Privileged Permission开机授权时序图 | SourceCode:android-10.0.0_r36 | Author:秋城 | v1.1SystemServerSystemServerSystemServerInitThreadPoolSystemServerInitThreadPoolSystemConfigSystemConfigPackageManagerServicePackageManagerServicePermissionManagerServicePermissionManagerServicePermissionSettingsPermissionSettingsParallelPackageParserParallelPackageParserPackageParserPackageParserPackageParser.PackagePackageParser.PackagePermissionManagerService.PermissionManagerServiceInternalImplPermissionManagerService.PermissionManagerServiceInternalImpl1main()2run()3startBootstrapServices()↓Step 读取配置好的特权白名单4get.submit(SystemConfig::getInstance, TAG_SYSTEM_CONFIG)5getInstance()6new SystemConfig()读取配置好的特权白名单到内存。涉及7个路径下/xxx/etc/permissions/*xml文件过滤标签“privapp-permissions”中“许可”:"permission"与“拒绝”:"deny-permission"路径定义在Environment.javaENV_ANDROID_ROOT, "/system"ENV_OEM_ROOT, "/oem"ENV_ODM_ROOT, "/odm"Environment.getOdmDirectory(), "etc", "permissions",skuDirENV_VENDOR_ROOT, "/vendor"ENV_PRODUCT_ROOT, "/product"ENV_PRODUCT_SERVICES_ROOT,"/product_services"7readPermissions()8readPermissionsFromXml()9readPermission()10readPrivAppPermissions(parser,mPrivAppPermissions,mPrivAppDenyPermissions)private void readPrivAppPermissions(XmlPullParser parser,ArrayMap<String, ArraySet<String>>grantMap,ArrayMap<String, ArraySet<String>>denyMap)while (XmlUtils.nextElementWithin(parser, depth)) {String name = parser.getName();if ("permission".equals(name)) {String permName = parser.getAttributeValue(null, "name");permissions.add(permName);} else if ("deny-permission".equals(name)) {String permName = parser.getAttributeValue(null, "name");denyPermissions.add(permName);}}grantMap.put(packageName,permissions);denyMap.put(packageName,denyPermissions);↓Step 读取"privileged"权限定义11main(mSystemContext, installer,<factoryTest>, mOnlyCore)12new PackageManagerService(context, installer,factoryTest, onlyCore)13create(context,mPackages /*externalLock*/)14new PermissionManagerService()15new PermissionSettings()16mSettingsAll of the permissions known to the system.系统中所有通过<permission>标签声明的权限(FrameWork及App定义的权限都在这个map中存储)public class PermissionSettings {final ArrayMap<String, BasePermission>mPermissions=new ArrayMap<String, BasePermission>();}17scanDirTracedLI(frameworkDir,...)扫描/system/framework/目录的apk,其中我们的privileged权限定义在system/framework/framework-res.apk中代码是frameworks/base/core/res/AndroidManifest.xml文件的<permission>标签其中protectionLevel="signature|privileged"是特权标志,共216个$ ag android:protectionLevel=signature|privileged frameworks/base/core/res/AndroidManifest.xml |wc -l216例如重启权限:3714 <!-- Required to be able to reboot the device.3715 <p>Not for use by third-party applications. -->3716 <permission android:name="android.permission.REBOOT"3717 android:protectionLevel="signature|privileged" />18scanDirLI()19submit()20parsePackage()21parsePackage(scanFile, parseFlags, true /* useCaches */)此处关注解析单个apk,parseMonolithicPackage()方法其实parseClusterPackage内部也是遍历来调parseMonolithicPackagepublic Package parsePackage(File packageFile, int flags, boolean useCaches){Package parsed = useCaches ? getCachedResult(packageFile, flags) : null;if (packageFile.isDirectory()) {parsed = parseClusterPackage(packageFile, flags);} else {parsed = parseMonolithicPackage(packageFile, flags);}return parsed;}22parseMonolithicPackage()23parseBaseApk(,,)24parseBaseApk(,,,)25new Package(pkgName)26pkg27parseBaseApkCommon(pkg,,,,,)读取整个AndroidManifest.xml,此处关注<permission>:权限定义标签} else if (tagName.equals(TAG_PERMISSION)) {if (!parsePermission(pkg, res, parser, outError)) {return null;}} else if ...28parsePermission(pkg,,,)private boolean parsePermission(Package owner, Resources res,XmlResourceParser parser, String[] outError)TypedArray sa = res.obtainAttributes(parser,com.android.internal.R.styleable.AndroidManifestPermission);Permission perm = newPermission(owner, backgroundPermission);perm.info.protectionLevel= sa.getInt(com.android.internal.R.styleable.AndroidManifestPermission_protectionLevel,PermissionInfo.PROTECTION_NORMAL);owner.permissions.add(perm);frameworks/base/core/java/android/content/pm/PackageParser.javapublic final static classPermissionextends Component<IntentInfo>implements Parcelable {public finalPermissionInfoinfo;}frameworks/base/core/java/android/content/pm/PermissionInfo.javapublic classPermissionInfoextends PackageItemInfoimplements Parcelable {public intprotectionLevel;}frameworks/base/core/java/android/content/pm/PackageParser.javaPackageParser$Package代表内存中安装后apk每个apk声明的权限都存放在其permissions这个ArrayList中public final static class Package implements Parcelable {public final ArrayList<Permission>permissions= new ArrayList<Permission>(0);}多线程并发扫描安装apk。并发解析工具类:ParallelPackageParser.java入队出队方法:submit/take// Submit files for parsing in parallelint fileCount = 0;for (File file : files) {...parallelPackageParser.submit(file, parseFlags);fileCount++;}// Process results one by onefor (; fileCount > 0; fileCount--) {ParallelPackageParser.ParseResult parseResult = parallelPackageParser.take();...}29scanPackageChildLI(,,,,)30addForInitLI(,,,,)31commitReconciledScanResultLocked()32commitPackageSettings(,,,,,)33addAllPermissions(,)34addAllPermissions(,)private void addAllPermissions(PackageParser.Package pkg, boolean chatty) {final int N = pkg.permissions.size();for (int i=0; i<N; i++) {PackageParser.Permission p = pkg.permissions.get(i);...final BasePermission bp = BasePermission.createOrUpdate(mSettings.getPermissionLocked(p.info.name),p, pkg, mSettings.getAllPermissionTreesLocked(), chatty);mSettings.putPermissionLocked(p.info.name, bp);...35putPermissionLocked(,)@GuardedBy("mLock")void putPermissionLocked(@NonNull String permName, @NonNull BasePermission permission) {mPermissions.put(permName, permission);}↓Step 读取应用所申请权限(apk安装)36scanDirTracedLI(xxxDir)扫描如下11个路径下的系统apk。