Introduction to different component controllers of Blocker

Package Manager

Android system provides us a tool called PackageManager, for managing the applications installed on the phone or getting information about the applications. It has a method called setComponentEnabledSetting(ComponentName, int, int), an application can call this API to control the component state for itself. Call to this API to control other applications will fail unless you have signature permission.

Fortunately Android has another tool called pm, users could control the component state in the command line mode. But it needs Root permission to run with.

pm disable [PackageName/ComponmentName]

No matter using PackageManager in the code or using pm in the command line mode, the configurations will be written to /data/system/users/0/package restrictions.xml.

Intent Firewall Mode

Starting from Android 4.4.2(API 19), the Intent Firewall was introduced. It still has effects in the latest Android system (Pie, API 28). It was integrated into Android Framework, for filtering the intents sent by applications or systems.

What Intent Firewall can do

Each intent sent by an application will be filtered by the Intent firewall. The rules are stored in XML files. If there are changes in the configuration file has changed, the Intent Firewall will update the rules immediately.

Limitations of Intent Firewall

Based on security considerations, only system applications can read & write the directory directly where the configuration file is placed, third-party applications do not have any permissions to get the configuration file. Furthermore, when the firewall filters the rules, the sender identity of the intent will not be considered, so we cannot filter intents by sender identity.

Differences between Intent Firewall and Package Manager

Intent Firewall, indeed it is a firewall, it has no impact on component status. The application detects the component is on, but it just cannot start the component.

For the components disabled by PackageManager, if an application starts it, an exception will be thrown. Developers can catch this exception to know whether the component is disabled or not, so they could re-enable this component. That's the reason why the components will be enabled unexpectedly. If you are using an Intent Firewall controller, there will be no problems.