權(quán)限分類
-
Normal permissions
只需要在AndroidManifest.xml 中聲明,如INTERNET骇径,WAKE_LOCK等
-
Signature permissions
申請(qǐng)?jiān)摍?quán)限的應(yīng)用和定義該權(quán)限的應(yīng)用有相同簽名時(shí),這個(gè)權(quán)限才會(huì)被授予,一些Signature permissions不能被三方應(yīng)用使用
-
Dangerous permissions
需要申請(qǐng)運(yùn)行時(shí)權(quán)限
Special permissions
如SYSTEM_ALERT_WINDOW需要應(yīng)用發(fā)送Settings.ACTION_MANAGE_OVERLAY_PERMISSION intent去提示用戶是否開(kāi)啟該權(quán)限
權(quán)限列表可以參考官網(wǎng):
https://developer.android.google.cn/guide/topics/permissions/overview?hl=en
代碼中的權(quán)限列表:
frameworks/base/data/etc/platform.xml
權(quán)限類型定義protectionLevel:
frameworks/base/core/res/AndroidManifest.xml
運(yùn)行時(shí)權(quán)限申請(qǐng)方法
AndroidMenifest.xml 中添加
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
代碼中添加:
if (ContextCompat.checkSelfPermission(this,
Manifest.permission.WRITE_EXTERNAL_STORAGE)
!= PackageManager.PERMISSION_GRANTED) {
// Should we show an explanation?
if (ActivityCompat.shouldShowRequestPermissionRationale(this,
Manifest.permission.WRITE_EXTERNAL_STORAGE)) {
// Show an expanation to the user *asynchronously* -- don't block
// this thread waiting for the user's response! After the user
// sees the explanation, try again to request the permission.
} else {
// No explanation needed, we can request the permission.
ActivityCompat.requestPermissions(this,
new String[]{Manifest.permission.WRITE_EXTERNAL_STORAGE},
MY_PERMISSIONS_REQUEST_READ_SDCARD);
// MY_PERMISSIONS_REQUEST_READ_CONTACTS is an
// app-defined int constant. The callback method gets the
// result of the request.
}
}
@Override
public void onRequestPermissionsResult(int requestCode,
String permissions[], int[] grantResults) {
switch (requestCode) {
case MY_PERMISSIONS_REQUEST_READ_SDCARD: {
// If request is cancelled, the result arrays are empty.
if (grantResults.length > 0
&& grantResults[0] == PackageManager.PERMISSION_GRANTED) {
... ...
} else {
... ...
}
return;
}
}
}
查看應(yīng)用是否有運(yùn)行時(shí)權(quán)限:
adb shell dumpsys package + 包名
Packages:
Package [com.example.hellojni2] (11f567c):
userId=10127
pkg=Package{714cb29 com.example.hellojni2}
... ...
requested permissions:
android.permission.WRITE_SETTINGS
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
User 0: ceDataInode=-4294761261 installed=true hidden=false suspended=false stopped=false notLaunched=false enabled=0 instant=false virtual=false
runtime permissions:
android.permission.READ_EXTERNAL_STORAGE: granted=true
android.permission.WRITE_EXTERNAL_STORAGE: granted=true
查看應(yīng)用進(jìn)程是否有某個(gè)權(quán)限痢毒,比如進(jìn)程mediacodec澜建,pid: 564是否有sdcard_rw權(quán)限
A3A_10_4G:/ $ cd proc/564
A3A_10_4G:/proc/564 $ cat status
Name: omx@1.0-service
State: S (sleeping)
Tgid: 564
Ngid: 0
Pid: 564
PPid: 1
TracerPid: 0
Uid: 1046 1046 1046 1046
Gid: 1006 1006 1006 1006
FDSize: 256
Groups: 1000 1005 1013 1015 1023 1026 1028 1031 3001 3002 3003 3007
id sdcard_rw
A3A_10_4G:/ $ id sdcard_rw
uid=1015(sdcard_rw) gid=1015(sdcard_rw) groups=1015(sdcard_rw), context=u:r:shell:s0
可以看到有1015權(quán)限,即SDCard讀寫(xiě)錯(cuò)誤
運(yùn)行時(shí)權(quán)限申請(qǐng)流程
1. 顯示權(quán)限申請(qǐng)Dialog
frameworks/support/compat/src/main/java/androidx/core/app/ActivityCompat.java
public static void requestPermissions(final @NonNull Activity activity,
final @NonNull String[] permissions, final @IntRange(from = 0) int requestCode) {
... ...
if (Build.VERSION.SDK_INT >= 23) {
activity.requestPermissions(permissions, requestCode);
}
... ...