Environment.getRootDirectory():"priv-app"&&"app"Environment.getVendorDirectory(): "priv-app"&&"app"Environment.getOdmDirectory():"priv-app"&&"app"Environment.getOemDirectory():"app"Environment.getProductDirectory():"priv-app"&&"app"Environment.getProductServicesDirectory():"priv-app"&&"app"通过存放路径来分配FLAG是方式之一priv-app/授予"SYSTEM|PRIVILEGED",app/授予"SYSTEM"即我们俗称的系统应用和特权应用37scanDirLI()38submit()39parsePackage()40parsePackage(scanFile, parseFlags, true /* useCaches */)41parseMonolithicPackage()42parseBaseApk(,,)43parseBaseApk(,,,)44new Package(pkgName)45pkgPackageParser$Package代表内存中安装后apk每个apk所申请的权限都将存储在其PackageParser$PackagerequestedPermissions数据结构中public final ArrayList<String>requestedPermissions= new ArrayList<String>();46parseBaseApkCommon(pkg,,,,,)读取整个AndroidManifest.xml,此处关注<uses-permission>权限申请标签} else if (tagName.equals(TAG_USES_PERMISSION)) {if (!parseUsesPermission(pkg, res, parser)) {return null;}} else if...47parseUsesPermission()private boolean parseUsesPermission(Package pkg, Resources res, XmlResourceParser parser){TypedArray sa = res.obtainAttributes(parser,com.android.internal.R.styleable.AndroidManifestUsesPermission);String name = sa.getNonResourceString(com.android.internal.R.styleable.AndroidManifestUsesPermission_name);...pkg.requestedPermissions.add(name.intern());}↓Step 给应用授权48startOtherServices()49systemReady()50updateAllPermissions(,,Collection<PackageParser.Package> allPackages,)51updateAllPermissions()52updatePermissions(,,,,,)53restorePermissionState(,,,)private void restorePermissionState(@NonNull PackageParser.Package pkg, boolean replace,@Nullable String packageOfInterest, @Nullable PermissionCallback callback) {final int N = pkg.requestedPermissions.size();for (int i = 0; i < N; i++) {final String permName = pkg.requestedPermissions.get(i);final BasePermission bp = mSettings.getPermissionLocked(permName);else if (bp.isSignature()) {allowedSig = grantSignaturePermission(...)if (allowedSig) {grant = GRANT_INSTALL;}54grantSignaturePermission(...)55hasPrivappWhitelistEntry()56getPrivAppPermissions(packageName)57mPrivAppPermissions.get(packageName)private boolean grantSignaturePermission(String perm,PackageParser.Package> pkg,BasePermission bp, PermissionsState origPermissions) {boolean privappPermissionsDisable =RoSystemProperties.CONTROL_PRIVAPP_PERMISSIONS_DISABLE;if (!privappPermissionsDisable&&privilegedPermission&&pkg.isPrivileged()&&!platformPackage&&platformPermission) {if (!hasPrivappWhitelistEntry(perm, pkg)) {// Only report violations for apps on system imageif (!mSystemReady&&!pkg.isUpdatedSystemApp()) {// it's only a reportable violation if the permission isn't explicitly deniedfinal boolean permissionViolation =deniedPermissions == null || !deniedPermissions.contains(perm);if (permissionViolation) {Slog.w(TAG, "Privileged permission " + perm + " for package "+ pkg.packageName + " - not in privapp-permissions whitelist");if (RoSystemProperties.CONTROL_PRIVAPP_PERMISSIONS_ENFORCE) {mPrivappPermissionsViolations.add(pkg.packageName + ": " + perm);//满足以上十条才会将强制crash开关打开。此外return true/false:授权/不授权↓Step SystemServer Crash58systemReady()59systemReady()private void systemReady() {mSystemReady = true;if (mPrivappPermissionsViolations!= null) {throw new IllegalStateException("Signature|privileged permissions not in "+ "privapp-permissions whitelist: " + mPrivappPermissionsViolations);}}

