快捷導(dǎo)航

Android中Permission權(quán)限機(jī)制的具體使用

更新時(shí)間：2015年04月07日 10:24:41 投稿：junjie

這篇文章主要介紹了Android中Permission權(quán)限機(jī)制的具體使用,本文講解了權(quán)限級(jí)別 protection level、ICC(inter-component communication)權(quán)限保護(hù)等內(nèi)容,需要的朋友可以參考下

由上篇Android Permission權(quán)限機(jī)制引子，我們知道Android 通過(guò)在每臺(tái)設(shè)備上實(shí)施了基于權(quán)限的安全策略來(lái)處理安全問(wèn)題，采用權(quán)限來(lái)限制安裝應(yīng)用程序的能力。本篇文章繼續(xù)來(lái)探討和Android權(quán)限相關(guān)的話(huà)題，主要集中在權(quán)限級(jí)別、ICC(inter- component communication)權(quán)限保護(hù)兩個(gè)方面。

權(quán)限級(jí)別 protection level

每一個(gè)Permission權(quán)限都設(shè)有了權(quán)限級(jí)別(protection level)，分別如下：

復(fù)制代碼代碼如下:

“normal”

The default value. A lower-risk permission that gives requesting applications access to isolated application-level features, with minimal risk to other applications, the system, or the user. The system automatically grants this type of permission to a requesting application at installation, without asking for the user's explicit approval (though the user always has the option to review these permissions before installing).

normal級(jí)別是一些比較低風(fēng)險(xiǎn)的權(quán)限，我們?cè)诎惭b一個(gè)新app到手機(jī)時(shí)，一般會(huì)被折疊起來(lái)的權(quán)限就是normal級(jí)別的。

復(fù)制代碼代碼如下:

“dangerous”

A higher-risk permission that would give a requesting application access to private user data or control over the device that can negatively impact the user. Because this type of permission introduces potential risk, the system may not automatically grant it to the requesting application. For example, any dangerous permissions requested by an application may be displayed to the user and require confirmation before proceeding, or some other approach may be taken to avoid the user automatically allowing the use of such facilities.

dangerous則是那些比較高風(fēng)險(xiǎn)的權(quán)限，在安裝時(shí)會(huì)明顯提示用戶(hù)該app具有這些權(quán)限，并且需要用戶(hù)同意確認(rèn)才能正確安裝app的權(quán)限。

復(fù)制代碼代碼如下:

“signature”

A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.

signature則在我們用戶(hù)自定義權(quán)限custom時(shí)，會(huì)用得到的，具體做法我會(huì)在另一篇博文：Android 自定義權(quán)限中具體研究的，這里簡(jiǎn)述之：

用戶(hù)在某一個(gè)app(先稱(chēng)permisson app)中自定義了permission時(shí)，并且指定了某些組件需要該自定義權(quán)限才能打開(kāi)，這是前提，然后用戶(hù)又開(kāi)發(fā)了另外一個(gè)app(稱(chēng)為permission client)，這個(gè)permission client如果想訪(fǎng)問(wèn)permisson app中指定了自定義權(quán)限的組件，那么這兩個(gè)app必須具備相同的signature，這就是signature級(jí)別的意思。

復(fù)制代碼代碼如下:

“signatureOrSystem”

A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificates as those in the system image. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. The “signatureOrSystem” permission is used for certain special situations where multiple vendors have applications built into a system image and need to share specific features explicitly because they are being built together.

這個(gè)同上，但多了一個(gè)Or，or是指除了相同的signature之外還可以指定為相同的Android img也可以訪(fǎng)問(wèn)，這個(gè)img其實(shí)就是系統(tǒng)級(jí)別的定制了，一般用的很少。

ICC(inter-component communication)權(quán)限保護(hù)

<application>元素和組件元素都有android:permission的屬性，在這里我們稱(chēng)這個(gè)屬性分別為應(yīng)用程序和組件的權(quán)限標(biāo)簽。應(yīng)用程序內(nèi)的組件可以繼承應(yīng)用程序元素設(shè)置的權(quán)限標(biāo)簽，當(dāng)某一組件啟動(dòng) ICC 時(shí)，相關(guān)的訪(fǎng)問(wèn)控制器就會(huì)查看組件和組件所在應(yīng)用程序的權(quán)限標(biāo)簽集合，如目標(biāo)組件的訪(fǎng)問(wèn)權(quán)限標(biāo)簽在以上的集合內(nèi)，允許 ICC 的建立繼續(xù)進(jìn)行，否則將會(huì)被拒絕，即使這兩個(gè)組件在同一應(yīng)用程序內(nèi)。

改圖描述了該邏輯的進(jìn)程:組件A是否可以訪(fǎng)問(wèn)組件B和C，取決于比較B和C內(nèi)的訪(fǎng)問(wèn)權(quán)限標(biāo)簽與應(yīng)用程序1內(nèi)的標(biāo)簽集合的結(jié)果。B和應(yīng)用程序1內(nèi)都有i1標(biāo)簽，所以組件A可以訪(fǎng)問(wèn)組件B，相反應(yīng)用程序1內(nèi)沒(méi)有標(biāo)簽i2，組件A 不可以訪(fǎng)問(wèn)組件B。

您可能感興趣的文章: