設置-權(quán)限PMS流程梳理

Android M之前,權(quán)限都是在安裝時授予的,雖然在4.3時,Google就試圖在源碼里面引入AppOpsManager來達到動態(tài)控制權(quán)限的目的,但由于不太成熟,在Release版本并沒有釋放這個功能。在6.0之后,Google為了簡化安裝流程且方便用戶控制權(quán)限,正式引入了runtime-permission,允許用戶在運行的時候動態(tài)控制權(quán)限。對于開發(fā)而言就是將targetSdkVersion設置為23,并且在相應的時機動態(tài)申請權(quán)限,在適配了Android6.0的App運行在Android 6.0+的手機上時,就會調(diào)用6.0相關(guān)的API,不過在低版本的手機上,仍然是按安裝時權(quán)限處理。

1. 適配Android運行時權(quán)限

適配Android Runtime Permission,常見的步驟如下:

1.1 在AndroidManifest文件中添加需要的權(quán)限。

這個步驟和我們之前的開發(fā)并沒有什么變化,試圖去申請一個沒有聲明的權(quán)限可能會導致程序崩潰。

1.2 檢查權(quán)限

if (ContextCompat.checkSelfPermission(this, Manifest.permission.READ_CONTACTS) 
            != PackageManager.PERMISSION_GRANTED) {
    //申請權(quán)限
}

這里涉及到一個API,ContextCompat.checkSelfPermission,主要用于檢測某個權(quán)限是否已經(jīng)被授予,方法返回值為PackageManager.PERMISSION_DENIED或者PackageManager.PERMISSION_GRANTED。當返回DENIED就需要進行申請授權(quán)了。

1.3 申請授權(quán)

 ActivityCompat.requestPermissions(thisActivity,
                new String[]{Manifest.permission.READ_CONTACTS}, PERMISSIONS_REQUEST_CODE);

該方法是異步的,第一個參數(shù)是Context;第二個參數(shù)是需要申請的權(quán)限的字符串數(shù)組;第三個參數(shù)為requestCode,主要用于回調(diào)的時候檢測??梢詮姆椒鹯equestPermissions以及第二個參數(shù)看出,是支持一次性申請多個權(quán)限的,系統(tǒng)會通過對話框逐一詢問用戶是否授權(quán)。

1.4處理權(quán)限申請回調(diào)

@Override
public void onRequestPermissionsResult(int requestCode, String permissions[], int[] grantResults) {
    switch (requestCode) {
        case PERMISSIONS_REQUEST_CODE: {
            if (grantResults.length > 0 && grantResults[0] == PackageManager.PERMISSION_GRANTED) {
                //權(quán)限申請成功
            } else {
                //權(quán)限申請失敗
            }
            return;
        }
    }
}

該方法在權(quán)限申請之后會回調(diào),首先驗證requestCode,然后驗證grantResults對應于申請的結(jié)果,這里的數(shù)組對應于申請時的第二個權(quán)限字符串數(shù)組。如果你同時申請兩個權(quán)限,那么grantResults的length就為2,分別記錄你兩個權(quán)限的申請結(jié)果。
以上的步驟對于我們Android開發(fā)者來說都很熟悉,但是很少有人研究Android鑒權(quán)的底層邏輯,今天我們就從上述調(diào)用的api入手,來研究Android權(quán)限的調(diào)用流程。

2. 檢查權(quán)限流程

檢查權(quán)限通過系統(tǒng)api ActivityCompat.requestPermissions()進行,其底層通過上下文對象ContextImpl調(diào)用PermissionManager.checkPermission()方法。
frameworks/base/core/java/android/app/ContextImpl.java

@Override
public int checkPermission(String permission, int pid, int uid) {
    if (permission == null) {
        throw new IllegalArgumentException("permission is null");
    }
    return PermissionManager.checkPermission(permission, pid, uid);
}

PermissionManager 中 checkPermission()采用緩存機制,將最近檢查的權(quán)限緩存起來,緩存中沒有的權(quán)限,調(diào)用checkPermissionUncached()方法從底層服務中繼續(xù)查詢。
正常情況下,會拿到AMS的binder對象,調(diào)用AMS checkPermission()方法。
frameworks/base/core/java/android/permission/PermissionManager.java

/* @hide */
private static int checkPermissionUncached(@Nullable String permission, int pid, int uid) {
    final IActivityManager am = ActivityManager.getService();
    ......
    try {
        return am.checkPermission(permission, pid, uid);
    } catch (RemoteException e) {
        throw e.rethrowFromSystemServer();
    }
}

checkPermission()方法是權(quán)限檢查的唯一公共入口點,在這里會將空權(quán)限字符串過濾掉。
frameworks/base/services/core/java/com/android/server/am/ActivityManagerService.java

@Override
public int checkPermission(String permission, int pid, int uid) {
    if (permission == null) {
        return PackageManager.PERMISSION_DENIED;
    }
    return checkComponentPermission(permission, pid, uid, -1, true);
}

繼續(xù)執(zhí)行checkComponentPermission()方法,這里會判斷是否進程已經(jīng)被拒絕訪問該權(quán)限,如果是就直接返回PERMISSION_GRANTED。如果不是,就繼續(xù)執(zhí)行ActivityManager.checkComponentPermission()方法。

public static int checkComponentPermission(String permission, int pid, int uid,
        int owningUid, boolean exported) {
    if (pid == MY_PID) {
        return PackageManager.PERMISSION_GRANTED;
    }
    // If there is an explicit permission being checked, and this is coming from a process
    // that has been denied access to that permission, then just deny.  Ultimately this may
    // not be quite right -- it means that even if the caller would have access for another
    // reason (such as being the owner of the component it is trying to access), it would still
    // fail.  This also means the system and root uids would be able to deny themselves
    // access to permissions, which...  well okay. ˉ\_(ツ)_/ˉ
    if (permission != null) {
        synchronized (sActiveProcessInfoSelfLocked) {
            ProcessInfo procInfo = sActiveProcessInfoSelfLocked.get(pid);
            if (procInfo != null && procInfo.deniedPermissions != null
                    && procInfo.deniedPermissions.contains(permission)) {
                return PackageManager.PERMISSION_DENIED;
            }
        }
    }
    return ActivityManager.checkComponentPermission(permission, uid,
            owningUid, exported);
}

這里有執(zhí)行到了ActivityManager的checkComponentPermission()方法,在進行一些特殊進程的判斷之后,最終調(diào)用到了PMS的checkUidPermission()方法。
frameworks/base/core/java/android/app/ActivityManager.java

/** @hide */
@UnsupportedAppUsage
public static int checkComponentPermission(String permission, int uid,
        int owningUid, boolean exported) {
    // Root, system server get to do everything.
    final int appId = UserHandle.getAppId(uid);
    if (appId == Process.ROOT_UID || appId == Process.SYSTEM_UID) {
        return PackageManager.PERMISSION_GRANTED;
    }
    // Isolated processes don't get any permissions.
    if (UserHandle.isIsolated(uid)) {
        return PackageManager.PERMISSION_DENIED;
    }
    // If there is a uid that owns whatever is being accessed, it has
    // blanket access to it regardless of the permissions it requires.
    if (owningUid >= 0 && UserHandle.isSameApp(uid, owningUid)) {
        return PackageManager.PERMISSION_GRANTED;
    }
    // If the target is not exported, then nobody else can get to it.
    if (!exported) {
        /*
        RuntimeException here = new RuntimeException("here");
        here.fillInStackTrace();
        Slog.w(TAG, "Permission denied: checkComponentPermission() owningUid=" + owningUid,
                here);
        */
        return PackageManager.PERMISSION_DENIED;
    }
    if (permission == null) {
        return PackageManager.PERMISSION_GRANTED;
    }
    try {
        return AppGlobals.getPackageManager()
                .checkUidPermission(permission, uid);
    } catch (RemoteException e) {
        throw e.rethrowFromSystemServer();
    }
}

和其它服務一樣,PackageManagerService 由于自身功能太多,將功能細分為不同的模塊調(diào)用對用的工具類,權(quán)限相關(guān)的功能就由PermissionManagerService來處理。
frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java

// NOTE: Can't remove without a major refactor. Keep around for now.
@Override
public int checkUidPermission(String permName, int uid) {
    /// M: CTA requirement - permission control  @{
    CtaManagerFactory.getInstance().makeCtaManager().reportPermRequestUsage(permName, uid);
    //@}
    try {
        // Because this is accessed via the package manager service AIDL,
        // go through the permission manager service AIDL
        return mPermissionManagerService.checkUidPermission(permName, uid);
    } catch (RemoteException ignore) { }
    return PackageManager.PERMISSION_DENIED;
}

