Android custom permission and androidpermission

Android custom permission and androidpermission

Android is an operating system separated by privileges. Each application running on Android has its own system ID (Linux User ID and group ID ). Different parts of the system have different identities. Therefore, each application running on Linux is independent of each other and has nothing to do with the system.

The "permission" mechanism of Android provides fine-grained security functions by limiting the specific operations that a specific process can perform and limiting the URI permission for point-to-point access to each resource.

Because the kernel allows each application to run in an independent sandbox, the application must explicitly allocate resources and data by declaring the required permissions and the sandbox does not provide permissions. Android does not adopt a dynamic authorization mechanism that makes the user experience complex and is not conducive to security. Applications statically declare the permissions they need. During installation, the Android system prompts users to agree to these permissions.

The Android permission model is designed based on the following two objectives:
Notify users:
By listing all the sensitive operations that an application may perform, users are more aware of the potential risks of installing the application. This assumes that the user will read the permission list popped up during installation and decide whether to install the application based on the information.
Risk Reduction:
By limiting applications to access sensitive API interfaces of the Android system, you can reduce the damage (such as viruses) that the application brings to the entire system ).

Android permissions are classified into four levels:
General level:

These permissions cannot really harm users (such as changing wallpaper). When the program requires these permissions, developers do not need to specify the program to automatically grant these permissions.
Hazard level:

These permissions may cause real harm (such as making a phone call or opening a network link). To use them, the developer must declare the corresponding permissions in AndroidManifest. xml.
Signature level:

If the application uses the same signature certificate, these permissions are automatically granted to programs that declare or create these permissions. This level of permissions is designed to facilitate data sharing between components.
Signature/system level:

Similar to the signature level, system images automatically obtain these permissions, which are designed for device manufacturers.

In the process of developing Android applications, if we want to use certain services of the system (such as network, standby, and file read/write permissions), we must first look at AndroidManifest as follows. the corresponding permissions are declared in xml before these services can be accessed in code:

<! -- File Read and Write Permissions --> <uses-permission android: name = "android. permission. MOUNT_UNMOUNT_FILESYSTEMS "/> <uses-permission android: name =" android. permission. WRITE_EXTERNAL_STORAGE "/> <uses-permission android: name =" android. permission. WRITE_SETTINGS "/> <! -- Access Network permissions --> <uses-permission android: name = "android. permission. INTERNET "/> <uses-permission android: name =" android. permission. ACCESS_WIFI_STATE "/> <uses-permission android: name =" android. permission. CHANGE_WIFI_STATE "/> <uses-permission android: name =" android. permission. CHANGE_NETWORK_STATE "/> <! -- Screen wakeup permission --> <uses-permission android: name = "android. permission. WAKE_LOCK"/> <uses-permission android: name = "android. permission. DEVICE_POWER"/>

In addition to the various permissions provided by the Android system, we can also customize permissions to restrict other programs to access various services or components of the application. When a program wants to interact with its components, it must declare the corresponding permission to access the program successfully.

Follow these steps to customize permissions:

Take a service CalledService as an example. The procedure is as follows:

1. The AndroidManifest. xml file of the Called program is defined as follows:

<!-- Service Permission -->    <permission        android:name="com.uperone.permission.SERVICE"        android:label="@string/app_name"        android:permissionGroup="@string/app_name"        android:protectionLevel="normal" >    </permission>

The meaning of each label attribute is self-filled by the brain.

<service            android:name="com.uperone.called.service.CalledService"            android:permission="com.uperone.permission.SERVICE">            <intent-filter>                <action android:name="com.uperone.action.SERVICE" />                <category android:name="android.intent.category.DEFAULT"/>            </intent-filter>        </service>

2. Declare the corresponding permissions in the AndroidManifest. mxl file of the application Call project that needs to Call this component:

<uses-permission android:name="com.uperone.permission.SERVICE" />

3. Start and Stop the service in the Call Project of the application that needs to Call this component:

case R.id.startServiceBtnId:{Intent intent = new Intent( "com.uperone.action.SERVICE" );startService(intent);}break;

Note:If you do not declare the permission in Manifest. xml when calling a component that requires the permission, an exception is reported when running the corresponding code segment !!!!

For more custom permissions of components, see instance: Android custom permission.

How to add permissions for android

Added after the manifest tag in the AndroidManifest. xml file, not the application

Android open-source Android_permission access permission

Android. permission. ACCESS_NETWORK_STATE allows the program to access GSM network information (Allowsapplications to access information about networks)

Android. permission. ACCESS_WIFI_STATE allows programs to access Wi-Fi network status information (Allowsapplications to access information about Wi-Fi networks)

Android. permission. BLUETOOTH allows programs to connect to paired bluetooth devices (Allowsapplications to connect to pair red BLUETOOTH devices)

Android. permission. incluth_admin allows the program to discover and pair bluetooth devices (Allowsapplicationsto discover and pair bluetooth devices)

Android. permission. CHANGE_WIFI_STATE allows the program to change the Wi-Fi connection status (Allowsapplications to change the Wi-Fi connectivity state)

Android. permission. DEVICE_POWER allows access to the underlying power management (Allowslow-level access to power management)

Android. permission. DISABLE_KEYGUARD allows the program to disable the keyguard (Allowsapplications to disable the keyguard)

Android. permission. EXPAND_STATUS_BAR Allows a program to expand and contract in the status bar. Android Development Network prompts that it should be a pallet program similar to Windows Mobile (Allows an application to expand or collapse the status bar .)

Android. permission. GET_DETAILED_TASKS: used to retrieve details of a running application. malicious programs can use this to obtain private information of other applications.

Android. permission. GET_TASKS: searches running applications to find out which applications are used on the current device.

Android. permission. INJECT_EVENTS provides input events (such as buttons) to other applications. malicious programs can persistently control mobile phones.

Android. permission. INTERNAL_SYSTEM_WINDOW allows unauthorized internal system windows to be created. common applications should never use this permission.

Android. permission. MANAGE_APP_TOKENS: Creates and manages tokens. common applications should never use this permission.

Android. permission. MASTER_CLEAR restore factory settings

Android. permission. MANAGE_NETWORK_POLICY

Android. permission. MANAGE_USB

Android. permission. MOUNT_UNMOUNT_FILESYSTEMS allows mounting and unmounting file systems (Allowsmounting and unmounting file systems for removable storage .)

Android. permission... the remaining full text>