一、简介
权限的目的为了保护用户隐私,应用在访问一些敏感数据时,必须事先取得用户授权后才能使用,比如:比如读取sdcard、访问通讯录等。
在Android6.0之前的设备上,系统不会提醒用户正在获取的权限。一旦安装应用,就意味着该应用所需的所有权限均已经得到授权。在这种情况下应用可以自由收集用户隐私信息。或者随意发送短信。为了解决这个问题在Android6.0之后的设备上,应用需要动态授权,当需要使用某个权限时,会弹出一个提醒框来征求用户意见,只有取得用户同意后才能继续使用。
二、权限分类
android中所有的预定义权限(不包括厂商自定义的)都可以在Manifest.permission这个静态类中找到定义,android把权限分为三大类:普通权限、危险权限、特殊权限,每一种类型的权限都分配一个对应的Protection Level,分别为:normal、dangerous、appop和signature等,下面简单介绍一下这几种类型的权限:
1.普通权限
普通权限也叫正常权限,Protection Level为normal,它不需要动态申请,你只需要在AndroidManifest.xml中静态地声明,然后系统在应用安装时就会自动的授予该应用相应的权限,当应用获得授权时,它就可以访问应用沙盒外受该普通权限保护地数据或操作,这些数据或操作不会泄漏或篡改用户的隐私,对用户或其他应用几乎没有风险。
以下列出所有普通权限:
| 权限 | 引入版本 | API | Protection Level |
|---|---|---|---|
| FOREGROUND_SERVICE_SPECIAL_USE | 14.0 | 34 | normal|appop|instant |
| FOREGROUND_SERVICE_CAMERA | 14.0 | 34 | normal|instant |
| FOREGROUND_SERVICE_CONNECTED_DEVICE | 14.0 | 34 | normal|instant |
| FOREGROUND_SERVICE_DATA_SYNC | 14.0 | 34 | normal|instant |
| FOREGROUND_SERVICE_HEALTH | 14.0 | 34 | normal|instant |
| FOREGROUND_SERVICE_LOCATION | 14.0 | 34 | normal|instant |
| FOREGROUND_SERVICE_MEDIA_PLAYBACK | 14.0 | 34 | normal|instant |
| FOREGROUND_SERVICE_MEDIA_PROJECTION | 14.0 | 34 | normal|instant |
| FOREGROUND_SERVICE_MICROPHONE | 14.0 | 34 | normal|instant |
| FOREGROUND_SERVICE_PHONE_CALL | 14.0 | 34 | normal|instant |
| FOREGROUND_SERVICE_REMOTE_MESSAGING | 14.0 | 34 | normal|instant |
| FOREGROUND_SERVICE_SYSTEM_EXEMPTED | 14.0 | 34 | normal|instant |
| ACCESS_LOCATION_EXTRA_COMMANDS | 1.0(Base) | 1 | normal |
| ACCESS_NETWORK_STATE | 1.0(Base) | 1 | normal |
| ACCESS_NOTIFICATION_POLICY | 6.0(Marshmallow) | 23 | normal |
| ACCESS_WIFI_STATE | 1.0(Base) | 1 | normal |
| BLUETOOTH | 1.0(Base) | 1 | normal |
| BLUETOOTH_ADMIN | 1.0(Base) | 1 | normal |
| BROADCAST_STICKY | 1.0(Base) | 1 | normal |
| CALL_COMPANION_APP | 10.0(Q) | 29 | normal |
| CHANGE_NETWORK_STATE | 1.0(Base) | 1 | normal |
| CHANGE_WIFI_MULTICAST_STATE | 1.6(Donut) | 4 | normal |
| CHANGE_WIFI_STATE | 1.0(Base) | 1 | normal |
| CREDENTIAL_MANAGER_QUERY_CANDIDATE_CREDENTIALS | 14.0 | 34 | normal |
| CREDENTIAL_MANAGER_SET_ALLOWED_PROVIDERS | 14.0 | 34 | normal |
| CREDENTIAL_MANAGER_SET_ORIGIN | 14.0 | 34 | normal |
| DETECT_SCREEN_CAPTURE | 14.0 | 34 | normal |
| DISABLE_KEYGUARD | 1.0(Base) | 1 | normal |
| ENFORCE_UPDATE_OWNERSHIP | 14.0 | 34 | normal |
| EXPAND_STATUS_BAR | 1.0(Base) | 1 | normal |
| FOREGROUND_SERVICE | 9.0(Pie) | 28 | normal |