繼續(xù)來看PermissionManagerService,這里首先調(diào)用到了checkUidPermission()方法,進行一些異常情況的處理,比如permission name為空,userId不存在。然后判斷checkPermissionDelegate 是否為空,正常情況下這里checkPermissionDelegate 是 空,其賦值是在AMS中的。所以會繼續(xù)流轉(zhuǎn)到checkUidPermissionImpl()方法。
frameworks/base/services/core/java/com/android/server/pm/permission/PermissionManagerService.java

@Override
public int checkUidPermission(String permName, int uid) {
    // Not using Objects.requireNonNull() here for compatibility reasons.
    if (permName == null) {
        return PackageManager.PERMISSION_DENIED;
    }
    final int userId = UserHandle.getUserId(uid);
    if (!mUserManagerInt.exists(userId)) {
        return PackageManager.PERMISSION_DENIED;
    }

    final CheckPermissionDelegate checkPermissionDelegate;
    synchronized (mLock) {
        checkPermissionDelegate = mCheckPermissionDelegate;
    }
    if (checkPermissionDelegate == null)  {
        return checkUidPermissionImpl(permName, uid);
    }
    return checkPermissionDelegate.checkUidPermission(permName, uid,
            this::checkUidPermissionImpl);
}

可以看到,checkUidPermissionImpl()方法通過uid獲取了進程對應的包信息AndroidPackage,再將其傳入checkUidPermissionInternal()方法。

private int checkUidPermissionImpl(String permName, int uid) {
    final AndroidPackage pkg = mPackageManagerInt.getPackage(uid);
    return checkUidPermissionInternal(pkg, uid, permName);
}

繼續(xù)看checkUidPermissionInternalf()方法,AndroidPackage 不為空的情況下,會繼續(xù)調(diào)用checkPermissionInternal()方法。

/**
 * Checks whether or not the given package has been granted the specified
 * permission. If the given package is {@code null}, we instead check the
 * system permissions for the given UID.
 *
 * @see SystemConfig#getSystemPermissions()
 */
private int checkUidPermissionInternal(@Nullable AndroidPackage pkg, int uid,
        @NonNull String permissionName) {
    if (pkg != null) {
        final int userId = UserHandle.getUserId(uid);
        return checkPermissionInternal(pkg, false, permissionName, userId);
    }
    ......
    return PackageManager.PERMISSION_DENIED;
}

checkPermissionInternal()方法獲取AndroidPackage的PackageName,將其傳入mPackageManagerInt.getPackageSetting()方法獲取PackageSetting實例(PackageSetting類存儲了應用的各中信息),再獲取PackageSetting的PermissionsState實例(PermissionsState是PackageSetting的屬性,存儲應用的權(quán)限信息),再繼續(xù)調(diào)用checkSinglePermissionInternal()繼續(xù)判斷。

private int checkPermissionInternal(@NonNull AndroidPackage pkg, boolean isPackageExplicit,
        @NonNull String permissionName, @UserIdInt int userId) {
    final int callingUid = getCallingUid();
    ......
    final int uid = UserHandle.getUid(userId, pkg.getUid());
    final PackageSetting ps = (PackageSetting) mPackageManagerInt.getPackageSetting(
            pkg.getPackageName());
    if (ps == null) {
        return PackageManager.PERMISSION_DENIED;
    }
    final PermissionsState permissionsState = ps.getPermissionsState();
    if (checkSinglePermissionInternal(uid, permissionsState, permissionName)) {
        return PackageManager.PERMISSION_GRANTED;
    }
   .......
    return PackageManager.PERMISSION_DENIED;
}

checkSinglePermissionInternal()很簡單,調(diào)用PermissionsState.hasPermission()方法進行判斷。

private boolean checkSinglePermissionInternal(int uid,
        @NonNull PermissionsState permissionsState, @NonNull String permissionName) {
    if (!permissionsState.hasPermission(permissionName, UserHandle.getUserId(uid))) {
        return false;
    }
    ......
    return true;
}

