系统应用程序的Android运行时权限 [英] Android runtime permission for system apps

问题描述

有关Android运行时权限的问题. AFAIK，Android在运行时授予危险权限.我重置了手机，然后通过adb pull/data/system/users/0/runtime-permissions.xml，我发现android.ui.system已经授予了许多危险的权限.谁能告诉我它是怎么做的?

解决方案

插入 AndroidManifest.xml 来自AOSP，其中为系统组件编写了所有类型的必需权限.

对于第三方应用程序，当用户授予任何运行时权限时，它将添加到文件/data/system/users/0/runtime-permissions.xml中.当用户从任何第三方应用程序撤消该权限时，该权限将从文件中删除.在完全恢复出厂设置的情况下，随着/data/system/users/0/runtime-permissions.xml被删除(数据分区擦除)，所有第三方应用程序的运行时权限都将被删除.

但是即使在恢复出厂设置后，/data/system/users/0/runtime-permissions.xml仍包含系统应用程序的运行时权限(甚至是危险的权限)，请参阅默认权限:看看DefaultPermissionPolicy是如何触发的

如果您看到 DefaultPermissionPolicy的实现， 包含所有相关方法，可为加载所有类型的权限 系统组件.

特别是DefaultPermissionPolicy.grantDefaultPermissions() 内部通话

grantDefaultSystemHandlerPermissions(userId);

，它在内部调用grantRuntimePermissionsLPw()， 解决方案

The mechanism to insert dangerous runtime permissions into the /data/system/users/0/runtime-permissions.xml file via a user-confirmed dialog applies only to third party applications, and is not relevant for built-in applications.

For built-in/system applications and framework components, all permissions are granted by default when a new user is created or when the device boots and a systemReady event is fired.

You can see the AndroidManifest.xml from AOSP, where all types of required permissions are written for system components.

For third party apps, when the user grants any runtime permission, it gets added into the file /data/system/users/0/runtime-permissions.xml. The permission gets removed from the file when the user revokes it from any third party app. In the case of a full factory reset, runtime permissions of all third party apps are removed, as /data/system/users/0/runtime-permissions.xml gets deleted (data partition wipe).

But even after a factory reset, /data/system/users/0/runtime-permissions.xml contains runtime permissions (even dangerous ones) for system apps, see the default permissions: runtime-permissions.xml.

And it happens because:

All the default permissions are granted from PackageManagerService, via these two methods:

newUserCreated() //this get called when new user is created   
systemReady() //this get called when device is booted

and the above methods internally invoke:

DefaultPermissionPolicy.grantDefaultPermissions();

Have a look at How DefaultPermissionPolicy triggers

And if you see DefaultPermissionPolicy's implementation, it contains all the relevant method to load all type of permissions for System components.

Specifically DefaultPermissionPolicy.grantDefaultPermissions() internally calls

grantPermissionsToSysComponentsAndPrivApps(userId); grantDefaultSystemHandlerPermissions(userId);

and it internally invokes grantRuntimePermissionsLPw(), which performs all the remaining work.

这篇关于系统应用程序的Android运行时权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！