添加isPermissionRevokedByPolicy()了PackageManager API级别23 .false如果"通过策略"阻止某个包的请求权限,则应该返回:
通常,设备所有者或配置文件所有者可以应用此类策略.
有没有开发人员可以做的事情导致isPermissionRevokedByPolicy()返回false一些包/权限组合,而不是通过整个Android for Work集的恶作剧?
当然,我可能错了,但不幸的是,简短的回答似乎是"不,没有".
更广泛的答案:这是ApplicationPackageManager的代码:
@Override
public boolean isPermissionRevokedByPolicy(String permName, String pkgName) {
try {
return mPM.isPermissionRevokedByPolicy(permName, pkgName, mContext.getUserId());
} catch (RemoteException e) {
throw new RuntimeException("Package manager has died", e);
}
}
哪里是mPM -
private final IPackageManager mPM;
它在构造函数中初始化,由ContextImpl.getPackageManager()调用:
@Override
public PackageManager getPackageManager() {
if (mPackageManager != null) {
return mPackageManager;
}
IPackageManager pm = ActivityThread.getPackageManager();
if (pm != null) {
// Doesn't matter if we make more than one instance.
return (mPackageManager = new ApplicationPackageManager(this, pm));
}
return null;
}
(源代码)
深入研究ActivityThread.getPackageManager():
public static IPackageManager getPackageManager() {
if (sPackageManager != null) {
//Slog.v("PackageManager", "returning cur default = " + sPackageManager);
return sPackageManager;
}
IBinder b = ServiceManager.getService("package");
//Slog.v("PackageManager", "default service binder = " + b);
sPackageManager = IPackageManager.Stub.asInterface(b);
//Slog.v("PackageManager", "default service = " + sPackageManager);
return sPackageManager;
}
(源代码)
我正在做的所有这些步骤都是为了找到isPermissionRevokedByPolicy btw 的实际实现.然后我必须找到谁扩展了IPackageManager.Stub - 它是PackageManagerService(源代码).
所以这是实际的实现:
@Override
public boolean isPermissionRevokedByPolicy(String permission, String packageName, int userId) {
if (UserHandle.getCallingUserId() != userId) {
mContext.enforceCallingPermission(
android.Manifest.permission.INTERACT_ACROSS_USERS_FULL,
"isPermissionRevokedByPolicy for user " + userId);
}
if (checkPermission(permission, packageName, userId)
== PackageManager.PERMISSION_GRANTED) {
return false;
}
final long identity = Binder.clearCallingIdentity();
try {
final int flags = getPermissionFlags(permission, packageName, userId);
return (flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0;
} finally {
Binder.restoreCallingIdentity(identity);
}
}
可能要"伪造"特定权限的状态,您需要破解checkPermission和getPermissionFlags方法.我担心的问题是,没有明显的方法如何使用覆盖的PackageManagerService来提供ApplicationPackageManager,至少没有反射.
京公网安备 11010802040832号 | 京ICP备19059560号-6 