前言
应用场景和用户需求:
- ROM定制化开发: 在定制ROM时,客户可能需要限制某些应用安装,以确保系统的安全和稳定。通过实现应用安装白名单功能,可以满足这种需求。
- 企业设备管理: 在企业设备中,可能需要限制员工只能安装指定的应用,以防止恶意软件和不当使用。通过白名单功能,可以有效地控制应用安装。
核心组件
在Android 13中,实现应用安装白名单功能主要涉及以下几个步骤和组件:
- PackageManagerService: 在PackageManagerService中添加白名单逻辑。PackageManagerService负责管理应用安装,通过修改其代码可以实现白名单功能。具体来说,需要在PackageManagerService.java中添加判断逻辑,检查待安装应用是否在白名单中。
- IPackageManager接口: IPackageManager接口定义了服务端和客户端的通信方式。通过修改这个接口,可以实现白名单的判断逻辑,确保只有白名单中的应用才能被安装。
- PackageInstallerApplication: 在PackageInstallerApplication中添加白名单逻辑。这个应用负责处理应用的安装请求,通过修改其代码可以实现对安装请求的白名单检查。
代码实例
diff --git a/frameworks/base/services/core/java/com/android/server/pm/InstallPackageHelper.java b/frameworks/base/services/core/java/com/android/server/pm/InstallPackageHelper.java
index 90ccc4825ec..d589367a192 100755
--- a/frameworks/base/services/core/java/com/android/server/pm/InstallPackageHelper.java
+++ b/frameworks/base/services/core/java/com/android/server/pm/InstallPackageHelper.java
@@ -198,6 +198,8 @@ import com.android.server.pm.PackageManagerService;
import com.android.server.pm.pkg.component.ParsedUsesPermission;
import com.android.server.pm.pkg.component.ParsedUsesPermissionImpl;
// @}
+import android.text.TextUtils;
+import android.widget.Toast;
final class InstallPackageHelper {
private final PackageManagerService mPm;
@@ -1783,9 +1785,20 @@ final class InstallPackageHelper {
// we're passing the freezer back to be closed in a later phase of install
shouldCloseFreezerBeforeReturn = false;
- return new PrepareResult(replace, targetScanFlags, targetParseFlags,
- oldPackage, parsedPackage, replace /* clearCodeCache */, sysPkg,
- ps, disabledPs);
+ // Create by yeruilai 2024-10-01 19:38:46 Restricted application installation
+ // return new PrepareResult(replace, targetScanFlags, targetParseFlags,
+ // oldPackage, parsedPackage, replace /* clearCodeCache */, sysPkg,
+ // ps, disabledPs);
+ if (filterAppWhiteList(parsedPackage, sysPkg)) {
+ return new PrepareResult(replace, targetScanFlags, targetParseFlags,
+ oldPackage, parsedPackage, replace /* clearCodeCache */, sysPkg,
+ ps, disabledPs);
+ } else {
+ Toast.makeText(mPm.mContext, "安装包非白名单应用,无法安装", Toast.LENGTH_LONG).show();
+ throw new PrepareFailure(INSTALL_FAILED_INVALID_APK,
+ "The application installation whitelist is being controlled, " +
+ "Package: " + parsedPackage.getPackageName() + " is not in the whitelist.");
+ }
} finally {
res.mFreezer = freezer;
if (shouldCloseFreezerBeforeReturn) {
@@ -4531,4 +4544,212 @@ final class InstallPackageHelper {
return scanFlags;
}
+
+ // Create by yeruilai 2024-10-01 19:38:46 Restricted application installation
+ private static final String TAG_WHITE_LIST = "install_white";
+ private static final boolean DEBUG_WHITE = true;
+ private static final String[] WHITE_LIST_SPLIT = new String[] {
+ "com.longzhiye.demo1",
+ "com.longzhiye.demo2",
+ "com.longzhiye.demo3",
+ };
+
+ /**
+ * Create by yeruilai 2024-10-01 19:38:46 Restricted application installation
+ */
+ private boolean filterAppWhiteList(ParsedPackage parsedPackage, boolean isSysPkg) {
+ String parsedName = parsedPackage.getPackageName();
+ List<String> whiteList = Arrays.asList(WHITE_LIST_SPLIT);
+ if (whiteList == null || whiteList.size() == 0) {
+ if (DEBUG_WHITE) android.util.Log.d(TAG_WHITE_LIST, "whiteListLabel [ whiteList ] = NULL or Empty, [ DISALLOW ]");
+ return false;
+ }
+ for (String pkg : whiteList) {
+ if (DEBUG_WHITE) android.util.Log.d(TAG_WHITE_LIST, "[ whiteList ] >>> Package : " + pkg);
+ if (TextUtils.equals(parsedName, pkg)) {
+ if (DEBUG_WHITE) android.util.Log.d(TAG_WHITE_LIST, "[ ALLOW ] *** " + parsedName);
+ return true;
+ }
+ }
+ if (DEBUG_WHITE) android.util.Log.d(TAG_WHITE_LIST, "[ DISALLOW ]");
+ return false;
+ }
+
}