需求是這樣的，客戶要求提供系統(tǒng)的接口來(lái)控制apk的安裝和卸載，接口如下

boolean setAppInstallationPolicies(int mode, String[] appPackageNames)mode：應(yīng)用名單類型0：黑名單(應(yīng)用包名列表中的所有項(xiàng)都不允許安裝)；1：白名單(只允許安裝應(yīng)用包名列表中的項(xiàng))。appPackageNames：應(yīng)用包名列表。當(dāng)appPackageNames為空時(shí)，取消所有已設(shè)定的應(yīng)用。成功返回true；失敗返回false。String[] getAppInstallationPolicies()返回值為當(dāng)前應(yīng)用安裝管控狀態(tài)string[0]：功能模式，參見setAppInstallationPolicies方法的mode參數(shù)。string[1]至string[n-1]：應(yīng)用包名列表。 boolean setAppUninstallationPolicies(int mode, String[] appPackageNames)mode：應(yīng)用名單類型0：黑名單(應(yīng)用包名列表中的所有項(xiàng)均強(qiáng)制卸載)；1：白名單(應(yīng)用包名列表中的所有項(xiàng)禁止卸載)。appPackageNames：應(yīng)用包名列表。當(dāng)appPackageNames為空時(shí)，取消所有已設(shè)定的應(yīng)用。成功返回true；失敗返回false。String[] getAppUninstallationPolicies()返回值為當(dāng)前應(yīng)用卸載管控狀態(tài)string[0]：功能模式，參見setAppUninstallationPolicies方法的mode參數(shù)。string[1]至string[n-1]：應(yīng)用包名列表。

android版本為9.0，首先想到的是在系統(tǒng)里面添加一個(gè)自己的service,分別在frameworks/base/core/java/android/app/添加IPolicyManager.aidl，frameworks/base/services/core/java/com/android/server/添加PolicyManagerService.java，在frameworks/base/添加policy/java/ga/mdm/PolicyManager.java，內(nèi)容如下

package android.app; /** {@hide} */interface IPolicyManager{boolean setAppInstallationPolicies(int mode,inout String[] appPackageNames);String[] getAppInstallationPolicies();boolean setAppUninstallationPolicies(int mode,inout String[] appPackageNames);String[] getAppUninstallationPolicies();}

package com.android.server; import android.content.Context;import android.content.Intent;import android.content.IntentFilter; import android.os.ServiceManager;import android.os.SystemProperties;import android.provider.Settings;import android.util.Slog; import java.lang.reflect.Field;import java.util.ArrayList; import android.app.IPolicyManager;import android.net.wifi.WifiManager;import android.content.pm.PackageManager;import android.app.ActivityManager;import android.content.pm.IPackageDataObserver; public class PolicyManagerService extends IPolicyManager.Stub {private final String TAG = 'PolicyManagerService';private Context mContext;private String[] mAppPackageNames = null;private String[] mAppUninstallPackageNames = null; public PolicyManagerService(Context context) { mContext = context; }@Overridepublic boolean setAppInstallationPolicies(int mode, String[] appPackageNames){if(mode==0){Settings.System.putInt(mContext.getContentResolver(),'customer_app_status', 0);}else if(mode==1){Settings.System.putInt(mContext.getContentResolver(),'customer_app_status', 1);}else{return false;}mAppPackageNames = appPackageNames;return true;}@Overridepublic String[] getAppInstallationPolicies(){return mAppPackageNames;}@Overridepublic boolean setAppUninstallationPolicies(int mode,String[] appPackageNames){if(mode==0){Settings.System.putInt(mContext.getContentResolver(),'customer_appuninstall_status', 0);}else if(mode==1){Settings.System.putInt(mContext.getContentResolver(),'customer_appuninstall_status', 1);}else{return false;}mAppUninstallPackageNames = appPackageNames;return true;}@Overridepublic String[] getAppUninstallationPolicies(){return mAppUninstallPackageNames;}}

package ga.mdm; import android.util.Slog;import android.os.RemoteException;import android.content.Context;import android.app.IPolicyManager; public class PolicyManager {private final String TAG = 'PolicyManager';Context mContext; private final IPolicyManager mService; public PolicyManager(Context context,IPolicyManager mService) {mContext = context; this.mService = mService; } public boolean setAppInstallationPolicies(int mode,String[] appPackageNames){try { return mService.setAppInstallationPolicies(mode,appPackageNames); } catch (RemoteException ex) { ex.printStackTrace();return false; } }public String[] getAppInstallationPolicies(){try { return mService.getAppInstallationPolicies(); } catch (RemoteException ex) { ex.printStackTrace();return null; } }public boolean setAppUninstallationPolicies(int mode,String[] appPackageNames){try { return mService.setAppUninstallationPolicies(mode,appPackageNames); } catch (RemoteException ex) { ex.printStackTrace();return false; } }public String[] getAppUninstallationPolicies(){try { return mService.getAppUninstallationPolicies(); } catch (RemoteException ex) { ex.printStackTrace();return null; } }}

