需求是这样的,客户要求提供系统的接口来控制apk的安装和卸载,接口如下
boolean setAppInstallationPolicies(int mode, String[] appPackageNames) mode:应用名单类型 0:黑名单(应用包名列表中的所有项都不允许安装); 1:白名单(只允许安装应用包名列表中的项)。 appPackageNames:应用包名列表。当appPackageNames为空时,取消所有已设定的应用。 成功返回true;失败返回false。 String[] getAppInstallationPolicies() 返回值为当前应用安装管控状态 string[0]:功能模式,参见setAppInstallationPolicies方法的mode参数。 string[1]至string[n-1]:应用包名列表。 boolean setAppUninstallationPolicies(int mode, String[] appPackageNames) mode:应用名单类型 0:黑名单(应用包名列表中的所有项均强制卸载); 1:白名单(应用包名列表中的所有项禁止卸载)。 appPackageNames:应用包名列表。当appPackageNames为空时,取消所有已设定的应用。 成功返回true;失败返回false。 String[] getAppUninstallationPolicies() 返回值为当前应用卸载管控状态 string[0]:功能模式,参见setAppUninstallationPolicies方法的mode参数。 string[1]至string[n-1]:应用包名列表。
android版本为9.0,首先想到的是在系统里面添加一个自己的service,分别在frameworks/base/core/java/android/app/添加IPolicyManager.aidl,frameworks/base/services/core/java/com/android/server/添加PolicyManagerService.java,在frameworks/base/添加policy/java/ga/mdm/PolicyManager.java,内容如下
package android.app; /** {@hide} */ interface IPolicyManager { boolean setAppInstallationPolicies(int mode,inout String[] appPackageNames); String[] getAppInstallationPolicies(); boolean setAppUninstallationPolicies(int mode,inout String[] appPackageNames); String[] getAppUninstallationPolicies(); }
package com.android.server; import android.content.Context; import android.content.Intent; import android.content.IntentFilter; import android.os.ServiceManager; import android.os.SystemProperties; import android.provider.Settings; import android.util.Slog; import java.lang.reflect.Field; import java.util.ArrayList; import android.app.IPolicyManager; import android.net.wifi.WifiManager; import android.content.pm.PackageManager; import android.app.ActivityManager; import android.content.pm.IPackageDataObserver; public class PolicyManagerService extends IPolicyManager.Stub { private final String TAG = "PolicyManagerService"; private Context mContext; private String[] mAppPackageNames = null; private String[] mAppUninstallPackageNames = null; public PolicyManagerService(Context context) { mContext = context; } @Override public boolean setAppInstallationPolicies(int mode, String[] appPackageNames){ if(mode==0){ Settings.System.putInt(mContext.getContentResolver(),"customer_app_status", 0); }else if(mode==1){ Settings.System.putInt(mContext.getContentResolver(),"customer_app_status", 1); }else{ return false; } mAppPackageNames = appPackageNames; return true; } @Override public String[] getAppInstallationPolicies(){ return mAppPackageNames; } @Override public boolean setAppUninstallationPolicies(int mode,String[] appPackageNames){ if(mode==0){ Settings.System.putInt(mContext.getContentResolver(),"customer_appuninstall_status", 0); }else if(mode==1){ Settings.System.putInt(mContext.getContentResolver(),"customer_appuninstall_status", 1); }else{ return false; } mAppUninstallPackageNames = appPackageNames; return true; } @Override public String[] getAppUninstallationPolicies(){ return mAppUninstallPackageNames; } }
