray,所以PolicyPkg 内部有个保存pkg下相关op的一个SparseArray,保存的格式为(code,PolicyOp),code是个int,是稀疏数组的键吧。

private void readOpPolicy(XmlPullParser parser, PolicyPkg pkg)
            throws NumberFormatException, XmlPullParserException, IOException {
        if (pkg == null) {
            return;
        }
        String opName = parser.getAttributeValue(null, "name");
        if (opName == null) {
            Slog.w(TAG, "Op name is null");
            return;
        }
        int code = AppOpsManager.stringOpToOp(opName);
        if (code == AppOpsManager.OP_NONE) {
            Slog.w(TAG, "Unknown Op: " + opName);
            return;
        }
        int mode = AppOpsManager.stringToMode(parser.getAttributeValue(null,
                "permission"));
        int show = stringToControl(parser.getAttributeValue(null, "show"));
        if (mode == AppOpsManager.MODE_ERRORED && show == CONTROL_UNKNOWN) {
            return;
        }
        PolicyOp op = pkg.get(code);
        if (op == null) {
            op = new PolicyOp(code, mode, show);
            pkg.put(code, op);
        } else {
            Slog.w(TAG, "Duplicate policy found for package: "
                    + pkg.packageName + " type: " + pkg.type + " op: " + op.op);
            op.mode = mode;
            op.show = show;
        }
    }

至此,AppOps Policy文件已经读完。

AppOpsService准备工作

在AppOpsService类中,首先有个稀疏数组的成员mUidOps,顾名思义,涉及到Uid和Ops相关的东西。在android中,uid被赋予linux不同的任务,不同的App享有不同的Uid。作为稀疏数组的键,而对应的值为HashMap

final SparseArrayString, Ops>> mUidOps
        = new SparseArrayString, Ops>>();

Op是一个内部类,保存了一个op(权限)的详细信息,例如从什么时候开始运行的,等等。

public final static class Op {
        public final int uid;
        public final String packageName;
        public final int op;
        public int mode;
        public int duration;
        public long time;
        public long rejectTime;
        public int nesting;
        public int noteOpCount;
        public int startOpCount;
        public PermissionDialogReqQueue dialogReqQueue;
        final ArrayList clientTokens;

        public Op(int _uid, String _packageName, int _op, int _mode) {
            uid = _uid;
            packageName = _packageName;
            op = _op;
            mode = _mode;
            dialogReqQueue = new PermissionDialogReqQueue();
            clientTokens = new ArrayList();
        }
    }

而Ops也是一个内部类,包含了一个SparseArray,op的稀疏数组。Ops既是Op的复数,很多个Op的意思。

 public final static class Ops extends SparseArray<Op> {
        public final String packageName;
        public final int uid;
        public final boolean isPrivileged;

        public Ops(String _packageName, int _uid, boolean _isPrivileged) {
            packageName = _packageName;
            uid = _uid;
            isPrivileged = _isPrivileged;
        }
    }

所以,mUidOps保存的数据类似(uid,HashMap

详细分析权限管理的触发

前面讲过,在打开wifi时会调用AppOpsManager中的noteOp函数,进行权限的检测,下面详细分析,

public int noteOp(int op, int uid, String packageName) {
    try {
        int mode = mService.noteOperation(op, uid, packageName);
        if (mode == MODE_ERRORED) {
            throw new SecurityException(buildSecurityExceptionMsg(op, uid, packageName));
        }
        return mode;
    } catch (RemoteException e) {
    }
    return MODE_IGNORED;
}

调用–>
调用AppOpsService中的noteOperation,

public int noteOperation(int code, int uid, String packageName) {
        final PermissionDialogReq req;
        verifyIncomingUid(uid);
        verifyIncomingOp(code);

