https://developer.android.com/guide/topics/security/permissions.html
Android is a privilege-separated operating system, in which each application runs with a distinct system identity (Linux user ID and group ID). Parts of the system are also separated into distinct identities. Linux thereby isolates applications from each other and from the system.
Additional finer-grained security features are provided through a "permission" mechanism that enforces restrictions on the specific operations that a particular process can perform, and per-URI permissions for granting ad hoc access to specific pieces of data.
安全架構
Android安全架構的一條中心設計原則是在默認條件下篇恒,應用沒有對其他應用镀梭、系統(tǒng)或用戶可能有不利影響的權限宪潮。如果要使用這些權限柒凉,該應用必須申請權限靠柑,用戶允許后才可使用隐砸。
應用簽名
All APKs (.apk files) must be signed with a certificate whose private key is held by their developer. This certificate identifies the author of the application.
User IDs and File Access
At install time, Android gives each package a distinct Linux user ID. The identity remains constant for the duration of the package's life on that device. On a different device, the same package may have a different UID; what matters is that each package has a distinct UID on a given device.
Any data stored by an application will be assigned that application's user ID, and not normally accessible to other packages. When creating a new file with [getSharedPreferences(String, int)](https://developer.android.com/reference/android/content/Context.html#getSharedPreferences(java.lang.String, int)), [openFileOutput(String, int)](https://developer.android.com/reference/android/content/Context.html#openFileOutput(java.lang.String, int)), or [openOrCreateDatabase(String, int, SQLiteDatabase.CursorFactory)](https://developer.android.com/reference/android/content/Context.html#openOrCreateDatabase(java.lang.String, int, android.database.sqlite.SQLiteDatabase.CursorFactory)), you can use the MODE_WORLD_READABLE and/or MODE_WORLD_WRITEABLE flags to allow any other package to read/write the file.
使用權限
To make use of protected features of the device, you must include one or more <uses-permission> tags in your app manifest.
Normal and Dangerous Permissions
權限分為 normal permissions 和 dangerous permissions(還有一種特殊的權限:special permissions扳炬,包括SYSTEM_ALERT_WINDOW和WRITE_SETTINGS吏颖,一般使用不到)。normal permissions (Normal permissions cover areas where your app needs to access data or resources outside the app's sandbox, but where there's very little risk to the user's privacy or the operation of other apps. )不需要在 AndroidMenifest.xml 文件中申明恨樟,系統(tǒng)默認給你這些權限半醉。dangerous permissions (Dangerous permissions cover areas where the app wants data or resources that involve the user's private information, or could potentially affect the user's stored data or the operation of other apps.)需要在AndroidMenifest.xml文件中申明,根據(jù)API的不同可以分成兩種情況:
- If the device is running Android 6.0 (API level 23) or higher, and the app's targetSdkVersion
is 23 or higher, the app requests permissions from the user at run-time. The user can revoke the permissions at any time, so the app needs to check whether it has the permissions every time it runs. - If the device is running Android 5.1 (API level 22) or lower, or the app's targetSdkVersion
is 22 or lower, the system asks the user to grant the permissions when the user installs the app. If you add a new permission to an updated version of the app, the system asks the user to grant that permission when the user updates the app. Once the user installs the app, the only way they can revoke the permission is by uninstalling the app.
Permission Groups
All dangerous Android system permissions belong to permission groups. If the device is running Android 6.0 (API level 23) and the app's targetSdkVersion
is 23 or higher, the following system behavior applies when your app requests a dangerous permission:
- If an app requests a dangerous permission listed in its manifest, and the app does not currently have any permissions in the permission group, the system shows a dialog box to the user describing the permission group that the app wants access to. The dialog box does not describe the specific permission within that group.
- If an app requests a dangerous permission listed in its manifest, and the app already has another dangerous permission in the same permission group, the system immediately grants the permission without any interaction with the user.
一共有9組權限組劝术,分別是CALENDAR, CAMERA, CONTACTS, LOCATION, MICROPHONE, PHONE, SENSORS, SMS, STORAGE. **
Defining and Enforcing Permissions
To enforce your own permissions, you must first declare them in your AndroidManifest.xml using one or more <permission> elements.
Custom permission recommendations
Apps can define their own custom permissions and request custom permissions from other apps by defining <uses-permission>
elements.
Enforcing Permissions in AndroidManifest.xml
主要講Activity缩多、Service呆奕、BroadcastReceiver、ContentProvider的權限使用時機衬吆。其中ContentProvider有一種比較特殊的權限URI Permissions.