package ga.mdm; import android.util.Slog; import android.os.RemoteException; import android.content.Context; import android.app.IPolicyManager; public class PolicyManager { private final String TAG = "PolicyManager"; Context mContext; private final IPolicyManager mService; public PolicyManager(Context context,IPolicyManager mService) { mContext = context; this.mService = mService; } public boolean setAppInstallationPolicies(int mode,String[] appPackageNames){ try { return mService.setAppInstallationPolicies(mode,appPackageNames); } catch (RemoteException ex) { ex.printStackTrace(); return false; } } public String[] getAppInstallationPolicies(){ try { return mService.getAppInstallationPolicies(); } catch (RemoteException ex) { ex.printStackTrace(); return null; } } public boolean setAppUninstallationPolicies(int mode,String[] appPackageNames){ try { return mService.setAppUninstallationPolicies(mode,appPackageNames); } catch (RemoteException ex) { ex.printStackTrace(); return false; } } public String[] getAppUninstallationPolicies(){ try { return mService.getAppUninstallationPolicies(); } catch (RemoteException ex) { ex.printStackTrace(); return null; } } }
同时在frameworks/base/policy/添加Android.mk
# Copyright (C) 2014 The Android Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. LOCAL_PATH := $(call my-dir) # Build the java code # ============================================================ include $(CLEAR_VARS) LOCAL_AIDL_INCLUDES := $(LOCAL_PATH)/java LOCAL_SRC_FILES := $(call all-java-files-under, java) \ $(call all-Iaidl-files-under, java) \ $(call all-logtags-files-under, java) LOCAL_JAVA_LIBRARIES := services LOCAL_MODULE := policy include $(BUILD_JAVA_LIBRARY) include $(call all-makefiles-under,$(LOCAL_PATH))
这里为什么将PolicyManager.java单独出来,因为PolicyManager.java是提供给客户用的,单独生成一个jar包,客户只需要使用policy.jar就可以调用,同时需要添加
--- frameworks/base/Android.bp (revision 221) +++ frameworks/base/Android.bp (working copy) @@ -46,7 +46,8 @@ "wifi/java/**/*.java", "keystore/java/**/*.java", "rs/java/**/*.java", - + "policy/java/**/*.java", + ":framework-javastream-protos", "core/java/android/accessibilityservice/IAccessibilityServiceConnection.aidl", @@ -105,6 +106,7 @@ "core/java/android/app/usage/ICacheQuotaService.aidl", "core/java/android/app/usage/IStorageStatsManager.aidl", "core/java/android/app/usage/IUsageStatsManager.aidl", + "core/java/android/app/IPolicyManager.aidl", ":libbluetooth-binder-aidl", "core/java/android/content/IClipboard.aidl", "core/java/android/content/IContentService.aidl",
将路径添加到,否则不会编译
-- build/make/core/pathmap.mk (revision 221) +++ build/make/core/pathmap.mk (working copy) @@ -83,6 +83,7 @@ lowpan \ keystore \ rs \ + policy \ )
添加模块
--- build/make/target/product/base.mk (revision 221) +++ build/make/target/product/base.mk (working copy) @@ -142,7 +142,8 @@ traced_probes \ vdc \ vold \ - wm + wm \ + policy
添加注册服务的代码
--- frameworks/base/core/java/android/content/Context.java (revision 221) +++ frameworks/base/core/java/android/content/Context.java (working copy) @@ -4198,6 +4198,9 @@ * @see #getSystemService(String) */ public static final String CROSS_PROFILE_APPS_SERVICE = "crossprofileapps"; + + + public static final String POLICY_SERVICE = "policy";
+import ga.mdm.PolicyManager; + /** * Manages all of the system services that can be returned by {@link Context#getSystemService}. * Used by {@link ContextImpl}. @@ -982,6 +984,15 @@ return new VrManager(IVrManager.Stub.asInterface(b)); } }); + + registerService(Context.POLICY_SERVICE, PolicyManager.class, + new CachedServiceFetcher<PolicyManager>() { + @Override + public PolicyManager createService(ContextImpl ctx) { + IBinder b = ServiceManager.getService(Context.POLICY_SERVICE); + IPolicyManager service = IPolicyManager.Stub.asInterface(b); + return new PolicyManager(ctx, service); + }});
