我想检查另一个应用是否已被授予“危险”或“系统”级别权限。
我尝试加载其他应用的上下文并调用packageContext.checkCallingPermission(permission)。但是,文档说它返回
PERMISSION_GRANTED,如果允许调用pid / uid该权限,如果不允许,则为PERMISSION_DENIED。
是否可以检查是否已授予其他应用权限?
这是我的尝试(在实现它检查调用pid / uid并且似乎没有考虑上下文之前我写了它):
void checkAllGrantedPermissions(Context context) {
PackageManager pm = context.getPackageManager();
// get all installed apps with info about what permissions they requested.
List<PackageInfo> packageInfos = pm.getInstalledPackages(PackageManager.GET_PERMISSIONS);
// Get the hidden method PermissionInfo#protectionToString(int) so we can log info about the requested permission
Method protectionToString;
try {
protectionToString = PermissionInfo.class.getDeclaredMethod("protectionToString", int.class);
if (!protectionToString.isAccessible()) protectionToString.setAccessible(true);
} catch (NoSuchMethodException e) {
throw new RuntimeException(e);
}
// loop through all installed apps
for (PackageInfo packageInfo : packageInfos) {
if (packageInfo.requestedPermissions == null) {
// No permissions are requested in the AndroidManifest
continue;
}
String appName = packageInfo.applicationInfo.loadLabel(pm).toString();
String packageName = packageInfo.packageName;
// loop through all requested permissions in the AndroidManifest
for (String permission : packageInfo.requestedPermissions) {
PermissionInfo permissionInfo;
try {
permissionInfo = pm.getPermissionInfo(permission, 0);
} catch (PackageManager.NameNotFoundException e) {
Log.i(TAG, String.format("unknown permission '%s' found in '%s'", permission, packageName));
continue;
}
// convert the protectionLevel to a string (not necessary, but useful info)
String protLevel;
try {
protLevel = (String) protectionToString.invoke(null, permissionInfo.protectionLevel);
} catch (Exception ignored) {
protLevel = "????";
}
// Create the package's context to check if the package has the requested permission
Context packageContext;
try {
packageContext = context.createPackageContext(packageName, 0);
} catch (PackageManager.NameNotFoundException wtf) {
continue;
}
int ret = packageContext.checkCallingPermission(permission);
if (ret == PackageManager.PERMISSION_DENIED) {
Log.i(TAG, String.format("%s [%s] is denied permission %s (%s)",
appName, packageName, permission, protLevel));
} else {
Log.i(TAG, String.format("%s [%s] has granted permission %s (%s)",
appName, packageName, permission, protLevel));
}
}
}
}
答案 0 :(得分:5)
是否可以检查是否已授予其他应用权限?
是的。您可以使用<uses-permission>检索给定包中Manifest中每个PackageInfo.requestedPermissionsFlags标记的标记,然后使用PackageInfo.REQUESTED_PERMISSION_GRANTED的按位运算比较这些标记。
我想检查另一个应用是否被授予“危险”或 “系统”级别权限。
您可以使用PackageManager.getPermissionInfo执行此检查,然后将PermissionInfo.protectionLevel与PermissionInfo.PROTECTION_DANGEROUS或PermissionInfo.PROTECTION_SIGNATURE之一进行比较。
例如:
final PackageManager pm = getPackageManager();
// Loop each package requesting <manifest> permissions
for (final PackageInfo pi : pm.getInstalledPackages(GET_PERMISSIONS)) {
final String[] requestedPermissions = pi.requestedPermissions;
if (requestedPermissions == null) {
// No permissions defined in <manifest>
continue;
}
// Loop each <uses-permission> tag to retrieve the permission flag
for (int i = 0, len = requestedPermissions.length; i < len; i++) {
final String requestedPerm = requestedPermissions[i];
// Retrieve the protection level for each requested permission
int protLevel;
try {
protLevel = pm.getPermissionInfo(requestedPerm, 0).protectionLevel;
} catch (PackageManager.NameNotFoundException e) {
Log.e(TAG, "Unknown permission: " + requestedPerm, e);
continue;
}
final boolean system = protLevel == PROTECTION_SIGNATURE;
final boolean dangerous = protLevel == PROTECTION_DANGEROUS;
final boolean granted = (pi.requestedPermissionsFlags[i]
& REQUESTED_PERMISSION_GRANTED) != 0;
}
}
有关详细信息,请查看: