RK3399 Android7.1增加应用安装白名单机制
通过设置应用包名白名单的方式限制未授权的应用软件安装。
diff --git a/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java b/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
index af9a533..caa122d 100755
--- a/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -787,6 +787,19 @@ public class PackageManagerService extends IPackageManager.Stub {
private List<String> mKeepUninstalledPackages;
private UserManagerInternal mUserManagerInternal;
+
+ //白名单文件路径
+ private static final String WHITELIST_FILE_PATH = "/system/etc/package_whitelist.txt";
+
+ // 定义默认白名单
+ private static final List<String> DEFAULT_WHITELIST = Arrays.asList(
+ "com.antutu.ABenchMark",
+ "com.qihoo360.mobilesafe"
+ );
private static class IFVerificationParams {
PackageParser.Package pkg;
@@ -8196,10 +8209,91 @@ public class PackageManagerService extends IPackageManager.Stub {
}
}
}
+
+ /**
+ * 检查应用是否允许安装
+ */
+ private boolean isPackageAllowed(PackageParser.Package pkg) {
+
+ // 检查白名单
+ final List<String> allowedPackages = loadWhitelist();
+ final String packageName = pkg.packageName;
+
+ // 精确匹配
+ if (allowedPackages.contains(packageName)) {
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+
+ /**
+ * 从配置文件加载白名单
+ */
+ private List<String> loadWhitelist() {
+ //List<String> whitelist = new ArrayList<>();
+ List<String> whitelist = new ArrayList<>(DEFAULT_WHITELIST); // 使用默认列表
+ File whitelistFile = new File(WHITELIST_FILE_PATH);
+
+ if (whitelistFile.exists() && whitelistFile.canRead()) {
+ try (BufferedReader reader = new BufferedReader(new FileReader(whitelistFile))) {
+ String line;
+ while ((line = reader.readLine()) != null) {
+ line = line.trim();
+ // 跳过空行和注释
+ if (!line.isEmpty() && !line.startsWith("#")) {
+ whitelist.add(line);
+ }
+ }
+
+ Slog.i(TAG, "Loaded " + whitelist.size() + " packages from whitelist");
+ } catch (FileNotFoundException e) {
+ Slog.e(TAG, "Whitelist file not found: " + WHITELIST_FILE_PATH);
+ } catch (IOException e) {
+ Slog.e(TAG, "Error reading whitelist file", e);
+ }
+ }
+
+ return whitelist;
+ }
+
private PackageParser.Package scanPackageDirtyLI(PackageParser.Package pkg,
final int policyFlags, final int scanFlags, long currentTime, UserHandle user)
throws PackageManagerException {
+
+ // ========== 新增:动态白名单校验 ==========
+ if ((policyFlags&PackageParser.PARSE_IS_SYSTEM) == 0 && !isPackageAllowed(pkg)) {
+ throw new PackageManagerException(
+ PackageManager.INSTALL_FAILED_INVALID_APK,
+ "Installation of package " + pkg.packageName + " is not allowed");
+ }
+
final File scanFile = new File(pkg.codePath);
if (pkg.applicationInfo.getCodePath() == null ||
pkg.applicationInfo.getResourcePath() == null) {
DEFAULT_WHITELIST 列表中是系统默认允许安装的应用包名,用于系统预置应用的安装。若还需要其他应用安装,则可通过往/system/etc/package_whitelist.txt中添加应用包名实现。