同時(shí)在frameworks/base/policy/添加Android.mk

# Copyright (C) 2014 The Android Open Source Project## Licensed under the Apache License, Version 2.0 (the 'License');# you may not use this file except in compliance with the License.# You may obtain a copy of the License at## http://www.apache.org/licenses/LICENSE-2.0## Unless required by applicable law or agreed to in writing, software# distributed under the License is distributed on an 'AS IS' BASIS,# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.# See the License for the specific language governing permissions and# limitations under the License. LOCAL_PATH := $(call my-dir) # Build the java code# ============================================================ include $(CLEAR_VARS) LOCAL_AIDL_INCLUDES := $(LOCAL_PATH)/javaLOCAL_SRC_FILES := $(call all-java-files-under, java) $(call all-Iaidl-files-under, java) $(call all-logtags-files-under, java) LOCAL_JAVA_LIBRARIES := servicesLOCAL_MODULE := policy include $(BUILD_JAVA_LIBRARY) include $(call all-makefiles-under,$(LOCAL_PATH))

這里為什么將PolicyManager.java單獨(dú)出來(lái)，因?yàn)镻olicyManager.java是提供給客戶用的，單獨(dú)生成一個(gè)jar包，客戶只需要使用policy.jar就可以調(diào)用，同時(shí)需要添加

--- frameworks/base/Android.bp(revision 221)+++ frameworks/base/Android.bp(working copy)@@ -46,7 +46,8 @@ 'wifi/java/**/*.java', 'keystore/java/**/*.java', 'rs/java/**/*.java',-+'policy/java/**/*.java',+ ':framework-javastream-protos', 'core/java/android/accessibilityservice/IAccessibilityServiceConnection.aidl',@@ -105,6 +106,7 @@ 'core/java/android/app/usage/ICacheQuotaService.aidl', 'core/java/android/app/usage/IStorageStatsManager.aidl', 'core/java/android/app/usage/IUsageStatsManager.aidl',+'core/java/android/app/IPolicyManager.aidl', ':libbluetooth-binder-aidl', 'core/java/android/content/IClipboard.aidl', 'core/java/android/content/IContentService.aidl',

將路徑添加到，否則不會(huì)編譯

-- build/make/core/pathmap.mk(revision 221)+++ build/make/core/pathmap.mk(working copy)@@ -83,6 +83,7 @@ lowpan keystore rs +policy )

添加模塊

--- build/make/target/product/base.mk(revision 221)+++ build/make/target/product/base.mk(working copy)@@ -142,7 +142,8 @@ traced_probes vdc vold - wm+ wm +policy

添加注冊(cè)服務(wù)的代碼

--- frameworks/base/core/java/android/content/Context.java(revision 221)+++ frameworks/base/core/java/android/content/Context.java(working copy)@@ -4198,6 +4198,9 @@ * @see #getSystemService(String) */ public static final String CROSS_PROFILE_APPS_SERVICE = 'crossprofileapps';+++public static final String POLICY_SERVICE = 'policy';

+import ga.mdm.PolicyManager;+ /** * Manages all of the system services that can be returned by {@link Context#getSystemService}. * Used by {@link ContextImpl}.@@ -982,6 +984,15 @@ return new VrManager(IVrManager.Stub.asInterface(b)); } });++registerService(Context.POLICY_SERVICE, PolicyManager.class,+new CachedServiceFetcher<PolicyManager>() {+ @Override+ public PolicyManager createService(ContextImpl ctx) {+IBinder b = ServiceManager.getService(Context.POLICY_SERVICE);+IPolicyManager service = IPolicyManager.Stub.asInterface(b);+return new PolicyManager(ctx, service);+ }});

