Android webveiw 出现栈错误解决办法

2020-10-22 10:19:14 浏览数 (1)

Android webveiw 出现栈错误解决办法

前言:

最近做一个项目,项目调试基础库的一个调试工具展示设备信息页面使用WebView。有一个应用集成调试基础库展示内容时出现

代码语言:javascript复制
java.lang.UnsupportedOperationException: For security reasons, WebView is not allowed in privileged processes

因为应用是系统级别的,在AndroidManifest.xml中添加了android:sharedUserId=”android.uid.system”

根据exception提示出于安全原因,所以初步断定很可能跟应用为系统应用有很大关系,于是开始了查找代码寻源之旅

首先我们看一下具体的错误堆栈

代码语言:javascript复制
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2325) 
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2387) 
at android.app.ActivityThread.access$800(ActivityThread.java:151) 
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1303) 
at android.os.Handler.dispatchMessage(Handler.java:102) 
at android.os.Looper.loop(Looper.java:135) 
at android.app.ActivityThread.main(ActivityThread.java:5257) 
at java.lang.reflect.Method.invoke(Native Method) 
at java.lang.reflect.Method.invoke(Method.java:372) 
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:955) 
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:750) 
aused by: android.view.InflateException: Binary XML file line #17: Error inflating class android.webkit.WebView 
at android.view.LayoutInflater.createView(LayoutInflater.java:633) 
at com.android.internal.policy.impl.PhoneLayoutInflater.onCreateView(PhoneLayoutInflater.java:55) 
at android.view.LayoutInflater.onCreateView(LayoutInflater.java:682) 
at android.view.LayoutInflater.createViewFromTag(LayoutInflater.java:741) 
at android.view.LayoutInflater.rInflate(LayoutInflater.java:806) 
at android.view.LayoutInflater.inflate(LayoutInflater.java:504) 
at android.view.LayoutInflater.inflate(LayoutInflater.java:414) 
at android.view.LayoutInflater.inflate(LayoutInflater.java:365) 
at com.android.internal.policy.impl.PhoneWindow.setContentView(PhoneWindow.java:379) 
at android.app.Activity.setContentView(Activity.java:2145) 
at com.mipt.store.activity.InfoActivity.onCreate(Unknown Source) 
at android.app.Activity.performCreate(Activity.java:5990) 
at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1106) 
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2278) 
... 10 more 
aused by: java.lang.reflect.InvocationTargetException 
at java.lang.reflect.Constructor.newInstance(Native Method) 
at java.lang.reflect.Constructor.newInstance(Constructor.java:288) 
at android.view.LayoutInflater.createView(LayoutInflater.java:607) 
... 23 more 
aused by: java.lang.UnsupportedOperationException: For security reasons, WebView is not allowed in privileged processes 
at android.webkit.WebViewFactory.getProvider(WebViewFactory.java:96) 
at android.webkit.WebView.getFactory(WebView.java:2194) 
at android.webkit.WebView.ensureProviderCreated(WebView.java:2189) 
at android.webkit.WebView.setOverScrollMode(WebView.java:2248) 
at android.view.View.<init (View.java:3588) 
at android.view.View.<init (View.java:3682) 
at android.view.ViewGroup.<init (ViewGroup.java:497) 
at android.widget.AbsoluteLayout.<init (AbsoluteLayout.java:55) 
at android.webkit.WebView.<init (WebView.java:544) 
at android.webkit.WebView.<init (WebView.java:489) 
at android.webkit.WebView.<init (WebView.java:472) 
at android.webkit.WebView.<init (WebView.java:459) 
... 26 more 

错误提示显示为“Caused by: java.lang.UnsupportedOperationException: For security reasons, WebView is not allowed in privileged processes”

security reasons即安全原因。为了查明原因直接查看android源码。经过一番查找,发现抛出Exception的在

frameworks/base/master/core/java/android/webkit/WebViewFactory.java

代码语言:javascript复制
static WebViewFactoryProvider getProvider() { 
synchronized (sProviderLock) { 
// For now the main purpose of this function (and the factory abstraction) is to keep 
// us honest and minimize usage of WebView internals when binding the proxy. 
if (sProviderInstance != null) return sProviderInstance; 
final int uid = android.os.Process.myUid(); 
if (uid == android.os.Process.ROOT_UID || uid == android.os.Process.SYSTEM_UID) { 
throw new UnsupportedOperationException( 
"For security reasons, WebView is not allowed in privileged processes"); 
} 
StrictMode.ThreadPolicy oldPolicy = StrictMode.allowThreadDiskReads(); 
Trace.traceBegin(Trace.TRACE_TAG_WEBVIEW, "WebViewFactory.getProvider()"); 
try { 
Class<WebViewFactoryProvider  providerClass = getProviderClass(); 
Trace.traceBegin(Trace.TRACE_TAG_WEBVIEW, "providerClass.newInstance()"); 
try { 
sProviderInstance = providerClass.getConstructor(WebViewDelegate.class) 
.newInstance(new WebViewDelegate()); 
if (DEBUG) Log.v(LOGTAG, "Loaded provider: "   sProviderInstance); 
return sProviderInstance; 
} catch (Exception e) { 
Log.e(LOGTAG, "error instantiating provider", e); 
throw new AndroidRuntimeException(e); 
} finally { 
Trace.traceEnd(Trace.TRACE_TAG_WEBVIEW); 
} 
} finally { 
Trace.traceEnd(Trace.TRACE_TAG_WEBVIEW); 
StrictMode.setThreadPolicy(oldPolicy); 
} 
} 
} 

WebView在初始化的时候会检查初始化进程的id.

代码语言:javascript复制
final int uid = android.os.Process.myUid(); 
if (uid == android.os.Process.ROOT_UID || uid == android.os.Process.SYSTEM_UID) { 
throw new UnsupportedOperationException( 
"For security reasons, WebView is not allowed in privileged processes"); 
} 

如果进程ID是root或者system,就会抛出UnsupportedOperationException。为什么会有这种安全机制呢?因为webview允许运行js,如果用户通过js注入安全代码,那么js就可以肆无忌惮的使用系统权限,这无疑是一个漏洞,可谓门户大开。

果不其然就是android:sharedUserId=”android.uid.system”的问题,因为是系统应用所以只能修改基础调试库的展示控件,把展示调试信息的webview改为textview。

感谢阅读,希望能通过本文帮助到大家,谢谢大家对本站的支持,如有疑问请留言或者到本站社区交流讨论,大家共同进步!

0 人点赞