PermissionsState中維護了一個ArrayMap mPermissions,mPermissions存儲了應用的權(quán)限數(shù)據(jù)PermissionData,通過調(diào)用permissionData.isGranted()來最終判斷是否具有該項權(quán)限。
frameworks/base/services/core/java/com/android/server/pm/permission/PermissionsState.java

/**
 * Gets whether the state has a given permission for the specified
 * user, regardless if this is an install or a runtime permission.
 *
 * @param name The permission name.
 * @param userId The device user id.
 * @return Whether the user has the permission.
 */
public boolean hasPermission(String name, int userId) {
    enforceValidUserId(userId);

    synchronized (mLock) {
        if (mPermissions == null) {
            return false;
        }
        PermissionData permissionData = mPermissions.get(name);

        return permissionData != null && permissionData.isGranted(userId);
    }
}

以上,就是運行時權(quán)限的檢查流程。

3. 申請權(quán)限流程

申請權(quán)限調(diào)用 Activity.requestPermissions(thisActivity,new String[]{Manifest.permission.READ_CONTACTS}, PERMISSIONS_REQUEST_CODE)接口,requestPermissions方法構(gòu)造一個intent,intent指向android.content.pm.action.REQUEST_PERMISSIONS,啟動權(quán)限管理器PermissionController。
frameworks/base/core/java/android/app/Activity.java

public final void requestPermissions(@NonNull String[] permissions, int requestCode) {
    if (requestCode < 0) {
        throw new IllegalArgumentException("requestCode should be >= 0");
    }
    if (mHasCurrentPermissionsRequest) {
        Log.w(TAG, "Can request only one set of permissions at a time");
        // Dispatch the callback with empty arrays which means a cancellation.
        onRequestPermissionsResult(requestCode, new String[0], new int[0]);
        return;
    }
    Intent intent = getPackageManager().buildRequestPermissionsIntent(permissions);
    startActivityForResult(REQUEST_PERMISSIONS_WHO_PREFIX, intent, requestCode, null);
    mHasCurrentPermissionsRequest = true;
}

權(quán)限管理器用于權(quán)限申請的界面為GrantPermissionsActivity.java,我們省略UI上的流程,直接來到權(quán)限申請完成的邏輯,用戶點擊權(quán)限彈框上的選項之后,會回調(diào)onPermissionGrantResult()方法,對權(quán)限申請進行處理。我們看到。這里有6中狀態(tài):

  • CANCELED:取消權(quán)限申請
  • GRANTED_ALWAYS :任何時候都允許
  • GRANTED_FOREGROUND_ONLY :僅在使用該應用時允許
  • GRANTED_ONE_TIME:僅限這一次
  • DENIED:拒絕
  • DENIED_DO_NOT_ASK_AGAIN:拒絕并不再詢問
    除CANCELED沒有實際操作之外,其它的選項都會調(diào)用onPermissionGrantResultSingleState這個方法,不同的是每種狀態(tài)傳遞的參數(shù)不同。
    參數(shù)意義:

對于權(quán)限組,這里有兩種foregroundGroupState 和 backgroundGroupState ,foregroundGroupState 代表只在允許前臺訪問的權(quán)限組,backgroundGroupState 代表允許后臺訪問的權(quán)限組。

  • groupState: 權(quán)限組的狀態(tài),包括foregroundGroupState 和 backgroundGroupState
  • granted:是否允許權(quán)限
  • isOneTime: 是否只允許一次權(quán)限
  • doNotAskAgain: 如果權(quán)限被拒絕,是否應該再次申請

以GRANTED_FOREGROUND_ONLY 為例,它僅允許應用在使用期間訪問權(quán)限,所以foregroundGroupState granted傳值為true,backgroundGroupState granted傳值為false。
onPermissionGrantResultSingleState(foregroundGroupState, true, false, false);
onPermissionGrantResultSingleState(backgroundGroupState, false, false, false);
packages/apps/PermissionController/src/com/android/permissioncontroller/permission/ui/GrantPermissionsActivity.java