+import com.android.server.PolicyManagerService;+ public final class SystemServer { private static final String TAG = 'SystemServer'; @@ -1287,7 +1289,14 @@ } traceEnd(); }-++try { +Slog.i(TAG, 'ClassMonitor Service is create'); +ServiceManager.addService(Context.POLICY_SERVICE, new PolicyManagerService(context));+} catch (Throwable e) { +reportWtf('starting ClassMonitorService', e); +}

還需要添加selinux權(quán)限

--- system/sepolicy/Android.mk(revision 221)+++ system/sepolicy/Android.mk(working copy)@@ -244,10 +244,10 @@ ifneq ($(with_asan),true) ifneq ($(SELINUX_IGNORE_NEVERALLOWS),true)-LOCAL_REQUIRED_MODULES += - sepolicy_tests - treble_sepolicy_tests_26.0 - treble_sepolicy_tests_27.0 +#LOCAL_REQUIRED_MODULES += +# sepolicy_tests +# treble_sepolicy_tests_26.0 +# treble_sepolicy_tests_27.0 endif endifIndex: system/sepolicy/prebuilts/api/26.0/nonplat_sepolicy.cil===================================================================--- system/sepolicy/prebuilts/api/26.0/nonplat_sepolicy.cil(revision 221)+++ system/sepolicy/prebuilts/api/26.0/nonplat_sepolicy.cil(working copy)@@ -135,6 +135,8 @@ (typeattributeset hal_wifi_supplicant_server (hal_wifi_supplicant_default)) (typeattribute adbd_26_0) (roletype object_r adbd_26_0)+(typeattribute policy_service_26_0)+(roletype object_r policy_service_26_0) (typeattribute audioserver_26_0) (roletype object_r audioserver_26_0) (typeattribute blkid_26_0)Index: system/sepolicy/prebuilts/api/27.0/nonplat_sepolicy.cil===================================================================--- system/sepolicy/prebuilts/api/27.0/nonplat_sepolicy.cil(revision 221)+++ system/sepolicy/prebuilts/api/27.0/nonplat_sepolicy.cil(working copy)@@ -267,6 +267,8 @@ (typeattributeset hal_wifi_supplicant_server (hal_wifi_supplicant_default)) (typeattribute adbd_27_0) (roletype object_r adbd_27_0)+(typeattribute policy_service_26_0)+(roletype object_r policy_service_26_0) (typeattribute adbd_exec_27_0) (roletype object_r adbd_exec_27_0) (typeattribute audioserver_27_0)Index: system/sepolicy/prebuilts/api/28.0/private/app_neverallows.te===================================================================--- system/sepolicy/prebuilts/api/28.0/private/app_neverallows.te(revision 221)+++ system/sepolicy/prebuilts/api/28.0/private/app_neverallows.te(working copy)@@ -128,7 +128,6 @@ proc_stat proc_swaps proc_uptime- proc_version proc_vmallocinfo proc_vmstat }:file { no_rw_file_perms no_x_file_perms };Index: system/sepolicy/prebuilts/api/28.0/private/compat/26.0/26.0.cil===================================================================--- system/sepolicy/prebuilts/api/28.0/private/compat/26.0/26.0.cil(revision 221)+++ system/sepolicy/prebuilts/api/28.0/private/compat/26.0/26.0.cil(working copy)@@ -15,6 +15,7 @@ (type rild) (typeattributeset accessibility_service_26_0 (accessibility_service))+(typeattributeset policy_service_26_0 (policy_service)) (typeattributeset account_service_26_0 (account_service)) (typeattributeset activity_service_26_0 (activity_service)) (typeattributeset adbd_26_0 (adbd))Index: system/sepolicy/prebuilts/api/28.0/private/compat/27.0/27.0.cil===================================================================--- system/sepolicy/prebuilts/api/28.0/private/compat/27.0/27.0.cil(revision 221)+++ system/sepolicy/prebuilts/api/28.0/private/compat/27.0/27.0.cil(working copy)@@ -718,6 +718,7 @@ (expandtypeattribute (zygote_exec_27_0) true) (expandtypeattribute (zygote_socket_27_0) true) (typeattributeset accessibility_service_27_0 (accessibility_service))+(typeattributeset policy_service_27_0 (policy_service)) (typeattributeset account_service_27_0 (account_service)) (typeattributeset activity_service_27_0 (activity_service)) (typeattributeset adbd_27_0 (adbd))Index: system/sepolicy/prebuilts/api/28.0/private/service_contexts===================================================================--- system/sepolicy/prebuilts/api/28.0/private/service_contexts(revision 221)+++ system/sepolicy/prebuilts/api/28.0/private/service_contexts(working copy)@@ -186,3 +186,4 @@ wifirtt u:object_r:rttmanager_service:s0 window u:object_r:window_service:s0 * u:object_r:default_android_service:s0+policy u:object_r:policy_service:s0Index: system/sepolicy/prebuilts/api/28.0/private/system_server.te===================================================================--- system/sepolicy/prebuilts/api/28.0/private/system_server.te(revision 