最近在看framework 权限申明,遇到了android:protectionLevel
android:protectionLevel="signature" /> 如下,“signature” 还是比较好了解 ,系统签名,但是有些属性就不是很清楚,如instant、appop、vendorPrivileged 等 。网上也没有找到详细的说明。好吧。我在深入的了解下。 services/core/java/com/android/server/pm/permission/BasePermission.java 该类提供了一下方法去判断 是否是以上属性。但是什么情景对应什么还是未知。 终于找到带具体注释的了,如下 core/res/res/values/attrs_manifest.xml an application access to isolated application-level features, with minimal risk to other applications, the system, or the user. The system automatically grants this type of permission to a requesting application at installation, without asking for the user's explicit approval (though the user always has the option to review these permissions before installing). --> would give a requesting application access to private user data or control over the device that can negatively impact the user. Because this type of permission introduces potential risk, the system may not automatically grant it to the requesting application. For example, any dangerous permissions requested by an application may be displayed to the user and require confirmation before proceeding, or some other approach may be taken to avoid the user automatically allowing the use of such facilities. --> to grant only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval. --> Base permission type: a permission that the system is to grant only to packages in the Android system image or that are signed with the same certificates. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. This permission is used for certain special situations where multiple vendors have applications built in to a system image which need to share specific features explicitly because they are being built together. --> be granted to any applications installed as privileged apps on the system image. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. This permission flag is used for certain special situations where multiple vendors have applications built in to a system image which need to share specific features explicitly because they are being built together. --> (optionally) be granted to development applications. --> associated with an app op for controlling access. --> granted to apps that target API levels below {@link android.os.Build.VERSION_CODES#M} (before runtime permissions were introduced). --> granted to system apps that install packages. --> granted to system apps that verify packages. --> granted any application pre-installed on the system image (not just privileged apps). --> granted to the setup wizard app --> apps --> that target runtime permissions ({@link android.os.Build.VERSION_CODES#M} and above) --> if its protection level is signature, the requesting app resides on the OEM partition, and the OEM has white-listed the app to receive this permission by the OEM. --> privileged apps in vendor partition. --> granted to the system default text classifier --> wellbeing app, as defined by the OEM. --> granted to the document manager --> granted to device configurator --> that will approve the sharing of incident reports. --> granted to the system app predictor -->