Android通过反射获取和回收运行时权限—调用grantRuntimePermission和revokeRuntimePermission方法

本文转载:https://www.jianshu.com/p/59d542f4b03b

需要实现Android应用权限管理()

需求:不需要用户点击允许按钮直接获取READ_PHONE_STATE等权限
分析:因为用户可以在手机中通过打开设置-应用-选择具体应用-权限界面,手动打开用户所需要的权限(界面效果如图),我就想我怎么样可以在代码中模拟点击按钮打开权限的操作,于是我就去查看源码。

Android通过反射获取和回收运行时权限—调用grantRuntimePermission和revokeRuntimePermission方法_第1张图片

image.png


第一步:通过adb shell dumpsys activity | grep "mFocusedActivity"命令,我们可以发现当前页面是com.android.packageinstaller/.permission.ui.ManagePermissionsActivity,于是我就去google下载了packagerinstaller的apk,找到了ManagePermissionActivity的源码,然后发现activity中添加的是AppPermissionsFragment

image.png

//AppPermissionsFragment源码
@Override
public boolean onPreferenceChange(final Preference preference, Object newValue) {
    String groupName = preference.getKey();
    final AppPermissionGroup group = mAppPermissions.getPermissionGroup(groupName);

    if (group == null) {
        return false;
    }

    addToggledGroup(group);

    if (LocationUtils.isLocationGroupAndProvider(group.getName(), group.getApp().packageName)) {
        LocationUtils.showLocationDialog(getContext(), mAppPermissions.getAppLabel());
        return false;
    }
    if (newValue == Boolean.TRUE) {
        group.grantRuntimePermissions(false);
    } else {
        final boolean grantedByDefault = group.hasGrantedByDefaultPermission();
        if (grantedByDefault || (!group.hasRuntimePermission() && !mHasConfirmedRevoke)) {
            new AlertDialog.Builder(getContext())
                    .setMessage(grantedByDefault ? R.string.system_warning
                            : R.string.old_sdk_deny_warning)
                    .setNegativeButton(R.string.cancel, null)
                    .setPositiveButton(R.string.grant_dialog_button_deny_anyway,
                            new OnClickListener() {
                        @Override
                        public void onClick(DialogInterface dialog, int which) {
                            ((SwitchPreference) preference).setChecked(false);
                            group.revokeRuntimePermissions(false);
                            if (!grantedByDefault) {
                                mHasConfirmedRevoke = true;
                            }
                        }
                    })
                    .show();
            return false;
        } else {
            group.revokeRuntimePermissions(false);
        }
    }

    return true;
}

第二步:通过查看AppPermissionsFragment源码,我们发现调用的是group.grantRuntimePermissions(false)和 group.revokeRuntimePermissions(false),group是AppPermissionGroup,发现在AppPermissionGroup最后调用的就是PackageManager的grantRuntimePermission((以grantRuntimePermissions分析))。

//AppPermissionGroup源码
public boolean grantRuntimePermissions(boolean fixedByTheUser, String[] filterPermissions) {
        final int uid = mPackageInfo.applicationInfo.uid;

        // We toggle permissions only to apps that support runtime
        // permissions, otherwise we toggle the app op corresponding
        // to the permission if the permission is granted to the app.
        for (Permission permission : mPermissions.values()) {
            if (filterPermissions != null
                    && !ArrayUtils.contains(filterPermissions, permission.getName())) {
                continue;
            }

            if (mAppSupportsRuntimePermissions) {
                // Do not touch permissions fixed by the system.
                if (permission.isSystemFixed()) {
                    return false;
                }

                // Ensure the permission app op enabled before the permission grant.
                if (permission.hasAppOp() && !permission.isAppOpAllowed()) {
                    permission.setAppOpAllowed(true);
                    mAppOps.setUidMode(permission.getAppOp(), uid, AppOpsManager.MODE_ALLOWED);
                }

                // Grant the permission if needed.
                if (!permission.isGranted()) {
                    permission.setGranted(true);
                    mPackageManager.grantRuntimePermission(mPackageInfo.packageName,
                            permission.getName(), mUserHandle);
                }

