permission 又一个头疼的问题 研究了一整天哦!
首先protectionLevel分为四级:
"normal"
The default value. A lower-risk permission that gives requesting applications access to isolated application-level features, with minimal risk to other applications, the system, or the user. The system automatically grants this type of permission to a requesting application at installation, without asking for the user's explicit approval (though the user always has the option to review these permissions before installing).
"dangerous"
A higher-risk permission that would give a requesting application access to private user data or control over the device that can negatively impact the user. Because this type of permission introduces potential risk, the system may not automatically grant it to the requesting application. For example, any dangerous permissions requested by an application may be displayed to the user and require confirmation before proceeding, or some other approach may be taken to avoid the user automatically allowing the use of such facilities.
"signature"
A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.
"signatureOrSystem"
A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificates as those in the system image. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. The "signatureOrSystem" permission is used for certain special situations where multiple vendors have applications built into a system image and need to share specific features explicitly because they are being built together.
前面几个很好理解
现在重点记忆下最后一个signatureOrSystem 顾名思义就是在拥有权限的同时还必须满足signature一致或System级别APK才拥有!
现在做了如下尝试
首先protectionLevel分为四级:
"normal"
The default value. A lower-risk permission that gives requesting applications access to isolated application-level features, with minimal risk to other applications, the system, or the user. The system automatically grants this type of permission to a requesting application at installation, without asking for the user's explicit approval (though the user always has the option to review these permissions before installing).
"dangerous"
A higher-risk permission that would give a requesting application access to private user data or control over the device that can negatively impact the user. Because this type of permission introduces potential risk, the system may not automatically grant it to the requesting application. For example, any dangerous permissions requested by an application may be displayed to the user and require confirmation before proceeding, or some other approach may be taken to avoid the user automatically allowing the use of such facilities.
"signature"
A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.
"signatureOrSystem"
A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificates as those in the system image. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. The "signatureOrSystem" permission is used for certain special situations where multiple vendors have applications built into a system image and need to share specific features explicitly because they are being built together.
前面几个很好理解
现在重点记忆下最后一个signatureOrSystem 顾名思义就是在拥有权限的同时还必须满足signature一致或System级别APK才拥有!
现在做了如下尝试
| Test Result: |
| TestCustomPermission是我自定义了一个Activity的访问权限的APK |
| TestPermission 去访问TestCustomPermission的Activity |
| EclipseSignature 中两个都用eclipse的签名 |
| OtherSignature 中两个都用相同的另一种签名 |
| DifferentSignature 中两个签名不想同 |
| 以下是测试结果: |
| APP级别 |
| 权限设置为signatureOrSystem |
| 1. EclipseSignature 成功访问 ! 可以加入权限! |
| 2. OtherSignature 成功访问 ! 可以加入权限! |
| 3. DifferentSignature 访问失败! |
04-01 11:03:31.453: WARN/ActivityManager(58): Activity destroy timeout for HistoryRecord{43f38bb0 com.test.testpermission/.TestPermission}
04-01 11:03:55.285: INFO/ActivityManager(58): Starting activity: Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.test.testpermission/.TestPermission }
04-01 11:03:55.365: INFO/ActivityManager(58): Start proc com.test.testpermission for activity com.test.testpermission/.TestPermission: pid=1273 uid=10037 gids={1015}
04-01 11:03:55.876: WARN/Resources(1273): Converting to string: TypedValue{t=0x12/d=0x0 a=2 r=0x7f050000}
04-01 11:03:56.026: INFO/ActivityManager(58): Displayed activity com.test.testpermission/.TestPermission: 672 ms (total 672 ms)
04-01 11:03:57.305: INFO/ActivityManager(58): Starting activity: Intent { cmp=com.test.testcustompermission/.TestCustomPermission }
04-01 11:03:57.305: WARN/ActivityManager(58): Permission Denial: starting Intent { cmp=com.test.testcustompermission/.TestCustomPermission } from ProcessRecord{43f9de88 1273:com.test.testpermission/10037} (pid=1273, uid=10037) requires com.test.TESTCUSTOMPERMISSION
04-01 11:03:57.305: DEBUG/AndroidRuntime(1273): Shutting down VM
04-01 11:03:57.315: WARN/dalvikvm(1273): threadid=1: thread exiting with uncaught exception (group=0x4001d800)
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): FATAL EXCEPTION: main
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): java.lang.SecurityException: Permission Denial: starting Intent { cmp=com.test.testcustompermission/.TestCustomPermission } from ProcessRecord{43f9de88 1273:com.test.testpermission/10037} (pid=1273, uid=10037) requires com.test.TESTCUSTOMPERMISSION
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): at android.os.Parcel.readException(Parcel.java:1247)
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): at android.os.Parcel.readException(Parcel.java:1235)
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): at android.app.ActivityManagerProxy.startActivity(ActivityManagerNative.java:1298)
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): at android.app.Instrumentation.execStartActivity(Instrumentation.java:1373)
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): at android.app.Activity.startActivityForResult(Activity.java:2817)
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): at android.app.Activity.startActivity(Activity.java:2923)
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): at com.test.testpermission.TestPermission.onClick(TestPermission.java:27)
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): at android.view.View.performClick(View.java:2408)
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): at android.view.View$PerformClick.run(View.java:8816)
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): at android.os.Handler.handleCallback(Handler.java:587)
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): at android.os.Handler.dispatchMessage(Handler.java:92)
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): at android.os.Looper.loop(Looper.java:123)
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): at android.app.ActivityThread.main(ActivityThread.java:4627)
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): at java.lang.reflect.Method.invokeNative(Native Method)
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): at java.lang.reflect.Method.invoke(Method.java:521)
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:868)
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:626)
04-01 11:03:57.325: ERROR/AndroidRuntime(1273): at dalvik.system.NativeStart.main(Native Method)
04-01 11:03:57.335: WARN/ActivityManager(58): Force finishing activity com.test.testpermission/.TestPermission
04-01 11:03:57.836: WARN/ActivityManager(58): Activity pause timeout for HistoryRecord{43fa0440 com.test.testpermission/.TestPermission}
04-01 11:03:58.856: INFO/Process(1273): Sending signal. PID: 1273 SIG: 9
04-01 11:03:58.876: INFO/ActivityManager(58): Process com.test.testpermission (pid 1273) has died.
04-01 11:03:58.876: INFO/WindowManager(58): WIN DEATH: Window{4405d010 com.test.testpermission/com.test.testpermission.TestPermission paused=false}
04-01 11:03:58.916: WARN/InputManagerService(58): Got RemoteException sending setActive(false) notification to pid 1273 uid 10037
04-01 11:04:08.169: WARN/ActivityManager(58): Activity destroy timeout for HistoryRecord{43fa0440 com.test.testpermission/.TestPermission}
| 权限设置为normal |
| 1. DifferentSignature 成功访问 ! 可以加入权限! |
| System 级别 |
| 权限设置为signatureOrSystem |
| 1. EclipseSignature 成功访问 ! 可以加入权限! |
| 2. OtherSignature 成功访问 ! 可以加入权限! |
| 3. DifferentSignature 成功访问 ! 可以加入权限! |
| TestCustomPermission再 system TestPermission 在APP |
| 1.DifferentSignature 失败 |
| 2.签名相同成功! |
| 最后一个实验 |
| 在TestCustomPermission中注册 signatureOrSystem!APP层访问 在framework API中验证! |
