[高通SDM450][Android9.0]CTA认证--Android6.0以下应用默认不授权

文章目录

- 开发平台基本信息
- 问题描述
- 解决方法

开发平台基本信息

芯片: SDM450
版本: Android 9.0
kernel: msm-4.9

问题描述

设备在进行入网认证的时候，实验室要求应用在使用特殊权限的时候，需要告知用户，要用户授权才能使用相应的权限；而Android的动态申请权限是6.0才有的，也就是说，如果应用把sdk版本设置为6.0以下，那么应用则不需要动态申请权限就能默认获得AndroidManifest.xml里面配置的权限；这在入网实验室的不允许的，虽然低版本的应用不会申请授权，但是实验室要求默认不给低版本的应用授权，让用户在设置的应用中手动授权即可。所以，要解决这个问题，就是去掉限制Android6.0的这个条件，让所有版本的应用都需要动态申请权限。

解决方法

diff --git a/frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java b/frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
index 95b1a3a8a6..a0712e25c9 100644
--- a/frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
+++ b/frameworks/base/services/core/java/com/android/server/pm/PackageInstallerService.java
@@ -426,6 +426,7 @@ public class PackageInstallerService extends IPackageInstaller.Stub {// caller.if (mContext.checkCallingOrSelfPermission(Manifest.permission.INSTALL_PACKAGES) !=PackageManager.PERMISSION_GRANTED) {
+                mAppOps = mContext.getSystemService(AppOpsManager.class);mAppOps.checkPackage(callingUid, installerPackageName);}diff --git a/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java b/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
index 3de4fc27b3..36b4f52fb9 100755
--- a/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -19548,8 +19548,7 @@ public class PackageManagerService extends IPackageManager.Stub// If permission review is enabled and this is a legacy app, mark the// permission as requiring a review as this is the initial state.int flags = 0;
-            if (mSettings.mPermissions.mPermissionReviewRequired
-                    && ps.pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) {
+            if (mSettings.mPermissions.mPermissionReviewRequired) {flags |= FLAG_PERMISSION_REVIEW_REQUIRED;}if (permissionsState.updatePermissionFlags(bp, userId, userSettableMask, flags)) {
diff --git a/frameworks/base/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/frameworks/base/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index c51a72406b..b203e3805a 100644
--- a/frameworks/base/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/frameworks/base/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -716,8 +716,7 @@ public class PermissionManagerService {for (int i = 0; i < N; i++) {final String permName = pkg.requestedPermissions.get(i);final BasePermission bp = mSettings.getPermissionLocked(permName);
-                final boolean appSupportsRuntimePermissions =
-                        pkg.applicationInfo.targetSdkVersion >= Build.VERSION_CODES.M;
+                final boolean appSupportsRuntimePermissions =false;if (DEBUG_INSTALL) {Log.i(TAG, "Package " + pkg.packageName + " checking " + permName + ": " + bp);
@@ -767,10 +766,7 @@ public class PermissionManagerService {// their permissions as always granted runtime ones since we need// to keep the review required permission flag per user while an// install permission's state is shared across all users.
-                    if (!appSupportsRuntimePermissions && !mSettings.mPermissionReviewRequired) {
-                        // For legacy apps dangerous permissions are install time ones.
-                        grant = GRANT_INSTALL;
-                    } else if (origPermissions.hasInstallPermission(bp.getName())) {
+                    if (origPermissions.hasInstallPermission(bp.getName())) {// For legacy apps that became modern, install becomes runtime.grant = GRANT_UPGRADE;} else if (isLegacySystemApp) {
@@ -1186,14 +1182,6 @@ public class PermissionManagerService {}}if (!allowed) {
-            if (!allowed
-                    && bp.isPre23()
-                    && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) {
-                // If this was a previously normal/dangerous permission that got moved
-                // to a system permission as part of the runtime permission redesign, then
-                // we still want to blindly grant it to old apps.
-                allowed = true;
-            }if (!allowed && bp.isInstaller()&& pkg.packageName.equals(mPackageManagerInt.getKnownPackageName(PackageManagerInternal.PACKAGE_INSTALLER, UserHandle.USER_SYSTEM))) {
@@ -1256,9 +1244,9 @@ public class PermissionManagerService {}// Permission review applies only to apps not supporting the new permission model.
-        if (pkg.applicationInfo.targetSdkVersion >= Build.VERSION_CODES.M) {
-            return false;
-        }
+        //if (pkg.applicationInfo.targetSdkVersion >= Build.VERSION_CODES.M) {
+        //    return false;
+        //}// Legacy apps have the permission and get user consent on launch.if (pkg == null || pkg.mExtras == null) {
@@ -1408,7 +1396,7 @@ public class PermissionManagerService {// to keep the review required permission flag per user while an// install permission's state is shared across all users.if (mSettings.mPermissionReviewRequired
-                && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
+                //&& pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M&& bp.isRuntime()) {return;}
@@ -1445,10 +1433,10 @@ public class PermissionManagerService {+ permName + " for package " + packageName);}-        if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) {
-            Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
-            return;
-        }
+        //if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) {
+        //    Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
+        //    return;
+        //}final int result = permissionsState.grantRuntimePermission(bp, userId);switch (result) {
@@ -1529,7 +1517,7 @@ public class PermissionManagerService {// to keep the review required permission flag per user while an// install permission's state is shared across all users.if (mSettings.mPermissionReviewRequired
-                && pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
+                //&& pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M&& bp.isRuntime()) {return;}
diff --git a/packages/apps/PackageInstaller/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java b/packages/apps/PackageInstaller/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
index aafce8df54..620a57a29b 100644
--- a/packages/apps/PackageInstaller/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
+++ b/packages/apps/PackageInstaller/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
@@ -209,8 +209,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>mUserHandle = userHandle;mPackageManager = mContext.getPackageManager();mPackageInfo = packageInfo;
-        mAppSupportsRuntimePermissions = packageInfo.applicationInfo
-                .targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1;
+        mAppSupportsRuntimePermissions = true;mIsEphemeralApp = packageInfo.applicationInfo.isInstantApp();mAppOps = context.getSystemService(AppOpsManager.class);mActivityManager = context.getSystemService(ActivityManager.class);
@@ -407,6 +406,8 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>} else {// Legacy apps cannot have a not granted permission but just in case.if (!permission.isGranted()) {
+                    mPackageManager.grantRuntimePermission(mPackageInfo.packageName,
+                         permission.getName(), mUserHandle);continue;}