Based on the security requirements, the application needs to permit access to the content provider or service provided by the Android system during installation. This is what permission claims in the AndroidManifest. xml file. Many examples have been made before. Similarly, if other applications want to access our data, we can also require these applications to be authorized by users to access our data.
Apply for authorization: Request permission
The format for applying for a license is
<Uses-Permission Android: Name= "Android. permission. ACCESS_LOCATION"/>
Android systems all start with android. permission. For specific definitions, see Manifest. permission definition in reference. For example, INTENET, WRITE_EXTERNAL_STORAGE, ACCESS_COARSE_LOCATION (coarse positioning), ACCESS_FINE_LOCATION, and CALL_PHONE. Third-party applications will have their custom licenses.
During installation, the system prompts you whether to agree to the license. However, if you use USB for installation, that is, the development mode, the system will not prompt. If the user is not authorized, it will not be installed or run. If you forget to apply for authorization in AndroidMenifest. xml, A SecurityException is thrown.
Requires the visitor to be authorized: Declares permission
If an application has a content provider or service, for example, based on private information and security, you can also require security control over access to other programs. Declaring a permission is more complex than a request, as shown in the following code:
<! -- Includes three parts: (1) Android: Name. To avoid conflicts, use the Java namespace of the application as the prefix -->
<Permission Android: Name= "Com. wei. android. learning. READ_GRAVITY"
<! -- Permission label description, simple and clear -->
Android: Label="@ String/read_gravity_label"
<! -- A further description of permission is longer and more detailed than labels -->
Android: Description="@ String/read_gravity_description"/>
The above is just a possible definition of permission. to implement protection, you need to declare that protection is needed in the near future. either of the following two methods can be used.
Method 1: Indicate in AndroidManifest that the license is required
This method is simple. If the provider has readPermission and writePermission, we have defined the read permission above and can be referenced externally. Example:
<ProviderAndroid: name = ". GravityProvider" android: authorities = "com. wei. android. learning. provider"
Android: readPermission="Com. wei. android. learning. READ_GRAVITY"
Android: writePermission="Com. wei. android. learning. WRITE_GRAVITY"/>
If an application wants to access data through this content provider and forgets to request permission in manifest, an error is returned when running the application, as shown in.
In order to access this content provider, the application should apply for a license in manifest. During installation, the user can be authorized to read information through this provider. For example:
<Uses-permission android: name = "com. wei. android. learning. READ_GRAVITY"/>
In addition to the provider, the activity, service, and consumer er can declare that the permission is required. You can add the android: permission parameter. Take the activity as an example:
<Activity android: name = ". xxxxx" android: label = "yyyyyy"Android: permission="Com. wei. android. learning. MY_PERMISSION">
<Intent-filter>... ... </Intent-filter>
</Activity>
For the security architecture, if permission is required, the activity cannot be started if there is no permission for the activity; if there is no permission for the service, the activity cannot be started, stopped, or bound; if you do not have permission for Intent uploader, messages sent through sendBroadcast () are ignored.
Method 2: declare in the code
We can also require the check permission in the code. Note that you still need to declare permissions in manifest. We still use content provider as an example. In manifest, we first declare a new permission: <user-Permission andriod: Name = "com. Wei. Android. Learning. mytest">. We will check the data while reading it.
Public cursor query (URI Uri, string [] projection, string selection, string [] selectionargs, string sortorder ){
If (getcontext ().CheckCallingPermision("Com. wei. android. leanring. MYTEST")! =PackageManager. PERMISSION_GRNTED)
Throw new SecurityException("Required <com. Wei. Android. Learning. mytest> permission ");
}
... ...
}
It can also be used for service or sendbroadcast. For a service, if multiple levels of permissions are provided, such as read-only and read/write, we can process the permissions in the code, but only one permission can be provided in manifest, for Multiple permissions, consider distinguishing them in the code. For sendbroadcast (), if you do not have the permission, you cannot receive the broadcast message.
Some notes
Because whether to obtain the license is not checked during compilation, but is found during running, if the API we provide requires the license, including the content provider and service, the intent will be retrieved by other activities, should be declared in the document. In addition, we should also inform users in detail so that they can be licensed during installation. This is why the @ string/xxxx method is used in the permission declaration to facilitate the use of multiple languages.
The Android system sometimes adds some licenses, but the previous version does not, which may cause the issue of permission authorization for previous programming. The solution for Android is as follows: Define the latest version X in manifest: <uses-SDK Android: minsdkversion = "X">, for example, x = 3, indicates that the minimum version defined by the application is Android 1.5. During installation, the system automatically requests user authorization for all licenses added later.
There are also some restrictions on Android licensing methods. For example, all licenses must be authorized during installation. Even if the licenses are rarely used, they cannot be authorized in the future. user authorization can only agree or disagree, and there is no optional authorization method, for example, to authorize a part, do not authorize another part.
Related links:
My android development articles