@Override
public void onPermissionGrantResult(String name,
        @GrantPermissionsViewHandler.Result int result) {
    GroupState foregroundGroupState = getForegroundGroupState(name);
    GroupState backgroundGroupState = getBackgroundGroupState(name);
    ......
    switch (result) {
        case CANCELED:
            if (foregroundGroupState != null) {
                reportRequestResult(foregroundGroupState.affectedPermissions,
                        PERMISSION_GRANT_REQUEST_RESULT_REPORTED__RESULT__USER_IGNORED);
            }
            if (backgroundGroupState != null) {
                reportRequestResult(backgroundGroupState.affectedPermissions,
                        PERMISSION_GRANT_REQUEST_RESULT_REPORTED__RESULT__USER_IGNORED);
            }
            setResultAndFinish();
            return;
        case GRANTED_ALWAYS :
            if (foregroundGroupState != null) {
                onPermissionGrantResultSingleState(foregroundGroupState, true, false, false);
            }
            if (backgroundGroupState != null) {
                onPermissionGrantResultSingleState(backgroundGroupState, true, false, false);
            }
            break;
        case GRANTED_FOREGROUND_ONLY :
            if (foregroundGroupState != null) {
                onPermissionGrantResultSingleState(foregroundGroupState, true, false, false);
            }
            if (backgroundGroupState != null) {
                onPermissionGrantResultSingleState(backgroundGroupState, false, false, false);
            }
            break;
        case GRANTED_ONE_TIME:
            if (foregroundGroupState != null) {
                onPermissionGrantResultSingleState(foregroundGroupState, true, true, false);
            }
            if (backgroundGroupState != null) {
                onPermissionGrantResultSingleState(backgroundGroupState, false, true, false);
            }
            break;
        case DENIED :
            if (foregroundGroupState != null) {
                onPermissionGrantResultSingleState(foregroundGroupState, false, false, false);
            }
            if (backgroundGroupState != null) {
                onPermissionGrantResultSingleState(backgroundGroupState, false, false, false);
            }
            break;
        case DENIED_DO_NOT_ASK_AGAIN :
            if (foregroundGroupState != null) {
                onPermissionGrantResultSingleState(foregroundGroupState, false, false, true);
            }
            if (backgroundGroupState != null) {
                onPermissionGrantResultSingleState(backgroundGroupState, false, false, true);
            }
            break;
    }
    if (!showNextPermissionGroupGrantRequest()) {
        setResultAndFinish();
    }
}

我們繼續(xù)來看onPermissionGrantResultSingleState()方法,它對我們傳遞進來的參數(shù)進行處理。
如果granted為true,執(zhí)行權(quán)限組的groupState.mGroup.grantRuntimePermissions()方法;
如果granted為false,執(zhí)行權(quán)限組的groupState.mGroup.revokeRuntimePermissions()方法;

private void onPermissionGrantResultSingleState(GroupState groupState, boolean granted,
        boolean isOneTime, boolean doNotAskAgain) {
    if (groupState != null && groupState.mGroup != null
            && groupState.mState == GroupState.STATE_UNKNOWN) {
        if (granted) {
            int permissionGrantRequestResult =
                    PERMISSION_GRANT_REQUEST_RESULT_REPORTED__RESULT__USER_GRANTED;

           if (isOneTime) {
                groupState.mGroup.setOneTime(true);
                permissionGrantRequestResult =
                        PERMISSION_GRANT_REQUEST_RESULT_REPORTED__RESULT__USER_GRANTED_ONE_TIME;
            } else {
                groupState.mGroup.setOneTime(false);
            }

            groupState.mGroup.grantRuntimePermissions(true, doNotAskAgain,
                    groupState.affectedPermissions);
            groupState.mState = GroupState.STATE_ALLOWED;

            reportRequestResult(groupState.affectedPermissions, permissionGrantRequestResult);
        } else {
            groupState.mGroup.revokeRuntimePermissions(doNotAskAgain,
                    groupState.affectedPermissions);
            groupState.mGroup.setOneTime(false);
            groupState.mState = GroupState.STATE_DENIED;

            reportRequestResult(groupState.affectedPermissions, doNotAskAgain
                    ?PERMISSION_GRANT_REQUEST_RESULT_REPORTED__RESULT__USER_DENIED_WITH_PREJUDICE
                    : PERMISSION_GRANT_REQUEST_RESULT_REPORTED__RESULT__USER_DENIED);
        }
    }
}

