The Solution of Permission Pop up in Android 7.0 Runtime

  • 2021-11-24 03:03:32
  • OfStack

When the Android 7.0 system runs the application, there are many restrictions on the authority, such as normal, dangerous, signature and signatureOrSystem. Depending on the protection level, the system may take different operations when determining whether to grant the authority.

normal indicates that permissions are low-risk and will not harm the system, users or other applications; dangerous indicates that the permission is high-risk, and the system may require the user to enter relevant information before granting this permission; signature means that permissions can only be granted to an application if it uses the same digital signature as the application claiming the cited permission; signatureOrSystem means granting permissions to an application with the same digital signature or to an android package class. This 1 protection level is suitable for very special situations, such as when multiple vendors need to share functions through system images

Runtime permissions pop-up problem is a lot of system customization of customer requirements shielded, 1 straight since there is no particularly good method, I share 1 below my own verification of feasible solutions

Scheme 1: Modify frameworks/base/services/core/java/com/android/server/pm/PackageManagerService and frameworks/base/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy files. The modification code of PackageManagerService files is as follows:


 @Override
  public void systemReady() {
 ...
 synchronized (mPackages) {
      ...
      for (int userId : UserManagerService.getInstance().getUserIds()) {
        //if (!mSettings.areDefaultRuntimePermissionsGrantedLPr(userId)) {// Comment out this judgment 
          grantPermissionsUserIds = ArrayUtils.appendInt(
              grantPermissionsUserIds, userId);
        //}
      }
    }

DefaultPermissionGrantPolicy file modification code is as follows:


 private void grantPermissionsToSysComponentsAndPrivApps(int userId) {
    Log.i(TAG, "Granting permissions to platform components for user " + userId);
 
    synchronized (mService.mPackages) {
      for (PackageParser.Package pkg : mService.mPackages.values()) {
   // if (!isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg) // Delete isSysComponentOrPersistentPlatformSignedPrivAppLPr Judge 
 if(!doesPackageSupportRuntimePermissions(pkg)
            || pkg.requestedPermissions.isEmpty()) {
          continue;
        }
        Set<String> permissions = new ArraySet<>();
        final int permissionCount = pkg.requestedPermissions.size();
        for (int i = 0; i < permissionCount; i++) {
          String permission = pkg.requestedPermissions.get(i);
          BasePermission bp = mService.mSettings.mPermissions.get(permission);
          if (bp != null && bp.isRuntime()) {
            permissions.add(permission);
          }
        }
        if (!permissions.isEmpty()) {
          grantRuntimePermissionsLPw(pkg, permissions, true, userId);
        }
      }
    }
  }

Briefly explain the modification principle of this scheme, In the systemReady method of PMS, all applications with default runtime permissions are traversed, Give permissions by traversing their UserId, After judging whether it is an application method with runtime permission, all applications will be traversed. The operation of traversing applications and giving permission is grantPermissionsToSysComponentsAndPrivApps method in DefaultPermissionGrantPolicy, and the method of judging signature application and system application will be commented out. Ordinary applications can also obtain all runtime permission, so all applications will not have pop-up windows of runtime permission.

Scheme 2, only modify the frameworks/base/services/core/java/com/android/server/pm/PackageManagerService file, modify the grantPermissionsLPw method, the code is as follows:


 private void grantPermissionsLPw(PackageParser.Package pkg, boolean replace,
      String packageOfInterest) {
   ...
   /*add for grant thirdparty app permssion S*/
   final String thirdPkgName = SystemProperties.get("persist.thirdparty.packagenames","");
      
   if(isSystemApp(pkg) || pkg.packageName.contains(thirdPkgName)){//xxx Is the package name 
    final int permCount = pkg.requestedPermissions.size();
    for(int i = 0;i < permCount;i++){
      final String name = pkg.requestedPermissions.get(i);
      final BasePermission bp = mSettings.mPermissions.get(name);
      if(bp != null && permissionsState.grantInstallPermission(bp) != PermissionsState.PERMISSION_OPERATION_FAILURE){
        changeInstallPermission = true;
      }
   }
   /*add for grant thirdparty app permission E*/
   permissionsState.setGlobalGids(mGlobalGids);
   ...
 }

Briefly explain the idea of the second scheme. When the application is installed, PMS will update the permissions according to whether the application is a signature application, a system application or a 3-party application, which can be made into a white list. At present, the 3-party package name can be obtained through SystemProperties or serial port to test whether the 3-party application permissions can be obtained normally. You can choose the two schemes freely.


Related articles: