Android6.0 動(dòng)態(tài)權(quán)限機(jī)制深入講解

更新時(shí)間：2020年08月05日 08:50:08 作者：esli

這篇文章主要給大家介紹了關(guān)于Android6.0 動(dòng)態(tài)權(quán)限機(jī)制的相關(guān)資料，文中通過(guò)示例代碼介紹的非常詳細(xì)，對(duì)大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價(jià)值，需要的朋友們下面來(lái)一起學(xué)習(xí)學(xué)習(xí)吧

前言

Android6.0以后引入了動(dòng)態(tài)權(quán)限機(jī)制，一些系統(tǒng)權(quán)限的分配需要在app運(yùn)行中進(jìn)行分配，而不只是在AndroidManifest中指定。

本篇將針對(duì)動(dòng)態(tài)權(quán)限的底層分配過(guò)程進(jìn)行分析(基于Android-6.0.1)。

權(quán)限分配

我們先看一下請(qǐng)求分配權(quán)限的代碼

//frameworks/support/v4/java/android/support/v4/app/ActivityCompat.java
public static void requestPermissions(final @NonNull Activity activity,
  final @NonNull String[] permissions, final int requestCode) {
 if (Build.VERSION.SDK_INT >= 23) {//對(duì)于Android M 以及以上的權(quán)限的分配
  ActivityCompatApi23.requestPermissions(activity, permissions, requestCode);
 } else if (activity instanceof OnRequestPermissionsResultCallback) {//Android M以下的權(quán)限分配
  Handler handler = new Handler(Looper.getMainLooper());
  handler.post(new Runnable() {
   @Override
   public void run() {
    //請(qǐng)求分配的權(quán)限結(jié)果，如分配就是PERMISSION_GRANTED
    final int[] grantResults = new int[permissions.length];
    
    PackageManager packageManager = activity.getPackageManager();
    String packageName = activity.getPackageName();

    final int permissionCount = permissions.length;
    //通過(guò)包管理的checkPermission來(lái)檢驗(yàn)是否分配權(quán)限
    for (int i = 0; i < permissionCount; i++) {
     grantResults[i] = packageManager.checkPermission(
       permissions[i], packageName);
    }

    ((OnRequestPermissionsResultCallback) activity).onRequestPermissionsResult(
      requestCode, permissions, grantResults);
   }
  });
 }
}

requestPermissions對(duì)于Android M的前后版本都分別做了處理，Android M以上通過(guò)ActivityCompatApi23.requestPermissions進(jìn)行權(quán)限的請(qǐng)求，而Android M以下通過(guò)PackageManager來(lái)檢查Permission的分配情況。

//frameworks/support/v4/api23/android/support/v4/app/ActivityCompat23.java
class ActivityCompatApi23 {
 ...
 public static void requestPermissions(Activity activity, String[] permissions,
   int requestCode) {
  if (activity instanceof RequestPermissionsRequestCodeValidator) {
   ((RequestPermissionsRequestCodeValidator) activity)
     .validateRequestPermissionsRequestCode(requestCode);
  }
  //通過(guò)Android M的Activity處理
  activity.requestPermissions(permissions, requestCode);
 }
 ...
}

//frameworks/base/core/java/android/app/Activity.java
public final void requestPermissions(@NonNull String[] permissions, int requestCode) {
 if (mHasCurrentPermissionsRequest) {
  Log.w(TAG, "Can reqeust only one set of permissions at a time");
  // Dispatch the callback with empty arrays which means a cancellation.
  onRequestPermissionsResult(requestCode, new String[0], new int[0]);
  return;
 }
 //通過(guò)請(qǐng)求的權(quán)限構(gòu)造Intent，彈出請(qǐng)求的窗口
 Intent intent = getPackageManager().buildRequestPermissionsIntent(permissions);
 startActivityForResult(REQUEST_PERMISSIONS_WHO_PREFIX, intent, requestCode, null);
 mHasCurrentPermissionsRequest = true;
}

ActivityCompat23將請(qǐng)求權(quán)限的任務(wù)交給Activity來(lái)完成，在Activity中，通過(guò)請(qǐng)求的permission來(lái)構(gòu)造一個(gè)Intent隨后啟動(dòng)Activity來(lái)彈出請(qǐng)求的界面。Intent的構(gòu)造是通過(guò)PackageManager的buildRequestPermissionsIntent方法構(gòu)造的。

public Intent buildRequestPermissionsIntent(@NonNull String[] permissions) {
 if (ArrayUtils.isEmpty(permissions)) {
  throw new NullPointerException("permission cannot be null or empty");
 }
 Intent intent = new Intent(ACTION_REQUEST_PERMISSIONS);
 intent.putExtra(EXTRA_REQUEST_PERMISSIONS_NAMES, permissions);
 intent.setPackage(getPermissionControllerPackageName());
 return intent;
}

Intent的action是ACTION_REQUEST_PERMISSIONS，它是這么定義的

public static final String ACTION_REQUEST_PERMISSIONS =
   "android.content.pm.action.REQUEST_PERMISSIONS";

隨后一個(gè)參數(shù)就是具體請(qǐng)求的permission數(shù)組和一個(gè)權(quán)限分派控制的相關(guān)的包名。所以activity的請(qǐng)求窗口是通過(guò)隱式啟動(dòng)的。

