1.概述
在15.0系统rom定制化开发中,客户需求要实现应用安装黑名单功能,在白名单之中的应用可以安装,其他的app不准安装,实现一个
控制app安装的功能,这需要从app安装流程入手就可以实现功能
PMS就是负责管理app安装的,功能就添加在这里就可以了,接下来看具体实现这个功能
2.app应用安装黑名单核心代码
frameworks/base/core/java/android/content/pm/IPackageManager.aidl
frameworks/base/services/core/java/com/android/server/pm/InstallPackageHelper.java
frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java3.app应用安装黑名单核心功能分析
PackageManager是用于获取Android系统中应用程序的信息,查询Application相关信息(application,activity,receiver,service,provider及相应属性等)、查询已安装应用、
增加或删除permission、清除用户数据、缓存,代码段等
IPackageManager接口类中定义了服务端和客户端通信的业务函数,还定义了内部类Stub,该类从Binder派生并实现了IPackageManager接口。
PackageManagerService继承自IPackageManager.Stub类,由于Stub类从Binder派生,因此PackageManagerService将作为服务端参与Binder通信。
PackageManagerService(简称PKMS),是Android系统中核心服务之一,管理着所有与package相关的工作,常见的比如安装、卸载应用, 信息查询等工作, 主要完成以下核心功能
-
解析AndroidManifest.xml清单文件,解析清单文件中的所有节点信息
-
扫描本地文件,主要针对apk,主要是系统应用、本地安装应用等。
实现功能需求:
首选需要在IPackageManager.aidl这个pms的aidl中增加白名单接口,实现设置白名单和获取白名单的
接口,接下来在PMS中的安装app的方法中判断是否是白名单的app,然后确定是否让安装从而实现功能
3.1 IPackageManager.aidl添加接口供app调用
在实现app应用安装黑名单核心功能中,通过分析得知,IPackageManager接口类定义了关于PackageManagerService的
相关接口,在这里私信对apk的扫描安装接口,所以关于设置安装黑名单的接口,也需要在这里定义,然后在PackageManagerService中
进行实现相关的接口定义
首先需要在增加pms的aidl中IPackageManager.aidl增加设置黑名单和获取黑名单接口
diff --git a/frameworks/base/core/java/android/content/pm/IPackageManager.aidl b/frameworks/base/core/java/android/content/pm/IPackageManager.aidl
old mode 100644
new mode 100755
index a369cc89a3..90fafe5a8f
--- a/frameworks/base/core/java/android/content/pm/IPackageManager.aidl
+++ b/frameworks/base/core/java/android/content/pm/IPackageManager.aidl
@@ -798,4 +798,7 @@ interface IPackageManager {
*/
int restoreAppData(String sourceDir, String pkgName);
/* @} */
+
+ void setInstallPackageBlackList(in List<String> packageNames);
+ List<String> getInstallPackageBlackList();
}
public abstract class IPackageManagerBase extends IPackageManager.Stub {
@Override
+ public void setInstallPackageBlackList(in List<String> packageNames){
}
@Override
+ public List<String> getInstallPackageBlackList(){
}
}通过上述在 IPackageManager.aidl的代码中,
通过添加setInstallPackageBlackList(in List<String> packageNames)和getInstallPackageBlackList()作为安装黑名单的接口
3.2 在PMS中实现设置和获取黑名单的接口
在实现app应用安装黑名单核心功能中,通过分析得知,需要在PackageManagerService.java中
实现IPackageManager.aidl增加设置黑名单和获取黑名单接口功能,接下来具体实现相关的
安装黑名单功能
diff --git a/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java b/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
index 45289f2e39..6727b10e35 100755
--- a/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -111,7 +111,13 @@ import static com.android.server.pm.PackageManagerServiceUtils.getCompressedFile
import static com.android.server.pm.PackageManagerServiceUtils.getLastModifiedTime;
import static com.android.server.pm.PackageManagerServiceUtils.logCriticalInfo;
import static com.android.server.pm.PackageManagerServiceUtils.verifySignatures;
-
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.InputStreamReader;
+import java.io.LineNumberReader;
+import java.io.PrintWriter;
import android.Manifest;
import android.annotation.IntDef;
import android.annotation.NonNull;
@@ -2141,7 +2147,16 @@ public class PackageManagerService implements PackageSender, TestUtilityService
}
}
}
-
+ private List<String> installBlackpackageNames;
+ @Override
+ public void setInstallPackageBlackList( List<String> packageNames) {
+ this.installBlackpackageNames=packageNames;
+ }
+
+ @Override
+ public List<String> getInstallPackageBlackList(){
+ return this.installBlackpackageNames;
+ }在实现app应用安装黑名单核心功能中,通过分析得知,
通过上述在PackageManagerService.java的代码中,增加实现安装app黑名单的接口
来实现自定义服务中,通过调用接口来实现对安装黑名单数据的传递,来实现控制app