| GET_PACKAGE_SIZE | 1.0(Base) | 1 | normal |
| HIGH_SAMPLING_RATE_SENSORS | 12.0(S) | 31 | normal |
| INSTALL_SHORTCUT | 4.4(KitKat) | 19 | normal |
| INTERNET | 1.0(Base) | 1 | normal |
| KILL_BACKGROUND_PROCESSES | 2.2(Froyo) | 8 | normal |
| MANAGE_OWN_CALLS | 8.0(Oreo) | 26 | normal |
| MODIFY_AUDIO_SETTINGS | 1.0(Base) | 1 | normal |
| NFC | 2.3(Gingerbread) | 9 | normal |
| NFC_PREFERRED_PAYMENT_INFO | 11.0(R) | 30 | normal |
| NFC_TRANSACTION_EVENT | 9.0(Pie) | 28 | normal |
| QUERY_ALL_PACKAGES | 11.0(R) | 30 | normal |
| READ_SYNC_SETTINGS | 1.0(Base) | 1 | normal |
| READ_SYNC_STATS | 1.0(Base) | 1 | normal |
| RECEIVE_BOOT_COMPLETED | 1.0(Base) | 1 | normal |
| REORDER_TASKS | 1.0(Base) | 1 | normal |
| REQUEST_COMPANION_PROFILE_GLASSES | 14.0 | 34 | normal |
| REQUEST_COMPANION_PROFILE_WATCH | 12.0(S) | 31 | normal |
| REQUEST_COMPANION_RUN_IN_BACKGROUND | 8.0(Oreo) | 26 | normal |
| REQUEST_COMPANION_START_FOREGROUND_SERVICES_FROM_BACKGROUND | 12.0(S) | 31 | normal |
| REQUEST_COMPANION_USE_DATA_IN_BACKGROUND | 8.0(Oreo) | 26 | normal |
| REQUEST_DELETE_PACKAGES | 8.0(Oreo) | 26 | normal |
| REQUEST_IGNORE_BATTERY_OPTIMIZATIONS | 6.0(Marshmallow) | 23 | normal |
| REQUEST_PASSWORD_COMPLEXITY | 10.0(Q) | 29 | normal |
| RUN_USER_INITIATED_JOBS | 14.0 | 34 | normal |
| SET_ALARM | 2.3(Gingerbread) | 9 | normal |
| SET_WALLPAPER | 1.0(Base) | 1 | normal |
| SET_WALLPAPER_HINTS | 1.0(Base) | 1 | normal |
| TRANSMIT_IR | 4.4(KitKat) | 19 | normal |
| UPDATE_PACKAGES_WITHOUT_USER_ACTION | 12.0(S) | 31 | normal |
| USE_BIOMETRIC | 9.0(Pie) | 28 | normal |
| USE_FINGERPRINT | +6.0(Marshmallow)-9.0(Pie) | +23-28 | normal |
| USE_FULL_SCREEN_INTENT | 10.0(Q) | 29 | normal |
| VIBRATE | 1.0(Base) | 1 | normal |
| WAKE_LOCK | 1.0(Base) | 1 | normal |
| WRITE_SYNC_SETTINGS | 1.0(Base) | 1 | normal |
2.危险权限
危险权限也叫运行时权限,Protection Level为dangerous,跟普通权限相反,一旦应用获取了该类权限,用户的隐私数据就会面临被泄露或篡改的风险,所以如果你想使用该权限保护的数据或操作,就必须在AndroidManifest.xml中静态地声明需要用到的危险权限,并在访问这些数据或操作前动态的申请权限,系统就会弹出一个权限请求弹窗征求用户的同意,除非用户同意该权限,否则你不能使用该权限保护的数据或操作。
所有的危险权限都有对应的权限组,android预定义了15个权限组(根据android 14总结),这15个权限组中包含了41个危险权限和几个普通权限,当我们动态的申请某个危险权限时,都是按权限组申请的,当用户一旦同意授权该危险权限,那么该权限所对应的权限组中的其他在AndroidManifest.xml中注册的权限也会同时被授权,android预定义的15个权限组包含的危险权限如下:
| 权限组名 | 引入版本 | API | 权限 | 引入版本 | API |
|---|---|---|---|---|---|
| ACTIVITY_RECOGNITION(识别用户活动) | 10.0(Q) | 29 | ACTIVITY_RECOGNITION | 10.0(Q) | 29 |
| CALENDAR(日历) | 4.2(Jelly Bean) | 17 | READ_CALENDAR | 1.0(Base) | 1 |
