Privileged Permission开机授权时序图 | SourceCode:android-10.0.0_r36 | Author:秋城 | v1.1SystemServerSystemServerSystemServerInitThreadPoolSystemServerInitThreadPoolSystemConfigSystemConfigPackageManagerServicePackageManagerServicePermissionManagerServicePermissionManagerServicePermissionSettingsPermissionSettingsParallelPackageParserParallelPackageParserPackageParserPackageParserPackageParser.PackagePackageParser.PackagePermissionManagerService.PermissionManagerServiceInternalImplPermissionManagerService.PermissionManagerServiceInternalImpl1main()2run()3startBootstrapServices()↓Step 读取配置好的特权白名单4get.submit(SystemConfig::getInstance, TAG_SYSTEM_CONFIG)5getInstance()6new SystemConfig()读取配置好的特权白名单到内存。涉及7个路径下/xxx/etc/permissions/*xml文件过滤标签“privapp-permissions”中“许可”:"permission"与“拒绝”:"deny-permission"路径定义在Environment.javaENV_ANDROID_ROOT, "/system"ENV_OEM_ROOT, "/oem"ENV_ODM_ROOT, "/odm"Environment.getOdmDirectory(), "etc", "permissions",skuDirENV_VENDOR_ROOT, "/vendor"ENV_PRODUCT_ROOT, "/product"ENV_PRODUCT_SERVICES_ROOT,"/product_services"7readPermissions()8readPermissionsFromXml()9readPermission()10readPrivAppPermissions(parser,mPrivAppPermissions,mPrivAppDenyPermissions)private void readPrivAppPermissions(XmlPullParser parser,ArrayMap<String, ArraySet<String>>grantMap,ArrayMap<String, ArraySet<String>>denyMap)while (XmlUtils.nextElementWithin(parser, depth)) {String name = parser.getName();if ("permission".equals(name)) {String permName = parser.getAttributeValue(null, "name");permissions.add(permName);} else if ("deny-permission".equals(name)) {String permName = parser.getAttributeValue(null, "name");denyPermissions.add(permName);}}grantMap.put(packageName,permissions);denyMap.put(packageName,denyPermissions);↓Step 读取"privileged"权限定义11main(mSystemContext, installer,<factoryTest>, mOnlyCore)12new PackageManagerService(context, installer,factoryTest, onlyCore)13create(context,mPackages /*externalLock*/)14new PermissionManagerService()15new PermissionSettings()16mSettingsAll of the permissions known to the system.系统中所有通过<permission>标签声明的权限(FrameWork及App定义的权限都在这个map中存储)public class PermissionSettings {final ArrayMap<String, BasePermission>mPermissions=new ArrayMap<String, BasePermission>();}17scanDirTracedLI(frameworkDir,...)扫描/system/framework/目录的apk,其中我们的privileged权限定义在system/framework/framework-res.apk中代码是frameworks/base/core/res/AndroidManifest.xml文件的<permission>标签其中protectionLevel="signature|privileged"是特权标志,共216个$ ag android:protectionLevel=signature|privileged frameworks/base/core/res/AndroidManifest.xml |wc -l216例如重启权限:3714 <!-- Required to be able to reboot the device.3715 <p>Not for use by third-party applications. -->3716 <permission android:name="android.permission.REBOOT"3717 android:protectionLevel="signature|privileged" />18scanDirLI()19submit()20parsePackage()21parsePackage(scanFile, parseFlags, true /* useCaches */)此处关注解析单个apk,parseMonolithicPackage()方法其实parseClusterPackage内部也是遍历来调parseMonolithicPackagepublic Package parsePackage(File packageFile, int flags, boolean useCaches){Package parsed = useCaches ? getCachedResult(packageFile, flags) : null;if (packageFile.isDirectory()) {parsed = parseClusterPackage(packageFile, flags);} else {parsed = parseMonolithicPackage(packageFile, flags);}return parsed;}22parseMonolithicPackage()23parseBaseApk(,,)24parseBaseApk(,,,)25new Package(pkgName)26pkg27parseBaseApkCommon(pkg,,,,,)读取整个AndroidManifest.xml,此处关注<permission>:权限定义标签} else if (tagName.equals(TAG_PERMISSION)) {if (!parsePermission(pkg, res, parser, outError)) {return null;}} else if ...28parsePermission(pkg,,,)private boolean parsePermission(Package owner, Resources res,XmlResourceParser parser, String[] outError)TypedArray sa = res.obtainAttributes(parser,com.android.internal.R.styleable.AndroidManifestPermission);Permission perm = newPermission(owner, backgroundPermission);perm.info.protectionLevel= sa.getInt(com.android.internal.R.styleable.AndroidManifestPermission_protectionLevel,PermissionInfo.PROTECTION_NORMAL);owner.permissions.add(perm);frameworks/base/core/java/android/content/pm/PackageParser.javapublic final static classPermissionextends Component<IntentInfo>implements Parcelable {public finalPermissionInfoinfo;}frameworks/base/core/java/android/content/pm/PermissionInfo.javapublic classPermissionInfoextends PackageItemInfoimplements Parcelable {public intprotectionLevel;}frameworks/base/core/java/android/content/pm/PackageParser.javaPackageParser$Package代表内存中安装后apk每个apk声明的权限都存放在其permissions这个ArrayList中public final static class Package implements Parcelable {public final ArrayList<Permission>permissions= new ArrayList<Permission>(0);}多线程并发扫描安装apk。并发解析工具类:ParallelPackageParser.java入队出队方法:submit/take// Submit files for parsing in parallelint fileCount = 0;for (File file : files) {...parallelPackageParser.submit(file, parseFlags);fileCount++;}// Process results one by onefor (; fileCount > 0; fileCount--) {ParallelPackageParser.ParseResult parseResult = parallelPackageParser.take();...}29scanPackageChildLI(,,,,)30addForInitLI(,,,,)31commitReconciledScanResultLocked()32commitPackageSettings(,,,,,)33addAllPermissions(,)34addAllPermissions(,)private void addAllPermissions(PackageParser.Package pkg, boolean chatty) {final int N = pkg.permissions.size();for (int i=0; i<N; i++) {PackageParser.Permission p = pkg.permissions.get(i);...final BasePermission bp = BasePermission.createOrUpdate(mSettings.getPermissionLocked(p.info.name),p, pkg, mSettings.getAllPermissionTreesLocked(), chatty);mSettings.putPermissionLocked(p.info.name, bp);...35putPermissionLocked(,)@GuardedBy("mLock")void putPermissionLocked(@NonNull String permName, @NonNull BasePermission permission) {mPermissions.put(permName, permission);}↓Step 读取应用所申请权限(apk安装)36scanDirTracedLI(xxxDir)扫描如下11个路径下的系统apk。