        synchronized (this) {
        //如果mUidOps中没有该App信息,则建立,否则返回Ops
            Ops ops = getOpsLocked(uid, packageName, true);
            if (ops == null) {
                if (DEBUG) Log.d(TAG, "noteOperation: no op for code " + code + " uid " + uid
                        + " package " + packageName);
                return AppOpsManager.MODE_ERRORED;
            }
            //查找或者建立一个Op,放到ops中
            //此外在getOpLocked,参数edit为true的情况下回去写/data/system/appops.xml文件,如果这个
            //op是新建立的,则会马上更新appops.xml文件
            Op op = getOpLocked(ops, code, true);
            //至此,如果该app的这个权限是第一次在函数中处理,这时候已经在mUidOps和appops.xml中存在了
            if (isOpRestricted(uid, code, packageName)) {
                return AppOpsManager.MODE_IGNORED;
            }
            if (op.duration == -1) {
                Slog.w(TAG, "Noting op not finished: uid " + uid + " pkg " + packageName
                        + " code " + code + " time=" + op.time + " duration=" + op.duration);
            }
            op.duration = 0;
            /*将code转换为switchcode*/
            final int switchCode = AppOpsManager.opToSwitch(code);
            /*如果op和switchop不同*/
            final Op switchOp = switchCode != code ? getOpLocked(ops,
                    switchCode, true) : op;
            /*如果mode不是allow和ask,则是被拒绝了,将reject的时间保存*/
            if (switchOp.mode != AppOpsManager.MODE_ALLOWED
                    && switchOp.mode != AppOpsManager.MODE_ASK) {
                if (DEBUG)
                    Log.d(TAG, "noteOperation: reject #" + op.mode
                            + " for code " + switchCode + " (" + code
                            + ") uid " + uid + " package " + packageName);
                op.rejectTime = System.currentTimeMillis();
                return switchOp.mode;
            } else if (switchOp.mode == AppOpsManager.MODE_ALLOWED) {
                if (DEBUG)
                    Log.d(TAG, "noteOperation: allowing code " + code + " uid "
                            + uid + " package " + packageName);
                /*如果mode是allow,记录note的时间,并将reject设置为0*/
                op.time = System.currentTimeMillis();
                op.rejectTime = 0;
                return AppOpsManager.MODE_ALLOWED;
            } else {
                if (Looper.myLooper() == mLooper) {
                    Log.e(TAG,
                            "noteOperation: This method will deadlock if called from the main thread. (Code: "
                                    + code
                                    + " uid: "
                                    + uid
                                    + " package: "
                                    + packageName + ")");
                    return switchOp.mode;
                }
                /*mode是ask,就是跳出来弹窗提醒,这里将op.noteOpCount增加*/
                op.noteOpCount++;
                req = askOperationLocked(code, uid, packageName, switchOp);
            }
        }
        return req.get();
     }

先看getOpsLocked函数

   private Ops getOpsLocked(int uid, String packageName, boolean edit) {
    /*uid为0,包名为root,uid为shell,包名为com.android.shell,uid为system,同时包名为空,则包名为android*/
        if (uid == 0) {
            packageName = "root";
        } else if (uid == Process.SHELL_UID) {
            packageName = "com.android.shell";
        } else if (uid == Process.SYSTEM_UID) {
            if (packageName == null)
                packageName = "android";
        }
        return getOpsRawLocked(uid, packageName, edit);
    }

接着调用,

/*有个参数edit,应该表示是不是可以修改mUidOps;
 返回一个Ops,如果mUidOps中还没有该app相关信息,则新建一个HashMap,放到mUidOps
    */
private Ops getOpsRawLocked(int uid, String packageName, boolean edit) {
        HashMap pkgOps = mUidOps.get(uid);
        /*mUidOps里面没有这个uid的app*/
        if (pkgOps == null) {
        /*如果edit为false,不允许修改mUidOps,直接就返回了*/
            if (!edit) {
                return null;
            }
            /*如果没有这个uid的app,则新建一个,这时pkgOps还是空的*/
            pkgOps = new HashMap();
            mUidOps.put(uid, pkgOps);
        }
        Ops ops = pkgOps.get(packageName);
        if (ops == null) {
            if (!edit) {
                return null;
            }
            boolean isPrivileged = false;
            // This is the first time we have seen this package name under this uid,
            // so let's make sure it is valid.
            //由上面的注释,主要是为了检验合法性
            if (uid != 0) {
                final long ident = Binder.clearCallingIdentity();
                try {
                    int pkgUid = -1;
                    try {
                        ApplicationInfo appInfo = ActivityThread.getPackageManager()
                                .getApplicationInfo(packageName, 0, UserHandle.getUserId(uid));
                        if (appInfo != null) {
                            pkgUid = appInfo.uid;
                            isPrivileged = (appInfo.flags & ApplicationInfo.FLAG_PRIVILEGED) != 0;
                        } else {
                            if ("media".equals(packageName)) {
                                pkgUid = Process.MEDIA_UID;
                                isPrivileged = false;
                            }
                        }
                    } catch (RemoteException e) {
                        Slog.w(TAG, "Could not contact PackageManager", e);
                    }
                    if (pkgUid != uid) {
                        // Oops!  The package name is not valid for the uid they are calling
                        // under.  Abort.
                        Slog.w(TAG, "Bad call: specified package " + packageName
                                + " under uid " + uid + " but it is really " + pkgUid);
                        return null;
                    }
                } finally {
                    Binder.restoreCallingIdentity(ident);
                }
            }
            //这里新建一个Ops,然后放到pkgOps中
            ops = new Ops(packageName, uid, isPrivileged);
            pkgOps.put(packageName, ops);
        }
        return ops;
    }

