授权方式比较多根据需要进行修改:
1、安装应用时默认授权
应用安装过程中,系统会检查应用申请的各个权限情况,针对安装时权限和运行时权限分别记录。我们可以修改将运行权限也默认授予。代码如下
java
//frameworks/base/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
private void restorePermissionState(@NonNull AndroidPackage pkg, boolean replace,
@Nullable String packageOfInterest, @Nullable PermissionCallback callback) {
... ...
final String perm = bp.getName();
boolean allowedSig = false;
int grant = GRANT_DENIED;
// Keep track of app op permissions.
if (bp.isAppOp()) {
mSettings.addAppOpPackage(perm, pkg.getPackageName());
}
//可以根据指定包名,将所有权限都判为安装时权限,自动授权
if ("com.xxxx.xxxx".equals(pkg.getPackageName())) {
grant = GRANT_INSTALL;
} else if (bp.isNormal()) {
//END
// For all apps normal permissions are install time ones.
grant = GRANT_INSTALL;
} else if (bp.isRuntime()) {
if (origPermissions.hasInstallPermission(bp.getName())
|| upgradedActivityRecognitionPermission != null) {
// Before Q we represented some runtime permissions as install permissions,
// in Q we cannot do this anymore. Hence upgrade them all.
grant = GRANT_UPGRADE;
} else {
// For modern apps keep runtime permissions unchanged.
grant = GRANT_RUNTIME;
}
} else if (bp.isSignature()) {
// For all apps signature permissions are install time ones.
allowedSig = grantSignaturePermission(perm, pkg, ps, bp, origPermissions);
if (allowedSig) {
grant = GRANT_INSTALL;
}
}
2、应用已安装打开时默认授权
在打开应用时如果有动态检测授权,会弹出授权提示框,弹出框对应的就是系统的权限管理窗口,可以默认在创建窗口时就自动授权然后隐藏弹窗,不用用户感知到。
java
//PackageInstaller/src/com/android/packageinstaller/permission/ui/GrantPermissionsActivity.java
private String mCallingPackage;
private int getPermissionPolicy() {
DevicePolicyManager devicePolicyManager = getSystemService(DevicePolicyManager.class);
//默认返回 PERMISSION_POLICY_AUTO_GRANT Activity oncreate过程检测时会自动授权并退出弹框界面,不让用户感知到
return DevicePolicyManager.PERMISSION_POLICY_AUTO_GRANT;
}
@Override
public void onCreate(Bundle icicle) {
3、系统app 预置编译时授权
在预置的 Android.bp 文件中增加权限xml编译,注意 prebuilt_etc 中 name 格式
prebuilt_etc { name:privapp_allowlist_com.example.myvoicecontrol", sub_dir: "permissions", src: "com.example.myvoicecontrol.xml", filename_from_src: true, }
android_app { ... required: ["privapp_allowlist_com.example.myvoicecontrol"], ... }
对应的 com.example.myvoicecontrol.xml 中填写需要的权限
<?xml version="1.0" encoding="utf-8"?> <permissions> <privapp-permissions package="com.android.car.voicecontrol"> <permission name="android.permission.MEDIA_CONTENT_CONTROL"/> </privapp-permissions> </permissions>
这样编译出来的应用就有了对应权限,而且不能被用户手动修改
4、系统 app 预置系统中默认授权
开机第一次时系统加载部分模块时默认会授权部分权限
java
//frameworks/base/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
private void grantDefaultSystemHandlerPermissions(PackageManagerWrapper pm, int userId) {
Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);
... ...
//以系统SMS为例,根据短信包名进行设置权限
// SMS
if (smsAppPackageNames == null) {
String smsPackage = getDefaultSystemHandlerActivityPackageForCategory(pm,
Intent.CATEGORY_APP_MESSAGING, userId);
grantDefaultPermissionsToDefaultSystemSmsApp(pm, smsPackage, userId);
} else {
for (String smsPackage : smsAppPackageNames) {
grantDefaultPermissionsToDefaultSystemSmsApp(pm, smsPackage, userId);
}
}
... ...
注意:针对MSM Dialer等必备功能应用,都有个提供用户选择的弹框设置默认应用,例如默认短信、默认电话应用等。此类应用在安装完成后,会执行 PermissionController 模块的 onAddRoleHolder 相关流程,设置为系统默认应用。应用为系统默认应用时,系统也会提供给他此类应用的基础权限,比如短信应用,会授予它短信类基础权限。
java
@WorkerThread
private boolean addRoleHolderInternal(@NonNull Role role, @NonNull String packageName,
boolean dontKillApp, boolean overrideUserSetAndFixedPermissions, boolean added) {
//这里会默认授予设置各类默认应用的基础相关权限
role.grant(packageName, dontKillApp, overrideUserSetAndFixedPermissions, this);
String roleName = role.getName();
if (!added) {
added = mRoleManager.addRoleHolderFromController(roleName, packageName);
}
if (!added) {
Log.e(LOG_TAG, "Failed to add role holder in RoleManager, package: " + packageName
+ ", role: " + roleName);
}
return added;
}
所以对短信等各类系统默认应用来说,开机时候实际执行两遍权限授予。