Privileged Permission开机授权时序图 SourceCode android-10.0.0_r36的更多相关文章

  1. 还在期待安卓9.0吗?Android 10.0要来了

    目前,美国 Google公司的 AndroidP (安卓9.0),已经正式全面推出有几个多月了.众多手机品牌厂商也都在积极的进行更新适配 Android 9.0 系统(修改UI界面也算是二次开发,嗯) ...

  2. 用户吐槽不断:Android 10.0没法用

    如果你升级到Android Q第三个测试版的话,那么最近是不是被设备不断重启搞崩溃了,事实上也确实如此,因为有很多用户都遇到了类似的情况,大家吐槽谷歌的声音越来越大. 不少用户发现,自己设备升级至An ...

  3. 【Android】Android 4.0 无法接收开机广播的问题

    [Android]Android 4.0 无法接收开机广播的问题   前面的文章 Android 开机广播的使用 中 已经提到Android的开机启动,但是在Android 4.0 有时可以接收到开机 ...

  4. Android 7.0真实上手体验

    Android 7.0真实上手体验 Android 7.0的首个开发者预览版发布了,支持的设备只有Nexus6.Nexus 5X.Nexus 6P.Nexus 9.Nexus Player.Pixel ...

  5. Android 10 终于来了!增加了不少新特性

    前言 Android 10 正式发布了,根据官网的介绍,聚焦于隐私可控.手机自定义与使用效率,此版本主要带来了十大新特性:   image 智能回复 使用机器学习来预测你在回复信息时可能会说些什么,这 ...

  6. Android 5.0 Default SMS App以及运营商授权SMS App

    已同步更新至个人blog:http://dxjia.cn/2015/08/android-5-default-sms-app/ 题外话:博友们有没有好用的写博客客户端推荐啊,cnblogs推荐的win ...

  7. Android 6.0 Permission权限与安全机制

    Marshmallow版本权限修改 android的权限系统一直是首要的安全概念,因为这些权限只在安装的时候被询问一次.一旦安装了,app可以在用户毫不知晓的情况下访问权限内的所有东西,而且一般用户安 ...

  8. Android 6.0 超级简单的权限申请2 (Permission)

    代码地址如下:http://www.demodashi.com/demo/13506.html 写在前面 上次写了一个权限申请的例子Android 6.0 超级简单的权限申请 (Permission) ...

  9. Android 6.0 超级简单的权限申请 (Permission)

    代码地址如下:http://www.demodashi.com/demo/13369.html 背景描述 随着Android系统的不断升级,谷歌对用户的隐私是越来越注重了,给我们开发者带来了更多的繁琐 ...

随机推荐

  1. NetCore微服务实战体系:日志管理

    一. 起始 进入NetCore时代,日志的使用有了很大的变化,因为跨平台以及虚拟化技术的使用,日志不能够再像Framework的方式直接记录在文本,文本其实也可以,但是日志的管理以及查看都不太方便.L ...

  2. 内置函数:循环调用函数map和filter

    1.map:循环调用函数,前面一定一定要加list,要不然不会被调用 map的格式:list(map(函数名,循环体)) #这里的函数只能写函数名,不要加() list(map(os.mkdir,[' ...

  3. [leetCode]5. 最长回文子串(DP)

    题目 给定一个字符串 s,找到 s 中最长的回文子串.你可以假设 s 的最大长度为 1000. 题解 dp.先初始化长度为1和长度为2的串.再依次算长度为3,4,5.... 当找到回文串时,若长度比当 ...

  4. Android实现二值点阵图识别

    好好学习,天天向上 本文已收录至我的Github仓库DayDayUP:github.com/RobodLee/DayDayUP,欢迎Star 前言 我这几天在做一个东西,就是一张像二维码这样的 n*n ...

  5. Docker网络(五)

    本章内容 1.dokcer默认自带的几种网络介绍 2. 自定义网络 3. 容器间通信 4. 容器与外界交互 docker网络分为单个主机上的容器网络和多个主机上的哇网络,本文主要讲解单个主机上的容器网 ...

  6. openstack核心组件——neutron网络服务 抓取ip(9)

    云计算openstack核心组件——neutron网络服务(9)   一.虚拟机获取 ip: 用 namspace 隔离 DHCP 服务   Neutron 通过 dnsmasq 提供 DHCP 服务 ...

  7. Envoy 代理中的请求的生命周期

    Envoy 代理中的请求的生命周期 翻译自Envoy官方文档. 目录 Envoy 代理中的请求的生命周期 术语 网络拓扑 配置 高层架构 请求流 总览 1.Listener TCP连接的接收 2.监听 ...

  8. IPSecVPN介绍 & (Cisco Packet Tracer)IPSecVPN实验演示

    一.基础知识 VPN(Virtual Private Network)虚拟专有网络,即虚拟专网.VPN可以实现在不安全的网络上,安全的传输数据,好像专网!VPN只是一个技术,使用PKI技术,来保证数据 ...

  9. 【FLASK】使用ORM以及类似于Django更新新增字段

    #!/usr/bin/env python # -*- coding:utf-8 -*- from sqlalchemy.ext.declarative import declarative_base ...

  10. get请求传递json格式数据的两种方法

    get请求参数为json格式数据,使用pyhton+request的两种实现方式如下: 方法一:使用requests.request() 示例代码如下: 1.导入requests和json impor ...