美文网首页
android:protectionLevel 属性的了解

android:protectionLevel 属性的了解

作者: 风骚的IT男 | 来源:发表于2019-10-08 17:31 被阅读0次

    最近在看framework 权限申明,遇到了android:protectionLevel

    <permission android:name="android.permission.INTERNAL_SYSTEM_WINDOW"

        android:protectionLevel="signature" />

    如下,“signature” 还是比较好了解 ,系统签名,但是有些属性就不是很清楚,如instant、appop、vendorPrivileged 等 。网上也没有找到详细的说明。好吧。我在深入的了解下。

    services/core/java/com/android/server/pm/permission/BasePermission.java

    该类提供了一下方法去判断 是否是以上属性。但是什么情景对应什么还是未知。

    终于找到带具体注释的了,如下

    core/res/res/values/attrs_manifest.xml

    <attr name="protectionLevel">

    an application access to isolated application-level features, with minimal

    risk to other applications, the system, or the user. The system

    automatically grants this type of permission to a requesting application at

    installation, without asking for the user's explicit approval (though the

    user always has the option to review these permissions before installing). -->

        <flag name="normal" value="0" />

    would give a requesting application access to private user data or

    control over the device that can negatively impact the user.  Because

    this type of permission introduces potential risk, the system may

    not automatically grant it to the requesting application.  For example,

    any dangerous permissions requested by an application may be displayed

    to the user and require confirmation before proceeding, or some other

    approach may be taken to avoid the user automatically allowing

    the use of such facilities.  -->

        <flag name="dangerous" value="1" />

    to grant only if the requesting application is signed with the same

    certificate as the application that declared the permission. If the

    certificates match, the system automatically grants the permission

    without notifying the user or asking for the user's explicit approval. -->

        <flag name="signature" value="2" />

    Base permission type: a permission that the system is to grant only

    to packages in the Android system image or that are signed

    with the same certificates. Please avoid using this option, as the

    signature protection level should be sufficient for most needs and

    works regardless of exactly where applications are installed.  This

    permission is used for certain special situations where multiple

    vendors have applications built in to a system image which need

    to share specific features explicitly because they are being built

    together. -->

        <flag name="signatureOrSystem" value="3" />

    be granted to any applications installed as privileged apps on the system image.

    Please avoid using this option, as the

    signature protection level should be sufficient for most needs and

    works regardless of exactly where applications are installed.  This

    permission flag is used for certain special situations where multiple

    vendors have applications built in to a system image which need

    to share specific features explicitly because they are being built

    together. -->

        <flag name="privileged" value="0x10" />

        <flag name="system" value="0x10" />

    (optionally) be granted to development applications. -->

        <flag name="development" value="0x20" />

    associated with an app op for controlling access. -->

        <flag name="appop" value="0x40" />

    granted to apps that target API levels below

    {@link android.os.Build.VERSION_CODES#M} (before runtime permissions

    were introduced). -->

        <flag name="pre23" value="0x80" />

    granted to system apps that install packages. -->

        <flag name="installer" value="0x100" />

    granted to system apps that verify packages. -->

        <flag name="verifier" value="0x200" />

    granted any application pre-installed on the system image (not just privileged

    apps). -->

        <flag name="preinstalled" value="0x400" />

    granted to the setup wizard app -->

        <flag name="setup" value="0x800" />

    apps -->

        <flag name="instant" value="0x1000" />

    that target runtime permissions ({@link android.os.Build.VERSION_CODES#M} and above)

    -->

        <flag name="runtime" value="0x2000" />

    if its protection level is signature, the requesting app resides on the OEM partition,

    and the OEM has white-listed the app to receive this permission by the OEM.

    -->

        <flag name="oem" value="0x4000" />

    privileged apps in vendor partition. -->

        <flag name="vendorPrivileged" value="0x8000" />

    granted to the system default text classifier -->

        <flag name="textClassifier" value="0x10000" />

    wellbeing app, as defined by the OEM. -->

        <flag name="wellbeing" value="0x20000" />

    granted to the document manager -->

        <flag name="documenter" value="0x40000" />

    granted to device configurator -->

        <flag name="configurator" value="0x80000" />

    that will approve the sharing of incident reports. -->

        <flag name="incidentReportApprover" value="0x100000" />

    granted to the system app predictor -->

        <flag name="appPredictor" value="0x200000" />

    </attr>

    相关文章

      网友评论

          本文标题:android:protectionLevel 属性的了解

          本文链接:https://www.haomeiwen.com/subject/hqxipctx.html