通过上面两步,如果mUidOps中还没有该app相关信息,则新建一个HashMap

private Op getOpLocked(Ops ops, int code, boolean edit) {
    int mode;
    Op op = ops.get(code);
    //如果这个App是第一次进入这个函数,那么op肯定是空的
    if (op == null) {
        if (!edit) {
            return null;
        }
        //获取默认的Mode,然后put到ops中
        mode = getDefaultMode(code, ops.uid, ops.packageName);
        op = new Op(ops.uid, ops.packageName, code, mode);
        ops.put(code, op);
    }
    //如果允许edit,则执行scheduleWriteLocked
    if (edit) {
        scheduleWriteLocked();
    }
    return op;
}

调用–>getDefaultMode
获取默认Mode前面已经讲过,这里如果这个op是strict的,同时mPolicy不为空,即Policy文件存在,则调用 mPolicy.getDefualtMode(code, packageName);

private int getDefaultMode(int code, int uid, String packageName) {
        int mode = AppOpsManager.opToDefaultMode(code,
                isStrict(code, uid, packageName));
        if (AppOpsManager.isStrictOp(code) && mPolicy != null) {
            int policyMode = mPolicy.getDefualtMode(code, packageName);
            //如果返回值是MODE_ERRORED,那么会返回上面的opToDefaultMode的Mode
            //感觉这种情况唯有mPolicy文件存在,但是没啥东西的时候,getDefualtMode返回MODE_ERRORED
            if (policyMode != AppOpsManager.MODE_ERRORED) {
                mode = policyMode;
            }
        }
        return mode;
    }

注释很明确,就是先从默认规则读相关的Mode,如果还有pkg,那么继续读pkg下面的能匹配的mode,如果有匹配的则会覆盖前面mode的值。mode的默认值是AppOpsManager.MODE_ERRORED。

public int getDefualtMode(int code, String packageName) {
        int mode = AppOpsManager.MODE_ERRORED;
        PolicyPkg pkg;
        String key;
        String type;

        if (mPolicy == null) {
            return mode;
        }
        if (DEBUG)
            Slog.d(TAG, "Default mode requested for op=" + code + " package="
                    + packageName);
        type = getAppType(packageName);
        if (type != null) {
            // Get value based on 'type'
            key = type;
            pkg = mPolicy.get(key);
            if (pkg != null && pkg.mode != AppOpsManager.MODE_ERRORED) {
                if (DEBUG)
                    Slog.d(TAG, "Setting value based on type: " + pkg);
                mode = pkg.mode;
            }
        }
        // Get value based on 'pkg'.
        key = packageName;
        if (type != null) {
            key = key + "." + type;
        }
        pkg = mPolicy.get(key);
        if (pkg != null) {
            if (pkg.mode != AppOpsManager.MODE_ERRORED) {
                if (DEBUG)
                    Slog.d(TAG, "Setting value based on packageName: " + pkg);
                mode = pkg.mode;
            }
            // Get value base on 'op'
            PolicyOp op = pkg.get(code);
            if (op != null) {
                if (op.mode != AppOpsManager.MODE_ERRORED) {
                    if (DEBUG)
                        Slog.d(TAG, "Setting value based on op: " + op);
                    mode = op.mode;
                }
            }
        }
        if (DEBUG)
            Slog.d(TAG, "Returning mode=" + mode);
        return mode;
    }