| WRITE_CALENDAR | 1.0(Base) | 1 | |||
| CALL_LOG(通话记录) | 9.0(Pie) | 28 | PROCESS_OUTGOING_CALLS | 1.0(Base)+10.0(Q)- | 1+ 29- |
| READ_CALL_LOG | 4.1(Jelly Bean) | 16 | |||
| WRITE_CALL_LOG | 4.1(Jelly Bean) | 16 | |||
| CAMERA(相机) | 4.2(Jelly Bean) | 17 | CAMERA | 1.0(Base) | 1 |
| CONTACTS(联系人) | 6.0(Marshmallow) | 23 | READ_CONTACTS | 1.0(Base) | 1 |
| GET_ACCOUNTS | 1.0(Base) | 1 | |||
| WRITE_CONTACTS | 1.0(Base) | 1 | |||
| LOCATION(位置) | 1.0(Base) | 1 | ACCESS_BACKGROUND_LOCATION | 10.0(Q) | 29 |
| ACCESS_COARSE_LOCATION | 1.0(Base) | 1 | |||
| ACCESS_FINE_LOCATION | 1.0(Base) | 1 | |||
| MICROPHONE(麦克风) | 4.2(Jelly Bean) | 17 | RECORD_AUDIO | 1.0(Base) | 1 |
| NEARBY_DEVICES(附近的蓝牙设备) | 12.0(S) | 31 | BLUETOOTH_ADVERTISE | 12.0(S) | 31 |
| BLUETOOTH_CONNECT | 12.0(S) | 31 | |||
| BLUETOOTH_SCAN | 12.0(S) | 31 | |||
| NOTIFICATIONS(通知) | 13.0(Tiramisu) | 33 | POST_NOTIFICATIONS | 13.0(Tiramisu) | 33 |
| PHONE(手机) | 6.0(Marshmallow) | 23 | ACCEPT_HANDOVER | 9.0(Pie) | 28 |
| ADD_VOICEMAIL | 4.0(IceCreamSandwich) | 14 | |||
| ANSWER_PHONE_CALLS | 8.0(Oreo) | 26 | |||
| CALL_PHONE | 1.0(Base) | 1 | |||
| READ_PHONE_NUMBERS | 8.0(Oreo) | 26 | |||
| READ_PHONE_STATE | 1.0(Base) | 1 | |||
| USE_SIP | 2.3(Gingerbread) | 9 | |||
| READ_MEDIA_AURAL(读取音频) | 13.0(Tiramisu) | 33 | |||
| READ_MEDIA_VISUAL(读取图像和视频) | 13.0(Tiramisu) | 33 | |||
| SENSORS(传感器) | 6.0(Marshmallow) | 23 | BODY_SENSORS | 4.4W(KitKat Wear) | 20 |
| BODY_SENSORS_BACKGROUND | 13.0(Tiramisu) | 33 | |||
| SMS(短信) | 6.0(Marshmallow) | 23 | READ_SMS | 1.0(Base) | 1 |
| RECEIVE_MMS | 1.0(Base) | 1 | |||
| RECEIVE_SMS | 1.0(Base) | 1 | |||
| RECEIVE_WAP_PUSH | 1.0(Base) | 1 | |||
| SEND_SMS | 1.0(Base) | 1 | |||
| STORAGE(存储卡) | 1.6(Donut) | 4 | READ_EXTERNAL_STORAGE | 4.1(Jelly Bean) | 16 |
| READ_MEDIA_AUDIO | 13.0(Tiramisu) | 33 | |||
| READ_MEDIA_IMAGES | 13.0(Tiramisu) | 33 | |||
| READ_MEDIA_VIDEO | 13.0(Tiramisu) | 33 | |||
| READ_MEDIA_VISUAL_USER_SELECTED | 14.0 | 34 | |||
| WRITE_EXTERNAL_STORAGE | 1.6(Donut) | 4 | |||
| 无 | ACCESS_MEDIA_LOCATION | 10.0(Q) | 29 | ||
| NEARBY_WIFI_DEVICES | 13.0(Tiramisu) | 33 | |||
| UWB_RANGING | 12.0(S) | 31 |
3.特殊权限
特殊权限用于保护一些特定的应用程序操作,Protection Level为appop(应用操作)、installer(安装程序)、role(职责)、privileged(特权)、signature(签名)等。
· 应用操作
Protection Level为appop,使用前也需要在AndroidManifest.xml中静态地声明,也需要动态的申请,但是它不同于危险权限的申请,危险权限的申请会弹出一个对话框询问你是否同意,而此权限的申请需要跳转到指定的设置界面,让你手动点击toggle按钮确认是否同意
· 签名权限
