Android APP 默认赋予权限
首先在/vendor/xxxx/中创建etc/文件夹
在etc/中创建Android.bp和default-permissions-xxxx.xml文件
Android.bp文件写法:
prebuilt_etc {
name: "default_permissions_whitelist_xxxx",
product_specific: true,
sub_dir: "default-permissions",
src: "default-permissions-xxxx.xml",
filename_from_src: true,
}
default-permissions-xxxx.xml文件写法:
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<!--
~ Copyright (C) 2016 The Android Open Source Project
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License
-->
<!--
This XML file declares which signature|privileged permissions should be granted to privileged
applications that come with the platform
-->
<exceptions>
<!-- exception package 为要授予权限的app包名 -->
<!-- permission name 为要授予权限的app默认授予的权限 -->
<!-- permission的fixed表示授权后是否可以被非系统组件修改权限 -->
<exception package="com.xxxx.demo">
<permission name="android.permission.INTERNET" fixed="false"/>
<permission name="android.permission.WRITE_EXTERNAL_STORAGE" fixed="false"/>
<permission name="android.permission.ACCESS_NETWORK_STATE" fixed="false"/>
<permission name="android.permission.READ_EXTERNAL_STORAGE" fixed="false"/>
<permission name="android.permission.RECORD_AUDIO" fixed="false"/>
<permission name="android.permission.READ_PHONE_STATE" fixed="false"/>
<permission name="android.permission.ACCESS_WIFI_STATE" fixed="false"/>
<permission name="Manifest.permission.CAMERA" fixed="false"/>
<permission name="Manifest.permission.READ_PHONE_STATE" fixed="false"/>
<permission name="Manifest.permission.RECORD_AUDIO" fixed="false"/>
<permission name="Manifest.permission.ACCESS_COARSE_LOCATION" fixed="false"/>
<permission name="Manifest.permission.ACCESS_FINE_LOCATION" fixed="false"/>
<permission name="android.permission.CHANGE_WIFI_STATE" fixed="false"/>
<permission name="android.permission.CAMERA" fixed="false"/>
<permission name="android.permission.FLASHLIGHT" fixed="false"/>
<permission name="android.permission.VIBRATE" fixed="false"/>
<permission name="android.permission.FOREGROUND_SERVICE" fixed="false"/>
<permission name="android.permission.WAKE_LOCK" fixed="false"/>
<permission name="android.permission.MODIFY_AUDIO_SETTINGS" fixed="false"/>
<permission name="android.permission.BROADCAST_STICKY" fixed="false"/>
<permission name="android.permission.MOUNT_UNMOUNT_FILESYSTEMS" fixed="false"/>
<permission name="android.permission.RECEIVE_BOOT_COMPLETED" fixed="false"/>
<permission name="android.permission.INTERACT_ACROSS_USERS" fixed="false"/>
<permission name="android.permission.GET_TASKS" fixed="false"/>
<permission name="android.permission.CHANGE_CONFIGURATION" fixed="false"/>
</exception>
<!-- 赋予app权限只需在后面添加对应的exception package和permission name即可 -->
</exceptions>
修改/device/rockchip/rk356x/device.mk
# add by mazhuang for By default, Grant app permissions 2021/08/30
$(call inherit-product, vendor/xxxx/device.mk)
在/vendor/xxxx/device.mk中添加
# add by mazhuang for By default, Grant app permissions 2021/08/30
PRODUCT_PACKAGES += \
default_permissions_whitelist_xxxx
在default-permissions-xxxx.xml中添加的app和权限最终在/frameworks/base/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java中的grantDefaultPermissionExceptions()方法中赋予权限。
private void grantDefaultPermissionExceptions(PackageManagerWrapper pm, int userId) {
mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
synchronized (mLock) {
// mGrantExceptions is null only before the first read and then
// it serves as a cache of the default grants that should be
// performed for every user. If there is an entry then the app
// is on the system image and supports runtime permissions.
if (mGrantExceptions == null) {
mGrantExceptions = readDefaultPermissionExceptionsLocked(pm);
}
}
Set<String> permissions = null;
final int exceptionCount = mGrantExceptions.size();
for (int i = 0; i < exceptionCount; i++) {
String packageName = mGrantExceptions.keyAt(i);
PackageInfo pkg = pm.getSystemPackageInfo(packageName);
List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i);
final int permissionGrantCount = permissionGrants.size();
for (int j = 0; j < permissionGrantCount; j++) {
DefaultPermissionGrant permissionGrant = permissionGrants.get(j);
if (!pm.isPermissionDangerous(permissionGrant.name)) {
Log.w(TAG, "Ignoring permission " + permissionGrant.name
+ " which isn't dangerous");
continue;
}
if (permissions == null) {
permissions = new ArraySet<>();
} else {
permissions.clear();
}
permissions.add(permissionGrant.name);
grantRuntimePermissions(pm, pkg, permissions, permissionGrant.fixed,
permissionGrant.whitelisted, true /*whitelistRestrictedPermissions*/,
userId);
}
}
}
读取default-permissions-xxxx.xml的方法应该是readDefaultPermissionExceptionsLocked()
private @NonNull ArrayMap<String, List<DefaultPermissionGrant>>
readDefaultPermissionExceptionsLocked(PackageManagerWrapper pm) {
File[] files = getDefaultPermissionFiles();
if (files == null) {
return new ArrayMap<>(0);
}
ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>();
// Iterate over the files in the directory and scan .xml files
for (File file : files) {
if (!file.getPath().endsWith(".xml")) {
Slog.i(TAG, "Non-xml file " + file
+ " in " + file.getParent() + " directory, ignoring");
continue;
}
if (!file.canRead()) {
Slog.w(TAG, "Default permissions file " + file + " cannot be read");
continue;
}
try (
InputStream str = new BufferedInputStream(new FileInputStream(file))
) {
XmlPullParser parser = Xml.newPullParser();
parser.setInput(str, null);
parse(pm, parser, grantExceptions);
} catch (XmlPullParserException | IOException e) {
Slog.w(TAG, "Error reading default permissions file " + file, e);
}
}
return grantExceptions;
}
最终调用到grantRuntimePermissions()方法对app赋予权限。