在上面函数getOpLocked中最后会调用scheduleWriteLocked,会调用写线程去更新一个权限文件,

private void scheduleWriteLocked() {
        if (!mWriteScheduled) {
            mWriteScheduled = true;
            mHandler.postDelayed(mWriteRunner, WRITE_DELAY);
        }
    }

final Runnable mWriteRunner = new Runnable() {
    public void run() {
        synchronized (AppOpsService.this) {
            mWriteScheduled = false;
            mFastWriteScheduled = false;
            AsyncTask<Void, Void, Void> task = new AsyncTask<Void, Void, Void>() {
                @Override protected Void doInBackground(Void... params) {
                //线程调用writeState写各个app相关权限的相关信息
                    writeState();
                    return null;
                }
            };
            task.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR, (Void[])null);
        }
    }
};

AppOpsService中有个成员mFile,是在构造函数中初始化的

 public AppOpsService(File storagePath, Handler handler) {
        mFile = new AtomicFile(storagePath);
        mHandler = handler;
        mLooper = Looper.myLooper();
        mStrictEnable = AppOpsManager.isStrictEnable();
        readState();
    }

而AppOpsService是在ActivityManagerService中实例化的,systemDir为/data/system,则上述需要更新的文件为/data/system/appops.xml

mAppOpsService = new AppOpsService(new File(systemDir, "appops.xml"), mHandler);

这个文件里面的内容,摘抄如下:

<app-ops>
<pkg n="com.android.providers.calendar">
<uid n="10001" p="true">
<op n="8" dm="0" t="1920100182" />
<op n="9" dm="0" t="1920062956" />
<op n="40" dm="0" t="1920100252" d="93" />
<op n="53" dm="0" t="1920062763" />
uid>
pkg>
<pkg n="com.android.dialer">
<uid n="10006" p="true">
<op n="6" dm="0" t="1920062244" />
<op n="53" dm="0" t="1920061743" />
uid>
pkg>
<pkg n="com.android.providers.media">
<uid n="10007" p="true">
<op n="23" dm="0" t="1920069787" />
<op n="40" dm="0" t="1920070834" d="97" />
<op n="53" dm="0" t="1920063053" />
uid>
pkg>
<pkg n="com.android.providers.downloads">
<uid n="10007" p="true">
<op n="53" dm="0" t="1920062960" />
uid>
pkg>
<pkg n="com.android.launcher">
<uid n="10009" p="true" />
pkg>
<pkg n="com.android.managedprovisioning">
<uid n="10010" p="true">
<op n="53" dm="0" t="1920062971" />
uid>
pkg>
<pkg n="com.android.mms">
<uid n="10011" p="true">
<op n="14" dm="0" t="1920079185" />
<op n="15" dm="0" t="1920079178" />
