由上篇Android Permission許可權機制引子,我們知道Android 通過在每台裝置上實施了基於許可權的安全性原則來處理安全問題,採用許可權來限制安裝應用程式的能力。本篇文章繼續來探討和Android許可權相關的話題,主要集中在權限等級、ICC(inter- component communication)許可權保護兩個方面。
權限等級 protection level
每一個Permission許可權都設有了權限等級(protection level),分別如下:
複製代碼 代碼如下:
“normal”
The default value. A lower-risk permission that gives requesting applications access to isolated application-level features, with minimal risk to other applications, the system, or the user. The system automatically grants this type of permission to a requesting application at installation, without asking for the user's explicit approval (though the user always has the option to review these permissions before installing).
normal層級是一些比較低風險的許可權,我們在安裝一個新app到手機時,一般會被摺疊起來的許可權就是normal層級的。
複製代碼 代碼如下:
“dangerous”
A higher-risk permission that would give a requesting application access to private user data or control over the device that can negatively impact the user. Because this type of permission introduces potential risk, the system may not automatically grant it to the requesting application. For example, any dangerous permissions requested by an application may be displayed to the user and require confirmation before proceeding, or some other approach may be taken to avoid the user automatically allowing the use of such facilities.
dangerous則是那些比較高風險的許可權,在安裝時會明顯提示使用者該app具有這些許可權,並且需要使用者同意確認才能正確安裝app的許可權。
複製代碼 代碼如下:
“signature”
A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.
signature則在我們使用者自訂許可權custom時,會用得到的,具體做法我會在另一篇博文:Android 自訂許可權中具體研究的,這裡簡述之:
使用者在某一個app(先稱permisson app)中自訂了permission時,並且指定了某些組件需要該自訂許可權才能開啟,這是前提,然後使用者又開發了另外一個app(稱為permission client),這個permission client如果想訪問permisson app中指定了自訂許可權的組件,那麼這兩個app必須具備相同的signature,這就是signature層級的意思。
複製代碼 代碼如下:
“signatureOrSystem”
A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificates as those in the system image. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. The “signatureOrSystem” permission is used for certain special situations where multiple vendors have applications built into a system image and need to share specific features explicitly because they are being built together.
這個同上,但多了一個Or,or是指除了相同的signature之外還可以指定為相同的Android img也可以訪問,這個img其實就是系統層級的定製了,一般用的很少。
ICC(inter-component communication)許可權保護
<application>元素和組件元素都有android:permission的屬性,在這裡我們稱這個屬性分別為應用程式和組件的許可權標籤。應用程式內的組件可以繼承應用程式元素設定的許可權標籤,當某一組件啟動 ICC 時,相關的存取控制器就會查看組件和組件所在應用程式的許可權標籤集合,如目標組件的存取權限標籤在以上的集合內,允許 ICC 的建立繼續進行,否則將會被拒絕,即使這兩個組件在同一應用程式內。
改圖描述了該邏輯的進程:組件A是否可以訪問組件B和C,取決於比較B和C內的存取權限標籤與應用程式1內的標籤集合的結果。B和應用程式1內都有i1標籤,所以組件A可以訪問組件B,相反應用程式1內沒有標籤i2,組件A 不可以訪問組件B。