/packages/apps/PackageInstaller/AndroidManifest.xml
<activity android:name=".permission.ui.GrantPermissionsActivity"
  android:configChanges="orientation|keyboardHidden|screenSize"
  android:excludeFromRecents="true"
  android:theme="@style/GrantPermissions">
 <intent-filter>
  <action android:name="android.content.pm.action.REQUEST_PERMISSIONS" />
  <category android:name="android.intent.category.DEFAULT" />
 </intent-filter>
</activity>

從intent-fliter可以看到，這個(gè)GrantPermissionsActivity就是我們進(jìn)行權(quán)限分配的彈出窗口。GrantPermissionsActivity它的布局文件定義在packages/apps/PackageInstaller/res/layout/grant_permissions.xml，從GrantPermissionsActivity的實(shí)現(xiàn)來(lái)看它就是一個(gè)長(zhǎng)的像Dialog的activity，這里我們重點(diǎn)關(guān)注在該Activity中對(duì)權(quán)限的允許和拒絕的處理。

//packages/apps/PackageInstaller/src/com/android/packageinstaller/permission/ui/GrantPermissionsDefaultViewHandler.java
public void onClick(View view) {
 switch (view.getId()) {
  case R.id.permission_allow_button://允許
   if (mResultListener != null) {
    view.clearAccessibilityFocus();
    mResultListener.onPermissionGrantResult(mGroupName, true, false);
   }
   break;
  case R.id.permission_deny_button://拒絕
   mAllowButton.setEnabled(true);
   if (mResultListener != null) {
    view.clearAccessibilityFocus();
    mResultListener.onPermissionGrantResult(mGroupName, false,
      mDoNotAskCheckbox.isChecked());
   }
   break;
  case R.id.do_not_ask_checkbox://不再詢問(wèn)
   mAllowButton.setEnabled(!mDoNotAskCheckbox.isChecked());
   break;
 }
}

這里是通過(guò)GrantPermissionsDefaultViewHandler來(lái)控制GrantPermissionsActivity的ui視圖，按鈕的點(diǎn)擊事件是通過(guò)GrantPermissionsViewHandler.ResultListener接口來(lái)處理的，GrantPermissionsActivity實(shí)現(xiàn)了該接口。

@Override
public void onPermissionGrantResult(String name, boolean granted, boolean doNotAskAgain) {
 if (isObscuredTouch()) {
  showOverlayDialog();
  finish();
  return;
 }
 GroupState groupState = mRequestGrantPermissionGroups.get(name);
 if (groupState.mGroup != null) {
  if (granted) {
   groupState.mGroup.grantRuntimePermissions(doNotAskAgain);//權(quán)限組內(nèi)部的權(quán)限分配
   groupState.mState = GroupState.STATE_ALLOWED;//重置權(quán)限組的狀態(tài)
  } else {
   groupState.mGroup.revokeRuntimePermissions(doNotAskAgain);
   groupState.mState = GroupState.STATE_DENIED;
  }
  updateGrantResults(groupState.mGroup);
 }
 //下一個(gè)組權(quán)限的授權(quán)
 if (!showNextPermissionGroupGrantRequest()) {
  setResultAndFinish();
 }
}

onPermissionGrantResult的三個(gè)參數(shù)分別是name代表了權(quán)限組的名字，granted表示是否進(jìn)行權(quán)限分配，doNotAskAgain代表是否詢問(wèn)權(quán)限。內(nèi)部的mRequestGrantPermissionGroups是一個(gè)LinkedHashMap<String, GroupState>，它的key是權(quán)限組名，值為GroupState，它代表了待授權(quán)的權(quán)限組Map。需要注意的是權(quán)限和權(quán)限組的概念是不同的，一個(gè)權(quán)限所屬一個(gè)權(quán)限組，要給權(quán)限組可以對(duì)應(yīng)多個(gè)權(quán)限。而我們傳遞給GrantPermissionsActivity的是權(quán)限數(shù)組(注意并不是權(quán)限組)，在GrantPermissionsActivity創(chuàng)建的時(shí)候，會(huì)將我們請(qǐng)求的權(quán)限分別匹配到其對(duì)應(yīng)的權(quán)限組中，這會(huì)重新計(jì)算權(quán)限組的狀態(tài)。這個(gè)方法對(duì)name對(duì)應(yīng)的權(quán)限組進(jìn)行授權(quán)或者拒絕，然后處理下一個(gè)權(quán)限組。

//packages/apps/PackageInstaller/src/com/android/packageinstaller/permission/ui/GrantPermissionsActivity.java
public class GrantPermissionsActivity extends OverlayTouchActivity
  implements GrantPermissionsViewHandler.ResultListener {
 private String[] mRequestedPermissions;//請(qǐng)求的權(quán)限數(shù)組
 private int[] mGrantResults;//權(quán)限分配的結(jié)果數(shù)組
 //請(qǐng)求的權(quán)限數(shù)組對(duì)應(yīng)的權(quán)限組Map
 private LinkedHashMap<String, GroupState> mRequestGrantPermissionGroups = new LinkedHashMap<>();
 ...
 @Override
 public void onCreate(Bundle icicle) {
  ...
  //加載應(yīng)用權(quán)限組
  mAppPermissions = new AppPermissions(this, callingPackageInfo, null, false,
   new Runnable() {
    @Override
    public void run() {
     setResultAndFinish();
    }
   });
  //遍歷權(quán)限組
  for (AppPermissionGroup group : mAppPermissions.getPermissionGroups()) {
   boolean groupHasRequestedPermission = false;
   for (String requestedPermission : mRequestedPermissions) {
    //如果請(qǐng)求的權(quán)限在該組內(nèi)則標(biāo)記groupHasRequestedPermission為true
    if (group.hasPermission(requestedPermission)) {
     groupHasRequestedPermission = true;
     break;
    }
   }
   if (!groupHasRequestedPermission) {
    continue;
   }
   // We allow the user to choose only non-fixed permissions. A permission
   // is fixed either by device policy or the user denying with prejudice.
   if (!group.isUserFixed() && !group.isPolicyFixed()) {
    switch (permissionPolicy) {
     case DevicePolicyManager.PERMISSION_POLICY_AUTO_GRANT: {
      if (!group.areRuntimePermissionsGranted()) {
       group.grantRuntimePermissions(false);
      }
      group.setPolicyFixed();
     } break;