<op n="40" dm="0" t="1920079204" d="46" />
<op n="51" dm="0" t="1920064837" />
<op n="53" dm="0" t="1920064530" />
<op n="56" dm="0" t="1920076500" />
uid>
pkg>
<pkg n="com.android.onetimeinitializer">
<uid n="10013" p="true">
<op n="53" dm="0" t="1920064547" />
uid>
pkg>
<pkg n="com.android.systemui">
<uid n="10016" p="true">
<op n="4" dm="0" t="1920057614" />
<op n="23" dm="0" t="1920057673" />
<op n="40" dm="0" t="1921212577" d="131" />
<op n="53" dm="0" t="1920060458" />
uid>
pkg>
<pkg n="com.cyanogenmod.trebuchet">
<uid n="10018" p="true">
<op n="3" dm="0" t="1921174279" d="66" />
<op n="53" dm="0" t="1920064754" />
uid>
pkg>
<pkg n="com.android.calendar">
<uid n="10025" p="false">
<op n="8" dm="0" t="1920085515" />
<op n="9" dm="0" t="1920095150" />
<op n="40" dm="0" t="1920085526" d="10112" />
<op n="53" dm="0" t="1920065067" />
uid>
pkg>
<pkg n="com.qualcomm.qti.calendarlocalaccount">
<uid n="10026" p="false">
<op n="53" dm="0" t="1920065089" />
uid>
pkg>
<pkg n="com.qualcomm.qti.calendarwidget">
<uid n="10027" p="false">
<op n="8" dm="0" t="1920078119" />
uid>
pkg>
<pkg n="com.android.camera2">
<uid n="10028" p="false">
<op n="53" dm="0" t="1920065263" />
uid>
pkg>
<pkg n="com.qti.cbwidget">
<uid n="10031" p="false" />
pkg>
<pkg n="com.android.deskclock">
<uid n="10033" p="false">
<op n="40" dm="0" t="1920061737" d="155" />
<op n="53" dm="0" t="1920061562" />
uid>
pkg>
<pkg n="com.android.email">
<uid n="10035" p="false">
<op n="53" dm="0" t="1920066104" />
uid>
pkg>
<pkg n="com.android.gallery3d">
<uid n="10042" p="false">
<op n="23" dm="0" t="1920067518" />
<op n="53" dm="0" t="1920067465" />
uid>
pkg>
<pkg n="com.qcom.gsma.services.nfc">
<uid n="10043" p="false">
<op n="53" dm="0" t="1920067652" />
uid>
pkg>
<pkg n="com.android.inputmethod.latin">
<uid n="10047" p="false">
<op n="53" dm="0" t="1920067800" />
uid>
pkg>
<pkg n="com.android.music">
<uid n="10051" p="false" />
pkg>
<pkg n="com.android.provision">
<uid n="10063" p="false">
<op n="23" dm="0" t="1920056281" />
uid>
pkg>
<pkg n="com.qualcomm.atuner">
<uid n="10073" p="false">
<op n="53" dm="0" t="1920072364" />
uid>
pkg>
<pkg n="com.qualcomm.embms">
<uid n="10074" p="false">
<op n="53" dm="0" t="1920072617" />
uid>
pkg>
<pkg n="com.borqs.videocall">
<uid n="10078" p="false">
<op n="53" dm="0" t="1920073353" />
uid>
pkg>
app-ops>