}
打開(kāi)全透明GrantPermissionsActivity
public final void requestPermissions(@NonNull String[] permissions, int requestCode) {
... ...
//沒(méi)有申請(qǐng)過(guò)權(quán)限彈出權(quán)限申請(qǐng)dialog
Intent intent = getPackageManager().buildRequestPermissionsIntent(permissions);
startActivityForResult(REQUEST_PERMISSIONS_WHO_PREFIX, intent, requestCode, null);
mHasCurrentPermissionsRequest = true;
}
GrantPermissionsActivity實(shí)現(xiàn)接口GrantPermissionsViewHandler.ResultListener向挖,用戶點(diǎn)擊允許添加權(quán)限時(shí),回調(diào) onPermissionGrantResult
@Override
public void onPermissionGrantResult(String name, boolean granted, boolean doNotAskAgain) {
... ...
GroupState groupState = mRequestGrantPermissionGroups.get(name);
if (groupState != null && groupState.mGroup != null) {
if (granted) {
//如果允許將整個(gè)權(quán)限組權(quán)限設(shè)為STATE_ALLOWED
groupState.mGroup.grantRuntimePermissions(doNotAskAgain,
groupState.affectedPermissions);
groupState.mState = GroupState.STATE_ALLOWED;
} else {
... ...
}
2. 最終調(diào)用到PMS的grantRuntimePermission更新權(quán)限
frameworks/base/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
private void grantRuntimePermission(String permName, String packageName, boolean overridePolicy,
int callingUid, final int userId, PermissionCallback callback) {
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.GRANT_RUNTIME_PERMISSIONS,
"grantRuntimePermission");
enforceCrossUserPermission(callingUid, userId,
true, // requireFullPermission
true, // checkShell
false, // requirePermissionWhenSameUser
"grantRuntimePermission");
final PackageParser.Package pkg = mPackageManagerInt.getPackage(packageName);
if (pkg == null || pkg.mExtras == null) {
throw new IllegalArgumentException("Unknown package: " + packageName);
}
final BasePermission bp;
synchronized(mLock) {
bp = mSettings.getPermissionLocked(permName);
}
... ...
//檢查AndroidManifest.xml中是否有聲明過(guò)權(quán)限炕舵,如果沒(méi)有拋出SecurityException異常
bp.enforceDeclaredUsedAndRuntimeOrDevelopment(pkg);
final int uid = UserHandle.getUid(userId, pkg.applicationInfo.uid);
final PackageSetting ps = (PackageSetting) pkg.mExtras;
final PermissionsState permissionsState = ps.getPermissionsState();
『沃//省略一些對(duì)版本和權(quán)限類型檢查
... ...
final int result = permissionsState.grantRuntimePermission(bp, userId);
switch (result) {
case PermissionsState.PERMISSION_OPERATION_FAILURE: {
return;
}
case PermissionsState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED: {
if (callback != null) {
callback.onGidsChanged(UserHandle.getAppId(pkg.applicationInfo.uid), userId);
}
}
break;
}
//存在runtime-permissions.xml中
if (callback != null) {
callback.onPermissionGranted(uid, userId);
}
... ...
}
3.權(quán)限信息存儲(chǔ)
frameworks/base/services/core/java/com/android/server/pm/permission/PermissionsState.java
private int grantPermission(BasePermission permission, int userId) {
if (hasPermission(permission.getName(), userId)) {
return PERMISSION_OPERATION_FAILURE;
}
final boolean hasGids = !ArrayUtils.isEmpty(permission.computeGids(userId));
final int[] oldGids = hasGids ? computeGids(userId) : NO_GIDS;
PermissionData permissionData = ensurePermissionData(permission);
得到權(quán)限信息后,將權(quán)限和userid存在一個(gè) SparseArray數(shù)據(jù)結(jié)構(gòu)中咽筋,用于查看對(duì)應(yīng)權(quán)限是否申請(qǐng)
if (!permissionData.grant(userId)) {
return PERMISSION_OPERATION_FAILURE;
}
if (hasGids) {
final int[] newGids = computeGids(userId);
if (oldGids.length != newGids.length) {
return PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED;
}
}
return PERMISSION_OPERATION_SUCCESS;
}
private PermissionCallback mPermissionCallback = new PermissionCallback() {
@Override
public void onPermissionGranted(int uid, int userId) {
mOnPermissionChangeListeners.onPermissionsChanged(uid);
// 應(yīng)用權(quán)限存儲(chǔ)在data/system/user/0/runtime-permissions.xml 手機(jī)啟動(dòng)時(shí)由PackageManagerService讀取
synchronized (mPackages) {
mSettings.writeRuntimePermissionsForUserLPr(userId, false);
}
}
... ...
}