                // Update the permission flags.
                if (!fixedByTheUser) {
                    // Now the apps can ask for the permission as the user
                    // no longer has it fixed in a denied state.
                    if (permission.isUserFixed() || permission.isUserSet()) {
                        permission.setUserFixed(false);
                        permission.setUserSet(false);
                        mPackageManager.updatePermissionFlags(permission.getName(),
                                mPackageInfo.packageName,
                                PackageManager.FLAG_PERMISSION_USER_FIXED
                                        | PackageManager.FLAG_PERMISSION_USER_SET,
                                0, mUserHandle);
                    }
                }
            } else {
                // Legacy apps cannot have a not granted permission but just in case.
                if (!permission.isGranted()) {
                    continue;
                }

                int killUid = -1;
                int mask = 0;

                // If the permissions has no corresponding app op, then it is a
                // third-party one and we do not offer toggling of such permissions.
                if (permission.hasAppOp()) {
                    if (!permission.isAppOpAllowed()) {
                        permission.setAppOpAllowed(true);
                        // Enable the app op.
                        mAppOps.setUidMode(permission.getAppOp(), uid, AppOpsManager.MODE_ALLOWED);

                        // Legacy apps do not know that they have to retry access to a
                        // resource due to changes in runtime permissions (app ops in this
                        // case). Therefore, we restart them on app op change, so they
                        // can pick up the change.
                        killUid = uid;
                    }

                    // Mark that the permission should not be be granted on upgrade
                    // when the app begins supporting runtime permissions.
                    if (permission.shouldRevokeOnUpgrade()) {
                        permission.setRevokeOnUpgrade(false);
                        mask |= PackageManager.FLAG_PERMISSION_REVOKE_ON_UPGRADE;
                    }
                }

                if (mask != 0) {
                    mPackageManager.updatePermissionFlags(permission.getName(),
                            mPackageInfo.packageName, mask, 0, mUserHandle);
                }

                if (killUid != -1) {
                    mActivityManager.killUid(uid, KILL_REASON_APP_OP_CHANGE);
                }
            }
        }

        return true;
    }

第三步:android 7上查看PackageManager源码

 @SystemApi
public abstract void grantRuntimePermission(@NonNull String packageName,
            @NonNull String permissionName, @NonNull UserHandle user);

@SystemApi
public abstract void revokeRuntimePermission(@NonNull String packageName,
            @NonNull String permissionName, @NonNull UserHandle user);

第四步:通过源码我们可以看到PM中的grant和revoke方法都是系统方法。调用grant和revoke需要系统权限,调用方法如下:

if (para != null) {
    try {
        String pkg = para.getString(KEY_PKG_NAME);
        String permissionName = para.getString(PERMISSION_NAME);
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
            PackageManager packageManager = mContext.getPackageManager();
            Method method = packageManager.getClass().getDeclaredMethod("grantRuntimePermission", String.class, String.class, UserHandle.class);
            method.setAccessible(true);
            method.invoke(packageManager, pkg, permissionName, Process.myUserHandle());
        } else {
            LogUtils.e(TAG, "android os version is too low");
        }

    } catch (Exception e) {
        LogUtils.e(TAG, "error when SERVICE_EXTENDED_API_SET_NOTICICATION_OBSERVIER");
        e.printStackTrace();
    }
}

注意:在grantRuntimePermission的时候,permissionName传值如果是Manifest.permission.READ_PHONE_STATE是可以的,但是revokeRuntimePermission的时候permissionName必须是android.permission.READ_PHONE_STATE,当执行revokeRuntimePermission的时候,被回收权限的应用会直接退出,如log所示03-30 06:57:46.585 1418-2509/system_process I/ActivityManager: Killing 4179:com.xxxxxxx.xxxxxxxx/u0a102 (adj 0): permissions revoked

注意:在grantRuntimePermission的时候,permissionName传值如果是Manifest.permission.READ_PHONE_STATE是可以的,但是revokeRuntimePermission的时候permissionName必须是android.permission.READ_PHONE_STATE,当执行revokeRuntimePermission的时候,被回收权限的应用会直接退出,如log所示03-30 06:57:46.585 1418-2509/system_process I/ActivityManager: Killing 4179:com.xxxxxxx.xxxxxxxx/u0a102 (adj 0): permissions revoked

你可能感兴趣的:(Android开发)