我們繼續(xù)來看AppPermissionGroup grantRuntimePermissions()方法,方法很長,我們逐一來分析。

  1. 首先,這里for循環(huán)將遍歷權(quán)限組的所有權(quán)限,filterPermissions如果為空,則遍歷所有權(quán)限,filterPermissions如果不為空,則只遍歷filterPermissions中的權(quán)限。
  2. 如果不支持運行時權(quán)限(權(quán)限非運行時權(quán)限或SDK<23),則不處理
  3. 如果是系統(tǒng)設置的權(quán)限,不進行處理
  4. 在授予權(quán)限前,請確認權(quán)限應用可操作性已開啟。
  5. 權(quán)限granted設置為true
  6. 更新權(quán)限的標記
    權(quán)限更改完成之后,這里只是將數(shù)據(jù)保存在了permissionController,并沒有持久化,還需要調(diào)用persistChanges()方法持久化數(shù)據(jù)。
    packages/apps/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
public boolean grantRuntimePermissions(boolean setByTheUser, boolean fixedByTheUser,
        String[] filterPermissions) {
    boolean killApp = false;
    boolean wasAllGranted = true;

    // We toggle permissions only to apps that support runtime
    // permissions, otherwise we toggle the app op corresponding
    // to the permission if the permission is granted to the app.
    for (Permission permission : mPermissions.values()) {
        if (filterPermissions != null
                && !ArrayUtils.contains(filterPermissions, permission.getName())) {
            continue;
        }

        if (!permission.isGrantingAllowed(mIsEphemeralApp, mAppSupportsRuntimePermissions)) {
            // Skip unallowed permissions.
            continue;
        }

        boolean wasGranted = permission.isGrantedIncludingAppOp();

        if (mAppSupportsRuntimePermissions) {
            // Do not touch permissions fixed by the system.
            if (permission.isSystemFixed()) {
                wasAllGranted = false;
                break;
            }

            // Ensure the permission app op is enabled before the permission grant.
            if (permission.affectsAppOp() && !permission.isAppOpAllowed()) {
                permission.setAppOpAllowed(true);
            }

            // Grant the permission if needed.
            if (!permission.isGranted()) {
                permission.setGranted(true);
            }

            // Update the permission flags.
            if (!fixedByTheUser) {
                if (permission.isUserFixed()) {
                    permission.setUserFixed(false);
                }
                if (setByTheUser) {
                    if (!permission.isUserSet()) {
                        permission.setUserSet(true);
                    }
                }
            } else {
                if (!permission.isUserFixed()) {
                    permission.setUserFixed(true);
                }
                if (permission.isUserSet()) {
                    permission.setUserSet(false);
                }
            }
        }
        ......
    }

    if (!mDelayChanges) {
        persistChanges(false);

        if (killApp) {
            killApp(KILL_REASON_APP_OP_CHANGE);
        }
    }

    return wasAllGranted;
}

我們繼續(xù)看persistChanges()方法,這里會遍歷mPermissions,判斷權(quán)限是否授予,如果沒有授予就調(diào)用PKMS grantRuntimePermission()方法授權(quán),如果已經(jīng)授權(quán)了,就調(diào)用revokeRuntimePermission()方法撤銷權(quán)限。

/**
 * If the changes to this group were delayed, persist them to the platform.
 *
 * @param mayKillBecauseOfAppOpsChange If the app these permissions belong to may be killed if
 *                                     app ops change. If this is set to {@code false} the
 *                                     caller has to make sure to kill the app if needed.
 * @param revokeReason If any permissions are getting revoked, the reason for revoking them.
 */
public void persistChanges(boolean mayKillBecauseOfAppOpsChange, String revokeReason) {
    int uid = mPackageInfo.applicationInfo.uid;

    int numPermissions = mPermissions.size();
    boolean shouldKillApp = false;

    for (int i = 0; i < numPermissions; i++) {
        Permission permission = mPermissions.valueAt(i);

        if (!permission.isSystemFixed()) {
            if (permission.isGranted()) {
                mPackageManager.grantRuntimePermission(mPackageInfo.packageName,
                        permission.getName(), mUserHandle);
            } else {
                boolean isCurrentlyGranted = mContext.checkPermission(permission.getName(), -1,
                        uid) == PERMISSION_GRANTED;

                if (isCurrentlyGranted) {
                    if (revokeReason == null) {
                        mPackageManager.revokeRuntimePermission(mPackageInfo.packageName,
                                permission.getName(), mUserHandle);
                    } else {
                        mPackageManager.revokeRuntimePermission(mPackageInfo.packageName,
                                permission.getName(), mUserHandle, revokeReason);
                    }
                }
            }
        }
     ......
}

