permission ：protectionLevel 默认权限

 

data/system/users/0/runtime-permissions.xml

 

android/frameworks/base/core/res/AndroidManifest.xml

android:protectionLevel="dangerous"

 

dangerous : 代表只能由用户手动授予其权限

 

 

android/frameworks/base/services/core/java/com/android/server/pm/Settings.java:168:    private static final String RUNTIME_PERMISSIONS_FILE_NAME = "runtime-permissions.xml";

 

writePermissionsSync(){

}

public void readStateForUserSyncLPr(int userId) {

}

public void deleteUserRuntimePermissionsFile(int userId) {
        getUserRuntimePermissionsFile(userId).delete();
}

 

/data/system/users/0/

app_idle_stats.xml       registered_services     settings_secure.xml
appwidgets.xml           runtime-permissions.xml settings_system.xml
package-restrictions.xml settings_global.xml     wallpaper_info.xml

 

Activity.java

    public final void requestPermissions(@NonNull String[] permissions, int requestCode) 

PackageManager.java

Intent intent = new Intent(ACTION_REQUEST_PERMISSIONS)

 

                        android:configChanges="orientation|keyboardHidden|screenSize"
                android:excludeFromRecents="true"
                android:theme="@style/GrantPermissions">
           
               
               
           
       

 

com.google.android.packageinstaller/com.android.packageinstaller.permission.ui.GrantPermissionsActivity

com.android.packageinstaller/com.android.packageinstaller.permission.ui.GrantPermissionsActivity

 

PackageManagerService.java

public void systemReady() {

        // If we upgraded grant all default permissions before kicking off.
        for (int userId : grantPermissionsUserIds) {
            mDefaultPermissionPolicy.grantDefaultPermissions(userId);
        }

}

 

DefaultPermissionGrantPolicy.java

public void grantDefaultPermissions(int userId) {
        grantPermissionsToSysComponentsAndPrivApps(userId);
        grantDefaultSystemHandlerPermissions(userId);
        grantDefaultPermissionExceptions(userId);
    }

 

 

 

grantDefaultSystemHandlerPermissions()

grantRuntimePermissionsLPw(){

  mService.grantRuntimePermission(pkg.packageName, permission, userId);

 mService.updatePermissionFlags(permission, pkg.packageName,newFlags, newFlags, userId);

}

 

 

PackageManagerService.java

grantRuntimePermission()

updatePermissionFlags(){

// Install and runtime permissions are stored in different places,
// so figure out what permission changed and persist the change.

if (permissionsState.getInstallPermissionState(name) != null) {
                    scheduleWriteSettingsLocked();
                } else if (permissionsState.getRuntimePermissionState(name, userId) != null
                        || hadState) {
                    mSettings.writeRuntimePermissionsForUserLPr(userId, false);
                }

}

 

android/frameworks/base/services/core/java/com/android/server/pm/Settings.java

 

// /data/system/users/0/runtime-permissions.xml

//动态的 android:protectionLevel="dangerous"

 public void writeRuntimePermissionsForUserLPr(int userId, boolean sync) {
        if (sync) {
            mRuntimePermissionsPersistence.writePermissionsForUserSyncLPr(userId);
        } else {
            mRuntimePermissionsPersistence.writePermissionsForUserAsyncLPr(userId);
        }
    }

 

// /data/system/packages.xml 

//静态的 android:protectionLevel="normal"

void writeLPr() {

  

}

 

----------------------------------------

DefaultPermissionGrantPolicy.java

 

// 根据intent 查找特定的 packages（应用）

PackageParser.Package = getDefaultSystemHandlerActivityPackageLPr(Intent, userId)

getDefaultProviderAuthorityPackageLPr()

getHeadlessSyncAdapterPackagesLPr()

getDefaultSystemHandlerServicePackageLPr()

 

// 从activity 申请单个package的权限

 

grantRuntimePermission(String packageName, String name, final int userId) {}

 

/**
 * Parser for package files (APKs) on disk. This supports apps packaged either
 * as a single "monolithic" APK, or apps packaged as a "cluster" of multiple
 * APKs in a single directory.
 *

 * Apps packaged as multiple APKs always consist of a single "base" APK (with a
 * {@code null} split name) and zero or more "split" APKs (with unique split
 * names). Any subset of those split APKs are a valid install, as long as the
 * following constraints are met:
 *

 *
• All APKs must have the exact same package name, version code, and signing
   * certificates.
   *
• All APKs must have unique split names.
   *
• All installations must contain a single base APK.
   *

 *
 * @hide
 */
public class PackageParser {}

 

/**
 * This class encapsulates the permissions for a package or a shared user.
 *

 * There are two types of permissions: install (granted at installation)
 * and runtime (granted at runtime). Install permissions are granted to
 * all device users while runtime permissions are granted explicitly to
 * specific users.
 *

 *

 * The permissions are kept on a per device user basis. For example, an
 * application may have some runtime permissions granted under the device
 * owner but not granted under the secondary user.
 *

 * This class is also responsible for keeping track of the Linux gids per
 * user for a package or a shared user. The gids are computed as a set of
 * the gids for all granted permissions' gids on a per user basis.
 *

 */
public final class PermissionsState {}

 

/**
 * Settings data for a particular package we know about.
 */
final class PackageSetting extends PackageSettingBase {}

 

 

 

02-20 08:52:29.423  4509  4509 I DefaultPermGrantPolicy: Granting permissions to platform components for user 0
02-20 08:52:29.741  4509  4509 I DefaultPermGrantPolicy: Granting permissions to default platform handlers for user 0
02-20 08:52:30.617  4509  4509 D DefaultPermGrantPolicy: salesTrackerPckg=:com.xxx.salestracker,service=[Service{ebf1f2e com.xxx.salestracker/.SalesTrackerService}]
02-20 08:52:35.906  4509  4509 I DefaultPermGrantPolicy: Granting permissions to default dialer app for user:0

02-20 08:52:41.197  4509  4509 I DefaultPermGrantPolicy: Granting permissions to default sms app for user:0