     case DevicePolicyManager.PERMISSION_POLICY_AUTO_DENY: {
      if (group.areRuntimePermissionsGranted()) {
       group.revokeRuntimePermissions(false);
      }
      group.setPolicyFixed();
     } break;

     default: {
      //權(quán)限組是否已經(jīng)分配了Runtime Permission,如果沒(méi)有，則添加到mRequestGrantPermissionGroups中
      if (!group.areRuntimePermissionsGranted()) {
       mRequestGrantPermissionGroups.put(group.getName(),
         new GroupState(group));
      } else {
       group.grantRuntimePermissions(false);
       updateGrantResults(group);
      }
     } break;
    }
   } else {
    // if the permission is fixed, ensure that we return the right request result
    updateGrantResults(group);
   }
  }
  ...
  if (!showNextPermissionGroupGrantRequest()) {
   setResultAndFinish();
  }
 }
}

在GrantPermissionsActivity的onCreate方法中，根據(jù)請(qǐng)求的權(quán)限計(jì)算所屬權(quán)限組的狀態(tài)，首先創(chuàng)建AppPermissions對(duì)象，這時(shí)會(huì)去加載應(yīng)用的權(quán)限組。同時(shí)遍歷用于請(qǐng)求的權(quán)限數(shù)組并找到其對(duì)應(yīng)的權(quán)限組，同時(shí)判斷該權(quán)限組是否已經(jīng)分配了動(dòng)態(tài)權(quán)限，如果未授權(quán)則添加到待授權(quán)的權(quán)限組Map中。到這里我們還未看到真正的授權(quán)過(guò)程，在前面onPermissionGrantResult方法中，授權(quán)是通過(guò)GroupState中的成員mGroup的grantRuntimePermissions方法進(jìn)一步進(jìn)行權(quán)限分配的。而GroupState的定義如下

private static final class GroupState {
 static final int STATE_UNKNOWN = 0;
 static final int STATE_ALLOWED = 1;
 static final int STATE_DENIED = 2;

 final AppPermissionGroup mGroup;
 int mState = STATE_UNKNOWN;

 GroupState(AppPermissionGroup group) {
  mGroup = group;
 }
}

GroupState有三個(gè)狀態(tài)STATE_UNKNOWN，STATE_ALLOWED，STATE_DENIED，它內(nèi)部的mGroup實(shí)際上是個(gè)AppPermissionGroup，這些AppPermissionGroup是在AppPermissions加載的。

//packages/apps/PackageInstaller/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
public boolean grantRuntimePermissions(boolean fixedByTheUser) {
 final boolean isSharedUser = mPackageInfo.sharedUserId != null;
 final int uid = mPackageInfo.applicationInfo.uid;

 // We toggle permissions only to apps that support runtime
 // permissions, otherwise we toggle the app op corresponding
 // to the permission if the permission is granted to the app.
 //遍歷權(quán)限組對(duì)應(yīng)的權(quán)限
 for (Permission permission : mPermissions.values()) {
  if (mAppSupportsRuntimePermissions) {//支持動(dòng)態(tài)權(quán)限分配
   // Do not touch permissions fixed by the system.
   if (permission.isSystemFixed()) {//系統(tǒng)權(quán)限則返回
    return false;
   }

   // Ensure the permission app op enabled before the permission grant.
   //打開(kāi)permssion可以被grant的選項(xiàng)
   if (permission.hasAppOp() && !permission.isAppOpAllowed()) {
    permission.setAppOpAllowed(true);
    mAppOps.setUidMode(permission.getAppOp(), uid, AppOpsManager.MODE_ALLOWED);
   }

   // Grant the permission if needed.
   //進(jìn)行動(dòng)態(tài)分配，通過(guò)PMS完成
   if (!permission.isGranted()) {
    permission.setGranted(true);
    mPackageManager.grantRuntimePermission(mPackageInfo.packageName,
      permission.getName(), mUserHandle);
   }

   // Update the permission flags.
   if (!fixedByTheUser) {
    // Now the apps can ask for the permission as the user
    // no longer has it fixed in a denied state.
    if (permission.isUserFixed() || permission.isUserSet()) {
     permission.setUserFixed(false);
     permission.setUserSet(true);
     mPackageManager.updatePermissionFlags(permission.getName(),
       mPackageInfo.packageName,
       PackageManager.FLAG_PERMISSION_USER_FIXED
         | PackageManager.FLAG_PERMISSION_USER_SET,
       0, mUserHandle);
    }
   }
  } else {//Adnroid M以下的版本權(quán)限分配
   .... 
  }
 }
 return true;
}

