android自定义permission android:protectionLevel说明

有关自定义action和permission，请参考大神博客：http://blog.csdn.net/android_tutor/article/details/6310418#reply，这篇博客说的简单直接，很有学习意义，但是有两个坑需要注意：

1. 作者特别注明：在自定义权限的应用里也需要声明权限，但是亲测证实，同一个应用里，不声明权限也可以访问权限Activity
2. 我在写demo验证的时候，遇到一个问题android.content.ActivityNotFoundException: No Activity found to handle Intent { action=“自定义action” }，这是因为，在manifest清单文件注册inten-filter时，只添加了action过滤，没有添加category过滤：<category android:name="android.intent.category.DEFAULT" /> ；每一个通过 startActivity()方法发出的隐式 Intent 都至少有一个 category，就是 "android.intent.category.DEFAULT"，所以只要是想接收一个隐式Intent 的 Activity 都应该包括 "android.intent.category.DEFAULT" category，不然将导致 Intent匹配失败。

这篇博客主要记录自定义权限时android:protectionLevel几个选项的意义。

Android protectionLevel分4个级别：normal、dangerous、signature、signatureOrSystem；官网上的解释

Value	Meaning
"normal"	The default value. A lower-risk permission that gives requesting applications access to isolated application-level features, with minimal risk to other applications, the system, or the user. The system automatically grants this type of permission to a requesting application at installation, without asking for the user's explicit approval (though the user always has the option to review these permissions before installing).
"dangerous"	A higher-risk permission that would give a requesting application access to private user data or control over the device that can negatively impact the user. Because this type of permission introduces potential risk, the system may not automatically grant it to the requesting application. For example, any dangerous permissions requested by an application may be displayed to the user and require confirmation before proceeding, or some other approach may be taken to avoid the user automatically allowing the use of such facilities.
"signature"	A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.
"signatureOrSystem"	A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificate as the application that declared the permission. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. The "signatureOrSystem" permission is used for certain special situations where multiple vendors have applications built into a system image and need to share specific features explicitly because they are being built together.

英语好的，可以直接读上面的文档，下面是我简单的理解：

1. normal：这是最低风险的权限，如果应用声明了此权限，也不会提示安装应用的用户授权（例如，如果声明了定位权限，则应用到定位功能时，会明确提示用户，是否授予定位权限，但是protectionLevel为normal的不会明确提示，直接默认授予），系统直接默认该应用有此权限；
2. dangerous：这种级别的权限风险更高，拥有此权限可能会访问用户私人数据或者控制设备，给用户带来负面影响，这种类型的权限一般不会默认授权（但是我测了好多次，有时候还是会默认授权）；
3. signature：这种权限级别，只有当发请求的应用和接收此请求的应用使用同一签名文件，并且声明了该权限才会授权，并且是默认授权，不会提示用户授权
4. signatureOrSystem：这种权限应该尽量避免使用，偏向系统级

对于normal或者dangerous级别的权限，我们自己的应用需要去访问其对应受保护的资源时只需要在androidManifest.xml中添加相同的uses-permission就行了。对于signature级别的除了声明权限，还要有相同的签名。