Android 11 禁止从SD卡上安装第三方应用
禁止安装第三方应用
找到负责安装app的类:
./frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
修改日志变量,打印日志,顺着日志看流程:
public static final boolean DEBUG_INSTALL = true;
05-28 09:12:12.462 4123 4184 I PackageManager: init_copy: InstallParams{6d90a79 file=/data/app/vmdl366151461.tmp}
05-28 09:12:12.463 4123 4184 I PackageManager: startCopy UserHandle{0}: InstallParams{6d90a79 file=/data/app/vmdl366151461.tmp}
05-28 09:12:12.549 4123 4184 I PackageManager: Integrity check passed for file:///data/app/vmdl366151461.tmp
05-28 09:12:14.880 4123 4184 D PackageManager: /data/app/vmdl366151461.tmp already staged; skipping copy
05-28 09:12:14.881 4123 4184 D PackageManager: installPackageLI: path=/data/app/vmdl366151461.tmp
05-28 09:12:15.023 4123 4184 D PackageManager: Renaming /data/app/vmdl366151461.tmp to /data/app/~~2rk1hOBIh8fnqGdBKDN00Q==/sogo.app-EhY7mM0vfr2P2-UgsmKeFg==
05-28 09:12:15.043 4123 4184 D PackageManager: installNewPackageLI: Package{549c800 sogo.app}
05-28 09:12:15.053 4123 4184 D PackageManager: New package installed in /data/app/~~2rk1hOBIh8fnqGdBKDN00Q==/sogo.app-EhY7mM0vfr2P2-UgsmKeFg==
05-28 09:12:15.059 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.ACCESS_COARSE_LOCATION: BasePermission{77b6d9d android.permission.ACCESS_COARSE_LOCATION}
05-28 09:12:15.059 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.ACCESS_FINE_LOCATION: BasePermission{aa173c8 android.permission.ACCESS_FINE_LOCATION}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.NFC: BasePermission{4c4e26c android.permission.NFC}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.CAMERA: BasePermission{c0382df android.permission.CAMERA}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.INTERNET: BasePermission{14c986f android.permission.INTERNET}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.ACCESS_NETWORK_STATE: BasePermission{9e8869b android.permission.ACCESS_NETWORK_STATE}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.ACCESS_WIFI_STATE: BasePermission{44ae386 android.permission.ACCESS_WIFI_STATE}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.USE_BIOMETRIC: BasePermission{7620b96 android.permission.USE_BIOMETRIC}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.USE_FINGERPRINT: BasePermission{a2eeab1 android.permission.USE_FINGERPRINT}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking com.google.android.c2dm.permission.RECEIVE: BasePermission{d8f1227 com.google.android.c2dm.permission.RECEIVE}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.FOREGROUND_SERVICE: BasePermission{9d4af4e android.permission.FOREGROUND_SERVICE}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE: BasePermission{9250b50 com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE}
05-28 09:12:15.060 4123 4184 I PackageManager: Package sogo.app(10132) checking android.permission.RECEIVE_BOOT_COMPLETED: BasePermission{50725a android.permission.RECEIVE_BOOT_COMPLETED}
05-28 09:12:16.440 4123 4184 V PackageManager: restoreAndPostInstall userId=0 package=Package{549c800 sogo.app}
05-28 09:12:16.440 4123 4184 V PackageManager: + starting restore round-trip 1
05-28 09:12:16.441 4123 4184 V PackageManager: token 1 to BM for possible restore for user 0
05-28 09:12:16.443 4123 4184 V PackageManager: BM finishing package install for 1
05-28 09:12:16.443 4123 4184 V PackageManager: Handling post-install for 1
试了adb安装和 sd安装,发现两者的日志打印时差不多的都走了 preparePackageLI()函数,这个函数也做了很多关于app是否能安装的检查。
@GuardedBy("mInstallLock")
private PrepareResult preparePackageLI(InstallArgs args, PackageInstalledInfo res)
throws PrepareFailure {
...
