系统应用程序的 Android 运行时权限 [英] Android runtime permission for system apps
问题描述
关于 Android 运行时权限的问题.AFAIK,android 在运行时授予危险权限.我重置了我的手机,然后adb pull/data/system/users/0/runtime-permissions.xml,我发现android.ui.system已经授予了很多危险的权限.谁能告诉我它是怎么做的?
Question about Android runtime permissions. AFAIK, android grant dangerous permission at runtime. I reset my phone, then adb pull /data/system/users/0/runtime-permissions.xml, I found android.ui.system has already granted many dangerous permissions. can anybody tell me how it does?
推荐答案
插入机制 危险的运行时权限 通过用户确认对话框进入 /data/system/users/0/runtime-permissions.xml
文件仅适用于第三方应用程序,与此无关用于内置应用程序.
The mechanism to insert dangerous runtime permissions into the /data/system/users/0/runtime-permissions.xml
file via a user-confirmed dialog applies only to third party applications, and is not relevant for built-in applications.
对于内置/系统应用程序和框架组件,所有默认情况下授予权限创建新用户或当设备启动并触发 systemReady
事件时.
For built-in/system applications and framework components, all permissions are granted by default when a new user is created or when the device boots and a
systemReady
event is fired.
您可以看到AndroidManifest.xml 来自 AOSP,其中为系统组件编写了所有类型的必需权限.
You can see the AndroidManifest.xml from AOSP, where all types of required permissions are written for system components.
对于第三方应用程序,当用户授予任何运行时权限时,它会被添加到文件 /data/system/users/0/runtime-permissions.xml
中.当用户从任何第三方应用程序中撤消该权限时,该权限将从文件中删除.在完全恢复出厂设置的情况下,所有第三方应用的运行时权限都会被删除,因为 /data/system/users/0/runtime-permissions.xml
被删除(数据分区擦除).
For third party apps, when the user grants any runtime permission, it gets added into the file /data/system/users/0/runtime-permissions.xml
. The permission gets removed from the file when the user revokes it from any third party app. In the case of a full factory reset, runtime permissions of all third party apps are removed, as /data/system/users/0/runtime-permissions.xml
gets deleted (data partition wipe).
但即使在恢复出厂设置后,/data/system/users/0/runtime-permissions.xml
包含系统应用程序的运行时权限(甚至是危险的),请参阅默认权限:
But even after a factory reset, /data/system/users/0/runtime-permissions.xml
contains runtime permissions (even dangerous ones) for system apps, see the default permissions: runtime-permissions.xml.
这是因为:
所有默认权限都是从PackageManagerService
,通过这两个方法:
All the default permissions are granted from
PackageManagerService
, via these two methods:
newUserCreated() //this get called when new user is created
systemReady() //this get called when device is booted
和上面的方法内部调用:
and the above methods internally invoke:
DefaultPermissionPolicy.grantDefaultPermissions();
看看 DefaultPermissionPolicy 如何触发
如果你看到 DefaultPermissionPolicy 的实现,它包含加载所有类型权限的所有相关方法系统组件.
And if you see DefaultPermissionPolicy's implementation, it contains all the relevant method to load all type of permissions for System components.
特别是DefaultPermissionPolicy.grantDefaultPermissions()
内部调用
grantPermissionsToSysComponentsAndPrivApps(userId);grantDefaultSystemHandlerPermissions(userId);
并且它在内部调用 grantRuntimePermissionsLPw()
、其中执行所有剩余的工作.
这篇关于系统应用程序的 Android 运行时权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!