AOSP自启动拦截框架Intent Firewall
摘要
Intent Firewall是AOSP提供一套匹配自启动拦截框架,主要核心逻辑在service的firewall目录,拦截逻辑核心类是IntentFirewall,但AOSP的逻辑仅仅包含activity、service和broadcast简单根据配置文件名单拦截逻辑,且aosp没有提供配配置文件,故相当于功能没有生效。
自启动拦截配置表
自启动拦截配置表,IntentFire规则表
<rules>
<activity block="false" called="com.alibaba.android.rimet" caller="com.alibaba.android.rimet"
interaction="*" log="true">
<intent-filter>
<action name="android.intent.action.VIEW" />
</intent-filter>
<component-filter
name="com.alibaba.android.rimet/com.alibaba.android.rimet.biz.home.activity.HomeActivity" />
</activity>
</rules>
IntentFire规则表初始化
===IntentFire规则表 ===
*ActivityManagerService.构造器->IntentFirewall.实例化
**IntentFirewall.构造器->IntentFirewall.getRulesDir():/data/system/ifw or /data/secure/system/ifw 目前为空
**IntentFirewall.构造器->IntentFirewall.readRulesDir()
***IntentFirewall.readRulesDir()->IntentFirewall.readRules() 读取广播、service和activity的拦截规则
**IntentFirewall.构造器->IntentFirewall.RuleObserver() 监听文件变化
拦截Activity checkStartActivity
===拦截Activity checkStartActivity===
*ActivityStarter.executeRequest->IntentFirewall.checkStartActivity(intent, callingUid,callingPid, resolvedType, aInfo.applicationInfo)
**IntentFirewall.checkStartActivity->IntentFirewall.checkIntent()
***IntentFirewall.checkIntent()->ActivityResolver.queryIntent() 查询拦截某个App的Intent的action的规则信息
***IntentFirewall.checkIntent()->ActivityResolver.queryByComponent()查询拦截某个App的组件的规则信息
***IntentFirewall.checkIntent()->Rule.matches() 当前app是否满足拦截的规则
****Rule.matches() ->AndFilter.matches()
*****AndFilter.matches() ->FilterList.children.Filter.matches(ComponentName,Intent) 查看action和组件是否匹配
拦截Service checkService
===拦截Service checkService===
ActiveServices.retrieveServiceLocked->mIntentFirewall.checkService((r.name, service, callingUid, callingPid,resolvedType, r.appInfo)
**IntentFirewall.checkService->IntentFirewall.checkIntent()
拦截广播 checkBroadcast
===拦截广播 checkBroadcast===
*BroadcastSkipPolicy.shouldSkipMessage()->IntentFirewall.checkBroadcast(r.intent, r.callingUid,r.callingPid, r.resolvedType, info.activityInfo.applicationInfo.uid)
**IntentFirewall.checkBroadcast->IntentFirewall.checkIntent()
AOSP的基本就是死规则了。可以根据源码的逻辑,填写下xml就可以了。但是会显得自启动策略比较呆哈。