權(quán)限的分配最終是通過(guò)PMS的grantRuntimePermission方法來(lái)完成的。

//frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
@Override
public void grantRuntimePermission(String packageName, String name, final int userId) {
 ...
 mContext.enforceCallingOrSelfPermission(
   android.Manifest.permission.GRANT_RUNTIME_PERMISSIONS,
   "grantRuntimePermission");
 
 enforceCrossUserPermission(Binder.getCallingUid(), userId, true, false,
   "grantRuntimePermission");

 final int uid;
 final SettingBase sb;
  
 synchronized (mPackages) {
  //取到Package對(duì)象
  final PackageParser.Package pkg = mPackages.get(packageName);
  if (pkg == null) {
   throw new IllegalArgumentException("Unknown package: " + packageName);
  }
  //取到全局設(shè)置中的權(quán)限信息 
  final BasePermission bp = mSettings.mPermissions.get(name);
  if (bp == null) {
   throw new IllegalArgumentException("Unknown permission: " + name);
  }

  enforceDeclaredAsUsedAndRuntimeOrDevelopmentPermission(pkg, bp);

  uid = UserHandle.getUid(userId, pkg.applicationInfo.uid);
  sb = (SettingBase) pkg.mExtras;//從pkg中取到應(yīng)用的設(shè)置信息SettingBase
  if (sb == null) {
   throw new IllegalArgumentException("Unknown package: " + packageName);
  }
  //取到權(quán)限狀態(tài) 
  final PermissionsState permissionsState = sb.getPermissionsState();
  
  final int flags = permissionsState.getPermissionFlags(name, userId);
  if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0) {
   throw new SecurityException("Cannot grant system fixed permission: "
     + name + " for package: " + packageName);
  }

  if (bp.isDevelopment()) {
   // Development permissions must be handled specially, since they are not
   // normal runtime permissions. For now they apply to all users.
   if (permissionsState.grantInstallPermission(bp) !=
     PermissionsState.PERMISSION_OPERATION_FAILURE) {
    scheduleWriteSettingsLocked();
   }
   return;
  }
  //通過(guò)PermissionsState進(jìn)行動(dòng)態(tài)權(quán)限的分配
  final int result = permissionsState.grantRuntimePermission(bp, userId);
  ....
 }
 .....
}

在PMS的grantRuntimePermission方法中首先根據(jù)包名取到應(yīng)用安裝時(shí)的Package對(duì)象，這個(gè)Package對(duì)象中包含了應(yīng)用的一些設(shè)置信息，通過(guò)這個(gè)設(shè)置信息可以取到當(dāng)前應(yīng)用的PermissionState，它維護(hù)了當(dāng)前應(yīng)用的權(quán)限授予情況。同時(shí)根據(jù)參數(shù)name,也就是權(quán)限名獲取全新的配置信息BasePermission對(duì)象，它時(shí)從mSettings中取到的，mSettings是PMS的全局設(shè)置，它在PMS啟動(dòng)的時(shí)候初始化，里面包含了平臺(tái)支持的所有權(quán)限。最后權(quán)限的分配進(jìn)一步通過(guò)PermissionState來(lái)完成

//frameworks/base/services/core/java/com/android/server/pm/PermissionsState.java
//動(dòng)態(tài)權(quán)限的分配
public int grantRuntimePermission(BasePermission permission, int userId) {
 enforceValidUserId(userId);
 if (userId == UserHandle.USER_ALL) {
  return PERMISSION_OPERATION_FAILURE;
 }
 return grantPermission(permission, userId);
}

private int grantPermission(BasePermission permission, int userId) {
 if (hasPermission(permission.name, userId)) {
  return PERMISSION_OPERATION_FAILURE;
 }
 //計(jì)算用戶組id
 final boolean hasGids = !ArrayUtils.isEmpty(permission.computeGids(userId));
 final int[] oldGids = hasGids ? computeGids(userId) : NO_GIDS;
 //將權(quán)限包裝成PermissionData添加到應(yīng)用的權(quán)限列表中
 PermissionData permissionData = ensurePermissionData(permission);
 //授予權(quán)限，修改PermissionState的mGranted屬性
 if (!permissionData.grant(userId)) {
  return PERMISSION_OPERATION_FAILURE;
 }

 if (hasGids) {
  final int[] newGids = computeGids(userId);//重新計(jì)算用戶的權(quán)限組id
  //權(quán)限組id是否發(fā)生變化
  if (oldGids.length != newGids.length) {
   return PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED;
  }
 }
 return PERMISSION_OPERATION_SUCCESS;
}

在grantPermission方法中首先會(huì)計(jì)算當(dāng)前用戶進(jìn)程當(dāng)前擁有的組id，然后再通過(guò)ensurePermissionData將權(quán)限添加到應(yīng)用的PermissionData列表中，這里返回一個(gè)PermissionData，通過(guò)該對(duì)象的grant方法進(jìn)行最終的分配，事實(shí)上它其實(shí)是修改內(nèi)部PermissionState成員的mGranted狀態(tài)為true。最后會(huì)對(duì)用戶的組id進(jìn)行重新計(jì)算，如果發(fā)生變化則返回PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED，否則返回PERMISSION_OPERATION_SUCCESS

