Android 10 默认授权app运行时权限(去掉运行时权限授权弹窗)
问题现象
该窗口对应的包名如下
C:\Users\Android1>adb shell dumpsys window | findstr mCurrentFocus
mCurrentFocus=Window{35a20c5 u0 com.android.permissioncontroller/com.android.packageinstaller.permission.ui.ReviewPermissionsActivity}
Android 6.0以后由于系统运行安全的考虑,既然在AndroidManifest.xml需要申请权限,对于一些特殊权限需要在app运行时申请权限,并且会在app每次运行的时候弹出没有授权的授权框来然用户授权,PermissionManagerService.java就是负责对系统权限管理的服务
下面对PermissionManagerService.java源码进行分析
1、在PermissionManagerService.java文件中updatePermissions()方法中,系统开机起来后就会会更新应用的权限,就会调用该方法updatePermissions()
private void updatePermissions(String changingPkgName, PackageParser.Package changingPkg,
String replaceVolumeUuid, int flags, Collection<PackageParser.Package> allPackages,
PermissionCallback callback) {
// TODO: Most of the methods exposing BasePermission internals [source package name,
// etc..] shouldn't be needed. Instead, when we've parsed a permission that doesn't
// have package settings, we should make note of it elsewhere [map between
// source package name and BasePermission] and cycle through that here. Then we
// define a single method on BasePermission that takes a PackageSetting, changing
// package name and a package.
// NOTE: With this approach, we also don't need to tree trees differently than
// normal permissions. Today, we need two separate loops because these BasePermission
// objects are stored separately.
// Make sure there are no dangling permission trees.
flags = updatePermissionTrees(changingPkgName, changingPkg, flags);
Slog.i("wangqi", "updatePermissions(): changingPkgName " + changingPkgName);
// Make sure all dynamic permissions have been assigned to a package,
// and make sure there are no dangling permissions.
flags = updatePermissions(changingPkgName, changingPkg, flags, callback);
synchronized (mLock) {
if (mBackgroundPermissions == null) {
// Cache background -> foreground permission mapping.
// Only system declares background permissions, hence mapping does never change.
mBackgroundPermissions = new ArrayMap<>();
for (BasePermission bp : mSettings.getAllPermissionsLocked()) {
if (bp.perm != null && bp.perm.info != null
&& bp.perm.info.backgroundPermission != null) {
String fgPerm = bp.name;
String bgPerm = bp.perm.info.backgroundPermission;
List<String> fgPerms = mBackgroundPermissions.get(bgPerm);
if (fgPerms == null) {
fgPerms = new ArrayList<>();
mBackgroundPermissions.put(bgPerm, fgPerms);
}
fgPerms.add(fgPerm);
}
}
}
}
Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "restorePermissionState");
// Now update the permissions for all packages, in particular
// replace the granted permissions of the system packages.
if ((flags & UPDATE_PERMISSIONS_ALL) != 0) {
for (PackageParser.Package pkg : allPackages) {
if (pkg != changingPkg) {
// Only replace for packages on requested volume
final String volumeUuid = getVolumeUuidForPackage(pkg);
final boolean replace = ((flags & UPDATE_PERMISSIONS_REPLACE_ALL) != 0)
&& Objects.equals(replaceVolumeUuid, volumeUuid);
restorePermissionState(pkg, replace, changingPkgName, callback);
}
}
}
if (changingPkg != null) {
// Only replace for packages on requested volume
final String volumeUuid = getVolumeUuidForPackage(changingPkg);
final boolean replace = ((flags & UPDATE_PERMISSIONS_REPLACE_PKG) != 0)
&& Objects.equals(replaceVolumeUuid, volumeUuid);
restorePermissionState(changingPkg, replace, changingPkgName, callback);
}
Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);
}
2、在PermissionManagerService.java文件中updatePermissions()方法中会调用restorePermissionState()方法来开机默认给应用授权,
if ((flags & UPDATE_PERMISSIONS_ALL) != 0) {
for (PackageParser.Package pkg : allPackages) {
if (pkg != changingPkg) {
// Only replace for packages on requested volume
final String volumeUuid = getVolumeUuidForPackage(pkg);
final boolean replace = ((flags & UPDATE_PERMISSIONS_REPLACE_ALL) != 0)
&& Objects.equals(replaceVolumeUuid, volumeUuid);
restorePermissionState(pkg, replace, changingPkgName, callback);
}
}
会根据 int grant = GRANT_INSTALL;
而GRANT_INSTALL就是在安装apk时已经给予了所有申请权限,所以运行时给与权限改为安装时给予权限就可以了。
解决方案如下:
在PermissionManagerService.java文件中restorePermissionState方法中将应用权限设置为安装权限
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -1153,7 +1153,8 @@ public class PermissionManagerService {
if (bp.isNormal()) {
// For all apps normal permissions are install time ones.
grant = GRANT_INSTALL;
} else if (bp.isRuntime()) {
if (origPermissions.hasInstallPermission(bp.getName())
|| upgradedActivityRecognitionPermission != null) {
// Before Q we represented some runtime permissions as install permissions,
// in Q we cannot do this anymore. Hence upgrade them all.
grant = GRANT_UPGRADE;
} else {
// For modern apps keep runtime permissions unchanged.
+ //grant = GRANT_RUNTIME;
+ grant = GRANT_INSTALL;
}
} else if (bp.isSignature()) {
// For all apps signature permissions are install time ones.
// Before Q we represented some runtime permissions as install permissions,
// in Q we cannot do this anymore. Hence upgrade them all.
- grant = GRANT_UPGRADE;
+ grant = GRANT_INSTALL;
} else {
// For modern apps keep runtime permissions unchanged.
//grant = GRANT_RUNTIME;
@@ -1179,7 +1179,7 @@ public class PermissionManagerService {
// to the platform (note: need to only do this when
// updating the platform).
if (!isNewPlatformPermissionForPackage(perm, pkg)) {
- grant = GRANT_DENIED;
+ grant = GRANT_INSTALL;
}
}
}
先对如下权限进行说明GRANT_DENIED 、GRANT_INSTALL 、GRANT_INSTALL_LEGACY 、GRANT_RUNTIME 、GRANT_UPGRADE
GRANT_DENIED =1 ,不授予权限
GRANT_INSTALL = 2; 授予权限作为安装权限
GRANT_INSTALL_LEGACY = 3;授予作为一个旧的应用程序的安装权限的权限
GRANT_RUNTIME = 4; 授予运行运行时的权限
GRANT_UPGRADE = 5; 授予作为运行时一个被授予的权限,作为一个安装时间