如何在 Unity Android 中查找权限来源 [英] How to find source of a permission in Unity Android

问题描述

注意:这个问题是针对 Unity3D 的

Note: This question is specific to Unity3D

我在 Plugins/Android/ 文件夹下的 Unity 项目中有一个非常干净的 android 清单文件，根本没有 <uses-permissions/> 标签.我相信最终 APK 中的某些权限来自 Android 播放器设置，例如 READ_EXTERNAL_STORAGE.在我的 Gear VR 项目中，我看到在最终清单中添加了以下几行，可以在 Temp/StagingArea/ 中访问:

I have a very clean android manifest file in Unity project under Plugins/Android/ folder with no <uses-permissions/> tag at all. I believe that some permissions in final APK comes from Android Player Settings for-example READ_EXTERNAL_STORAGE. In my Gear VR project I see following lines added in final manifest which can be accessed in Temp/StagingArea/:

<uses-permission android:name="android.permission.RECORD_AUDIO" />
<uses-feature android:name="android.hardware.microphone" android:required="false" />

现在这肯定来自我项目中的一个插件(我有很多插件).

Now this is definitely coming from one of the plugins that I have in my project (I have many plugins).

我的应用被 Oculus 拒绝了

My app is getting rejected from Oculus saying

您的应用要求过多的用户权限以使用用户权限不当.

Your app is asking for excessive user permissions for using user permissions inappropriately.

我找到了一种解决方法 此处，但我不想做这样的事情，因为这可能会导致应用再次被拒绝.

I found a workaround here, but I dont want to do such a thing as this may result in app rejection once again.

所以

有什么方法可以让我知道这个权限是从哪里来的?

Is there a way I can find out that where this permission is coming from?

如何确定我的脚本中是否有一些代码导致 unity 包含此权限?

How to find out if there is some code in my scripts which causes unity to include this permission?

谢谢

推荐答案

Unity 将在构建期间为您动态添加权限，如 eriQue of Unity Technologies 这是为了防止代码故障和意外行为.

Unity will add permissions for you on the fly during build time as mentioned by eriQue of Unity Technologies this is to prevent malfunction of code, and unexpected behaviours.

您可以使用这样的工具 Apk-decompiler查看您的新清单，以及它使用的权限.基于此，您可以寻找可能触发这些权限的某些功能.

You could use a tool such as this Apk-decompiler to take a look at your new manifest, and which permissions this uses. Based on that you may look for certain functions that could trigger these permissions.

某些功能(例如 isGeniune)将需要多个权限，因为它将使用针对外部服务器的验证.

Certain functions such as isGeniune will require several permissions as it will use verification against an external server.

或者，您也可以替换反编译的 APK 中的清单，手动将清单更改为预期的清单，然后放弃.这是一些更繁重的工作，但如果适当的错误日志记录到位，它可能会加快跟踪有问题的功能的过程.

Alternatively you can also replace your manifest in the decompiled APK, manually change out the manifest with the one intended, and resign it. This is some more grunt work, but if proper error logging is in place it might speed up the process of tracking down the problematic functions.

更新

正如我在下面的评论中提到的.没有真正的方法来确定函数.但是快速检查清单不会有什么坏处，但需要一些工作

As I mentioned in the comments below as well. There is no real way to pinpoint functions. But a quick check list can not hurt, but will require some work

• 您是否使用任何外部服务?

很多外部服务，想想google、twitter、facebook api's 和工具需要额外的权限.通常这些与存储/网络相关，但根据工具/api 的目标，可能更多.

A lot of external services, think of google, twitter, facebook api's and tools require additional permissions. Usually these are storage/network related, but depending on the goals of the tool / api, it could be many more.

尝试使用和不使用工具/api 构建您的 APK，看看是否有任何差异.

Try building your APK with and without the tools/apis to see if there are any differences.

• 您在使用统一广告吗?

Unity 广告本身使用了 3 个权限，旧版本甚至可能仍然使用 5 个.如果您正在使用他们的广告，那么您将不得不将这些视为理所当然.

Unity ads makes use of 3 permissions by itself, and older versions might still even make use of 5. If you are using their ads, then you will have to take these for granted.

• 您是否禁用了统一统计?

有没有看过那些花哨的stats Unity 似乎能够提供?好吧，除非您禁用此功能，否则您很可能也会参与其中.

Ever looked at those fancy stats Unity seems to be able to provide? Well, unless you disabled this, you are most likely participating in this as well.

这些统计数据需要多个权限，因为将在硬件级别分析手机以及在提供的统计数据中查看.

These stats require several permissions, as the phone will be analysed on a hardware level as well as seen in the provided stats.

• 您是否真的在使用所有 api/工具/资产要求?

您可能已经包含了一些 api、工具或几乎任何来自外部方的 dll，这些 dll 可能包含也可能不包含需要依赖项的代码.通常情况下，那些不是 100% 净化的，并且可能包括与其功能或您需要的功能无关的权限要求.

You might have included some api's, tools or just about any dll from an external party that may or may not include code that requires dependencies. Just as often those are not 100% sanitized, and might include permission requirements not relevant to their functionality, or to the functionality that you require.

比如说，某些广告服务可能想要访问用户的麦克风.但由于您没有使用他们的OMG 语音响应分析"功能，因此您不需要此权限.

Say, some ad service might want to access a users microphone. But as you are not using their "OMG vocal response analyses" functions, this permission is not required for you.

这些权限可以手动删除，正如我之前在回答中所述.或者通过某种形式的自动化，例如后期构建标记编辑器脚本.

These permissions can either be removed manually, as I earlier described in my answer. Or through some form of automation such as the post build marked editor script.

问题具体:

RECORD_AUDIO 权限会进入 android 清单文件" rel="nofollow noreferrer">麦克风 库在项目的任何脚本中.脚本是否存在于场景中并不重要.在这种特定情况下，如果在项目中导入 Oculus Platform SDK(这是商店的要求)很少有使用 Microphone 库的脚本.因此，如果您不使用任何录音功能(例如语音输入)，只需删除 OculusPlatform/Scripts 下的以下文件:MicrophoneInput.cs、IMicrophone.cs、MicrophoneInputNative.cs

RECORD_AUDIO permission makes its way into android manifest file if there is a call to Microphone library in any of script in project. It doesn't matter if the script exists in scene or not. In this specific case, if Oculus Platform SDK is imported in project (which is a store requirement) there are few scripts which uses Microphone library. So if you don't use any audio recording feature e.g voice input, just remove the following files under OculusPlatform/Scripts: MicrophoneInput.cs, IMicrophone.cs, MicrophoneInputNative.cs

这篇关于如何在 Unity Android 中查找权限来源的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！