其中app-ops tag包含着很多个pkg tag,pkg tag中又包含了很多个op的tag,各个元素的意义见后文分析,例如

<pkg n="com.android.providers.calendar">
<uid n="10001" p="true">
<op n="8" dm="0" t="1920100182" />
<op n="9" dm="0" t="1920062956" />
<op n="40" dm="0" t="1920100252" d="93" />
<op n="53" dm="0" t="1920062763" />
uid>
pkg>

下面我们看writeState函数,这个函数就说明了如何去写/data/system/appops.xml文件。

void writeState() {
        synchronized (mFile) {
        /*
          调用getPackagesForOps函数,入参为null,即要获取mUidOps所有的数据;
          而appops.xml这个文件其实就是mUidOps所有数据的体现。
        */
            List allOps = getPackagesForOps(null);

            FileOutputStream stream;
            try {
                stream = mFile.startWrite();
            } catch (IOException e) {
                Slog.w(TAG, "Failed to write state: " + e);
                return;
            }

            try {
                XmlSerializer out = new FastXmlSerializer();
                out.setOutput(stream, "utf-8");
                out.startDocument(null, true);
                //写app-ops tag
                out.startTag(null, "app-ops");

                if (allOps != null) {
                    String lastPkg = null;
                    for (int i=0; iget(i);
                        if (!pkg.getPackageName().equals(lastPkg)) {
                            if (lastPkg != null) {
                                out.endTag(null, "pkg");
                            }
                            //
                            lastPkg = pkg.getPackageName();
                            out.startTag(null, "pkg");
                            out.attribute(null, "n", lastPkg);
                        }
                        //
                        out.startTag(null, "uid");
                        out.attribute(null, "n", Integer.toString(pkg.getUid()));
                        //这个isPrivileged,还不清楚具体意思
                        synchronized (this) {
                            Ops ops = getOpsLocked(pkg.getUid(), pkg.getPackageName(), false);
                            // Should always be present as the list of PackageOps is generated
                            // from Ops.
                            if (ops != null) {
                                out.attribute(null, "p", Boolean.toString(ops.isPrivileged));
                            } else {
                                out.attribute(null, "p", Boolean.toString(false));
                            }
                        }
                        List ops = pkg.getOps();
                        //下面就是一个个
                        //m的意思是该op和defaultmode不同,例如通过上册修改过该op的权限
                        //dm就是依然是defaultmode
                        for (int j=0; jget(j);
                            out.startTag(null, "op");
                            out.attribute(null, "n", Integer.toString(op.getOp()));
                            int defaultMode = getDefaultMode(op.getOp(),
                                    pkg.getUid(), pkg.getPackageName());
                            if (op.getMode() != defaultMode) {
                                out.attribute(null, "m", Integer.toString(op.getMode()));
                            } else {
                                out.attribute(null, "dm", Integer.toString(defaultMode));
                            }
                            long time = op.getTime();
                            //t是op的时间
                            if (time != 0) {
                                out.attribute(null, "t", Long.toString(time));
                            }
                            time = op.getRejectTime();
                            if (time != 0) {
                                out.attribute(null, "r", Long.toString(time));
                            }
                            int dur = op.getDuration();
                            if (dur != 0) {
                                out.attribute(null, "d", Integer.toString(dur));
                            }
                            out.endTag(null, "op");
                        }
                        out.endTag(null, "uid");
                    }
                    if (lastPkg != null) {
                        out.endTag(null, "pkg");
                    }
                }

                out.endTag(null, "app-ops");
                out.endDocument();
                mFile.finishWrite(stream);
            } catch (IOException e) {
                Slog.w(TAG, "Failed to write state, restoring backup.", e);
                mFile.failWrite(stream);
            }
        }
    }

首先调用getPackagesForOps函数,

/*
  通过ops,即权限,找对应的package,也就是拥有这些op的package;
  PackageOps是AppOpsManager中的一个类,注释很明确,Class holding all of the operation information associated with an app;
  如果参数ops为空,则表示要获取mUidOps中的所有数据;
*/
public List getPackagesForOps(int[] ops) {
        mContext.enforcePermission(android.Manifest.permission.GET_APP_OPS_STATS,
                Binder.getCallingPid(), Binder.getCallingUid(), null);
        ArrayList res = null;
        //从mUidOps中查找,循环mUidOps所有的数据
        synchronized (this) {
            for (int i=0; i packages = mUidOps.valueAt(i);
                for (Ops pkgOps : packages.values()) {
                /*
                  这里调用collectOps,见下;
                  而OpEntry,Class holding the information about one unique operation of an  
                  application,既是一个op;
                */
                    ArrayList resOps = collectOps(pkgOps, ops);
                    if (resOps != null) {
                        if (res == null) {
                            res = new ArrayList();
                        }
                        AppOpsManager.PackageOps resPackage = new AppOpsManager.PackageOps(
                                pkgOps.packageName, pkgOps.uid, resOps);
                        res.add(resPackage);
                    }
                }
            }
        }
        return res;
    }
/*
  如果ops为空,就表示需要获取所有的op;
  而如果ops不为空,则需要通过键值对匹配,pkgOps.get(ops[j]);
*/
private ArrayList collectOps(Ops pkgOps, int[] ops) {
        ArrayList resOps = null;
        if (ops == null) {
            resOps = new ArrayList();
            for (int j=0; jnew AppOpsManager.OpEntry(curOp.op, curOp.mode, curOp.time,
                        curOp.rejectTime, curOp.duration));
            }
        } else {
            for (int j=0; jget(ops[j]);
                if (curOp != null) {
                    if (resOps == null) {
                        resOps = new ArrayList();
                    }
                    resOps.add(new AppOpsManager.OpEntry(curOp.op, curOp.mode, curOp.time,
                            curOp.rejectTime, curOp.duration));
                }
            }
        }
        return resOps;
    }

