Android特权应用privapp-permissions权限解读

特权应用 官网说明

特权应用是位于系统映像某个分区上 priv-app 目录下的应用，如 system/priv-app/ 。

特权应用

相比安装在 system/app/ 目录的应用，具有更高的权限。基本都是系统预装，不可卸载。可以不是系统签名。 源码预制

源码下预制到 priv 分区，根据编译规则配置即可。

Android.mk

配置 LOCAL_PRIVILEGED_MODULE := true ，如

LOCAL_PATH := $(call my-dir) include $(CLEAR_VARS) LOCAL_MODULE := LuoDemo LOCAL_MULTILIB := 32 LOCAL_MODULE_CLASS := APPS LOCAL_MODULE_SUFFIX := $(COMMON_ANDROID_PACKAGE_SUFFIX) LOCAL_CERTIFICATE := platform LOCAL_PRIVILEGED_MODULE := true LOCAL_SRC_FILES := $(LOCAL_MODULE)$(COMMON_ANDROID_PACKAGE_SUFFIX) include $(BUILD_PREBUILT) include $(call all-makefiles-under,$(LOCAL_PATH)) Android.bp

配置 privileged: true

android_app { name: "LuoDemo", srcs: ["src/**/*.java"], certificate: "platform", privileged: true, platform_apis: true, static_libs: [ "xz-java", "androidx.leanback_leanback", "androidx.appcompat_appcompat", ], } privapp-permissions 权限配置

特权应用申请的特殊权限，需要在 xml 中声明权限。

如果不配置权限，机器预制特权应用，编译后开机可能会异常，常见的表现是：卡在开机Logo 或者 开机动画，无限重启。 报错 log 中典型特征 Signature|privileged permissions not in privapp-permissions whitelist ， 完整log如下，

--------- beginning of crash 10-16 14:18:39.065 3151 3151 E AndroidRuntime: *** FATAL EXCEPTION IN SYSTEM PROCESS: main 10-16 14:18:39.065 3151 3151 E AndroidRuntime: java.lang.IllegalStateException: Signature|privileged permissions not in privapp-permissions whitelist: {com.demo.permission: android.permission.DELETE_PACKAGES, com.demo.permission: android.permission.READ_NETWORK_USAGE_HISTORY, com.demo.permission: android.permission.READ_LOGS, com.demo.permission: android.permission.PACKAGE_USAGE_STATS, com.demo.permission: android.permission.CLEAR_APP_CACHE, com.demo.permission: android.permission.REAL_GET_TASKS, com.demo.permission: android.permission.READ_PRIVILEGED_PHONE_STATE} 10-16 14:18:39.065 3151 3151 E AndroidRuntime: at com.android.server.pm.permission.PermissionManagerService.systemReady(PermissionManagerService.java:3118) 10-16 14:18:39.065 3151 3151 E AndroidRuntime: at com.android.server.pm.permission.PermissionManagerService.access$100(PermissionManagerService.java:122) 10-16 14:18:39.065 3151 3151 E AndroidRuntime: at com.android.server.pm.permission.PermissionManagerService$PermissionManagerServiceInternalImpl.systemReady(PermissionManagerService.java:3179) 10-16 14:18:39.065 3151 3151 E AndroidRuntime: at com.android.server.pm.PackageManagerService.systemReady(PackageManagerService.java:21886) 10-16 14:18:39.065 3151 3151 E AndroidRuntime: at com.android.server.SystemServer.startOtherServices(SystemServer.java:1995) 10-16 14:18:39.065 3151 3151 E AndroidRuntime: at com.android.server.SystemServer.run(SystemServer.java:513) 10-16 14:18:39.065 3151 3151 E AndroidRuntime: at com.android.server.SystemServer.main(SystemServer.java:350) 10-16 14:18:39.065 3151 3151 E AndroidRuntime: at java.lang.reflect.Method.invoke(Native Method) 10-16 14:18:39.065 3151 3151 E AndroidRuntime: at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:492) 10-16 14:18:39.065 3151 3151 E AndroidRuntime: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:916)

配置 privapp-permissions 权限的方法如下，任选其一即可。逐个说明。

原生 privapp-permissions-platform.xml

修改 frameworks/base/data/etc/privapp-permissions-platform.xml ，

根据 log 中的报错逐个添加权限，添加如下，

<permissions> + <privapp-permissions package="com.demo.permission"> + <permission name="android.permission.DELETE_PACKAGES"/> + <permission name="android.permission.READ_NETWORK_USAGE_HISTORY"/> + <permission name="android.permission.READ_LOGS"/> + <permission name="android.permission.PACKAGE_USAGE_STATS"/> + <permission name="android.permission.CLEAR_APP_CACHE"/> + <permission name="android.permission.REAL_GET_TASKS"/> + <permission name="android.permission.READ_PRIVILEGED_PHONE_STATE"/> + </privapp-permissions> </permissions> 厂商的 privapp-permissions-xxx.xml

厂商基本都有自己定制 privapp-permissions-xxx.xml ，如

LOCAL_PATH:= $(call my-dir) include $(CLEAR_VARS) LOCAL_MODULE := privapp-permissions-xxx.xml LOCAL_MODULE_CLASS := ETC LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/permissions LOCAL_MODULE_TAGS := optional LOCAL_SRC_FILES := privapp-permissions-xxx.xml include $(BUILD_PREBUILT) include $(call all-makefiles-under,$(LOCAL_PATH))

最终编译到 system/etc/permissions/

新增

自己新增一个 privapp-permissions-my.xml 文件，在 device.mk 中拷贝到 system/etc/permissions/ 下，

PRODUCT_COPY_FILES += \ device/tv201/DAEWOO/etc/permissions/privapp-permissions-my.xml:system_ext/etc/permissions/privapp-permissions-my.xml \

此方法可能不完全适用，谨慎使用。

提前获取应用的特殊权限

前面是根据报错 log 来知道特权应用申请的权限，如果可以提前获取，就可以避免编译耗时。

如果应用可以直接安装，就可以用命令获取。

安装

先安装特权应用，pm install -r --user 0 apkFilePath 。 -r 、–user 0 参数按需使用。

获取

用 pm get-privapp-permissions TARGET-PACKAGE 命令获取

get-privapp-permissions TARGET-PACKAGE Prints all privileged permissions for a package.

如，

console:/ # pm get-privapp-permissions com.demo.permission {android.permission.REAL_GET_TASKS, android.permission.PACKAGE_USAGE_STATS, android.permission.READ_PRIVILEGED_PHONE_STATE, android.permission.READ_LOGS, android.permission.READ_NETWORK_USAGE_HISTORY, android.permission.CLEAR_APP_CACHE, android.permission.DELETE_PACKAGES} console:/ #

这是串口获取的， adb 获取的话用 adb shell pm get-privapp-permissions TARGET-PACKAGE 。

源码分析

报错 log Signature|privileged permissions not in privapp-permissions whitelist 位于 frameworks/base/services/core/java/com/android/server/pm/permission/PermissionManagerService.java ，

private void systemReady() { mSystemReady = true; if (mPrivappPermissionsViolations != null) { throw new IllegalStateException("Signature|privileged permissions not in " + "privapp-permissions whitelist: " + mPrivappPermissionsViolations); } mPermissionControllerManager = mContext.getSystemService(PermissionControllerManager.class); mPermissionPolicyInternal = LocalServices.getService(PermissionPolicyInternal.class); }

待续