黑名单内的app安装
3.3 InstallPackageHelper关于安装app黑名单功能实现分析
在实现app应用安装黑名单核心功能中,通过分析得知,在 PackageManagerService.java的相关源码分析得知,
PMS安装app的流程中,都会调用InstallPackageHelper.preparePackageLI()负责对app的安装功能做相关的管理,可以先看相关代码
然后在这里进行安装app的时候判断app是否在黑名单列表中决定是否安装
@GuardedBy("mInstallLock")
private PrepareResult preparePackageLI(InstallArgs args, PackageInstalledInfo res)
throws PrepareFailure {
final int installFlags = args.mInstallFlags;
final File tmpPackageFile = new File(args.getCodePath());
final boolean onExternal = args.mVolumeUuid != null;
final boolean instantApp = ((installFlags & PackageManager.INSTALL_INSTANT_APP) != 0);
final boolean fullApp = ((installFlags & PackageManager.INSTALL_FULL_APP) != 0);
final boolean virtualPreload =
((installFlags & PackageManager.INSTALL_VIRTUAL_PRELOAD) != 0);
final boolean isRollback = args.mInstallReason == PackageManager.INSTALL_REASON_ROLLBACK;
@PackageManagerService.ScanFlags int scanFlags = SCAN_NEW_INSTALL | SCAN_UPDATE_SIGNATURE;
if (args.mMoveInfo != null) {
// moving a complete application; perform an initial scan on the new install location
scanFlags |= SCAN_INITIAL;
}
if ((installFlags & PackageManager.INSTALL_DONT_KILL_APP) != 0) {
scanFlags |= SCAN_DONT_KILL_APP;
}
if (instantApp) {
scanFlags |= SCAN_AS_INSTANT_APP;
}
if (fullApp) {
scanFlags |= SCAN_AS_FULL_APP;
}
if (virtualPreload) {
scanFlags |= SCAN_AS_VIRTUAL_PRELOAD;
}
if (DEBUG_INSTALL) Slog.d(TAG, "installPackageLI: path=" + tmpPackageFile);
// Validity check
if (instantApp && onExternal) {
Slog.i(TAG, "Incompatible ephemeral install; external=" + onExternal);
throw new PrepareFailure(PackageManager.INSTALL_FAILED_SESSION_INVALID);
}
.....
}在实现app应用安装黑名单核心功能中,通过分析得知,在 InstallPackageHelper.java的相关源码分析得知,
通过对PMS的安装流程分析,可以得知在app静默安装,手动安装,等等,
无论是pm安装或者是 代码安装 都会走InstallPackageHelper.preparePackageLI 所以在这里添加判断包名是否在黑名单即可
然后在黑名单内的app可以安装,不在黑名单内的app就不能安装,具体实现如下:
@@ -17482,7 +17497,13 final class InstallPackageHelper {
@GuardedBy("mInstallLock")
private PrepareResult preparePackageLI(InstallArgs args, PackageInstalledInfo res)
throws PrepareFailure {
try (PackageParser2 pp = new PackageParser2(mSeparateProcesses, false, mMetrics, null,
mPackageParserCallback)) {
parsedPackage = pp.parsePackage(tmpPackageFile, parseFlags, false);
AndroidPackageUtils.validatePackageDexMetadata(parsedPackage);
} catch (PackageParserException e) {
throw new PrepareFailure("Failed parse during installPackageLI", e);
} finally {
Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);
}
-
+ if(isBlackListApp(parsedPackage.getPackageName())){
+ Log.d("TAG","--isBlackListApp--");
+
+ throw new PrepareFailure(INSTALL_FAILED_INSTANT_APP_INVALID,
+ "app is not in the Blacklist. packageName");
+
+ }
if (instantApp && pkg.mSigningDetails.signatureSchemeVersion
< SignatureSchemeVersion.SIGNING_BLOCK_V2) {
Slog.w(TAG, "Instant app package " + pkg.packageName
@@ -18039,7 +18060,21 @@ public class PackageManagerService extends PackageManagerServiceExAbs
}
}
}
+ private boolean isBlackListApp(String packagename){
+ if(this.installBlackpackageNames ==null || this.installBlackpackageNames.size()==0){
+ return false;
+ }
+
+ Iterator<String> it = this.installBlackpackageNames.iterator();
+ while (it.hasNext()) {
+ String blacklistItem = it.next();
+ if (blacklistItem.equals(packagename)) {
+ return true;
+ }
+ }
+ return false;
+ }在实现app应用安装黑名单核心功能中,通过分析得知,在 InstallPackageHelper.java的相关源码分析得知,
在preparePackageLI(InstallArgs args, PackageInstalledInfo res)方法中,通过判断当前parsedPackage.getPackageName()
包名是否在黑名单中,如果在黑名单中,就返回throw new PrepareFailure(INSTALL_FAILED_INSTANT_APP_INVALID,
"app is not in the Blacklist. packageName");然后就可以禁止安装app就可以了