網(wǎng)絡(luò)廣告營(yíng)銷(xiāo)策略分析,北京優(yōu)化核酸檢測(cè),廈門(mén)網(wǎng)站代理,騰訊企點(diǎn)官網(wǎng)入口背景#xff1a; 經(jīng)常我們?cè)谧鰂ramework開(kāi)發(fā)時(shí)候#xff0c;看到某些權(quán)限時(shí)候會(huì)有對(duì)權(quán)限定義進(jìn)行深入查看#xff0c;例如上一篇文章#xff1a; 聊一聊豆包AI手機(jī)助手高度敏感權(quán)限CAPTURE_SECURE_VIDEO_OUTPUT 中就有看到關(guān)鍵字保護(hù)級(jí)別#xff1a;android:protectionLe…背景經(jīng)常我們?cè)谧鰂ramework開(kāi)發(fā)時(shí)候看到某些權(quán)限時(shí)候會(huì)有對(duì)權(quán)限定義進(jìn)行深入查看例如上一篇文章聊一聊豆包AI手機(jī)助手高度敏感權(quán)限CAPTURE_SECURE_VIDEO_OUTPUT中就有看到關(guān)鍵字保護(hù)級(jí)別android:protectionLevel“signature|role”。也有其他權(quán)限看到是android:protectionLevel“normal”看到這里就有vip學(xué)員朋友提出針對(duì)這個(gè)xml保護(hù)級(jí)別protectionLevel到底代表什么意思除了常見(jiàn)的signature這個(gè)級(jí)別屬于我們常見(jiàn)知道的的外又還有哪些protectionLevel呢這個(gè)問(wèn)題確實(shí)是個(gè)好問(wèn)題要解答這個(gè)問(wèn)題就需要深入看一下這塊的源碼分析下面馬哥帶大家來(lái)一起解答。源碼剖析protectionLevel對(duì)應(yīng)的xml部分先看看權(quán)限及保護(hù)級(jí)別的定義frameworks/base/core/res/AndroidManifest.xml!-- SystemApi TestApi hide Allows an application to change to remove/kill tasks --permissionandroid:nameandroid.permission.REMOVE_TASKSandroid:protectionLevelsignature|recents|role/!-- deprecated Use MANAGE_ACTIVITY_TASKS instead. SystemApi TestApi hide Allows an application to create/manage/remove stacks --permissionandroid:nameandroid.permission.MANAGE_ACTIVITY_STACKSandroid:protectionLevelsignature/一般這里里面的關(guān)鍵signaturerecentsrole一般都是有在對(duì)應(yīng)attrs.xml中有定義是不可以隨意對(duì)寫(xiě)一個(gè)字符signaturexxxrole1xxx的這樣寫(xiě)的不對(duì)會(huì)直接報(bào)錯(cuò)。那么是在哪里進(jìn)行定義的呢這里可以如果大家不知道具體在哪個(gè)attrs的xml文件定義可以通過(guò)grep來(lái)查找定位在frameworks/base/core/res/res/values目錄進(jìn)行查找關(guān)鍵字“protectionLevel”。testtest:~/disk_2T/aosp16/frameworks/base/core/res/res/values$grepprotectionLevel./ -rn ./public-final.xml:37:publictypeattrnameprotectionLevelid0x01010009/./attrs_manifest.xml:183: permanent protectionLevel. If you are creating a custom permissioninan ./attrs_manifest.xml:184: application, you can define a protectionLevel attribute with one of the ./attrs_manifest.xml:185: values listed below. If no protectionLevel is definedfora custom ./attrs_manifest.xml:194:attrnameprotectionLevel./attrs_manifest.xml:2438:attrnameprotectionLevel/可以看到這里查找到了原來(lái)是在attrs_manifest.xml中進(jìn)行的定義。這里看看對(duì)應(yīng)的xml定義部分frameworks/base/core/res/res/values/attrs_manifest.xml!-- Characterizes the potential risk implied in a permission and indicates the procedure the system should follow when determining whether to grant the permission to an application requesting it. {link android.Manifest.permission Standard permissions} have a predefined and permanent protectionLevel. If you are creating a custom permission in an application, you can define a protectionLevel attribute with one of the values listed below. If no protectionLevel is defined for a custom permission, the system assigns the default (normal). pEach protection level consists of a base permission type and zero or more flags. Use the following functions to extract those. pre int basePermissionType permissionInfo.getProtection(); int permissionFlags permissionInfo.getProtectionFlags(); /pre --attrnameprotectionLevel!-- strongBase permission type/strong: a lower-risk permission that gives an application access to isolated application-level features, with minimal risk to other applications, the system, or the user. The system automatically grants this type of permission to a requesting application at installation, without asking for the users explicit approval (though the user always has the option to review these permissions before installing). --flagnamenormalvalue0/!-- strongBase permission type/strong: a higher-risk permission that would give a requesting application access to private user data or control over the device that can negatively impact the user. Because this type of permission introduces potential risk, the system may not automatically grant it to the requesting application. For example, any dangerous permissions requested by an application may be displayed to the user and require confirmation before proceeding, or some other approach may be taken to avoid the user automatically allowing the use of such facilities. --flagnamedangerousvalue1/!-- strongBase permission type/strong: a permission that the system is to grant only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the users explicit approval. --flagnamesignaturevalue2/!-- Old synonym for signature|privileged. Deprecated in API level 23. Base permission type: a permission that the system is to grant only to packages in the Android system image emor/em that are signed with the same certificates. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. This permission is used for certain special situations where multiple vendors have applications built in to a system image which need to share specific features explicitly because they are being built together. --flagnamesignatureOrSystemvalue3/!