Android Marshmallow, “dangerous” protection level and system components/apps

我怕爱的太早我们不能终老 提交于 2019-12-02 19:40:06

Quoting the release notes for the 2nd M preview:

Apps included in the system image are no longer granted dangerous permissions automatically. All apps should check for and request permissions at runtime.

That fits with what I recall seeing when I first used the stock Camera app on a Nexus 5 with the final(?) 6.0 preview firmware — it too asked for the runtime permission.

So, AFAIK, system apps have to ask for runtime permissions, as do non-system apps.

Gracie

After a lot of digging and debugging, I finally found some clue of granting runtime permission on marshmallow for system app, with a lot of inspirations in this stackoverflow ticket.

The key logic is in DefaultPermissionGrantPolicy. After systemReady, PackageManagerService checks if this user's default runtime permissions are not set yet(i.e. this is a new user), if so, PackageManagerService calls DefaultPermissionGrantPolicy.grantDefaultPermissions() to check/grant permissions:

public void grantDefaultPermissions(int userId) {
    grantPermissionsToSysComponentsAndPrivApps(userId);
    grantDefaultSystemHandlerPermissions(userId);
}

There are two cases that your built-in app may be automatically granted with runtime permission.

A> grantPermissionsToSysComponentsAndPrivApps -> will grant runtime permission with FLAG_PERMISSION_SYSTEM_FIXED and FLAG_PERMISSION_GRANTED_BY_DEFAULT.

  • if your system app has uid<10000, you will be granted with permissions for your user group.
  • if your system app fits all below conditions, it will be granted the permissions.

    1. is a privilegedApp (under /system/priv-app/)
    2. is persistent (android:persistent="true")
    3. signed with platform signature.

B> grantDefaultSystemHandlerPermissions -> will grant runtime permission with FLAG_PERMISSION_GRANTED_BY_DEFAULT .

  • If your app is considered as a "default platform handler app", (i.e. your app is "expected to work out-of-the-box", like camera, dialer, SMS, calendar .etc, you can read more in method grantDefaultSystemHandlerPermissions()).

Other than that, your system application needs to ask user for granting dangerous permission, as long as it has targetSdk set to 23.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!