Android11 framework 禁止三方应用通过广播开机自启动-独立方案

繁鑫..2024-07-24 20:15

之前的文章Android11 framework 禁止三方应用开机自启动记录了我调试Android11应用自启动限制的全过程,但是之前的方案感觉还能再研究,所以有了这一篇文章。

这一篇文章主要探讨Android11上,以广播来进行自启动的应用的限制,极个别用provider实现自启动的应用方案(点名批评we信),我现在暂时还没有研究学习

针对使用广播启动的三方应用,在frameworks\base\services\core\java\com\android\server\am\BroadcastQueue.java​中处理显然是最好的

打开log使能

diff 复制代码 
Line 994: 07-22 11:53:16.576062   927  1375 V BroadcastQueue: Need to start app [background] com.tencent.mobileqq:MSF for broadcast BroadcastRecord{589f6ea u0 android.intent.action.MEDIA_MOUNTED}
Line 1009: 07-22 11:53:17.448550   927  1020 V BroadcastQueue: Need to start app [background] com.tencent.mobileqq:MSF for broadcast BroadcastRecord{589f6ea u0 android.intent.action.MEDIA_MOUNTED}
Line 1021: 07-22 11:53:17.557622   927  1020 V BroadcastQueue: Need to start app [background] com.tencent.mobileqq:MSF for broadcast BroadcastRecord{589f6ea u0 android.intent.action.MEDIA_MOUNTED}
Line 1032: 07-22 11:53:17.628812   927  1020 V BroadcastQueue: Need to start app [background] com.tencent.mobileqq:MSF for broadcast BroadcastRecord{589f6ea u0 android.intent.action.MEDIA_MOUNTED}
Line 1043: 07-22 11:53:18.747292   927  1020 V BroadcastQueue: Need to start app [background] com.tencent.mobileqq:MSF for broadcast BroadcastRecord{589f6ea u0 android.intent.action.MEDIA_MOUNTED}
Line 1054: 07-22 11:53:20.220532   927  1020 V BroadcastQueue: Need to start app [background] com.tencent.mobileqq:MSF for broadcast BroadcastRecord{589f6ea u0 android.intent.action.MEDIA_MOUNTED}
Line 1065: 07-22 11:53:20.472164   927  1020 V BroadcastQueue: Need to start app [background] com.tencent.mobileqq:MSF for broadcast BroadcastRecord{589f6ea u0 android.intent.action.MEDIA_MOUNTED}
Line 1128: 07-22 11:53:25.226399   927  1020 V BroadcastQueue: Need to start app [background] com.tencent.mobileqq:MSF for broadcast BroadcastRecord{589f6ea u0 android.intent.action.MEDIA_MOUNTED}
Line 1205: 07-22 11:54:25.350290   927  1592 V BroadcastQueue: Need to start app [background] com.tencent.mobileqq:MSF for broadcast BroadcastRecord{a42c9c1 u0 android.intent.action.MEDIA_MOUNTED}
Line 1219: 07-22 11:54:25.950266   927  1020 V BroadcastQueue: Need to start app [background] com.tencent.mobileqq:MSF for broadcast BroadcastRecord{a42c9c1 u0 android.intent.action.MEDIA_MOUNTED}
Line 1230: 07-22 11:54:26.005805   927  1020 V BroadcastQueue: Need to start app [background] com.tencent.mobileqq:MSF for broadcast BroadcastRecord{a42c9c1 u0 android.intent.action.MEDIA_MOUNTED}
Line 1253: 07-22 11:54:53.461909   927  1020 V BroadcastQueue: Need to start app [background] com.tencent.mobileqq:MSF for broadcast BroadcastRecord{a42c9c1 u0 android.intent.action.MEDIA_MOUNTED}
Line 1308: 07-22 11:54:53.505324   927  1020 V BroadcastQueue: Need to start app [background] com.tencent.mobileqq:MSF for broadcast BroadcastRecord{a42c9c1 u0 android.intent.action.MEDIA_MOUNTED}
Line 1323: 07-22 11:54:56.521321   927  1020 V BroadcastQueue: Need to start app [background] com.tencent.mobileqq:MSF for broadcast BroadcastRecord{a42c9c1 u0 android.intent.action.MEDIA_MOUNTED}

能看到很多条Need to start app​,找到打印log的地方

java 复制代码 
final void processNextBroadcastLocked(boolean fromMsg, boolean skipOomAdj) {
	BroadcastRecord r;
	...

	if (DEBUG_BROADCAST)  Slog.v(TAG_BROADCAST,
                "Need to start app ["

思考:这里的log打印能拿到进程名,以及监听的广播,且从log看,这里就是管理是否启动的。如果从这里拦截,能让监听此广播的应用不执行启动逻辑,比上一篇文章单纯的不让执行任何逻辑合理