Protection Level为signature,只对拥有相同签名的应用开放,它也不需要动态申请,例如应用A在AndroidManifest.xml中自定义了一个permission且在权限标签中加入android:protectionLevel=”signature”,表示应用A声明了一个签名权限,那么应用B想要访问应用A受该权限保护的数据时,必须要在AndroidManifest.xml中声明该权限,同时要用与应用A相同的签名打包,这样系统在应用B安装时才会自动地授予应用B该权限,应用B在获得授权后就可以访问该权限控制的数据,其他应用即使知道这个权限,也在AndroidManifest.xml中声明了该权限,但由于应用签名不同,安装时系统不会授予它该权限,这样其他应用就无法访问受该权限保护的数据。
还有一些签名权限不会供第三方应用程序使用,只会供系统预装应用使用,这种签名权限的Protection Level为signature和privileged。
· 特殊权限明细
以下列出所有特殊权限(按照appop、installer、role、privileged、signature顺序列出)
| 权限 | 引入版本 | API | Protection Level |
|---|---|---|---|
| FOREGROUND_SERVICE_SPECIAL_USE | 14.0 | 34 | normal|appop|instant |
| INSTANT_APP_FOREGROUND_SERVICE | 8.0(Oreo) | 26 | signature|development|instant|appop |
| LOADER_USAGE_STATS | 11.0(R) | 30 | signature|privileged|appop |
| MANAGE_EXTERNAL_STORAGE | 11.0(R) | 30 | signature|appop|preinstalled |
| MANAGE_MEDIA | 12.0(S) | 31 | signature|appop|preinstalled |
| MANAGE_ONGOING_CALLS | 12.0(S) | 31 | signature|appop |
| PACKAGE_USAGE_STATS | 6.0(Marshmallow) | 23 | signature|privileged|development|appop|retailDemo |
| SCHEDULE_EXACT_ALARM | 12.0(S) | 31 | signature|privileged|appop |
| SMS_FINANCIAL_TRANSACTIONS | 10.0(Q)+12.0(S)- | 29+31- | signature|appop |
| SYSTEM_ALERT_WINDOW | 1.0(Base) | 1 | signature|setup|appop|installer|pre23|development |
| USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER | 12.0(S) | 31 | signature|appop |
| WRITE_SETTINGS | 1.0(Base) | 1 | signature|preinstalled|appop|pre23 |
| START_VIEW_APP_FEATURES | 13.0(Tiramisu) | 33 | signature|installerinstaller |
| START_VIEW_PERMISSION_USAGE | 10.0(Q) | 29 | signature|installer |
| PROVIDE_REMOTE_CREDENTIALS | 14.0 | 34 | signature|privileged|role |
| READ_VOICEMAIL | 5.0(Lollipop) | 21 | signature|privileged|role |
| WRITE_VOICEMAIL | 5.0(Lollipop) | 21 | signature|privileged|role |
| EXECUTE_APP_ACTION | 14.0 | 34 | internal|role |
| LAUNCH_CAPTURE_CONTENT_ACTIVITY_FOR_NOTE | 14.0 | 34 | internal|role |
| MANAGE_DEVICE_LOCK_STATE | 14.0 | 34 | internal|role |
| PROVIDE_OWN_AUTOFILL_SUGGESTIONS | 14.0 | 34 | internal|role |
| SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE | 13.0(Tiramisu) | 33 | signature|role |
| SUBSCRIBE_TO_KEYGUARD_LOCKED_STATE | 13.0(Tiramisu) | 33 | signature|role |
| READ_ASSISTANT_APP_SEARCH_DATA | 13.0(Tiramisu) | 33 | role |
| READ_HOME_APP_SEARCH_DATA | 13.0(Tiramisu) | 33 | role |
| BATTERY_STATS | 1.0(Base) | 1 | signature|privileged|development |
| CHANGE_CONFIGURATION | 1.0(Base) | 1 | signature|privileged|development |
