Security and Permissions安全与权限（四）

Declaring and Enforcing Permissions 声明和实施permissions

To enforce your own permissions, you must first declare them in your AndroidManifest.xml using one or more <permission> tags.

For example, an application that wants to control who can start one of its activities could declare a permission for this operation as follows:

为了实现你自己的permissions，你必须首先在AndroidManifest.xml文件中声明该permissions.通常我们通过使用一到多个<permission> tag来进行声明。

下面例子说明了一个应用程序它想控制谁才可以启动它的Activity：

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.me.app.myapp" >

    <permission android:name="com.me.app.myapp.permission.DEADLY_ACTIVITY"
        android:label="@string/permlab_deadlyActivity"
        android:description="@string/permdesc_deadlyActivity"
        android:permissionGroup="android.permission-group.COST_MONEY"
        android:protectionLevel="dangerous" />

</manifest>

 

The <protectionLevel> attribute is required, telling the system how the user is to be informed of applications requiring the permission, or who is allowed to hold that permission, as described in the linked documentation.

The <permissionGroup> attribute is optional, and only used to help the system display permissions to the user. You will usually want to set this to either a standard system group (listed in android.Manifest.permission_group ) or in more rare cases to one defined by yourself. It is preferred to use an existing group, as this simplifies the permission UI shown to the user.

 

这里<protectionLevel>属性是需要声明的（通常系统自有的permission都会有它对应的protection level，而我们自己定义的permission一般都需要定义protecdtion level， 若不去定义，则默认为normal）。通过声明该属性，我们就可以告知系统如何去通告用户以及通告哪些内容，或者告知系统谁才可以拥有该permission。具体请参看链接的文档。

这我多说两句啊，这个protectionLevel分四个等级，分别是Normal, Dangerous, Signature, SignatureOrSystem, 越往后安全等级越高。

这个<permissionGroup>属性是可选项, 只是用于帮助系统显示permissions给用户（实际是告知系统该permission是属于哪个permission group的）。你通常会选择使用标准的system group来设定该属性，或者用你自己定义的group（更为罕见）。通常使用一个已经存在的group会更合适，因为这样UI显示的时候会更简单。

 

 

 

Note that both a label and description should be supplied for the permission. These are string resources that can be displayed to the user when they are viewing a list of permissions (android:label ) or details on a single permission ( android:description ). The label should be short, a few words describing the key piece of functionality the permission is protecting. The description should be a couple sentences describing what the permission allows a holder to do. Our convention for the description is two sentences, the first describing the permission, the second warning the user of what bad things can happen if an application is granted the permission.

Here is an example of a label and description for the CALL_PHONE permission:

 

需要注意的是label和description都是需要为permission提供的。这些都是字符串资源，当用户去看permission列表(android:label)或者某个permission的详细信息(android:description)时，这些字符串资源就可以显示给用户。label应当尽量简短，之需要告知用户该permission是在保护什么功能就行。而description可以用于具体描述获取该permission的程序可以做哪些事情，实际上让用户可以知道如果他们同意程序获取该权限的话，该程序可以做什么。我们通常用两句话来描述permission，第一句描述该permission，第二句警告用户如果批准该权限会可能有什么不好的事情发生。下面是一个描述CALL_PHONE permission的label和description的例子：

<string name="permlab_callPhone">directly call phone numbers</string>
    <string name="permdesc_callPhone">Allows the application to call
        phone numbers without your intervention. Malicious applications may
        cause unexpected calls on your phone bill. Note that this does not
        allow the application to call emergency numbers.</string>

 You can look at the permissions currently defined in the system with the shell command adb shell pm list permissions . In particular, the '-s' option displays the permissions in a form roughly similar to how the user will see them:

你可以通过shell指令 adb shell pm list permissions 来查看目前系统已有的permissions. 特别的，"-s"选项会以一种用户会看到的格式一样的格式来显示这些permissions.

$ adb shell pm list permissions -s      
All Permissions:

Network communication: view Wi-Fi state, create Bluetooth connections, full
Internet access, view network state

Your location: access extra location provider commands, fine (GPS) location,
mock location sources for testing, coarse (network-based) location

Services that cost you money: send SMS messages, directly call phone numbers

...