if (DEBUG_INSTALL) Slog.d(TAG, "installPackageLI: path=" + tmpPackageFile);
// Sanity check
if (instantApp && onExternal) {
Slog.i(TAG, "Incompatible ephemeral install; external=" + onExternal);
throw new PrepareFailure(PackageManager.INSTALL_FAILED_INSTANT_APP_INVALID);
}
// Retrieve PackageSettings and parse package
//检索PackageSettings并解析包
@ParseFlags final int parseFlags = mDefParseFlags | PackageParser.PARSE_CHATTY
| PackageParser.PARSE_ENFORCE_CODE
| (onExternal ? PackageParser.PARSE_EXTERNAL_STORAGE : 0);
Trace.traceBegin(TRACE_TAG_PACKAGE_MANAGER, "parsePackage");
ParsedPackage parsedPackage;
try (PackageParser2 pp = new PackageParser2(mSeparateProcesses, false, mMetrics, null,
mPackageParserCallback)) {
parsedPackage = pp.parsePackage(tmpPackageFile, parseFlags, false);
AndroidPackageUtils.validatePackageDexMetadata(parsedPackage);
} catch (PackageParserException e) {
throw new PrepareFailure("Failed parse during installPackageLI", e);
} finally {
Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);
}
// Instant apps have several additional install-time checks.
//即时应用程序还有几个额外的安装时间检查。
if (instantApp) {
if (parsedPackage.getTargetSdkVersion() < Build.VERSION_CODES.O) {
Slog.w(TAG, "Instant app package " + parsedPackage.getPackageName()
+ " does not target at least O");
throw new PrepareFailure(INSTALL_FAILED_INSTANT_APP_INVALID,
"Instant app package must target at least O");
}
if (parsedPackage.getSharedUserId() != null) {
Slog.w(TAG, "Instant app package " + parsedPackage.getPackageName()
+ " may not declare sharedUserId.");
throw new PrepareFailure(INSTALL_FAILED_INSTANT_APP_INVALID,
"Instant app package may not declare a sharedUserId");
}
}
if (parsedPackage.isStaticSharedLibrary()) {
// Static shared libraries have synthetic package names
renameStaticSharedLibraryPackage(parsedPackage);
// No static shared libs on external storage
if (onExternal) {
Slog.i(TAG, "Static shared libs can only be installed on internal storage.");
throw new PrepareFailure(INSTALL_FAILED_INVALID_INSTALL_LOCATION,
"Packages declaring static-shared libs cannot be updated");
}
}
//add start
boolean vito_can_install = true;
if (parsedPackage.getPackageName() != null) {
vito_can_install = false;
}
if (!vito_can_install) {
throw new PrepareFailure(INSTALL_FAILED_INSTANT_APP_INVALID,
"Package " + parsedPackage.getPackageName() + " ,this app are not allow installs.");
}
//add end
String pkgName = res.name = parsedPackage.getPackageName();
if (parsedPackage.isTestOnly()) {
if ((installFlags & PackageManager.INSTALL_ALLOW_TEST) == 0) {
throw new PrepareFailure(INSTALL_FAILED_TEST_ONLY, "installPackageLI");
}
}
...
}
//加了这段代码后打印的日志:
05-28 10:01:37.498 523 566 I PackageManager: init_copy: InstallParams{ac01ca6 file=/data/app/vmdl2059354562.tmp}
05-28 10:01:37.498 523 566 I PackageManager: startCopy UserHandle{0}: InstallParams{ac01ca6 file=/data/app/vmdl2059354562.tmp}
05-28 10:01:37.605 523 566 I PackageManager: Integrity check passed for file:///data/app/vmdl2059354562.tmp
05-28 10:01:39.872 523 566 D PackageManager: /data/app/vmdl2059354562.tmp already staged; skipping copy
05-28 10:01:39.873 523 566 D PackageManager: installPackageLI: path=/data/app/vmdl2059354562.tmp
05-28 10:01:39.895 523 566 W PackageManager: Package sogo.app ,this app are not allow installs.
05-28 10:01:39.955 523 566 V PackageManager: restoreAndPostInstall userId=0 package=null
05-28 10:01:39.955 523 566 V PackageManager: + starting restore round-trip 1
05-28 10:01:39.955 523 566 V PackageManager: No restore - queue post-install for 1
05-28 10:01:39.955 523 566 V PackageManager: Handling post-install for 1
这个功能禁止从SD卡上安装第三方应用,可以搞个白名单,安装写进白名单的app,其它的不让!!!