| BIND_CALL_REDIRECTION_SERVICE | 10.0(Q) | 29 | signature|privileged |
| BIND_CARRIER_SERVICES | 6.0(Marshmallow) | 23 | signature|privileged |
| BIND_INCALL_SERVICE | 6.0(Marshmallow) | 23 | signature|privileged |
| BIND_REMOTEVIEWS | 3.0(Honeycomb) | 11 | signature|privileged |
| BIND_SCREENING_SERVICE | 7.0(Nougat) | 24 | signature|privileged |
| BIND_TELECOM_CONNECTION_SERVICE | 6.0(Marshmallow) | 23 | signature|privileged |
| BIND_TV_INPUT | 5.0(Lollipop) | 21 | signature|privileged |
| BIND_TV_INTERACTIVE_APP | 13.0(Tiramisu) | 33 | signature|privileged |
| BIND_VISUAL_VOICEMAIL_SERVICE | 8.0(Oreo) | 26 | signature|privileged |
| BIND_WALLPAPER | 2.2(Froyo) | 8 | signature|privileged |
| CLEAR_APP_CACHE | 1.0(Base) | 1 | signature|privileged |
| DELETE_CACHE_FILES | 1.0(Base) | 1 | signature|privileged |
| GET_ACCOUNTS_PRIVILEGED | 6.0(Marshmallow) | 23 | signature|privileged |
| GLOBAL_SEARCH | 1.6(Donut) | 4 | signature|privileged |
| BLUETOOTH_PRIVILEGED | 4.4(KitKat) | 19 | privileged |
| CALL_PRIVILEGED | 1.0(Base) | 1 | privileged |
| MANAGE_WIFI_NETWORK_SELECTION | 13.0(Tiramisu) | 33 | privileged |
| START_FOREGROUND_SERVICES_FROM_BACKGROUND | 12.0(S) | 31 | privileged |
| BIND_ACCESSIBILITY_SERVICE | 4.1(Jelly Bean) | 16 | signature |
| BIND_AUTOFILL_SERVICE | 8.0(Oreo) | 26 | signature |
| BIND_CARRIER_MESSAGING_CLIENT_SERVICE | 10.0(Q) | 29 | signature |
| BIND_CHOOSER_TARGET_SERVICE | 6.0(Marshmallow)+11.0(R)- | 23+30- | signature |
| BIND_CONDITION_PROVIDER_SERVICE | 7.0(Nougat) | 24 | signature |
| BIND_CREDENTIAL_PROVIDER_SERVICE | 14.0 | 34 | signature |
| BIND_DEVICE_ADMIN | 2.2(Froyo) | 8 | signature |
| BIND_DREAM_SERVICE | 5.0(Lollipop) | 21 | signature |
| BIND_INPUT_METHOD | 1.5(Cupcake) | 3 | signature |
| BIND_MIDI_DEVICE_SERVICE | 6.0(Marshmallow) | 23 | signature |
| BIND_NFC_SERVICE | 4.4(KitKat) | 19 | signature |
| BIND_NOTIFICATION_LISTENER_SERVICE | 4.3(Jelly Bean) | 18 | signature |
| BIND_PRINT_SERVICE | 4.4(KitKat) | 19 | signature |
| BIND_QUICK_ACCESS_WALLET_SERVICE | 11.0(R) | 30 | signature |
| BIND_TEXT_SERVICE | 4.0(IceCreamSandwich) | 14 | signature |
| BIND_VOICE_INTERACTION | 5.0(Lollipop) | 21 | signature |
| BIND_VPN_SERVICE | 4.0(IceCreamSandwich) | 14 | signature |
| BIND_VR_LISTENER_SERVICE | 7.0(Nougat) | 24 | signature |
| REQUEST_INSTALL_PACKAGES | 6.0(Marshmallow) | 23 | signature |
4958
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