修改思路,非系统应用禁止通过ACTION_MEDIA_MOUNTED​和ACTION_BOOT_COMPLETED​两个广播进行启动,退出逻辑需要走原生的流程,不能直接return,修改方案如下:

java 复制代码 
diff --git a/frameworks/base/services/core/java/com/android/server/am/BroadcastQueue.java b/frameworks/base/services/core/java/com/android/server/am/BroadcastQueue.java
index b6afd4a82d..d6b9a3328c 100644
--- a/frameworks/base/services/core/java/com/android/server/am/BroadcastQueue.java
+++ b/frameworks/base/services/core/java/com/android/server/am/BroadcastQueue.java
@@ -33,6 +33,7 @@ import android.content.IIntentSender;
 import android.content.Intent;
 import android.content.IntentSender;
 import android.content.pm.ActivityInfo;
+import android.content.pm.ApplicationInfo;
 import android.content.pm.PackageManager;
 import android.content.pm.PermissionInfo;
 import android.content.pm.ResolveInfo;
@@ -70,6 +71,7 @@ import java.util.Set;
  * offload special broadcasts that we know take a long time, such as BOOT_COMPLETED.
  */
 public final class BroadcastQueue {
+    private boolean DEBUG_BROADCAST = true;
     private static final String TAG = "BroadcastQueue";
     private static final String TAG_MU = TAG + POSTFIX_MU;
     private static final String TAG_BROADCAST = TAG + POSTFIX_BROADCAST;
@@ -1648,11 +1650,18 @@ public final class BroadcastQueue {
             // restart the application.
         }
 
+        boolean isSystem = (info.activityInfo.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0;
+        boolean isAllow = true;
+        if (!isSystem &&
+            (r.intent.toString().contains(Intent.ACTION_MEDIA_MOUNTED)
+                || r.intent.toString().contains(Intent.ACTION_BOOT_COMPLETED))) {
+            isAllow = false;
+        }
         // Not running -- get it started, to be executed when the app comes up.
         if (DEBUG_BROADCAST)  Slog.v(TAG_BROADCAST,
                 "Need to start app ["
-                + mQueueName + "] " + targetProcess + " for broadcast " + r);
-        if ((r.curApp=mService.startProcessLocked(targetProcess,
+                + mQueueName + "] " + targetProcess + " for broadcast " + r + ", isSystem= " + isSystem + ", allow= " + isAllow);
+        if (!isAllow || (r.curApp=mService.startProcessLocked(targetProcess,
                 info.activityInfo.applicationInfo, true,
                 r.intent.getFlags() | Intent.FLAG_FROM_BACKGROUND,
                 new HostingRecord("broadcast", r.curComponent),
				 ...
			r.state = BroadcastRecord.IDLE;
            return;
        }

一样的,判断是否允许isAllow​然后走原生的退出逻辑

这样可以让三方应用不通过ACTION_MEDIA_MOUNTED​和ACTION_BOOT_COMPLETED​两个广播进行启动动作。

生效log如下:

java 复制代码 
07-22 16:07:38.243585   895  1467 V BroadcastQueue: Need to start app [background] com.tencent.mobileqq:MSF for broadcast BroadcastRecord{228d228 u0 android.intent.action.MEDIA_MOUNTED}, isSystem= false, allow= false
07-22 16:07:38.243633   895  1467 W BroadcastQueue: Unable to launch app com.tencent.mobileqq/10110 for broadcast Intent { act=android.intent.action.MEDIA_MOUNTED dat=file:///storage/emulated/0 flg=0x5000010 (has extras) }: process is bad

07-22 16:25:04.107345   909  1515 V BroadcastQueue: Need to start app [background] com.example.test111 for broadcast BroadcastRecord{e84020c u0 android.intent.action.BOOT_COMPLETED}, isSystem= false, allow= false
07-22 16:25:04.107448   909  1515 W BroadcastQueue: Unable to launch app com.example.test111/10115 for broadcast Intent { act=android.intent.action.BOOT_COMPLETED flg=0x89000010 (has extras) }: process is bad

注意:广播类型的启动能防得住,但是有部分app可能不仅仅通过广播,还通过provider执行自启动,这类的我暂时还没研究

相关推荐
qq_4419960516 分钟前
Mybatis官方生成器使用示例
java·mybatis
Qter_Sean18 分钟前
自己动手写Qt Creator插件
开发语言·qt
何曾参静谧22 分钟前
「QT」文件类 之 QIODevice 输入输出设备类
开发语言·qt
巨大八爪鱼23 分钟前
XP系统下用mod_jk 1.2.40整合apache2.2.16和tomcat 6.0.29,让apache可以同时访问php和jsp页面
java·tomcat·apache·mod_jk
爱吃生蚝的于勒1 小时前
C语言内存函数
c语言·开发语言·数据结构·c++·学习·算法
码上一元2 小时前
SpringBoot自动装配原理解析
java·spring boot·后端
计算机-秋大田2 小时前
基于微信小程序的养老院管理系统的设计与实现,LW+源码+讲解
java·spring boot·微信小程序·小程序·vue
小白学大数据3 小时前
Python爬虫开发中的分析与方案制定
开发语言·c++·爬虫·python
大耳猫4 小时前
主动测量View的宽高
android·ui
魔道不误砍柴功4 小时前
简单叙述 Spring Boot 启动过程
java·数据库·spring boot
热门推荐
01玄机平台应急响应—webshell查杀02Ubuntu 20.04使用Livox mid 360 测试 FAST_LIO03【HarmonyOS】HUAWEI DevEco Studio 下载地址汇总04新版微信小程序获取用户手机号05文件或文件夹名称中有空格如何批量去除06组基轨迹建模 GBTM的介绍与实现(Stata 或 R)07【TC3xx芯片】TC3xx芯片电源管理系统PMS详解08优化手机性能,解决卡顿问题:关闭这3个微信开关,释放内存空间09基于YOLOv10深度学习的CT扫描图像肾结石智能检测系统【python源码+Pyqt5界面+数据集+训练代码】深度学习实战、目标检测10【Flutter】基于 GetX 实现 Dio 的生命周期自动化