//保證權(quán)限被添加到用戶列表中
private PermissionData ensurePermissionData(BasePermission permission) {
 if (mPermissions == null) {
  mPermissions = new ArrayMap<>();
 }
 PermissionData permissionData = mPermissions.get(permission.name);
 if (permissionData == null) {
  permissionData = new PermissionData(permission);
  mPermissions.put(permission.name, permissionData);
 }
 return permissionData;
}

//根據(jù)用戶權(quán)限列表計(jì)算用戶的gid
public int[] computeGids(int userId) {
 enforceValidUserId(userId);

 int[] gids = mGlobalGids;

 if (mPermissions != null) {
  final int permissionCount = mPermissions.size();
  for (int i = 0; i < permissionCount; i++) {
   String permission = mPermissions.keyAt(i);
   if (!hasPermission(permission, userId)) {
    continue;
   }
   PermissionData permissionData = mPermissions.valueAt(i);
   //取到權(quán)限對(duì)應(yīng)的組id數(shù)組，可見(jiàn)權(quán)限可以通過(guò)多個(gè)gid描述
   final int[] permGids = permissionData.computeGids(userId);
   if (permGids != NO_GIDS) {
    //將權(quán)限對(duì)應(yīng)的組id添加到用戶的組id數(shù)組中
    gids = appendInts(gids, permGids);
   }
  }
 }

 return gids;
}

ensurePermissionData方法確保將權(quán)限對(duì)應(yīng)的PermissionData添加到PermissonsState的權(quán)限列表中，后續(xù)通過(guò)computeGids計(jì)算用戶userId對(duì)應(yīng)的組id，并將其添加到用戶的組id數(shù)組mGlobalGids中。其中內(nèi)置權(quán)限的gid映射是定義在/etc/permission/platform.xml

<permissions>
 ···
 <permission name="android.permission.READ_EXTERNAL_STORAGE" >
  <group gid="sdcard_r" />
 </permission>

 <permission name="android.permission.WRITE_EXTERNAL_STORAGE" >
  <group gid="sdcard_r" />
  <group gid="sdcard_rw" />
 </permission>
 
 <permission name="android.permission.INTERNET" >
  <group gid="inet" />
 </permission>
 ···
</permissions>

至此，我們明白了權(quán)限的本質(zhì)實(shí)際上就是一組gid，這組gid對(duì)應(yīng)的是一些整型，這些映射關(guān)系存放在system/core/include/private/android_filesystem_config.h中，其中的定義如下

#define AID_NET_BT_ADMIN 3001 /* bluetooth: create any socket */
#define AID_NET_BT  3002 /* bluetooth: create sco, rfcomm or l2cap sockets */
#define AID_INET   3003 /* can create AF_INET and AF_INET6 sockets */
#define AID_SDCARD_RW  1015 /* external storage write access */

static const struct android_id_info android_ids[] = {
 ...
 { "bluetooth",  AID_BLUETOOTH, },
 { "sdcard_rw",  AID_SDCARD_RW, },
 { "net_bt_admin", AID_NET_BT_ADMIN, },
 { "net_bt",  AID_NET_BT, },
 { "inet",   AID_INET, },
 ...
}

通過(guò)將權(quán)限映射成一組gid，然后作為補(bǔ)充gid賦值給用戶進(jìn)程，也就是權(quán)限分配的本質(zhì)。

//PermisssionsState.PermissionData
public boolean grant(int userId) {
 if (!isCompatibleUserId(userId)) {
  return false;
 }

 if (isGranted(userId)) {
  return false;
 }

 PermissionState userState = mUserStates.get(userId);
 if (userState == null) {
  userState = new PermissionState(mPerm.name);
  mUserStates.put(userId, userState);
 }
 //分配權(quán)限置true
 userState.mGranted = true;

 return true;
}

通過(guò)PermissionData的grant方法，為對(duì)應(yīng)的用戶創(chuàng)建PermissionState，并將mGranted置為true表示分配了該權(quán)限給
該用戶。

當(dāng)然權(quán)限分配完成后，下次不需要再次分配，當(dāng)我們重新啟動(dòng)手機(jī)后，并需要再次對(duì)權(quán)限進(jìn)行分配，這是因?yàn)镻MS為所有的package記錄了權(quán)限分配的情況，在Android6.0之前，package所有的權(quán)限信息都是存放在data/system/packages.xml配置文件中,在應(yīng)用中啟動(dòng)時(shí)候讀取該配置就可以直到權(quán)限分配了哪些權(quán)限。但在Android6.0后，運(yùn)行時(shí)權(quán)限放在了data/system/users/0/runtime-permissions.xml中，而普通權(quán)限保持不變依然存放在packages.xml中，而且默認(rèn)granted就是true。那么在分配完成權(quán)限后需要將權(quán)限的分配信息持久化到該文件中。

//packages.xml
<package 
 name="com.feelschaotic.demo" 
 codePath="/data/app/com.feelschaotic.demo-Gi5ksdF6mUDLakfOugCcwQ==" 
 nativeLibraryPath="/data/app/com.feelschaotic.demo-Gi5ksdF6mUDLakfOugCcwQ==/lib" 
 primaryCpuAbi="x86" 
 publicFlags="945307462" 
 privateFlags="0" 
 ft="16348dc3870" 
 it="16343f1d6aa" 
 ut="16348dc4c4d" 
 version="8220" 
 userId="10102">
  <sigs count="1">
   <cert index="20" key="..." />
  </sigs>
  <perms>
   <!-- 此處普通權(quán)限的 granted 全都默認(rèn)是 true，且不可改變 granted 值-->
   <item name="android.permission.CHANGE_NETWORK_STATE" granted="true" flags="0" />
   <item name="android.permission.INTERNET" granted="true" flags="0" />
   <item name="android.permission.CHANGE_WIFI_STATE" granted="true" flags="0" />
   <item name="android.permission.ACCESS_NETWORK_STATE" granted="true" flags="0" />
  </perms>
  <proper-signing-keyset identifier="48" />
 </package>