221)+++ system/sepolicy/prebuilts/api/28.0/private/system_server.te(working copy)@@ -806,7 +806,7 @@ # Do not allow opening files from external storage as unsafe ejection # could cause the kernel to kill the system_server. neverallow system_server sdcard_type:dir { open read write };-neverallow system_server sdcard_type:file rw_file_perms;+# neverallow system_server sdcard_type:file rw_file_perms; # system server should never be operating on zygote spawned app data # files directly. Rather, they should always be passed via aIndex: system/sepolicy/prebuilts/api/28.0/public/service.te===================================================================--- system/sepolicy/prebuilts/api/28.0/public/service.te(revision 221)+++ system/sepolicy/prebuilts/api/28.0/public/service.te(working copy)@@ -32,6 +32,7 @@ type virtual_touchpad_service, service_manager_type; type vold_service, service_manager_type; type vr_hwc_service, service_manager_type;+type policy_service, system_api_service, system_server_service, service_manager_type; # system_server_services broken down type accessibility_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;Index: system/sepolicy/private/app_neverallows.te===================================================================--- system/sepolicy/private/app_neverallows.te(revision 221)+++ system/sepolicy/private/app_neverallows.te(working copy)@@ -128,7 +128,6 @@ proc_stat proc_swaps proc_uptime- proc_version proc_vmallocinfo proc_vmstat }:file { no_rw_file_perms no_x_file_perms };Index: system/sepolicy/private/compat/26.0/26.0.cil===================================================================--- system/sepolicy/private/compat/26.0/26.0.cil(revision 221)+++ system/sepolicy/private/compat/26.0/26.0.cil(working copy)@@ -15,6 +15,7 @@ (type rild) (typeattributeset accessibility_service_26_0 (accessibility_service))+(typeattributeset policy_service_26_0 (policy_service)) (typeattributeset account_service_26_0 (account_service)) (typeattributeset activity_service_26_0 (activity_service)) (typeattributeset adbd_26_0 (adbd))Index: system/sepolicy/private/compat/27.0/27.0.cil===================================================================--- system/sepolicy/private/compat/27.0/27.0.cil(revision 221)+++ system/sepolicy/private/compat/27.0/27.0.cil(working copy)@@ -718,6 +718,7 @@ (expandtypeattribute (zygote_exec_27_0) true) (expandtypeattribute (zygote_socket_27_0) true) (typeattributeset accessibility_service_27_0 (accessibility_service))+(typeattributeset policy_service_27_0 (policy_service)) (typeattributeset account_service_27_0 (account_service)) (typeattributeset activity_service_27_0 (activity_service)) (typeattributeset adbd_27_0 (adbd))Index: system/sepolicy/private/service_contexts===================================================================--- system/sepolicy/private/service_contexts(revision 221)+++ system/sepolicy/private/service_contexts(working copy)@@ -186,3 +186,4 @@ wifirtt u:object_r:rttmanager_service:s0 window u:object_r:window_service:s0 * u:object_r:default_android_service:s0+policy u:object_r:policy_service:s0Index: system/sepolicy/private/system_server.te===================================================================--- system/sepolicy/private/system_server.te(revision 221)+++ system/sepolicy/private/system_server.te(working copy)@@ -806,7 +806,7 @@ # Do not allow opening files from external storage as unsafe ejection # could cause the kernel to kill the system_server. neverallow system_server sdcard_type:dir { open read write };-neverallow system_server sdcard_type:file rw_file_perms;+# neverallow system_server sdcard_type:file rw_file_perms; # system server should never be operating on zygote spawned app data # files directly. Rather, they should always be passed via aIndex: system/sepolicy/public/service.te===================================================================--- system/sepolicy/public/service.te(revision 221)+++ system/sepolicy/public/service.te(working copy)@@ -32,6 +32,7 @@ type virtual_touchpad_service, service_manager_type; type vold_service, service_manager_type; type vr_hwc_service, service_manager_type;+type policy_service, system_api_service, system_server_service, service_manager_type; # system_server_services broken down type accessibility_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;

