WebView is not allowed in privileged processes

1、现象

		最近客户提出一个问题，应用使用webview加载网页时，提示“For security reasons, WebView is not allowed in privileged processes”，然后网页无法加载。

2、分析

	通过该提示，在源码中找到了报出该提示的所在之处。出于安全考虑，谷歌在Android8开始，不允许在拥有系统权限的应用中使用 WebView。路径：***\SC200E_AP/QCM2290_Android12.0_R02_r004/QSSI12/frameworks/base/core/java/android/webkit/WebViewFactory.java如下图：

@UnsupportedAppUsagestatic WebViewFactoryProvider getProvider() {synchronized (sProviderLock) {// For now the main purpose of this function (and the factory abstraction) is to keep// us honest and minimize usage of WebView internals when binding the proxy.if (sProviderInstance != null) return sProviderInstance;sTimestamps.mWebViewLoadStart = SystemClock.uptimeMillis();final int uid = android.os.Process.myUid();if (uid == android.os.Process.ROOT_UID /* || uid == android.os.Process.SYSTEM_UID */|| uid == android.os.Process.PHONE_UID || uid == android.os.Process.NFC_UID|| uid == android.os.Process.BLUETOOTH_UID) {throw new UnsupportedOperationException("For security reasons, WebView is not allowed in privileged processes");}if (!isWebViewSupported()) {// Device doesn't support WebView; don't try to load it, just throw.throw new UnsupportedOperationException();}

在安全检查时，客户应用里面添加了android:sharedUserId=“android.uid.system”，导致报出了该异常。

3、解决

	因为客户应用要预装为系统应用，所以android:sharedUserId="android.uid.system"不能删去。故直接在源码中，注释掉了|| uid == android.os.Process.SYSTEM_UID该判断。其他方法：可以在使用webview的activity中，添加以下代码：

@SuppressLint("SoonBlockedPrivateApi")public static void hookWebView(){int sdkInt = Build.VERSION.SDK_INT;try {Class<?> factoryClass = Class.forName("android.webkit.WebViewFactory");Field field = factoryClass.getDeclaredField("sProviderInstance");field.setAccessible(true);Object sProviderInstance = field.get(null);if (sProviderInstance != null) {Log.i(TAG,"sProviderInstance isn't null");return;}Method getProviderClassMethod;if (sdkInt > 22) {getProviderClassMethod = factoryClass.getDeclaredMethod("getProviderClass");} else if (sdkInt == 22) {getProviderClassMethod = factoryClass.getDeclaredMethod("getFactoryClass");} else {Log.i(TAG,"Don't need to Hook WebView");return;}getProviderClassMethod.setAccessible(true);Class<?> factoryProviderClass = (Class<?>) getProviderClassMethod.invoke(factoryClass);Class<?> delegateClass = Class.forName("android.webkit.WebViewDelegate");Constructor<?> delegateConstructor = delegateClass.getDeclaredConstructor();delegateConstructor.setAccessible(true);if(sdkInt < 26){//低于Android O版本Constructor<?> providerConstructor = factoryProviderClass.getConstructor(delegateClass);if (providerConstructor != null) {providerConstructor.setAccessible(true);sProviderInstance = providerConstructor.newInstance(delegateConstructor.newInstance());}} else {@SuppressLint("SoonBlockedPrivateApi") Field chromiumMethodName = factoryClass.getDeclaredField("CHROMIUM_WEBVIEW_FACTORY_METHOD");chromiumMethodName.setAccessible(true);String chromiumMethodNameStr = (String)chromiumMethodName.get(null);if (chromiumMethodNameStr == null) {chromiumMethodNameStr = "create";}Method staticFactory = factoryProviderClass.getMethod(chromiumMethodNameStr, delegateClass);if (staticFactory!=null){sProviderInstance = staticFactory.invoke(null, delegateConstructor.newInstance());}}if (sProviderInstance != null){field.set("sProviderInstance", sProviderInstance);Log.i(TAG,"Hook success!");} else {Log.i(TAG,"Hook failed!");}} catch (Throwable e) {Log.w(TAG,e);}}

注意：hookWebView();方法要放在setContentView前面。

因为时间的关系，在源码中修改时，我是直接注释掉了判断，有点一刀切。应该会有其他方法，比如根据包名跳过该检查等。