安卓4.4特殊权限授权机制

如下代码见PackageManagerService.java:

private void grantPermissionsLPw(PackageParser.Package pkg, boolean replace) {
        final PackageSetting ps = (PackageSetting) pkg.mExtras;
        if (ps == null) {
            return;
        }
        final GrantedPermissions gp = ps.sharedUser != null ? ps.sharedUser : ps;
        HashSet origPermissions = gp.grantedPermissions;
        boolean changedPermission = false;

        if (replace) {
            ps.permissionsFixed = false;
            if (gp == ps) {
                origPermissions = new HashSet(gp.grantedPermissions);
                gp.grantedPermissions.clear();
                gp.gids = mGlobalGids;
            }
        }

        if (gp.gids == null) {
            gp.gids = mGlobalGids;
        }
        //获取需要授权的权限列表
        final int N = pkg.requestedPermissions.size();
        for (int i=0; i

另外一个重要方法为:

    private boolean grantSignaturePermission(String perm, PackageParser.Package pkg,
                                          BasePermission bp, HashSet origPermissions) {
        boolean allowed;
        //我用自定义签名的apk申请android.permission.INSTALL_PACKAGES,则签名比较是返回为false
        allowed = (compareSignatures(
                bp.packageSetting.signatures.mSignatures, pkg.mSignatures)
                        == PackageManager.SIGNATURE_MATCH)
                || (compareSignatures(mPlatformPackage.mSignatures, pkg.mSignatures)
                        == PackageManager.SIGNATURE_MATCH);
        Log.d("PM_DEBUG","allowed1 is " + allowed + " for pkg " + pkg.packageName + " permission is " + perm);
        //自定义签名apk申请会接着进入下述case
        //因为level = bp.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE = bp.protectionLevel & 0xf
        //所以bp.protectionLevel = 0x0010 
        //PermissionInfo.PROTECTION_FLAG_SYSTEM = 0x10
        if (!allowed && (bp.protectionLevel
                & PermissionInfo.PROTECTION_FLAG_SYSTEM) != 0) {
            //如果是系统APK判断之前是否有授权
            if (isSystemApp(pkg)) {
                // For updated system applications, a system permission
                // is granted only if it had been defined by the original application.
                //如果是升级后的系统APK
                if (isUpdatedSystemApp(pkg)) {
                    final PackageSetting sysPs = mSettings
                            .getDisabledSystemPkgLPr(pkg.packageName);
                    final GrantedPermissions origGp = sysPs.sharedUser != null
                            ? sysPs.sharedUser : sysPs;
                    //判断之前是否有授权
                    if (origGp.grantedPermissions.contains(perm)) {
                        // If the original was granted this permission, we take
                        // that grant decision as read and propagate it to the
                        // update.
                        allowed = true;
                        Log.d("PM_DEBUG","allowed2 is " + allowed + " for pkg " + pkg.packageName + " permission is " + perm);
                    } else {
                        // The system apk may have been updated with an older
                        // version of the one on the data partition, but which
                        // granted a new system permission that it didn't have
                        // before.  In this case we do want to allow the app to
                        // now get the new permission if the ancestral apk is
                        // privileged to get it.
                        // 若之前无授权则进一步判断是否有特权
                        ////isSystemApp包含system/app 和 system/priv-app 目录下面的APK
                        if (sysPs.pkg != null && sysPs.isPrivileged()) {
                            //有特权则判断之前是否有授权
                            for (int j=0;
                                    j

以上,当我们的apk需要特殊权限时如:android.permission.INSTALL_PACKAGES时可以将其放置在
system/priv-app 目录下即可绕过系统签名的限制。
其他的权限我们在grantSignaturePermission函数中做一些workaround也可以绕过签名的限制。

你可能感兴趣的:(安卓4.4特殊权限授权机制)