+import com.android.server.PolicyManagerService; + public final class SystemServer { private static final String TAG = "SystemServer"; @@ -1287,7 +1289,14 @@ } traceEnd(); } - + + try { + Slog.i(TAG, "ClassMonitor Service is create"); + ServiceManager.addService(Context.POLICY_SERVICE, new PolicyManagerService(context)); + } catch (Throwable e) { + reportWtf("starting ClassMonitorService", e); + }
还需要添加selinux权限
--- system/sepolicy/Android.mk (revision 221) +++ system/sepolicy/Android.mk (working copy) @@ -244,10 +244,10 @@ ifneq ($(with_asan),true) ifneq ($(SELINUX_IGNORE_NEVERALLOWS),true) -LOCAL_REQUIRED_MODULES += \ - sepolicy_tests \ - treble_sepolicy_tests_26.0 \ - treble_sepolicy_tests_27.0 \ +#LOCAL_REQUIRED_MODULES += \ +# sepolicy_tests \ +# treble_sepolicy_tests_26.0 \ +# treble_sepolicy_tests_27.0 \ endif endif Index: system/sepolicy/prebuilts/api/26.0/nonplat_sepolicy.cil =================================================================== --- system/sepolicy/prebuilts/api/26.0/nonplat_sepolicy.cil (revision 221) +++ system/sepolicy/prebuilts/api/26.0/nonplat_sepolicy.cil (working copy) @@ -135,6 +135,8 @@ (typeattributeset hal_wifi_supplicant_server (hal_wifi_supplicant_default)) (typeattribute adbd_26_0) (roletype object_r adbd_26_0) +(typeattribute policy_service_26_0) +(roletype object_r policy_service_26_0) (typeattribute audioserver_26_0) (roletype object_r audioserver_26_0) (typeattribute blkid_26_0) Index: system/sepolicy/prebuilts/api/27.0/nonplat_sepolicy.cil =================================================================== --- system/sepolicy/prebuilts/api/27.0/nonplat_sepolicy.cil (revision 221) +++ system/sepolicy/prebuilts/api/27.0/nonplat_sepolicy.cil (working copy) @@ -267,6 +267,8 @@ (typeattributeset hal_wifi_supplicant_server (hal_wifi_supplicant_default)) (typeattribute adbd_27_0) (roletype object_r adbd_27_0) +(typeattribute policy_service_26_0) +(roletype object_r policy_service_26_0) (typeattribute adbd_exec_27_0) (roletype object_r adbd_exec_27_0) (typeattribute audioserver_27_0) Index: system/sepolicy/prebuilts/api/28.0/private/app_neverallows.te =================================================================== --- system/sepolicy/prebuilts/api/28.0/private/app_neverallows.te (revision 221) +++ system/sepolicy/prebuilts/api/28.0/private/app_neverallows.te (working copy) @@ -128,7 +128,6 @@ proc_stat proc_swaps proc_uptime - proc_version proc_vmallocinfo proc_vmstat }:file { no_rw_file_perms no_x_file_perms }; Index: system/sepolicy/prebuilts/api/28.0/private/compat/26.0/26.0.cil =================================================================== --- system/sepolicy/prebuilts/api/28.0/private/compat/26.0/26.0.cil (revision 221) +++ system/sepolicy/prebuilts/api/28.0/private/compat/26.0/26.0.cil (working copy) @@ -15,6 +15,7 @@ (type rild) (typeattributeset accessibility_service_26_0 (accessibility_service)) +(typeattributeset policy_service_26_0 (policy_service)) (typeattributeset account_service_26_0 (account_service)) (typeattributeset activity_service_26_0 (activity_service)) (typeattributeset adbd_26_0 (adbd)) Index: system/sepolicy/prebuilts/api/28.0/private/compat/27.0/27.0.cil =================================================================== --- system/sepolicy/prebuilts/api/28.0/private/compat/27.0/27.0.cil (revision 221) +++ system/sepolicy/prebuilts/api/28.0/private/compat/27.0/27.0.cil (working copy) @@ -718,6 +718,7 @@ (expandtypeattribute (zygote_exec_27_0) true) (expandtypeattribute (zygote_socket_27_0) true) (typeattributeset accessibility_service_27_0 (accessibility_service)) +(typeattributeset policy_service_27_0 (policy_service)) (typeattributeset account_service_27_0 (account_service)) (typeattributeset activity_service_27_0 (activity_service)) (typeattributeset adbd_27_0 (adbd)) Index: system/sepolicy/prebuilts/api/28.0/private/service_contexts =================================================================== --- system/sepolicy/prebuilts/api/28.0/private/service_contexts (revision 221) +++ system/sepolicy/prebuilts/api/28.0/private/service_contexts (working copy) @@ -186,3 +186,4 @@ wifirtt u:object_r:rttmanager_service:s0 window u:object_r:window_service:s0 * u:object_r:default_android_service:s0 +policy u:object_r:policy_service:s0 Index: system/sepolicy/prebuilts/api/28.0/private/system_server.te =================================================================== --- system/sepolicy/prebuilts/api/28.0/private/system_server.te (revision 221) +++ system/sepolicy/prebuilts/api/28.0/private/system_server.te (working copy) @@ -806,7 +806,7 @@ # Do not allow opening files from external storage as unsafe ejection # could cause the kernel to kill the system_server. neverallow system_server sdcard_type:dir { open read write }; -neverallow system_server sdcard_type:file rw_file_perms; +# neverallow system_server sdcard_type:file rw_file_perms; # system server should never be operating on zygote spawned app data # files directly. Rather, they should always be passed via a Index: system/sepolicy/prebuilts/api/28.0/public/service.te =================================================================== --- system/sepolicy/prebuilts/api/28.0/public/service.te (revision 221) +++ system/sepolicy/prebuilts/api/28.0/public/service.te (working copy) @@ -32,6 +32,7 @@ type virtual_touchpad_service, service_manager_type; type vold_service, service_manager_type; type vr_hwc_service, service_manager_type; +type policy_service, system_api_service, system_server_service, service_manager_type; # system_server_services broken down type accessibility_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; Index: system/sepolicy/private/app_neverallows.te =================================================================== --- system/sepolicy/private/app_neverallows.te (revision 221) +++ system/sepolicy/private/app_neverallows.te (working copy) @@ -128,7 +128,6 @@ proc_stat proc_swaps proc_uptime - proc_version proc_vmallocinfo proc_vmstat }:file { no_rw_file_perms no_x_file_perms }; Index: system/sepolicy/private/compat/26.0/26.0.cil =================================================================== --- system/sepolicy/private/compat/26.0/26.0.cil (revision 221) +++ system/sepolicy/private/compat/26.0/26.0.cil (working copy) @@ -15,6 +15,7 @@ (type rild) (typeattributeset accessibility_service_26_0 (accessibility_service)) +(typeattributeset policy_service_26_0 (policy_service)) (typeattributeset account_service_26_0 (account_service)) (typeattributeset activity_service_26_0 (activity_service)) (typeattributeset adbd_26_0 (adbd)) Index: system/sepolicy/private/compat/27.0/27.0.cil =================================================================== --- system/sepolicy/private/compat/27.0/27.0.cil (revision 221) +++ system/sepolicy/private/compat/27.0/27.0.cil (working copy) @@ -718,6 +718,7 @@ (expandtypeattribute (zygote_exec_27_0) true) (expandtypeattribute (zygote_socket_27_0) true) (typeattributeset accessibility_service_27_0 (accessibility_service)) +(typeattributeset policy_service_27_0 (policy_service)) (typeattributeset account_service_27_0 (account_service)) (typeattributeset activity_service_27_0 (activity_service)) (typeattributeset adbd_27_0 (adbd)) Index: system/sepolicy/private/service_contexts =================================================================== --- system/sepolicy/private/service_contexts (revision 221) +++ system/sepolicy/private/service_contexts (working copy) @@ -186,3 +186,4 @@ wifirtt u:object_r:rttmanager_service:s0 window u:object_r:window_service:s0 * u:object_r:default_android_service:s0 +policy u:object_r:policy_service:s0 Index: system/sepolicy/private/system_server.te =================================================================== --- system/sepolicy/private/system_server.te (revision 221) +++ system/sepolicy/private/system_server.te (working copy) @@ -806,7 +806,7 @@ # Do not allow opening files from external storage as unsafe ejection # could cause the kernel to kill the system_server. neverallow system_server sdcard_type:dir { open read write }; -neverallow system_server sdcard_type:file rw_file_perms; +# neverallow system_server sdcard_type:file rw_file_perms; # system server should never be operating on zygote spawned app data # files directly. Rather, they should always be passed via a Index: system/sepolicy/public/service.te =================================================================== --- system/sepolicy/public/service.te (revision 221) +++ system/sepolicy/public/service.te (working copy) @@ -32,6 +32,7 @@ type virtual_touchpad_service, service_manager_type; type vold_service, service_manager_type; type vr_hwc_service, service_manager_type; +type policy_service, system_api_service, system_server_service, service_manager_type; # system_server_services broken down type accessibility_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
这样就行了,烧录重新开机使用adb shell service list可以看到添加的service
policy: [android.app.IPolicyManager]
在\out\target\common\obj\JAVA_LIBRARIES\policy_intermediates找到classes.jar,这就是提供给客户用的jar
具体的禁止和卸载方法如下:
禁止安装可以修改PackageManagerService.java,在handleStartCopy方法中添加下面的代码
public void handleStartCopy() throws RemoteException { int ret = PackageManager.INSTALL_SUCCEEDED; // If we're already staged, we've firmly committed to an install location if (origin.staged) { if (origin.file != null) { installFlags |= PackageManager.INSTALL_INTERNAL; installFlags &= ~PackageManager.INSTALL_EXTERNAL; } else { throw new IllegalStateException("Invalid stage location"); } } final boolean onSd = (installFlags & PackageManager.INSTALL_EXTERNAL) != 0; final boolean onInt = (installFlags & PackageManager.INSTALL_INTERNAL) != 0; final boolean ephemeral = (installFlags & PackageManager.INSTALL_INSTANT_APP) != 0; PackageInfoLite pkgLite = null; if (onInt && onSd) { // Check if both bits are set. Slog.w(TAG, "Conflicting flags specified for installing on both internal and external"); ret = PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION; } else if (onSd && ephemeral) { Slog.w(TAG, "Conflicting flags specified for installing ephemeral on external"); ret = PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION; } else { pkgLite = mContainerService.getMinimalPackageInfo(origin.resolvedPath, installFlags, packageAbiOverride); //add by jueme PolicyManager policyManager = (PolicyManager)mContext.getSystemService("policy"); String[] appNames = policyManager.getAppInstallationPolicies(); if(appNames!