说完writeState函数,顺便看下readState函数,即从/data/system/appops.xml中读取信息,更新mUidOps。

void readState() {
                        .......... 
                        if (tagName.equals("pkg")) {
                            readPackage(parser);
                        } else {
                            Slog.w(TAG, "Unknown element under : "
                                    + parser.getName());
                            XmlUtils.skipCurrentTag(parser);
                        }
                    }
                    success = true;

    }

调用

void readPackage(XmlPullParser parser) throws NumberFormatException,
            XmlPullParserException, IOException {
        String pkgName = parser.getAttributeValue(null, "n");
        int outerDepth = parser.getDepth();
        int type;
        while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
                && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
            if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
                continue;
            }

            String tagName = parser.getName();
            if (tagName.equals("uid")) {
                readUid(parser, pkgName);
            } else {
                Slog.w(TAG, "Unknown element under : "
                        + parser.getName());
                XmlUtils.skipCurrentTag(parser);
            }
        }
    }

调用readUid,

 void readUid(XmlPullParser parser, String pkgName) throws NumberFormatException,
            XmlPullParserException, IOException {
        int uid = Integer.parseInt(parser.getAttributeValue(null, "n"));
        String isPrivilegedString = parser.getAttributeValue(null, "p");
        boolean isPrivileged = false;
        //是否拥有Privileged属性
        if (isPrivilegedString == null) {
            try {
                IPackageManager packageManager = ActivityThread.getPackageManager();
                if (packageManager != null) {
                    ApplicationInfo appInfo = ActivityThread.getPackageManager()
                            .getApplicationInfo(pkgName, 0, UserHandle.getUserId(uid));
                    if (appInfo != null) {
                        isPrivileged = (appInfo.flags & ApplicationInfo.FLAG_PRIVILEGED) != 0;
                    }
                } else {
                    // Could not load data, don't add to cache so it will be loaded later.
                    return;
                }
            } catch (RemoteException e) {
                Slog.w(TAG, "Could not contact PackageManager", e);
            }
        } else {
            isPrivileged = Boolean.parseBoolean(isPrivilegedString);
        }
        int outerDepth = parser.getDepth();
        int type;
        while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
                && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
            if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
                continue;
            }
        //下面就是具体的写相关tag和attribute什么的
            String tagName = parser.getName();
            if (tagName.equals("op")) {
                int code = Integer
                        .parseInt(parser.getAttributeValue(null, "n"));
                Op op = new Op(uid, pkgName, code, AppOpsManager.MODE_ERRORED);
                String mode = parser.getAttributeValue(null, "m");
                if (mode != null) {
                    op.mode = Integer.parseInt(mode);
                } else {
                    String sDefualtMode = parser.getAttributeValue(null, "dm");
                    int defaultMode;
                    if (sDefualtMode != null) {
                        defaultMode = Integer.parseInt(sDefualtMode);
                    } else {
                        defaultMode = getDefaultMode(code, uid, pkgName);
                    }
                    op.mode = defaultMode;
                }
                String time = parser.getAttributeValue(null, "t");
                if (time != null) {
                    op.time = Long.parseLong(time);
                }
                time = parser.getAttributeValue(null, "r");
                if (time != null) {
                    op.rejectTime = Long.parseLong(time);
                }
                String dur = parser.getAttributeValue(null, "d");
                if (dur != null) {
                    op.duration = Integer.parseInt(dur);
                }
                HashMap<String, Ops> pkgOps = mUidOps.get(uid);
                if (pkgOps == null) {
                    pkgOps = new HashMap<String, Ops>();
                    mUidOps.put(uid, pkgOps);
                }
                Ops ops = pkgOps.get(pkgName);
                if (ops == null) {
                    ops = new Ops(pkgName, uid, isPrivileged);
                    pkgOps.put(pkgName, ops);
                }
                ops.put(op.op, op);
            } else {
                Slog.w(TAG, "Unknown element under : "
                        + parser.getName());
                XmlUtils.skipCurrentTag(parser);
            }
        }
    }

下面继续分析noteOperation函数,接着调用,

    final int switchCode = AppOpsManager.opToSwitch(code);
   public static int opToSwitch(int op) {
        return sOpToSwitch[op];
    }