<pkg name="com.feelschaotic.demo">
 <!-- 該demo我們故意拒絕了定位權(quán)限，可以看到：ACCESS_FINE_LOCATION 和 ACCESS_COARSE_LOCATION 的 granted 為 false -->
 <item name="android.permission.ACCESS_FINE_LOCATION" granted="false" flags="1" />
 <item name="android.permission.READ_EXTERNAL_STORAGE" granted="true" flags="0" />
 <item name="android.permission.ACCESS_COARSE_LOCATION" granted="false" flags="1" />
 <item name="android.permission.READ_PHONE_STATE" granted="true" flags="0" />
 <item name="android.permission.WRITE_EXTERNAL_STORAGE" granted="true" flags="0" />
 ...
</pkg>

在PMS的grantRuntimePermission分配完運(yùn)行時(shí)權(quán)限后，最后會(huì)調(diào)用writeRuntimePermissionsForUserLPr將權(quán)限信息持久化到配置文件runtime-permissions.xml中,我們看看這個(gè)過(guò)程

public void writeRuntimePermissionsForUserLPr(int userId, boolean sync) {
 if (sync) {
  mRuntimePermissionsPersistence.writePermissionsForUserSyncLPr(userId);
 } else {
  mRuntimePermissionsPersistence.writePermissionsForUserAsyncLPr(userId);
 }
}

無(wú)論時(shí)同步方式還是異步方式的持久化，最后都會(huì)調(diào)用下面的方法進(jìn)行

//寫(xiě)入權(quán)限到配置文件
private void writePermissionsSync(int userId) {
 //要寫(xiě)入的文件/data/system/users/0/runtime-permissions.xml
 AtomicFile destination = new AtomicFile(getUserRuntimePermissionsFile(userId));

 ArrayMap<String, List<PermissionState>> permissionsForPackage = new ArrayMap<>();
 ArrayMap<String, List<PermissionState>> permissionsForSharedUser = new ArrayMap<>();

 synchronized (mLock) {
  mWriteScheduled.delete(userId);
  //對(duì)所有的package進(jìn)行處理
  final int packageCount = mPackages.size();
  for (int i = 0; i < packageCount; i++) {
   String packageName = mPackages.keyAt(i);
   //取到PackageSetting
   PackageSetting packageSetting = mPackages.valueAt(i);
   if (packageSetting.sharedUser == null) {//沒(méi)有sharedUser的情況
    //取到PermissionsState，這個(gè)對(duì)象描述了包的權(quán)限信息
    PermissionsState permissionsState = packageSetting.getPermissionsState();
    List<PermissionState> permissionsStates = permissionsState
      .getRuntimePermissionStates(userId);//獲取全新分配列表
    if (!permissionsStates.isEmpty()) {
     //存放在permissionsForPackage這個(gè)Map中，以包名為鍵
     permissionsForPackage.put(packageName, permissionsStates);
    }
   }
  }
  //有shareUser的情況
  final int sharedUserCount = mSharedUsers.size();
  for (int i = 0; i < sharedUserCount; i++) {
   String sharedUserName = mSharedUsers.keyAt(i);
   SharedUserSetting sharedUser = mSharedUsers.valueAt(i);
   PermissionsState permissionsState = sharedUser.getPermissionsState();
   List<PermissionState> permissionsStates = permissionsState
     .getRuntimePermissionStates(userId);
   if (!permissionsStates.isEmpty()) {
    permissionsForSharedUser.put(sharedUserName, permissionsStates);
   }
  }
 }
 //寫(xiě)配置
 FileOutputStream out = null;
 try {
  //取到輸出流
  out = destination.startWrite();

  XmlSerializer serializer = Xml.newSerializer();
  serializer.setOutput(out, StandardCharsets.UTF_8.name());
  serializer.setFeature(
    "http://xmlpull.org/v1/doc/features.html#indent-output", true);
  serializer.startDocument(null, true);
  serializer.startTag(null, TAG_RUNTIME_PERMISSIONS);

  String fingerprint = mFingerprints.get(userId);
  if (fingerprint != null) {
   serializer.attribute(null, ATTR_FINGERPRINT, fingerprint);
  }
  //先寫(xiě)當(dāng)前package的permission
  final int packageCount = permissionsForPackage.size();
  for (int i = 0; i < packageCount; i++) {
   String packageName = permissionsForPackage.keyAt(i);
   List<PermissionState> permissionStates = permissionsForPackage.valueAt(i);
   serializer.startTag(null, TAG_PACKAGE);//package
   serializer.attribute(null, ATTR_NAME, packageName);
   writePermissions(serializer, permissionStates);
   serializer.endTag(null, TAG_PACKAGE);
  }
  //寫(xiě)其shareUser進(jìn)程的permission
  final int sharedUserCount = permissionsForSharedUser.size();
  for (int i = 0; i < sharedUserCount; i++) {
   String packageName = permissionsForSharedUser.keyAt(i);
   List<PermissionState> permissionStates = permissionsForSharedUser.valueAt(i);
   serializer.startTag(null, TAG_SHARED_USER);
   serializer.attribute(null, ATTR_NAME, packageName);
   writePermissions(serializer, permissionStates);
   serializer.endTag(null, TAG_SHARED_USER);
  }