這樣就行了，燒錄重新開機(jī)使用adb shell service list可以看到添加的service

policy: [android.app.IPolicyManager]

在outtargetcommonobjJAVA_LIBRARIESpolicy_intermediates找到classes.jar，這就是提供給客戶用的jar

具體的禁止和卸載方法如下：

禁止安裝可以修改PackageManagerService.java，在handleStartCopy方法中添加下面的代碼

public void handleStartCopy() throws RemoteException { int ret = PackageManager.INSTALL_SUCCEEDED; // If we’re already staged, we’ve firmly committed to an install location if (origin.staged) {if (origin.file != null) { installFlags |= PackageManager.INSTALL_INTERNAL; installFlags &= ~PackageManager.INSTALL_EXTERNAL;} else { throw new IllegalStateException('Invalid stage location');} } final boolean onSd = (installFlags & PackageManager.INSTALL_EXTERNAL) != 0; final boolean onInt = (installFlags & PackageManager.INSTALL_INTERNAL) != 0; final boolean ephemeral = (installFlags & PackageManager.INSTALL_INSTANT_APP) != 0; PackageInfoLite pkgLite = null; if (onInt && onSd) {// Check if both bits are set.Slog.w(TAG, 'Conflicting flags specified for installing on both internal and external');ret = PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION; } else if (onSd && ephemeral) {Slog.w(TAG, 'Conflicting flags specified for installing ephemeral on external');ret = PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION; } else {pkgLite = mContainerService.getMinimalPackageInfo(origin.resolvedPath, installFlags, packageAbiOverride);//add by juemePolicyManager policyManager = (PolicyManager)mContext.getSystemService('policy');String[] appNames = policyManager.getAppInstallationPolicies();if(appNames!=null && appNames.length>0){int app_status = android.provider.Settings.System.getInt(mContext.getContentResolver(),'customer_app_status', -1);Slog.w(TAG,'app_status '+app_status);if(app_status==0){for (int i = 0; i < appNames.length; i++) {Slog.w(TAG,'appNames 0 '+appNames[i]);if (pkgLite.packageName.equals(appNames[i])){ret = PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION;break;}}}else if(app_status==1){for (int i = 0; i < appNames.length; i++) {Slog.w(TAG,'appNames 1 '+appNames[i]);if (pkgLite.packageName.equals(appNames[i])){ret = PackageManager.INSTALL_SUCCEEDED;break;}else{ret = PackageManager.INSTALL_FAILED_INVALID_INSTALL_LOCATION;}}}}//add end

這樣在安裝時(shí)候就會(huì)報(bào)安裝位置不對(duì)的信息。

接著是禁止卸載，在PackageInstallerService.java的uninstall添加下面的方法。

@Override public void uninstall(VersionedPackage versionedPackage, String callerPackageName, int flags,IntentSender statusReceiver, int userId) throws RemoteException {//add by juemePolicyManager policyManager = (PolicyManager)mContext.getSystemService('policy');String[] appNames = policyManager.getAppUninstallationPolicies();if(appNames!=null && appNames.length>0){int appuninstall_status = android.provider.Settings.System.getInt(mContext.getContentResolver(),'customer_appuninstall_status', -1);Slog.w(TAG,'appuninstall_status '+appuninstall_status+' mInstallerPackageName '+versionedPackage.getPackageName());boolean isUninstall = true;//默認(rèn)都是可卸載if(appuninstall_status==0){for (int i = 0; i < appNames.length; i++) {if (versionedPackage.getPackageName().equals(appNames[i])){isUninstall = true;break;}else{isUninstall = false;}}if(!isUninstall){return;}}else if(appuninstall_status==1){//應(yīng)用包名列表中的所有項(xiàng)禁止卸載for (int i = 0; i < appNames.length; i++) {if (versionedPackage.getPackageName().equals(appNames[i])){isUninstall = false;break;}else{isUninstall = true;}}if(!isUninstall){return;}}}//add end

到此這篇關(guān)于android 禁止第三方apk安裝和卸載的方法詳解的文章就介紹到這了,更多相關(guān)android 禁止第三方apk內(nèi)容請(qǐng)搜索好吧啦網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持好吧啦網(wǎng)！