Environment.getRootDirectory():"priv-app"&&"app"Environment.getVendorDirectory(): "priv-app"&&"app"Environment.getOdmDirectory():"priv-app"&&"app"Environment.getOemDirectory():"app"Environment.getProductDirectory():"priv-app"&&"app"Environment.getProductServicesDirectory():"priv-app"&&"app"通过存放路径来分配FLAG是方式之一priv-app/授予"SYSTEM|PRIVILEGED",app/授予"SYSTEM"即我们俗称的系统应用和特权应用37scanDirLI()38submit()39parsePackage()40parsePackage(scanFile, parseFlags, true /* useCaches */)41parseMonolithicPackage()42parseBaseApk(,,)43parseBaseApk(,,,)44new Package(pkgName)45pkgPackageParser$Package代表内存中安装后apk每个apk所申请的权限都将存储在其PackageParser$PackagerequestedPermissions数据结构中public final ArrayList<String>requestedPermissions= new ArrayList<String>();46parseBaseApkCommon(pkg,,,,,)读取整个AndroidManifest.xml,此处关注<uses-permission>权限申请标签} else if (tagName.equals(TAG_USES_PERMISSION)) {if (!parseUsesPermission(pkg, res, parser)) {return null;}} else if...47parseUsesPermission()private boolean parseUsesPermission(Package pkg, Resources res, XmlResourceParser parser){TypedArray sa = res.obtainAttributes(parser,com.android.internal.R.styleable.AndroidManifestUsesPermission);String name = sa.getNonResourceString(com.android.internal.R.styleable.AndroidManifestUsesPermission_name);...pkg.requestedPermissions.add(name.intern());}↓Step 给应用授权48startOtherServices()49systemReady()50updateAllPermissions(,,Collection<PackageParser.Package> allPackages,)51updateAllPermissions()52updatePermissions(,,,,,)53restorePermissionState(,,,)private void restorePermissionState(@NonNull PackageParser.Package pkg, boolean replace,@Nullable String packageOfInterest, @Nullable PermissionCallback callback) {final int N = pkg.requestedPermissions.size();for (int i = 0; i < N; i++) {final String permName = pkg.requestedPermissions.get(i);final BasePermission bp = mSettings.getPermissionLocked(permName);else if (bp.isSignature()) {allowedSig = grantSignaturePermission(...)if (allowedSig) {grant = GRANT_INSTALL;}54grantSignaturePermission(...)55hasPrivappWhitelistEntry()56getPrivAppPermissions(packageName)57mPrivAppPermissions.get(packageName)private boolean grantSignaturePermission(String perm,PackageParser.Package> pkg,BasePermission bp, PermissionsState origPermissions) {boolean privappPermissionsDisable =RoSystemProperties.CONTROL_PRIVAPP_PERMISSIONS_DISABLE;if (!privappPermissionsDisable&&privilegedPermission&&pkg.isPrivileged()&&!platformPackage&&platformPermission) {if (!hasPrivappWhitelistEntry(perm, pkg)) {// Only report violations for apps on system imageif (!mSystemReady&&!pkg.isUpdatedSystemApp()) {// it's only a reportable violation if the permission isn't explicitly deniedfinal boolean permissionViolation =deniedPermissions == null || !deniedPermissions.contains(perm);if (permissionViolation) {Slog.w(TAG, "Privileged permission " + perm + " for package "+ pkg.packageName + " - not in privapp-permissions whitelist");if (RoSystemProperties.CONTROL_PRIVAPP_PERMISSIONS_ENFORCE) {mPrivappPermissionsViolations.add(pkg.packageName + ": " + perm);//满足以上十条才会将强制crash开关打开。此外return true/false:授权/不授权↓Step SystemServer Crash58systemReady()59systemReady()private void systemReady() {mSystemReady = true;if (mPrivappPermissionsViolations!= null) {throw new IllegalStateException("Signature|privileged permissions not in "+ "privapp-permissions whitelist: " + mPrivappPermissionsViolations);}}

Privileged Permission开机授权时序图 SourceCode android-10.0.0_r36的更多相关文章

  1. 还在期待安卓9.0吗?Android 10.0要来了

    目前,美国 Google公司的 AndroidP (安卓9.0),已经正式全面推出有几个多月了.众多手机品牌厂商也都在积极的进行更新适配 Android 9.0 系统(修改UI界面也算是二次开发,嗯) ...

  2. 用户吐槽不断:Android 10.0没法用

    如果你升级到Android Q第三个测试版的话,那么最近是不是被设备不断重启搞崩溃了,事实上也确实如此,因为有很多用户都遇到了类似的情况,大家吐槽谷歌的声音越来越大. 不少用户发现,自己设备升级至An ...

  3. 【Android】Android 4.0 无法接收开机广播的问题

    [Android]Android 4.0 无法接收开机广播的问题   前面的文章 Android 开机广播的使用 中 已经提到Android的开机启动,但是在Android 4.0 有时可以接收到开机 ...

  4. Android 7.0真实上手体验

    Android 7.0真实上手体验 Android 7.0的首个开发者预览版发布了,支持的设备只有Nexus6.Nexus 5X.Nexus 6P.Nexus 9.Nexus Player.Pixel ...

  5. Android 10 终于来了!增加了不少新特性

    前言 Android 10 正式发布了,根据官网的介绍,聚焦于隐私可控.手机自定义与使用效率,此版本主要带来了十大新特性:   image 智能回复 使用机器学习来预测你在回复信息时可能会说些什么,这 ...

  6. Android 5.0 Default SMS App以及运营商授权SMS App

    已同步更新至个人blog:http://dxjia.cn/2015/08/android-5-default-sms-app/ 题外话:博友们有没有好用的写博客客户端推荐啊,cnblogs推荐的win ...

  7. Android 6.0 Permission权限与安全机制

    Marshmallow版本权限修改 android的权限系统一直是首要的安全概念,因为这些权限只在安装的时候被询问一次.一旦安装了,app可以在用户毫不知晓的情况下访问权限内的所有东西,而且一般用户安 ...

  8. Android 6.0 超级简单的权限申请2 (Permission)

    代码地址如下:http://www.demodashi.com/demo/13506.html 写在前面 上次写了一个权限申请的例子Android 6.0 超级简单的权限申请 (Permission) ...

  9. Android 6.0 超级简单的权限申请 (Permission)

    代码地址如下:http://www.demodashi.com/demo/13369.html 背景描述 随着Android系统的不断升级,谷歌对用户的隐私是越来越注重了,给我们开发者带来了更多的繁琐 ...

随机推荐

  1. 理解C#回调函数

    序言 本篇主要学习了C#回调函数的定义使用.欢迎各位大牛的指导. 正文 回调函数是什么? 回调函数就是一个通过函数指针调用的函数.如果你把函数的指针(地址)作为参数传递给另一个函数,当这个指针被用来调 ...

  2. linux下锁定关键文件/etc/passwd、/etc/shadow、/etc/group、/etc/gshadow、/etc/inittab

    锁定/etc/passwd./etc/shadow./etc/group./etc/gshadow./etc/inittab,锁定关键的系统文件可以防止服务器提权后被篡改 1.对关键文件进行加锁,任何 ...

  3. CentOS7下mysql忘记root密码的处理方法

    1.  vi /etc/my.cnf,在[mysqld]中添加 skip-grant-tables 例如: [mysqld] skip-grant-tables datadir=/var/lib/my ...

  4. Java面试之Java基础问题答案口述整理

    Java面试之基础问题答案口述整理 面向对象的理解 面向对象思想就是在计算机程序设计过程中,把具体事物的属性特性和行为特征抽象出来,描述成计算机事件的设计思想.它区别于面向过程的思想,强调的是通过调用 ...

  5. redis并发问题2

    转自https://mp.weixin.qq.com/s?__biz=MzI1NDQ3MjQxNA==&mid=2247485464&idx=1&sn=8d690fc6f878 ...

  6. MiniJpegDecoder使用介绍

    承接昨天写的<JPEG软解码实现介绍>,今天介绍其使用方法和一些细节说明. 1.仓库下已经包含了几个jpeg文件,以方便直接校验. 2.使用命令分为两种模式. 一种是直接解码为yuv文件, ...

  7. Spring Boot 第三弹,一文带你了解日志如何配置?

    前言 日志通常不会在需求阶段作为一个功能单独提出来,也不会在产品方案中看到它的细节.但是,这丝毫不影响它在任何一个系统中的重要的地位. 今天就来介绍一下Spring Boot中的日志如何配置. Spr ...

  8. Java基础——缓存

    1.缓存 将程序或系统中常用的数据对象存储在像内存这样特定的介质中,以避免在每次程序调用时,重新创建或组织数据所带来的性能损耗,从而提高了系统的整体运行速度 以目前的系统架构来说,用户的请求一般会先经 ...

  9. nginx 1.12安装

    准备工作 使用root用户安装. 到nginx官网下载Linux源码或者执行:wget http://nginx.org/download/nginx-1.12.2.tar.gz. 到pcre站点下载 ...

  10. 分页查询对象Page

    1 public class Page { 2 //当前页码 3 private Integer pageNo = 1; 4 //每页显示条数 5 private Integer pageSize = ...