  serializer.endTag(null, TAG_RUNTIME_PERMISSIONS);
  serializer.endDocument();
  destination.finishWrite(out);

  if (Build.FINGERPRINT.equals(fingerprint)) {
   mDefaultPermissionsGranted.put(userId, true);
  }
 // Any error while writing is fatal.
 } catch (Throwable t) {
  Slog.wtf(PackageManagerService.TAG,
    "Failed to write settings, restoring backup", t);
  destination.failWrite(out);
 } finally {
  IoUtils.closeQuietly(out);
 }
}

writePermissionsSync寫(xiě)配置的過(guò)程很簡(jiǎn)單，先打開(kāi)配置文件/data/system/users/0/runtime-permissions.xml，隨后對(duì)PMS中的每個(gè)package和sharedUser分別將其對(duì)應(yīng)的權(quán)限分配列表按照包名和shareUserName存放在permissionsForPackage和permissionsForSharedUser中，隨后打開(kāi)輸出流分別將其對(duì)應(yīng)的運(yùn)行時(shí)權(quán)限分配情況寫(xiě)入文件。

private void writePermissions(XmlSerializer serializer,
    List<PermissionState> permissionStates) throws IOException {
  for (PermissionState permissionState : permissionStates) {
    serializer.startTag(null, TAG_ITEM);
    serializer.attribute(null, ATTR_NAME,permissionState.getName());
    serializer.attribute(null, ATTR_GRANTED,
        String.valueOf(permissionState.isGranted()));
    serializer.attribute(null, ATTR_FLAGS,
        Integer.toHexString(permissionState.getFlags()));
    serializer.endTag(null, TAG_ITEM);
  }
}

writePermissions負(fù)責(zé)寫(xiě)tag 為package下的一條權(quán)限分配信息，如

<item name="android.permission.WRITE_EXTERNAL_STORAGE" granted="true" flags="0" />

權(quán)限的檢測(cè)

權(quán)限檢測(cè)是通過(guò)Context的checkSelfPermission方法來(lái)進(jìn)行的。我們看下它的實(shí)現(xiàn)

@Override
public int checkSelfPermission(String permission) {
  if (permission == null) {
    throw new IllegalArgumentException("permission is null");
  }

  return checkPermission(permission, Process.myPid(), Process.myUid());
}
@Override
public int checkPermission(String permission, int pid, int uid) {
  if (permission == null) {
    throw new IllegalArgumentException("permission is null");
  }

  try {
    return ActivityManagerNative.getDefault().checkPermission(
        permission, pid, uid);
  } catch (RemoteException e) {
    return PackageManager.PERMISSION_DENIED;
  }
}

最終還是通過(guò)AMS的checkPermission來(lái)進(jìn)行權(quán)限檢查。

//frameworks/base/core/java/android/app/ActivityManager.java
@Override
public int checkPermission(String permission, int pid, int uid) {
  if (permission == null) {
    return PackageManager.PERMISSION_DENIED;
  }
  return checkComponentPermission(permission, pid, uid, -1, true);
}
int checkComponentPermission(String permission, int pid, int uid,
    int owningUid, boolean exported) {
  if (pid == MY_PID) {
    return PackageManager.PERMISSION_GRANTED;
  }
  return ActivityManager.checkComponentPermission(permission, uid,
      owningUid, exported);
}
/** @hide */
public static int checkComponentPermission(String permission, int uid,
    int owningUid, boolean exported) {
  // Root, system server get to do everything.
  final int appId = UserHandle.getAppId(uid);
  if (appId == Process.ROOT_UID || appId == Process.SYSTEM_UID) {
    return PackageManager.PERMISSION_GRANTED;
  }
  // Isolated processes don't get any permissions.
  if (UserHandle.isIsolated(uid)) {
    return PackageManager.PERMISSION_DENIED;
  }
  // If there is a uid that owns whatever is being accessed, it has
  // blanket access to it regardless of the permissions it requires.
  if (owningUid >= 0 && UserHandle.isSameApp(uid, owningUid)) {
    return PackageManager.PERMISSION_GRANTED;
  }
  // If the target is not exported, then nobody else can get to it.
  if (!exported) {
    /*
    RuntimeException here = new RuntimeException("here");
    here.fillInStackTrace();
    Slog.w(TAG, "Permission denied: checkComponentPermission() owningUid=" + owningUid,
        here);
    */
    return PackageManager.PERMISSION_DENIED;
  }
  if (permission == null) {
    return PackageManager.PERMISSION_GRANTED;
  }
  //通過(guò)PMS進(jìn)行check
  try {
    return AppGlobals.getPackageManager()
        .checkUidPermission(permission, uid);
  } catch (RemoteException e) {
    // Should never happen, but if it does... deny!
    Slog.e(TAG, "PackageManager is dead?!?", e);
  }
  return PackageManager.PERMISSION_DENIED;
}

在AMS中的一系列調(diào)用中，最終的權(quán)限還是通過(guò)PMS的checkUidPermission來(lái)進(jìn)行check的。