和檢查權(quán)限一樣,PackageManagerService并不處理權(quán)限相關(guān)的邏輯,而是將它交給PermissionManagerService處理。
frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java

// NOTE: Can't remove due to unsupported app usage
@Override
public void grantRuntimePermission(String packageName, String permName, final int userId) {
    try {
        // Because this is accessed via the package manager service AIDL,
        // go through the permission manager service AIDL
        mPermissionManagerService.grantRuntimePermission(packageName, permName, userId);
    } catch (RemoteException ignore) { }
}

PermissionManagerService grantRuntimePermission()方法調(diào)用grantRuntimePermissionInternal()方法繼續(xù)處理,我們省略前面的一系列合法性判斷,只看關(guān)鍵步驟。這里和checkPermissionInternal()一樣,通過AndroidPackage 獲取PackageSetting,再通過PackageSetting獲取permissionsState 實例,最終通過permissionsState 的 grantRuntimePermission()來完成授權(quán)。
frameworks/base/services/core/java/com/android/server/pm/permission/PermissionManagerService.java

@Override
public void grantRuntimePermission(String packageName, String permName, final int userId) {
    final int callingUid = Binder.getCallingUid();
    final boolean overridePolicy =
            checkUidPermission(ADJUST_RUNTIME_PERMISSIONS_POLICY, callingUid)
                    == PackageManager.PERMISSION_GRANTED;

    grantRuntimePermissionInternal(permName, packageName, overridePolicy,
            callingUid, userId, mDefaultPermissionCallback);
}

// TODO swap permission name and package name
private void grantRuntimePermissionInternal(String permName, String packageName,
        boolean overridePolicy, int callingUid, final int userId, PermissionCallback callback) {
    ......
    final AndroidPackage pkg = mPackageManagerInt.getPackage(packageName);
    final PackageSetting ps = (PackageSetting) mPackageManagerInt.getPackageSetting(
            packageName);
    ......
    final int uid = UserHandle.getUid(userId, UserHandle.getAppId(pkg.getUid()));
    final PermissionsState permissionsState = ps.getPermissionsState();
   ......
    final int result = permissionsState.grantRuntimePermission(bp, userId);
    switch (result) {
        case PERMISSION_OPERATION_FAILURE: {
            return;
        }

        case PermissionsState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED: {
            if (callback != null) {
                callback.onGidsChanged(UserHandle.getAppId(pkg.getUid()), userId);
            }
        }
        break;
    }
    ......
}

我們之前了解過,PermissionsState中維護了一個ArrayMap mPermissions,mPermissions存儲了應用的權(quán)限數(shù)據(jù)PermissionData,最終通過調(diào)用permissionData.grant()來將授權(quán)數(shù)據(jù)持久化到平臺。
frameworks/base/services/core/java/com/android/server/pm/permission/PermissionsState.java

public int grantRuntimePermission(BasePermission permission, int userId) {
    enforceValidUserId(userId);
    if (userId == UserHandle.USER_ALL) {
        return PERMISSION_OPERATION_FAILURE;
    }
    return grantPermission(permission, userId);
}   

private int grantPermission(BasePermission permission, int userId) {
    if (hasPermission(permission.getName(), userId)) {
        return PERMISSION_OPERATION_SUCCESS;
    }

    final boolean hasGids = !ArrayUtils.isEmpty(permission.computeGids(userId));
    final int[] oldGids = hasGids ? computeGids(userId) : NO_GIDS;

    PermissionData permissionData = ensurePermissionData(permission);

    if (!permissionData.grant(userId)) {
        return PERMISSION_OPERATION_FAILURE;
    }

    if (hasGids) {
        final int[] newGids = computeGids(userId);
        if (oldGids.length != newGids.length) {
            return PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED;
        }
    }

    return PERMISSION_OPERATION_SUCCESS;
}

應用的授權(quán)過程就解析完畢。

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容