这里的sOpToSwitch[]数组的解释如下

    /**
     * This maps each operation to the operation that serves as the
     * switch to determine whether it is allowed.  Generally this is
     * a 1:1 mapping, but for some things (like location) that have
     * multiple low-level operations being tracked that should be
     * presented to the user as one switch then this can be used to
     * make them all controlled by the same single operation.
     */
 private static int[] sOpToSwitch = new int[] {
            OP_COARSE_LOCATION,
            OP_COARSE_LOCATION,
            OP_COARSE_LOCATION,
            .................
            }

应用层对权限的设置

上面两节已经介绍了App默认权限以及Policy文件的读取,下面将介绍最后一部分,也是最关键的,上层应用调用AppOpsManager的接口对权限进行设置,将会使用到App默认权限和Policy文件部分的内容。
以原生系统setting中AppOpsDetails为例,都是调用AppOpsManager的setMode函数对权限进行设置,

 private boolean refreshUi() {
             .......
                    @Override
                    public void onItemSelected(AdapterView parentView, View selectedItemView, int position, long id) {
                        if(firstMode) {
                            firstMode = false;
                            return;
                         }
                        mAppOps.setMode(switchOp, entry.getPackageOps().getUid(),
                                entry.getPackageOps().getPackageName(), positionToMode(position));
                    }

                    @Override
                    public void onNothingSelected(AdapterView parentView) {
                        // your code here
                    }
                });

                sw.setChecked(mAppOps.checkOp(switchOp, entry.getPackageOps()
                        .getUid(), entry.getPackageOps().getPackageName()) == AppOpsManager.MODE_ALLOWED);
                sw.setOnCheckedChangeListener(new Switch.OnCheckedChangeListener() {
                    public void onCheckedChanged(CompoundButton buttonView,
                            boolean isChecked) {
                        mAppOps.setMode(switchOp, entry.getPackageOps()
                                .getUid(), entry.getPackageOps()
                                .getPackageName(),
                                isChecked ? AppOpsManager.MODE_ALLOWED
                                        : AppOpsManager.MODE_IGNORED);
                    }
                });
                if (AppOpsManager.isStrictOp(switchOp)) {
                    sp.setVisibility(View.VISIBLE);
                } else {
                    sw.setVisibility(View.VISIBLE);
                }
            }
        }

        return true;
    }

而AppOpsManager又调用service中的setMode,修改mUidOps中相关权限信息,

  public void setMode(int code, int uid, String packageName, int mode) {
        try {
            mService.setMode(code, uid, packageName, mode);
        } catch (RemoteException e) {
        }
    }

即,

public void setMode(int code, int uid, String packageName, int mode) {
        if (Binder.getCallingPid() != Process.myPid()) {
            mContext.enforcePermission(android.Manifest.permission.UPDATE_APP_OPS_STATS,
                    Binder.getCallingPid(), Binder.getCallingUid(), null);
        }
        verifyIncomingOp(code);
        ArrayList repCbs = null;
        code = AppOpsManager.opToSwitch(code);
        synchronized (this) {
            Op op = getOpLocked(code, uid, packageName, true);
            if (op != null) {
                if (op.mode != mode) {
                /*这里设置mode*/
                    op.mode = mode;
                    ArrayList cbs = mOpModeWatchers.get(code);
                    if (cbs != null) {
                        if (repCbs == null) {
                            repCbs = new ArrayList();
                        }
                        repCbs.addAll(cbs);
                    }
                    cbs = mPackageModeWatchers.get(packageName);
                    if (cbs != null) {
                        if (repCbs == null) {
                            repCbs = new ArrayList();
                        }
                        repCbs.addAll(cbs);
                    }
                    if (mode == getDefaultMode(code, uid, packageName)) {
                        // If going into the default mode, prune this op
                        // if there is nothing else interesting in it.
                        /*如果这个mode是默认的mode,则在mUidOps中将该op删除*/
                        pruneOp(op, uid, packageName);
                    }
                    scheduleFastWriteLocked();
                }
            }
        }
        if (repCbs != null) {
            for (int i=0; itry {
                    repCbs.get(i).mCallback.opChanged(code, packageName);
                } catch (RemoteException e) {
                }
            }
        }
    }

你可能感兴趣的:(Android 5.1 AppOps总结)