Android的权限机制总结
1 boolean checkCallingPermission(String permission, String func) { 2 // Quick check: if the calling permission is me, it's all okay. 3 if (Binder.getCallingPid() == Process.myPid()) { 4 return true; 5 } 6 7 if (mContext.checkCallingPermission(permission) 8 == PackageManager.PERMISSION_GRANTED) { 9 return true;10 }11 String msg = "Permission Denial: " + func + " from pid="12 + Binder.getCallingPid()13 + ", uid=" + Binder.getCallingUid()14 + " requires " + permission;15 Slog.w(TAG, msg);16 return false;17 }上面函数返回false的时候抛出异常,那么返回true的时候就是权限检查通过了,继续跟进Context.java
1 @Override 2 public int checkPermission(String permission, int pid, int uid) { 3 if (permission == null) { 4 throw new IllegalArgumentException("permission is null"); 5 } 6 7 if (!Process.supportsProcesses()) { 8 return PackageManager.PERMISSION_GRANTED; 9 }10 try {11 return ActivityManagerNative.getDefault().checkPermission(12 permission, pid, uid);13 } catch (RemoteException e) {14 return PackageManager.PERMISSION_DENIED;15 }16 }17 18 @Override19 public int checkCallingPermission(String permission) {20 if (permission == null) {21 throw new IllegalArgumentException("permission is null");22 }23 24 if (!Process.supportsProcesses()) {25 return PackageManager.PERMISSION_GRANTED;26 }27 int pid = Binder.getCallingPid();28 if (pid != Process.myPid()) {29 return checkPermission(permission, pid,30 Binder.getCallingUid());31 }32 return PackageManager.PERMISSION_DENIED;33 }ActivityManagerNative.getDefault() 返回 IActivityManager,拿到ActivityManagerProxy对象的引用
static public IActivityManager getDefault() { if (gDefault != null) { return gDefault; } IBinder b = ServiceManager.getService("activity"); gDefault = asInterface(b); return gDefault; } 找到ActivityManagerNative.java?
public int checkPermission(String permission, int pid, int uid)throws RemoteException { Parcel data = Parcel.obtain(); Parcel reply = Parcel.obtain(); data.writeInterfaceToken(IActivityManager.descriptor); data.writeString(permission); data.writeInt(pid); data.writeInt(uid); mRemote.transact(CHECK_PERMISSION_TRANSACTION, data, reply, 0); reply.readException(); int res = reply.readInt(); data.recycle(); reply.recycle(); return res;}通过Binder机制调用到onTransact
public boolean onTransact(int code, Parcel data, Parcel reply, int flags) throws RemoteException { case CHECK_PERMISSION_TRANSACTION: { data.enforceInterface(IActivityManager.descriptor); String perm = data.readString(); int pid = data.readInt(); int uid = data.readInt(); int res = checkPermission(perm, pid, uid); reply.writeNoException(); reply.writeInt(res); return true; } .................}找到ActivityManagerService.java?
public static IPackageManager getPackageManager() { if (sPackageManager != null) { return sPackageManager; } IBinder b = ServiceManager.getService("package"); sPackageManager = IPackageManager.Stub.asInterface(b); return sPackageManager; }?转到PackageManagerService.java
public int checkUidPermission(String permName, int uid) { synchronized (mPackages) { Object obj = mSettings.getUserIdLP(uid); if (obj != null) { GrantedPermissions gp = (GrantedPermissions)obj; if (gp.grantedPermissions.contains(permName)) { return PackageManager.PERMISSION_GRANTED; } } else { HashSet<String> perms = mSystemPermissions.get(uid); if (perms != null && perms.contains(permName)) { return PackageManager.PERMISSION_GRANTED; } } } return PackageManager.PERMISSION_DENIED; }?