[移动开发]Android-权限-system app/privilege app/signatureOrSystem

PermissionInfo.java - OpenGrok cross reference for /frameworks/base/core/java/android/content/pm/PermissionInfo.java

signatureOrSystem

205      /** @hide */
206      public static int fixProtectionLevel(int level) {
207          if (level == PROTECTION_SIGNATURE_OR_SYSTEM) {
208              level = PROTECTION_SIGNATURE | PROTECTION_FLAG_PRIVILEGED;
209          }
210          return level;
211      }

PackageManagerService.java - OpenGrok cross reference for /frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java

system app

19223      private static boolean isSystemApp(PackageParser.Package pkg) {
19224          return (pkg.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0;
19225      }

19235      private static boolean isSystemApp(PackageSetting ps) {
19236          return (ps.pkgFlags & ApplicationInfo.FLAG_SYSTEM) != 0;
19237      }

如下系统UID会被标记为FLAG_SYSTEM

• android.uid.system
• android.uid.phone
• android.uid.log
• android.uid.nfc
• android.uid.bluetooth
• android.uid.shell

2462          mSettings = new Settings(mPackages);
2463          mSettings.addSharedUserLPw("android.uid.system", Process.SYSTEM_UID,
2464                  ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED);
2465          mSettings.addSharedUserLPw("android.uid.phone", RADIO_UID,
2466                  ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED);
2467          mSettings.addSharedUserLPw("android.uid.log", LOG_UID,
2468                  ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED);
2469          mSettings.addSharedUserLPw("android.uid.nfc", NFC_UID,
2470                  ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED);
2471          mSettings.addSharedUserLPw("android.uid.bluetooth", BLUETOOTH_UID,
2472                  ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED);
2473          mSettings.addSharedUserLPw("android.uid.shell", SHELL_UID,
2474                  ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED);

如下目录APP会被标记为PARSE_IS_SYSTEM

• /vendor/overlay
• /system/framework
• /system/priv-app
• /system/app
• /vendor/app
• /oem/app

备注：如下代码从Android 9之后就没有了，所以，分析的Android 8的代码

2646              // Collect vendor overlay packages. (Do this before scanning any apps.)
2647              // For security and version matching reason, only consider
2648              // overlay packages if they reside in the right directory.
2649              scanDirTracedLI(new File(VENDOR_OVERLAY_DIR), mDefParseFlags
2650                      | PackageParser.PARSE_IS_SYSTEM
2651                      | PackageParser.PARSE_IS_SYSTEM_DIR
2652                      | PackageParser.PARSE_TRUSTED_OVERLAY, scanFlags | SCAN_TRUSTED_OVERLAY, 0);
2653  
2654              mParallelPackageParserCallback.findStaticOverlayPackages();
2655  
2656              // Find base frameworks (resource packages without code).
2657              scanDirTracedLI(frameworkDir, mDefParseFlags
2658                      | PackageParser.PARSE_IS_SYSTEM
2659                      | PackageParser.PARSE_IS_SYSTEM_DIR
2660                      | PackageParser.PARSE_IS_PRIVILEGED,
2661                      scanFlags | SCAN_NO_DEX, 0);
2662  
2663              // Collected privileged system packages.
2664              final File privilegedAppDir = new File(Environment.getRootDirectory(), "priv-app");
2665              scanDirTracedLI(privilegedAppDir, mDefParseFlags
2666                      | PackageParser.PARSE_IS_SYSTEM
2667                      | PackageParser.PARSE_IS_SYSTEM_DIR
2668                      | PackageParser.PARSE_IS_PRIVILEGED, scanFlags, 0);
2669  
2670              // Collect ordinary system packages.
2671              final File systemAppDir = new File(Environment.getRootDirectory(), "app");
2672              scanDirTracedLI(systemAppDir, mDefParseFlags
2673                      | PackageParser.PARSE_IS_SYSTEM
2674                      | PackageParser.PARSE_IS_SYSTEM_DIR, scanFlags, 0);
2675  
2676              // Collect all vendor packages.
2677              File vendorAppDir = new File("/vendor/app");
2678              try {
2679                  vendorAppDir = vendorAppDir.getCanonicalFile();
2680              } catch (IOException e) {
2681                  // failed to look up canonical path, continue with original one
2682              }
2683              scanDirTracedLI(vendorAppDir, mDefParseFlags
2684                      | PackageParser.PARSE_IS_SYSTEM
2685                      | PackageParser.PARSE_IS_SYSTEM_DIR, scanFlags, 0);
2686  
2687              // Collect all OEM packages.
2688              final File oemAppDir = new File(Environment.getOemDirectory(), "app");
2689              scanDirTracedLI(oemAppDir, mDefParseFlags
2690                      | PackageParser.PARSE_IS_SYSTEM
2691                      | PackageParser.PARSE_IS_SYSTEM_DIR, scanFlags, 0);

privilege app

19227      private static boolean isPrivilegedApp(PackageParser.Package pkg) {
19228          return (pkg.applicationInfo.privateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0;
19229      }

如下系统UID会被标记为PRIVATE_FLAG_PRIVILEGED

• android.uid.system
• android.uid.phone
• android.uid.log
• android.uid.nfc
• android.uid.bluetooth
• android.uid.shell

2462 ? ? ? ? ?mSettings = new Settings(mPackages);
2463 ? ? ? ? ?mSettings.addSharedUserLPw("android.uid.system", Process.SYSTEM_UID,
2464 ? ? ? ? ? ? ? ? ?ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED);
2465 ? ? ? ? ?mSettings.addSharedUserLPw("android.uid.phone", RADIO_UID,
2466 ? ? ? ? ? ? ? ? ?ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED);
2467 ? ? ? ? ?mSettings.addSharedUserLPw("android.uid.log", LOG_UID,
2468 ? ? ? ? ? ? ? ? ?ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED);
2469 ? ? ? ? ?mSettings.addSharedUserLPw("android.uid.nfc", NFC_UID,
2470 ? ? ? ? ? ? ? ? ?ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED);
2471 ? ? ? ? ?mSettings.addSharedUserLPw("android.uid.bluetooth", BLUETOOTH_UID,
2472 ? ? ? ? ? ? ? ? ?ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED);
2473 ? ? ? ? ?mSettings.addSharedUserLPw("android.uid.shell", SHELL_UID,
2474 ? ? ? ? ? ? ? ? ?ApplicationInfo.FLAG_SYSTEM, ApplicationInfo.PRIVATE_FLAG_PRIVILEGED);

如下目录APP会被标记为PARSE_IS_PRIVILEGED

• /system/framework
• /system/priv-app

2656              // Find base frameworks (resource packages without code).
2657              scanDirTracedLI(frameworkDir, mDefParseFlags
2658                      | PackageParser.PARSE_IS_SYSTEM
2659                      | PackageParser.PARSE_IS_SYSTEM_DIR
2660                      | PackageParser.PARSE_IS_PRIVILEGED,
2661                      scanFlags | SCAN_NO_DEX, 0);
2662  
2663              // Collected privileged system packages.
2664              final File privilegedAppDir = new File(Environment.getRootDirectory(), "priv-app");
2665              scanDirTracedLI(privilegedAppDir, mDefParseFlags
2666                      | PackageParser.PARSE_IS_SYSTEM
2667                      | PackageParser.PARSE_IS_SYSTEM_DIR
2668                      | PackageParser.PARSE_IS_PRIVILEGED, scanFlags, 0);

参考资料：

Android 权限的一些细节_光着脚丫行一生的专栏-CSDN博客

PackageManagerService.java - OpenGrok cross reference for /frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java

PermissionInfo.java - OpenGrok cross reference for /frameworks/base/core/java/android/content/pm/PermissionInfo.java