本文详细介绍了Android 6.0中引入的运行时权限模型,对比了之前安装时权限模型的不同之处,并对权限进行了分类,特别强调了运行时权限主要针对的是危险权限。
Runtime Permissions
在Android 6.0中谷歌摒弃了之前的install time permissions model取而代之的是**runtime permissions model**。先来说说install time permissions model,这个大家不陌生,就是当Android App安装的时候会向用户展示一坨权限,如果此时用户选择安装,则表示用户同意将这些权限赋予App,如果用户不同意那么这个App就会取消安装。runtime permissions model就牛逼了,在App安装的时候同样会向用户展示所需要的权限,并且在用户选择安装App的时候并不表示用户将这些权限赋予了App,而是需要App在运行阶段主动去申请这些权限。这样做的好处显而易见,App对权限的申请对于用户来说变得更加透明,而且用户对App权限的控制也更加灵活。 权限的分类
Android将系统权限分成了四个保护等级:
- normal,
- dangerous,
- signature,
- signatureOrSystem
其中最常见的是normal permission和dangerous permission两类。
normal permission
normal permission涵盖的一系列权限的共同点是:App需要访问App运行沙盒以外的数据或资源,但是这些资源对用户的隐私或其他App的危险性较小,下面列举一下这些权限:
ACCESS_LOCATION_EXTRA_COMMANDS
ACCESS_NETWORK_STATE ACCESS_NOTIFICATION_POLICY ACCESS_WIFI_STATE BLUETOOTH BLUETOOTH_ADMIN BROADCAST_STICKY CHANGE_NETWORK_STATE CHANGE_WIFI_MULTICAST_STATE CHANGE_WIFI_STATE DISABLE_KEYGUARD EXPAND_STATUS_BAR FLASHLIGHT GET_PACKAGE_SIZE INTERNET KILL_BACKGROUND_PROCESSES MODIFY_AUDIO_SETTINGS NFC READ_SYNC_SETTINGS READ_SYNC_STATS RECEIVE_BOOT_COMPLETED REORDER_TASKS REQUEST_INSTALL_PACKAGES SET_TIME_ZONE SET_WALLPAPER SET_WALLPAPER_HINTS TRANSMIT_IR USE_FINGERPRINT VIBRATE WAKE_LOCK WRITE_SYNC_SETTINGS SET_ALARM INSTALL_SHORTCUT
>
>以上这些就是Android 6.0中所有的normal permissions了。
### dangerous permissions
dangerous permissions 涵盖的一系列权限的共同点是:这些权限会读写用户的隐私信息,也可能会读写用户存储的数据或影响其他App的正常运行。下面例举出这些权限:
> - CALENDAR
> - READ_CALENDAR
- WRITE_CALENDAR
> - CAMERA
> - CAMERA
> - CONTACTS
> - READ_CONTACTS
- WRITE_CONTACTS
- GET_ACCOUNTS
> - LOCATION
> - **ACCESS\_FINE\_LOCATION**
- **ACCESS\_COARSE\_LOCATION**
> - MICROPHONE
> - RECORD_AUDIO
>
> - SENSORS
> - BODY_SENSORS
> - PHONE
> - READ_PHONE_STATE
- CALL_PHONE
- READ_CALL_LOG
- WRITE_CALL_LOG
- ADD_VOICEMAIL
- USE_SIP
- PROCESS\_OUTGOING_CALLS
>
> - SMS
> - SEND_SMS
- RECEIVE_SMS
- READ_SMS
- RECEIVE_WAP_PUSH
- RECEIVE_MMS
> - STORAGE
> - **READ\_EXTERNAL_STORAGE**
- **WRITE\_EXTERNAL_STORAGE**
以上这些权限就是Android6.0中所有的dangerous permissions。
**Runtime Permissions**针对的是**dangerous permissions**,normal permissions还是会在App安装期间被默认赋予。
## ps:关于protection level
>
> 有时候别人创建的应用有自定义的Permission, 在permissionLevel的定义时设置了android:protectionLevel这一项。取值范围有四种:
>
>
- "normal"
- "dangerous"
- "signature"
- "signatureOrSystem"
> 如果定义的是前面两种**`normal`**或者**`dangerous`**, 我们自己的应用需要去访问其对应受保护的资源时只需要在androidManifest.xml中添加相同的uses-permission就行了。
>
> 如果是**`signature`**, 我们仅仅添加对权限的使用还不行, 必须同时使用相同的证书来签名。
>>A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.
>
> 如果是**`signatureOrSystem`**, 不仅要有相同的签名, 还必须有相同的sharedUserId.
>> A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificate as the application that declared the permission. Please avoid using this option, as the `signature` protection level should be sufficient for most needs and works regardless of exactly where applications are installed. The "signatureOrSystem" permission is used for certain special situations where multiple vendors have applications built into a system image and need to share specific features explicitly because they are being built together.
参考:
https://developer.android.com/guide/topics/manifest/permission-element.html
http://blog.youkuaiyun.com/l_serein/article/details/6776377
http://www.wilkeryun.com/android-6-0%E6%96%B0%E7%89%B9%E6%80%A7%E4%B9%8Bruntime-permission/925.html
扫一扫
575
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