=null && appNames.length>0){ int app_status = android.provider.Settings.System.getInt(mContext.getContentResolver(),"customer_app_status", -1); Slog.w(TAG,"app_status "+app_status); if(app_status==0){ for (int i = 0; i < appNames.length; i++) { Slog.w(TAG,"appNames 0 "+appNames[i]); if (pkgLite.packageName.equals(appNames[i])){ ret = PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION; break; } } }else if(app_status==1){ for (int i = 0; i < appNames.length; i++) { Slog.w(TAG,"appNames 1 "+appNames[i]); if (pkgLite.packageName.equals(appNames[i])){ ret = PackageManager.INSTALL_SUCCEEDED; break; }else{ ret = PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION; } } } } //add end
这样在安装时候就会报安装位置不对的信息。
接着是禁止卸载,在PackageInstallerService.java的uninstall添加下面的方法。
@Override public void uninstall(VersionedPackage versionedPackage, String callerPackageName, int flags, IntentSender statusReceiver, int userId) throws RemoteException { //add by jueme PolicyManager policyManager = (PolicyManager)mContext.getSystemService("policy"); String[] appNames = policyManager.getAppUninstallationPolicies(); if(appNames!=null && appNames.length>0){ int appuninstall_status = android.provider.Settings.System.getInt(mContext.getContentResolver(),"customer_appuninstall_status", -1); Slog.w(TAG,"appuninstall_status "+appuninstall_status+" mInstallerPackageName "+versionedPackage.getPackageName()); boolean isUninstall = true;//默认都是可卸载 if(appuninstall_status==0){ for (int i = 0; i < appNames.length; i++) { if (versionedPackage.getPackageName().equals(appNames[i])){ isUninstall = true; break; }else{ isUninstall = false; } } if(!isUninstall){ return; } }else if(appuninstall_status==1){ //应用包名列表中的所有项禁止卸载 for (int i = 0; i < appNames.length; i++) { if (versionedPackage.getPackageName().equals(appNames[i])){ isUninstall = false; break; }else{ isUninstall = true; } } if(!isUninstall){ return; } } } //add end
到此这篇关于android 禁止第三方apk安装和卸载的方法详解的文章就介绍到这了,更多相关android 禁止第三方apk内容请搜索小牛知识库以前的文章或继续浏览下面的相关文章希望大家以后多多支持小牛知识库!
本文向大家介绍Android编程之软件的安装和卸载方法,包括了Android编程之软件的安装和卸载方法的使用技巧和注意事项,需要的朋友参考一下 本文实例讲述了Android编程之软件的安装和卸载方法。分享给大家供大家参考,具体如下: 安装:从sdcard 或者 安装或升级 从网络 需要的权限 卸载 希望本文所述对大家Android程序设计有所帮助。
本文向大家介绍PHP使用 Pear 进行安装和卸载包的方法详解,包括了PHP使用 Pear 进行安装和卸载包的方法详解的使用技巧和注意事项,需要的朋友参考一下 本文实例讲述了PHP使用 Pear 进行安装和卸载包的方法。分享给大家供大家参考,具体如下: 安装: 首先运行到php根目录: 输入要安装的包文件名: 使用语法: 回车确认: 如果没有其他意外,显示安装成功。 查看安装的包的信息: 语句:
本文向大家介绍android实现静默安装与卸载的方法,包括了android实现静默安装与卸载的方法的使用技巧和注意事项,需要的朋友参考一下 本文实例讲述了android实现静默安装与卸载的方法。分享给大家供大家参考。具体如下: 方法1:【使用调用接口方法,由于安装卸载应用程序的部分API是隐藏的,所以必须下载Android系统源码,在源码下开发并编译之后使用MM命令编译生成APK文件】 安装、卸载
本文向大家介绍Symfony2安装第三方Bundles实例详解,包括了Symfony2安装第三方Bundles实例详解的使用技巧和注意事项,需要的朋友参考一下 本文实例讲述了Symfony2安装第三方Bundles的方法。分享给大家供大家参考,具体如下: 大多数的Bundles都提了安装的介绍,下面来介绍基本的安装步骤: 一、添加composer依赖关系 在symfony里,用composer来管
本文向大家介绍Python安装第三方库的3种方法,包括了Python安装第三方库的3种方法的使用技巧和注意事项,需要的朋友参考一下 【方法一】: 通过setuptools来安装python模块 首先下载 http://peak.telecommunity.com/dist/ez_setup.py NOTE: 最好下载个setuptools,本人是15.2版本,里面包含了ez_setup 运行 py
本文向大家介绍Python第三方库的安装方法总结,包括了Python第三方库的安装方法总结的使用技巧和注意事项,需要的朋友参考一下 Python 是一门优雅的语言,简洁的语法,强大的功能。当然丰富的第三方库,更能加速开发。那么问题来了,如何安装这些第三方库(包)呢? 安装第三方库的方式其实不多。下面就介绍一些技巧。 源码安装 很多第三方库都是开源的,几乎都可以在github 或者 pypi上找到源