//PMS
@Override
public int checkUidPermission(String permName, int uid) {
  final int userId = UserHandle.getUserId(uid);

  if (!sUserManager.exists(userId)) {
    return PackageManager.PERMISSION_DENIED;
  }

  synchronized (mPackages) {
    Object obj = mSettings.getUserIdLPr(UserHandle.getAppId(uid));
    if (obj != null) {
      final SettingBase ps = (SettingBase) obj;
      final PermissionsState permissionsState = ps.getPermissionsState();
      //通過(guò)PermissionsState來(lái)檢查
      if (permissionsState.hasPermission(permName, userId)) {
        return PackageManager.PERMISSION_GRANTED;
      }
      //定位權(quán)限的檢測(cè)特殊處理
      // Special case: ACCESS_FINE_LOCATION permission includes ACCESS_COARSE_LOCATION
      if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && permissionsState
          .hasPermission(Manifest.permission.ACCESS_FINE_LOCATION, userId)) {
        return PackageManager.PERMISSION_GRANTED;
      }
    } else {
      ArraySet<String> perms = mSystemPermissions.get(uid);
      if (perms != null) {
        if (perms.contains(permName)) {
          return PackageManager.PERMISSION_GRANTED;
        }
        if (Manifest.permission.ACCESS_COARSE_LOCATION.equals(permName) && perms
            .contains(Manifest.permission.ACCESS_FINE_LOCATION)) {
          return PackageManager.PERMISSION_GRANTED;
        }
      }
    }
  }

  return PackageManager.PERMISSION_DENIED;
}

checkUidPermission首先根據(jù)userId從PMS的配置對(duì)象中取到SettingBase,然后取到用戶對(duì)應(yīng)的PermissionsState，再通過(guò)permissionsState的hasPermission判斷是否有該權(quán)限。

//檢測(cè)權(quán)限
public boolean hasPermission(String name, int userId) {
  enforceValidUserId(userId);

  if (mPermissions == null) {
    return false;
  }
  //取到權(quán)限對(duì)應(yīng)的PermissionData
  PermissionData permissionData = mPermissions.get(name);
  //通過(guò)isGranted來(lái)判斷
  return permissionData != null && permissionData.isGranted(userId);
}

從PermissionsState的權(quán)限列表中取到PermissionData，通過(guò)PermissionData的PermissionState對(duì)象的mGranted成員就知道權(quán)限是否分配了。

總結(jié)

在Android6.0之前的版本中，應(yīng)用在安裝的時(shí)候會(huì)將manifest中request的權(quán)限(即通過(guò)申請(qǐng)的權(quán)限)添加到Package對(duì)象的PackageSetting中，PMS為每個(gè)安裝的app創(chuàng)建一個(gè)Package對(duì)象，這個(gè)是在安裝過(guò)程中創(chuàng)建的，同時(shí)在安裝過(guò)程中也會(huì)為每個(gè)app創(chuàng)建一個(gè)PackageSetting對(duì)象，并將其保存在Package對(duì)象的mExtra中，在PackageSetting內(nèi)部保存了應(yīng)用的簽名信息和授予的權(quán)限列表，實(shí)際上PackageSetting本身就是繼承自GrantedPermissions類，這個(gè)類從名字看就知道它負(fù)責(zé)已授權(quán)的permission。應(yīng)用中授權(quán)的權(quán)限在安裝完成后會(huì)將應(yīng)用的信息(包括了權(quán)限，簽名和應(yīng)用的基本信息等)寫(xiě)入到pacakge.xml文件中，這樣下次系統(tǒng)啟動(dòng)就可以通過(guò)讀取該文件獲取應(yīng)用的授權(quán)信息。

在Aandroid6.0之后，google為了防止應(yīng)用濫用權(quán)限對(duì)權(quán)限的授予進(jìn)行了收縮，將危險(xiǎn)的權(quán)限授予過(guò)程交給用戶來(lái)決定，為了適應(yīng)這樣的變化，必須要將安裝權(quán)限和運(yùn)行時(shí)權(quán)限進(jìn)行區(qū)分處理，安裝權(quán)限保持原有的邏輯不變，對(duì)于動(dòng)態(tài)權(quán)限的分配必然要對(duì)PackageSetting進(jìn)行一個(gè)大手術(shù)，在Android6.0中PackageSetting不再繼承自GrantedPermissions，而是繼承自于SettingBase，它的內(nèi)部也比以前復(fù)雜了一些，簡(jiǎn)單來(lái)說(shuō)它內(nèi)部維護(hù)了一個(gè)PermissionsState，它負(fù)責(zé)管理應(yīng)用的權(quán)限，因此它內(nèi)部存放著應(yīng)用的授權(quán)的權(quán)限列表(實(shí)際上是一個(gè)ArrayMap<String, PermissionData>)，以及權(quán)限組對(duì)應(yīng)的gids，此時(shí)的權(quán)限不再是僅僅是一個(gè)String，而是一個(gè)PermissionData，而PermissionData內(nèi)部持有PermissionState即permission的狀態(tài)，可以看到最終我們還是通過(guò)改變PermissionData的PermissionState來(lái)達(dá)到動(dòng)態(tài)授權(quán)的目的。另外授予的動(dòng)態(tài)權(quán)限最終會(huì)保存在runtime-permission.xml中。

到此這篇關(guān)于Android6.0 動(dòng)態(tài)權(quán)限機(jī)制深入講解的文章就介紹到這了,更多相關(guān)Android6.0動(dòng)態(tài)權(quán)限機(jī)制內(nèi)容請(qǐng)搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家！

您可能感興趣的文章: