androidQ sd卡許可權使用詳解
預設情況下,如果應用以 Android Q 為目標平臺,則在訪問外部儲存裝置中的檔案時會進入過濾檢視。應用可以使用 Context.getExternalFilesDir() 將專用於自己的檔案儲存在特定於自己的目錄中。
1. 臨時停用分割槽儲存行為:
以 Android 9(API 級別 28)或更低版本為目標平臺。
如果您以 Android Q 為目標平臺,請在應用的清單檔案中將 requestLegacyExternalStorage 的值設為 true。
<manifest ... > <!-- This attribute is "false" by default on apps targeting Android Q. --> <application android:requestLegacyExternalStorage="true" ... > ... </application> </manifest>
2. 如何實現隔離儲存:
2.1 ApplicationInfo新增PRIVATE_FLAG_REQUEST_LEGACY_EXTERNAL_STORAGE標記
PackageParser.java:
if (sa.getBoolean( R.styleable.AndroidManifestApplication_requestLegacyExternalStorage,owner.applicationInfo.targetSdkVersion < Build.VERSION_CODES.Q)) { ai.privateFlags |= ApplicationInfo.PRIVATE_FLAG_REQUEST_LEGACY_EXTERNAL_STORAGE; }
ApplicationInfo.java:
public boolean hasRequestedLegacyExternalStorage() { return (privateFlags & PRIVATE_FLAG_REQUEST_LEGACY_EXTERNAL_STORAGE) != 0; }
2.2 grantRuntimePermission()重新掛載檢視
apk啟動時預設掛載runtime/default檢視,grantRuntimePermission()時如果是READ_EXTERNAL_STORAGE或WRITE_EXTERNAL_STORAGE,則會獲取掛載模式重新掛載對應檢視。
PermissionManagerService.java:
private void grantRuntimePermission(String permName,String packageName,boolean overridePolicy,int callingUid,final int userId,PermissionCallback callback) { ...... if (READ_EXTERNAL_STORAGE.equals(permName) || WRITE_EXTERNAL_STORAGE.equals(permName)) { final long token = Binder.clearCallingIdentity(); try { if (mUserManagerInt.isUserInitialized(userId)) { StorageManagerInternal storageManagerInternal = LocalServices.getService( StorageManagerInternal.class); storageManagerInternal.onExternalStoragePolicyChanged(uid,packageName); } } finally { Binder.restoreCallingIdentity(token); } } }
獲取掛載模式這塊android10有修改,沒有設定Legacy標誌的話,總是獲取default掛載模式,沒有讀寫許可權。
android 10會設定屬性[persist.sys.isolated_storage]: [true],因此走到if(ENABLE_ISOLATED_STORAGE)中的getMountMode()。
public static boolean hasIsolatedStorage() { //[persist.sys.isolated_storage]: [true] //[sys.isolated_storage_snapshot]: [true] return SystemProperties.getBoolean("sys.isolated_storage_snapshot",SystemProperties.getBoolean("persist.sys.isolated_storage",true)); } private static final boolean ENABLE_ISOLATED_STORAGE = StorageManager.hasIsolatedStorage(); public int getExternalStorageMountMode(int uid,String packageName) { + //android 10新增邏輯 + if (ENABLE_ISOLATED_STORAGE) { + return getMountMode(uid,packageName); + } ...... int mountMode = Integer.MAX_VALUE; for (ExternalStorageMountPolicy policy : mPolicies) { final int policyMode = policy.getMountMode(uid,packageName); if (policyMode == Zygote.MOUNT_EXTERNAL_NONE) { return Zygote.MOUNT_EXTERNAL_NONE; } mountMode = Math.min(mountMode,policyMode); } if (mountMode == Integer.MAX_VALUE) { return Zygote.MOUNT_EXTERNAL_NONE; } return mountMode; }
正常模式下hasLegacy=false,走到if判斷的DEFAULT分支;legacy模式hasLegacy=true,與之前保持一致,有write許可權就走到WRITE模式分支。
private int getMountModeInternal(int uid,String packageName) { try { ...... final boolean hasRead = StorageManager.checkPermissionAndCheckOp(mContext,false,uid,packageName,READ_EXTERNAL_STORAGE,OP_READ_EXTERNAL_STORAGE); final boolean hasWrite = StorageManager.checkPermissionAndCheckOp(mContext,WRITE_EXTERNAL_STORAGE,OP_WRITE_EXTERNAL_STORAGE); ...... final boolean hasLegacy = mIAppOpsService.checkOperation(OP_LEGACY_STORAGE,packageName) == MODE_ALLOWED; if (hasLegacy && hasWrite) { return Zygote.MOUNT_EXTERNAL_WRITE; } else if (hasLegacy && hasRead) { return Zygote.MOUNT_EXTERNAL_READ; } else { return Zygote.MOUNT_EXTERNAL_DEFAULT; } } catch (RemoteException e) { // Should not happen } return Zygote.MOUNT_EXTERNAL_NONE; }
2.3 Legacy Storage屬性對許可權的影響
安裝apk時,就會根據requestLegacyExternalStorage屬性來對ops state進行設定,修改OP_LEGACY_STORAGE的預設狀態。
<manifest ... > <application android:requestLegacyExternalStorage="true" ... > </application> </manifest> //Q 正常模式 LEGACY_STORAGE: mode=ignore //Q legacy模式 LEGACY_STORAGE: mode=allow
PermissionPolicyService啟動時首先進行許可權變化監聽:
public void onStart() { permManagerInternal.addOnRuntimePermissionStateChangedListener( this::synchronizePackagePermissionsAndAppOpsAsyncForUser); } private void synchronizePackagePermissionsAndAppOpsAsyncForUser(@NonNull String packageName,@UserIdInt int changedUserId) { if (isStarted(changedUserId)) { synchronized (mLock) { if (mIsPackageSyncsScheduled.add(new Pair<>(packageName,changedUserId))) { FgThread.getHandler().sendMessage(PooledLambda.obtainMessage( PermissionPolicyService ::synchronizePackagePermissionsAndAppOpsForUser,this,changedUserId)); } ...... } } }
APK安裝時,會根據requestLegacyExternalStorage屬性來通知storage許可權變化,呼叫關係如下:
//呼叫關係: 1.PackageManagerService.java: installPackagesLI() commitPackagesLocked() updateSettingsLI() updateSettingsInternalLI() 2.PermissionManagerService.java: mPermissionManager.updatePermissions() restorePermissionState() //關鍵程式碼: private void restorePermissionState(@NonNull PackageParser.Package pkg,boolean replace,@Nullable String packageOfInterest,@Nullable PermissionCallback callback) { ...... //判斷requestLegacyExternalStorage屬性 updatedUserIds = checkIfLegacyStorageOpsNeedToBeUpdated(pkg,replace,updatedUserIds); ...... for (int userId : updatedUserIds) { notifyRuntimePermissionStateChanged(pkg.packageName,userId); } }
最終呼叫到PermissionPolicyService的監聽函式synchronizePackagePermissionsAndAppOpsForUser(),進行預設許可權獲取和設定。
當apk安裝時,聲明瞭requestLegacyExternalStorage="true"屬性,並且聲明瞭READ_EXTERNAL_STORAGE、WRITE_EXTERNAL_STORAGE,那麼addOpIfRestricted()就會將LEGACY_STORAGE設定為allow模式。
//呼叫關係: synchronizePackagePermissionsAndAppOpsForUser(): synchroniser.addPackage() addOpIfRestricted()//LEGACY_STORAGE加入到mOpsToAllow synchroniser.syncPackages() setUidModeAllowed() setUidMode()//設定LEGACY_STORAGE為allow //關鍵程式碼: private void addOpIfRestricted(@NonNull PermissionInfo permissionInfo,@NonNull PackageInfo pkg) { ...... //forPermission()會根據requestLegacyExternalStorage的值進行返回 final SoftRestrictedPermissionPolicy policy = SoftRestrictedPermissionPolicy.forPermission(mContext,pkg.applicationInfo,mContext.getUser(),permission); final int op = policy.resolveAppOp(); if (op != OP_NONE) { switch (policy.getDesiredOpMode()) { case MODE_DEFAULT: mOpsToDefault.add(new OpToChange(uid,pkg.packageName,op)); break; case MODE_ALLOWED: //在宣告READ_EXTERNAL_STORAGE許可權下,會將LEGACY_STORAGE加入到mOpsToAllow if (policy.shouldSetAppOpIfNotDefault()) { mOpsToAllow.add(new OpToChange(uid,op)); } else { mOpsToAllowIfDefault.add( new OpToChange(uid,op)); } break; ...... } public static @NonNull SoftRestrictedPermissionPolicy forPermission(@NonNull Context context,@Nullable ApplicationInfo appInfo,@Nullable UserHandle user,@NonNull String permission) { switch (permission) { case READ_EXTERNAL_STORAGE: { if (appInfo != null) { boolean hasAnyRequestedLegacyExternalStorage = appInfo.hasRequestedLegacyExternalStorage(); hasRequestedLegacyExternalStorage = hasAnyRequestedLegacyExternalStorage; } return new SoftRestrictedPermissionPolicy() { @Override public int getDesiredOpMode() { if (applyRestriction) { return MODE_DEFAULT; } else if (hasRequestedLegacyExternalStorage) { //聲明瞭requestLegacyExternalStorage就返回allow return MODE_ALLOWED; } else { return MODE_IGNORED; } } @Override public boolean shouldSetAppOpIfNotDefault() { return getDesiredOpMode() != MODE_IGNORED; } }; }
3. sdcard路徑許可權說明:
- rwx:421,umask預設為八進位制022(----w--w-)
- /mnt/runtime/default的gid為1015,也就是sdcard_rw;mask 為6,八進位制006,group sdcard_rw可讀寫,也就是other沒有rw許可權
- /mnt/runtime/read的gid為9997,也就是everybody;mask 為23,八進位制027,group everybody可讀、不可寫,other沒有讀寫執行許可權
- /mnt/runtime/write的gid為9997,也就是everybody;mask 為7,八進位制007,group everybody可讀寫,other沒有讀寫可執行許可權
- /data/media on /mnt/runtime/default/emulated type sdcardfs (rw,nosuid,nodev,noexec,noatime,fsuid=1023,fsgid=1023,gid=1015,multiuser,mask=6,derive_gid,default_normal)
/data/media on /mnt/runtime/read/emulated type sdcardfs (rw,gid=9997,mask=23,default_normal)
/data/media on /mnt/runtime/write/emulated type sdcardfs (rw,mask=7,default_normal)
/mnt/runtime/default:
drwxrwx--x 3 root sdcard_rw 4096 2018-12-18 03:41 Android drwxrwx--x 3 root sdcard_rw 4096 2018-12-18 06:11 DCIM
/mnt/runtime/read:
drwxr-x--- 3 root everybody 4096 2018-12-18 03:41 Android drwxr-x--- 3 root everybody 4096 2018-12-18 06:11 DCIM
/mnt/runtime/write:
drwxrwx--- 3 root everybody 4096 2018-12-18 03:41 Android drwxrwx--- 3 root everybody 4096 2018-12-18 06:11 DCIM
/sdcard/Android/data:
drwxrwx--- 4 u0_a64 everybody 4096 2018-12-18 06:11 com.android.camera2 drwxrwx--- 3 u0_a15 everybody 4096 2018-12-18 03:41 com.google.android.gms drwxrwx--- 4 u0_a84 everybody 4096 2018-12-18 03:41 com.google.android.youtube
4. sdcard檔案儲存示例:
4.1 getExternalFilesDir()隨解除安裝而刪除
///storage/emulated/0/Android/data/com.xx.xx/files File file = File(context.getExternalFilesDir(null),"test.txt");
4.2 媒體檔案
媒體檔案使用MediaStore操作,解除安裝後不會刪除。
訪問其他應用生成的照片、視訊、音訊,需要READ_EXTERNAL_STORAGE許可權。
4.3 儲存訪問框架(SAF)
訪問其他應用建立的檔案,例如"Download"目錄,必須使用儲存訪問框架,使用者通過框架選擇特定檔案。
4.4 照片中的位置資訊
需要ACCESS_MEDIA_LOCATION許可權,才能獲取元資料中的位置資訊。
<permission android:name="android.permission.ACCESS_MEDIA_LOCATION" android:permissionGroup="android.permission-group.UNDEFINED" android:label="@string/permlab_mediaLocation" android:description="@string/permdesc_mediaLocation" android:protectionLevel="dangerous" />
到此這篇關於androidQ sd卡許可權使用詳解的文章就介紹到這了,更多相關androidQ sd卡許可權內容請搜尋我們以前的文章或繼續瀏覽下面的相關文章希望大家以後多多支援我們!