Android 系统权限----系统默认授权

授权方式比较多根据需要进行修改：

1、安装应用时默认授权

应用安装过程中，系统会检查应用申请的各个权限情况，针对安装时权限和运行时权限分别记录。我们可以修改将运行权限也默认授予。代码如下

//frameworks/base/services/core/java/com/android/server/pm/permission/PermissionManagerService.java

    private void restorePermissionState(@NonNull AndroidPackage pkg, boolean replace,
            @Nullable String packageOfInterest, @Nullable PermissionCallback callback) {

... ...

                final String perm = bp.getName();
                boolean allowedSig = false;
                int grant = GRANT_DENIED;

                // Keep track of app op permissions.
                if (bp.isAppOp()) {
                    mSettings.addAppOpPackage(perm, pkg.getPackageName());
                }
//可以根据指定包名，将所有权限都判为安装时权限，自动授权
                if ("com.xxxx.xxxx".equals(pkg.getPackageName())) {
                    grant = GRANT_INSTALL;
                } else if (bp.isNormal()) {
//END
                    // For all apps normal permissions are install time ones.
                    grant = GRANT_INSTALL;
                } else if (bp.isRuntime()) {
                    if (origPermissions.hasInstallPermission(bp.getName())
                            || upgradedActivityRecognitionPermission != null) {
                        // Before Q we represented some runtime permissions as install permissions,
                        // in Q we cannot do this anymore. Hence upgrade them all.
                        grant = GRANT_UPGRADE;
                    } else {
                        // For modern apps keep runtime permissions unchanged.
                        grant = GRANT_RUNTIME;
                    }
                } else if (bp.isSignature()) {
                    // For all apps signature permissions are install time ones.
                    allowedSig = grantSignaturePermission(perm, pkg, ps, bp, origPermissions);
                    if (allowedSig) {
                        grant = GRANT_INSTALL;
                    }
                }

2、应用已安装打开时默认授权

在打开应用时如果有动态检测授权，会弹出授权提示框，弹出框对应的就是系统的权限管理窗口，可以默认在创建窗口时就自动授权然后隐藏弹窗，不用用户感知到。

//PackageInstaller/src/com/android/packageinstaller/permission/ui/GrantPermissionsActivity.java

    private String mCallingPackage;

    private int getPermissionPolicy() {
        DevicePolicyManager devicePolicyManager = getSystemService(DevicePolicyManager.class);
//默认返回 PERMISSION_POLICY_AUTO_GRANT Activity oncreate过程检测时会自动授权并退出弹框界面，不让用户感知到
        return DevicePolicyManager.PERMISSION_POLICY_AUTO_GRANT;
    }

    @Override
    public void onCreate(Bundle icicle) {

3、系统app 预置编译时授权

在预置的 Android.bp 文件中增加权限xml编译，注意 prebuilt_etc 中 name 格式

prebuilt_etc {
    name:privapp_allowlist_com.example.myvoicecontrol",
    sub_dir: "permissions",
    src: "com.example.myvoicecontrol.xml",
    filename_from_src: true,
}

android_app {
     ...
     required: ["privapp_allowlist_com.example.myvoicecontrol"],
     ...
}

对应的 com.example.myvoicecontrol.xml 中填写需要的权限

<?xml version="1.0" encoding="utf-8"?>
<permissions>
    <privapp-permissions package="com.android.car.voicecontrol">
        <permission name="android.permission.MEDIA_CONTENT_CONTROL"/>
    </privapp-permissions>
</permissions>

 这样编译出来的应用就有了对应权限，而且不能被用户手动修改

4、系统 app 预置系统中默认授权

开机第一次时系统加载部分模块时默认会授权部分权限

//frameworks/base/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java

    private void grantDefaultSystemHandlerPermissions(PackageManagerWrapper pm, int userId) {
        Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);
... ...
//以系统SMS为例，根据短信包名进行设置权限
        // SMS
        if (smsAppPackageNames == null) {
            String smsPackage = getDefaultSystemHandlerActivityPackageForCategory(pm,
                    Intent.CATEGORY_APP_MESSAGING, userId);
            grantDefaultPermissionsToDefaultSystemSmsApp(pm, smsPackage, userId);
        } else {
            for (String smsPackage : smsAppPackageNames) {
                grantDefaultPermissionsToDefaultSystemSmsApp(pm, smsPackage, userId);
            }
        }

... ...

注意：针对MSM Dialer等必备功能应用，都有个提供用户选择的弹框设置默认应用，例如默认短信、默认电话应用等。此类应用在安装完成后，会执行 PermissionController 模块的 onAddRoleHolder 相关流程，设置为系统默认应用。应用为系统默认应用时，系统也会提供给他此类应用的基础权限，比如短信应用，会授予它短信类基础权限。

    @WorkerThread
    private boolean addRoleHolderInternal(@NonNull Role role, @NonNull String packageName,
            boolean dontKillApp, boolean overrideUserSetAndFixedPermissions, boolean added) {
//这里会默认授予设置各类默认应用的基础相关权限
        role.grant(packageName, dontKillApp, overrideUserSetAndFixedPermissions, this);
        String roleName = role.getName();
        if (!added) {
            added = mRoleManager.addRoleHolderFromController(roleName, packageName);
        }
        if (!added) {
            Log.e(LOG_TAG, "Failed to add role holder in RoleManager, package: " + packageName
                    + ", role: " + roleName);
        }
        return added;
    }

所以对短信等各类系统默认应用来说，开机时候实际执行两遍权限授予。

原文地址：https://blog.csdn.net/tq501501/article/details/140667234

免责声明：本站文章内容转载自网络资源，如本站内容侵犯了原著者的合法权益，可联系本站删除。更多内容请关注自学内容网（zxcms.com）！