Android Learning Note (50): declaring, requesting, and checking licenses

Based on security requirements, the application of content provider or service access to the Android system needs to be licensed at install time, which is claimed in the permission in the Androidmanifest.xml file, before many examples have been made. Also, if other applications want to access our data, we can also request that these apps have access to our data with the user's authorization.

Request for authorization: permission

The format for requesting permission is

<uses-permission Android:name= "Android.permission.ACCESS_LOCATION"/>

The Android system has been provided with a android.permission beginning, and the specific definitions are described in reference manifest.permission. such as Intenet,write_external_storage, access_coarse_location (coarse positioning), access_fine_location,call_phone. Third-party apps will have their own defined licenses.

At the time of installation, the user is prompted to agree to the license. However, if you install via USB, which is the development mode, the system will not show a prompt. If the user is not authorized, it will not be installed and run. If you forget to request authorization in Androidmenifest.xml, you will throw SecurityException exception information.

Require the visitor to be authorized: statement permission

If the app has content provider or services, such as private information, security-based, it can also require security control over other program access. Declaring permission is more complex than a request, as follows:

<!--includes three sections: (1) Android:name, in order to avoid conflicts, use the Java namespace of the application as the prefix-->
< permission Android:name = "Com.wei.android.learning.READ_GRAVITY"
                       <!-- Permission label description, simple and clear-->
                       Android:label = " @string/read_ Gravity_label
                       <!--further description of the permission, longer and more detailed than the label-->
                        android:description = " @string/read_gravity_description "/>

The above is just a possible permission to define, to really protect it requires a step closer to declaring that there is a need for protection, which can be done in one of the following two ways.

Mode one: The requirement for compulsory licensing is indicated in the Androidmanifest

This is a simple way. If for provider, there are readpermission and writepermission, we have defined the Read permission above and can be referenced externally. Examples are as follows:

<provider android:name= ". Gravityprovider "android:authorities=" Com.wei.android.learning.provider "
android:readpermission= "Com.wei.android.learning.READ_GRAVITY"
android:writepermission= "com.wei.android.learning.WRITE_GRAVITY"/>

If an app wants to access data through this content provider, if it forgets to ask for permission in manifest, the operation will get an error, as shown in.

In order to access the content provider, the app should apply for a license in the manifest, and at the time of installation, the user is authorized to read the information through the provider. This example is as follows:

<uses-permission android:name= "Com.wei.android.learning.READ_GRAVITY"/>

In addition to provider, Activity,service,receiver can claim permission, add parameter android:permission, take activity as an example, as follows:

<activity android:name= ". xxxxx" android:label= "yyyyyy" android:permission= " Com.wei.android.learning.MY_PERMISSION">
<intent-filter> ... </intent-filter>
</activity>

In the case of a security architecture, if a declaration of permission is required, there is no license to activate the activity, and for the service, there is no license to start, stop, bind activity; for intent Receiver , a message sent through Sendbroadcast () is ignored without a license.

Way two: Declare in code

We can also ask for permission to be checked in the code. Note that you still need to declare permissions in manifest. We still use content provider as an example. We first declare a new permission:<user-permission andriod:name= "Com.wei.android.learning.MYTEST" > in manifest. We will check the data as we read it.

Public Cursor query (URI uri, string[] projection, string selection,string[] Selectionargs, string sortOrder) {
if (GetContext (). Checkcallingpermision("com.wei.android.leanring.MYTEST")! =packagemanager.permission _grnted )
throw new SecurityException ("Required <com.wei.android.learning.MYTEST> Permission");
}
... ...
}

can also be used for service, or check in Sendbroadcast (). For a service, if you provide multiple levels of permissions, such as read-only and read-write, we can handle it in code based on the level of permission, whereas in manifest you can only provide a single permission, and for multiple permissions, consider distinguishing it in code. For Sendbroadcast (), you cannot receive the broadcast message if you do not have permission to do so.

Some attention

Because the license is not checked at compile time, but run is found, if we provide the API requires permission, including content Provider,service, will be transferred by other activity intent, should be declared in the document. In addition, we should inform the user in detail to allow them to give permission at the time of installation. This is why the @string/xxxx is used in the permission declaration to facilitate multi-lingual use.

Android Systems sometimes add a few licenses, whereas previous versions did not, which could create licensing issues for previously written programs. Android is resolved as follows, defining the latest version x:<uses-sdk android:minsdkversion= "x" in manifest, such as x=3, which indicates that the minimum version of the app definition is the Android 1.5 version, Then at the time of installation, the system will automatically add the next license on the full list, requesting user authorization.

There are limits to how Android is licensed. For example, all licenses must be authorized at the time of installation, even if very few licenses are used, they cannot be authorized at a later date, and user authorization may only agree or disagree, there is no optional authorization method, such as part of the authorization, not authorizing another part.

Android Learning Note (50): declaring, requesting, and checking licenses