Security and Permissions安全与权限（七）

Other Permission Enforcement

Arbitrarily fine-grained permissions can be enforced at any call into a service. This is accomplished with the Context.checkCallingPermission() method. Call with a desired permission string and it will return an integer indicating whether that permission has been granted to the current calling process. Note that this can only be used when you are executing a call coming in from another process, usually through an IDL interface published from a service or in some other way given to another process.

There are a number of other useful ways to check permissions. If you have the pid of another process, you can use the Context method Context.checkPermission(String, int, int) to check a permission against that pid. If you have the package name of another application, you can use the direct PackageManager method PackageManager.checkPermission(String, String) to find out whether that particular package has been granted a specific permission.

在调用service的过程中可以设置任意的fine-grained permissions（这里我理解的是更为细化的权限）。这是通过Context.checkCallingPermission() 方法来完成的。呼叫的时候使用一个想得到的permission string，并且当该权限获批的时候可以返回给呼叫方一个Integer（没有获批也会返回一个Integer）。需要注意的是这种情况只能发生在来自另一个进程的呼叫，通常是一个service发布的IDL接口或者是其他方式提供给其他的进程。

Android提供了很多其他的方式用于检查permissions。如果你有另一个进程的pid，你就可以通过context method Context.checkPermission(String, int, int) 去针对那个pid去检查permission。如果你有另一个应用程序的package name，你可以直接用PackageManager method PackageManager.checkPermission(String, String) 来确定该package是否已经拥有了相应的权限。