另外一个角度:
./frameworks/base/packages/PackageInstaller/src/com/android/packageinstaller/PackageInstallerActivity.java
//禁止从SD卡上安装第三方应用
private void checkIfAllowedAndInitiateInstall() {
// Check for install apps user restriction first.
final int installAppsRestrictionSource = mUserManager.getUserRestrictionSource(
UserManager.DISALLOW_INSTALL_APPS, Process.myUserHandle());
if ((installAppsRestrictionSource & UserManager.RESTRICTION_SOURCE_SYSTEM) != 0) {
showDialogInner(DLG_INSTALL_APPS_RESTRICTED_FOR_USER);
return;
} else if (installAppsRestrictionSource != UserManager.RESTRICTION_NOT_SET) {
startActivity(new Intent(Settings.ACTION_SHOW_ADMIN_SUPPORT_DETAILS));
finish();
return;
}
//add start
boolean vito_can_install =true;
Log.e(TAG, "vito_can_install false ="+ mPkgInfo.applicationInfo.packageName);
if(mPkgInfo.applicationInfo.packageName != null){
vito_can_install = false;
}
if(!vito_can_install){
Log.w(TAG, "vito_can_install "+vito_can_install);
setPmResult(PackageManager.INSTALL_FAILED_INVALID_APK);
Toast.makeText(this, "install_failed", Toast.LENGTH_LONG).show();
finish();
return;
}
//add end
...
}
禁止卸载apk
frameworks\base\services\core\java\com\android\server\pm\DeletePackageHelper.java
public int deletePackageX(String packageName, long versionCode, int userId, int deleteFlags,
boolean removedBySystem) {
final PackageRemovedInfo info = new PackageRemovedInfo(mPm);
final boolean res;
mCustomerManager = (SunmiCustomerManager) mPm.mContext.getSystemService("sunmi_customer");
final int removeUser = (deleteFlags & PackageManager.DELETE_ALL_USERS) != 0
? UserHandle.USER_ALL : userId;
//检查用户removeForUser 是否有权限删除该应用,这里做文章
if (mPm.isPackageDeviceAdmin(packageName, removeUser)) {
Slog.w(TAG, "Not removing package " + packageName + ": has active device admin");
return PackageManager.DELETE_FAILED_DEVICE_POLICY_MANAGER;
}
...
限制客户设备只能装2个三方app(Android T)
./frameworks/base/services/core/java/com/android/server/pm/InstallPackageHelper.java
@GuardedBy("mPm.mInstallLock")
private PrepareResult preparePackageLI(InstallArgs args, PackageInstalledInfo res)
throws PrepareFailure {
final int installFlags = args.mInstallFlags;
final File tmpPackageFile = new File(args.getCodePath());
final boolean onExternal = args.mVolumeUuid != null;
final boolean instantApp = ((installFlags & PackageManager.INSTALL_INSTANT_APP) != 0);
final boolean fullApp = ((installFlags & PackageManager.INSTALL_FULL_APP) != 0);
final boolean virtualPreload =
((installFlags & PackageManager.INSTALL_VIRTUAL_PRELOAD) != 0);
final boolean isRollback = args.mInstallReason == PackageManager.INSTALL_REASON_ROLLBACK;
@PackageManagerService.ScanFlags int scanFlags = SCAN_NEW_INSTALL | SCAN_UPDATE_SIGNATURE;
if (args.mMoveInfo != null) {
// moving a complete application; perform an initial scan on the new install location
scanFlags |= SCAN_INITIAL;
}
if ((installFlags & PackageManager.INSTALL_DONT_KILL_APP) != 0) {
scanFlags |= SCAN_DONT_KILL_APP;
}
if (instantApp) {
scanFlags |= SCAN_AS_INSTANT_APP;
}
...
//add text start
int count_t = 0;
for (int i = 0; i < mPm.mPackages.size(); i++) {
String pkg_name = mPm.mPackages.keyAt(i);
PackageSetting pkg_settings = mPm.mSettings.getPackageLPr(pkg_name);
if (pkg_settings.getAndroidPackage() != null) {
if ((pkg_settings.getFlags() & ApplicationInfo.FLAG_SYSTEM) == 0) { //data
count_t += 1;
android.util.Log.d("tag", "pkg_name:" + pkg_name + "---count_t:" + count_t);
if (count_t > 1) {
throw new PrepareFailure(INSTALL_FAILED_ALREADY_EXISTS,
"Only 2 apps can be installed");
}
}
}
}
//add text end
boolean systemApp = false;
boolean replace = false;
synchronized (mPm.mLock) {
// Check if installing already existing package
if ((installFlags & PackageManager.INSTALL_REPLACE_EXISTING) != 0) {
String oldName = mPm.mSettings.getRenamedPackageLPr(pkgName);
...
浙公网安备 33010602011771号