单独刷system.img踩坑记录
仇航
单独刷system.img踩坑记录
集成管理出的daily版本使用的签名和本地编译的签名不一致。
基于daily fastboot单刷system.img, 发现报如下权限问题。
01-01 01:31:16.993 3444 3444 D AndroidRuntime: Shutting down VM
01-01 01:31:16.994 3444 3444 E AndroidRuntime: *** FATAL EXCEPTION IN SYSTEM PROCESS: main
01-01 01:31:16.994 3444 3444 E AndroidRuntime: java.lang.IllegalStateException: Signature|privileged permissions not in privapp-permissions whitelist: {com.android.nfc (/system_ext/app/Nfc_st): android.permission.STOP_APP_SWITCHES, com.android.nfc (/system_ext/app/Nfc_st): android.permission.USER_ACTIVITY, com.android.nfc (/system_ext/app/Nfc_st): android.permission.REAL_GET_TASKS, com.android.nfc (/system_ext/app/Nfc_st): android.permission.MASTER_CLEAR, com.android.nfc (/system_ext/app/Nfc_st): android.permission.LOCAL_MAC_ADDRESS, com.android.nfc (/system_ext/app/Nfc_st): android.permission.MANAGE_USERS, com.android.nfc (/system_ext/app/Nfc_st): android.permission.STATUS_BAR, com.android.nfc (/system_ext/app/Nfc_st): android.permission.WRITE_SECURE_SETTINGS, com.android.nfc (/system_ext/app/Nfc_st): android.permission.BLUETOOTH_PRIVILEGED, com.android.nfc (/system_ext/app/Nfc_st): android.permission.START_ACTIVITIES_FROM_BACKGROUND, com.android.nfc (/system_ext/app/Nfc_st): android.permission.DISPATCH_NFC_MESSAGE, com.android.nfc (/system_ext/app/Nfc_st): android.permission.CONNECTIVITY_INTERNAL, com.android.nfc (/system_ext/app/Nfc_st): android.permission.PACKAGE_USAGE_STATS, com.android.nfc (/system_ext/app/Nfc_st): android.permission.OVERRIDE_WIFI_CONFIG, com.android.nfc (/system_ext/app/Nfc_st): android.permission.NFC_HANDOVER_STATUS}
01-01 01:31:16.994 3444 3444 E AndroidRuntime: at com.android.server.pm.permission.PermissionManagerService.systemReady(PermissionManagerService.java:4720)
01-01 01:31:16.994 3444 3444 E AndroidRuntime: at com.android.server.pm.permission.PermissionManagerService.access$500(PermissionManagerService.java:182)
01-01 01:31:16.994 3444 3444 E AndroidRuntime: at com.android.server.pm.permission.PermissionManagerService$PermissionManagerServiceInternalImpl.systemReady(PermissionManagerService.java:4803)
01-01 01:31:16.994 3444 3444 E AndroidRuntime: at com.android.server.pm.PackageManagerService.systemReady(PackageManagerService.java:22150)
01-01 01:31:16.994 3444 3444 E AndroidRuntime: at com.android.server.SystemServer.startOtherServices(SystemServer.java:2322)
01-01 01:31:16.994 3444 3444 E AndroidRuntime: at com.android.server.SystemServer.run(SystemServer.java:614)
01-01 01:31:16.994 3444 3444 E AndroidRuntime: at com.android.server.SystemServer.main(SystemServer.java:427)
01-01 01:31:16.994 3444 3444 E AndroidRuntime: at java.lang.reflect.Method.invoke(Native Method)
01-01 01:31:16.994 3444 3444 E AndroidRuntime: at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:602)
01-01 01:31:16.994 3444 3444 E AndroidRuntime: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:930)
01-01 01:31:17.681 3706 3706 D AndroidRuntime: >>>>>> START com.android.internal.os.ZygoteInit uid 0 <<<<<<
01-01 01:31:17.683 3705 3705 D AndroidRuntime: >>>>>> START com.android.internal.os.ZygoteInit uid 0 <<<<<<
01-01 01:31:17.686 3706 3706 I AndroidRuntime: Using default boot image
01-01 01:31:17.686 3706 3706 I AndroidRuntime: Leaving lock profiling enabled
01-01 01:31:17.688 3705 3705 I AndroidRuntime: Using default boot image
01-01 01:31:17.688 3705 3705 I AndroidRuntime: Leaving lock profiling enabled根据提示,是需要添加系统应用默认授权白名单。
例如:
generic_arm64:/system/etc/permissions $
generic_arm64:/system/etc/permissions $ ls -l | grep permiss
-rw-r--r-- 1 root root 34748 2021-05-10 00:47 privapp-permissions-platform.xml
generic_arm64:/system/etc/permissions $
// 添加类似权限
<privapp-permissions package="com.android.settings">
<permission name="android.permission.INSTALL_DYNAMIC_SYSTEM"/>
<permission name="android.permission.BIND_CELL_BROADCAST_SERVICE"/>
</privapp-permissions>
根据报错,权限白名单需求,
<privapp-permissions package="com.android.nfc">
<permission name="android.permission.LOCAL_MAC_ADDRESS"/>
<permission name="android.permission.MANAGE_USERS"/>
<permission name="android.permission.MODIFY_PHONE_STATE" />
<permission name="android.permission.PACKAGE_USAGE_STATS"/>
<permission name="android.permission.OVERRIDE_WIFI_CONFIG"/>
<permission name="android.permission.NFC_HANDOVER_STATUS"/>
<permission name="android.permission.CONNECTIVITY_INTERNAL"/>
<permission name="android.permission.DISPATCH_NFC_MESSAGE"/>
<permission name="android.permission.START_ACTIVITIES_FROM_BACKGROUND"/>
<permission name="android.permission.STATUS_BAR"/>
<permission name="android.permission.STOP_APP_SWITCHES"/>
<permission name="android.permission.USER_ACTIVITY"/>
<permission name="android.permission.REAL_GET_TASKS"/>
<permission name="android.permission.MASTER_CLEAR"/>
<permission name="android.permission.WRITE_SECURE_SETTINGS"/>
<permission name="android.permission.BLUETOOTH_PRIVILEGED"/>
</privapp-permissions>但是看app是安装在system_ext/app下,并非priv-app目录。
generic_arm64:/ # pm list packages -f | grep -i nfc
package:/system_ext/app/Nfc_st/Nfc_st.apk=com.android.nfc
package:/system/app/GooglePay/GooglePay.apk=com.google.android.apps.walletnfcrel
generic_arm64:/ # 而事实上,AOSP原生APP也并未作如此申请? 这是为什么??? 且全刷版本OK。
根据AOSP代码,排查结果认为是system_ext分区的signature和本地编译的system分区app签名不统一。
同步刷system_ext.img分区和product.img分区即可解决。
类似资料: