LOCAL_PRIVILEGED_MODULE 详解(5)
来源:互联网 发布:西安美林数据 怎么样 编辑:程序博客网 时间:2024/06/08 13:45
3.权限管理作用
Android系统级的权限管理借鉴了Linux用户的概念,往往是通过鉴定一个进程的种种身份信息来管理。譬如UID,检查是否Process.ROOT_UID或者Process.SYSTEM_UID。
Process.java
/** * Defines the root UID. * @hide */ public static final int ROOT_UID = 0; /** * Defines the UID/GID under which system code runs. */ public static final int SYSTEM_UID = 1000;
关于Android UID可以参看我之前两篇:
Android下uid与多用户释疑(一)
Android下uid与多用户释疑(二)
本文介绍的privileged app也是进程的一种身份标识,被用在Android系统权限管理中。此处举两个例子:
3.1 系统app安装器
packages/apps/PackageInstaller/src/com/android/packageinstaller/PackageInstallerActivity.java:
private boolean isInstallRequestFromUnknownSource(Intent intent) { String callerPackage = getCallingPackage(); if (callerPackage != null && intent.getBooleanExtra( Intent.EXTRA_NOT_UNKNOWN_SOURCE, false)) { try { mSourceInfo = mPm.getApplicationInfo(callerPackage, 0); if (mSourceInfo != null) { if ((mSourceInfo.privateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0) { // Privileged apps are not considered an unknown source. return false; } } } catch (NameNotFoundException e) { } } return true; }
这段代码是用来判断安装来源是否是“未知源”,privileged app被认为不是“未知源”。
3.2 系统设置数据管理
frameworks/base/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java:
private void enforceRestrictedSystemSettingsMutationForCallingPackage(int operation, String name) { // System/root/shell can mutate whatever secure settings they want. final int callingUid = Binder.getCallingUid(); if (callingUid == android.os.Process.SYSTEM_UID || callingUid == Process.SHELL_UID || callingUid == Process.ROOT_UID) { return; } switch (operation) { case MUTATION_OPERATION_INSERT: // Insert updates. case MUTATION_OPERATION_UPDATE: { if (Settings.System.PUBLIC_SETTINGS.contains(name)) { return; } // The calling package is already verified. PackageInfo packageInfo = getCallingPackageInfoOrThrow(); // Privileged apps can do whatever they want. if ((packageInfo.applicationInfo.privateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0) { return; } warnOrThrowForUndesiredSecureSettingsMutationForTargetSdk( packageInfo.applicationInfo.targetSdkVersion, name); } break; case MUTATION_OPERATION_DELETE: { if (Settings.System.PUBLIC_SETTINGS.contains(name) || Settings.System.PRIVATE_SETTINGS.contains(name)) { throw new IllegalArgumentException("You cannot delete system defined" + " secure settings."); } // The calling package is already verified. PackageInfo packageInfo = getCallingPackageInfoOrThrow(); // Privileged apps can do whatever they want. if ((packageInfo.applicationInfo.privateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0) { return; } warnOrThrowForUndesiredSecureSettingsMutationForTargetSdk( packageInfo.applicationInfo.targetSdkVersion, name); } break; } }
这段代码用来判断当前的调用进程是否有权限改变系统设置的某些值。可以看到,privileged app可以做任何事情。(完)
LOCAL_PRIVILEGED_MODULE 详解(1)
LOCAL_PRIVILEGED_MODULE 详解(2)
LOCAL_PRIVILEGED_MODULE 详解(3)
LOCAL_PRIVILEGED_MODULE 详解(4)
LOCAL_PRIVILEGED_MODULE 详解(5)
阅读全文
1 0
- LOCAL_PRIVILEGED_MODULE 详解(5)
- LOCAL_PRIVILEGED_MODULE 详解(1)
- LOCAL_PRIVILEGED_MODULE 详解(2)
- LOCAL_PRIVILEGED_MODULE 详解(3)
- LOCAL_PRIVILEGED_MODULE 详解(4)
- user_namespace详解(5)
- dedecms代码详解(5)
- mahout SparseVectorsFromSequenceFiles详解(5)
- xenpaging流程详解(5)
- (5)CSS选择器详解
- SpringMVC详解详解(三)
- ACM详解(5)——排序
- S2SH配置过程 详解(5)
- ACM详解(5)——排序
- VC++深入详解 (chapter 5)
- adnroid GPS定位详解(5)
- TCP/IP详解学习笔记(5)
- 孙鑫VC++深入详解(5):菜单
- Spring AOP增强小例子
- Java序列化(实现Serializable接口)作用
- 技术点-ActiveMQ-概念性总结
- 升级到xcode8.3.3后,Apple Mach-O Linker Error 看不到详细信息了
- Android 状态栏沉浸式效果
- LOCAL_PRIVILEGED_MODULE 详解(5)
- Centos 6.9 Install dubbo-admin 2.8.4
- 详解--前向量【转载】
- 解决react vr视频在微信和浏览器上全屏的问题
- 使用JedisPoolConfig对象时报错
- Mac下搭建react native开发环境
- JS书写优化
- hadoop2.6.5 ha配置与yarn ha配置
- sql 分组查询和子查询语句