-- strongBase permission type/strong: a permission that is managed internally by the system and only granted according to the protection flags. --flagnameinternalvalue4/!-- Additional flag from base permission type: this permission can also be granted to any applications installed as privileged apps on the system image. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. This permission flag is used for certain special situations where multiple vendors have applications built in to a system image which need to share specific features explicitly because they are being built together. --flagnameprivilegedvalue0x10/!-- Old synonym for privileged. Deprecated in API level 23. --flagnamesystemvalue0x10/!-- Additional flag from base permission type: this permission can also (optionally) be granted to development applications. Although undocumented, the permission state used to be shared by all users (including future users), but it is managed per-user since API level 31. --flagnamedevelopmentvalue0x20/!-- Additional flag from base permission type: this permission is closely associated with an app op for controlling access. --flagnameappopvalue0x40/!-- Additional flag from base permission type: this permission can be automatically granted to apps that target API levels below {link android.os.Build.VERSION_CODES#M} (before runtime permissions were introduced). --flagnamepre23value0x80/!-- Additional flag from base permission type: this permission can be automatically granted to system apps that install packages. --flagnameinstallervalue0x100/!-- Additional flag from base permission type: this permission can be automatically granted to system apps that verify packages. --flagnameverifiervalue0x200/!-- Additional flag from base permission type: this permission can be automatically granted any application pre-installed on the system image (not just privileged apps). --flagnamepreinstalledvalue0x400/!-- Additional flag from base permission type: this permission can be automatically granted to the setup wizard app --flagnamesetupvalue0x800/!-- Additional flag from base permission type: this permission can be granted to instant apps --flagnameinstantvalue0x1000/!-- Additional flag from base permission type: this permission can only be granted to apps that target runtime permissions ({link android.os.Build.VERSION_CODES#M} and above) --flagnameruntimevalue0x2000/!-- Additional flag from base permission type: this permission can be granted only if its protection level is signature, the requesting app resides on the OEM partition, and the OEM has allowlisted the app to receive this permission by the OEM. --flagnameoemvalue0x4000/!-- Additional flag from base permission type: this permission can be granted to privileged apps in vendor partition. --flagnamevendorPrivilegedvalue0x8000/!-- Additional flag from base permission type: this permission can be automatically granted to the system default text classifier --flagnametextClassifiervalue0x10000/!-- Additional flag from base permission type: this permission automatically granted to device configurator --flagnameconfiguratorvalue0x80000/!-- Additional flag from base permission type: this permission designates the app that will approve the sharing of incident reports. --flagnameincidentReportApprovervalue0x100000/!-- Additional flag from base permission type: this permission can be automatically granted to the system app predictor --flagnameappPredictorvalue0x200000/!-- Additional flag from base permission type: this permission can also be granted if the requesting application is included in the mainline module}. --flagnamemodulevalue0x400000/!-- Additional flag from base permission type: this permission can be automatically granted to the system companion device manager service --flagnamecompanionvalue0x800000/!-- Additional flag from base permission type: this permission will be granted to the retail demo app, as defined by the OEM. This flag has been replaced by the retail demo role and is a no-op since Android V. --flagnameretailDemovalue0x1000000/!-- Additional flag from base permission type: this permission will be granted to the recents app. --flagnamerecentsvalue0x2000000/!-- Additional flag from base permission type: this permission is managed by role. --flagnamerolevalue0x4000000/!-- Additional flag from base permission type: this permission can also be granted if the requesting application is signed by, or has in its signing lineage, any of the certificate digests declared in {link android.R.attr#knownCerts}. --flagnameknownSignervalue0x8000000//attr上面xml其實(shí)也自帶了相關(guān)的注釋非常詳細(xì)大概意思就是protectionLevel中在xml中的只可以是上面這些每個(gè)保護(hù)字符都是有自己的含義具體含義可以看注釋哈這些字符都會(huì)變成一個(gè)個(gè)的int類(lèi)型的數(shù)字。比如name“signature”這種最后就被轉(zhuǎn)換成數(shù)字2。flagnamesignaturevalue2/那么數(shù)字2又被誰(shuí)使用呢這里注釋中可以看看出來(lái)是PermissionInfo的getProtectionFlags方法/** * Return the additional flags in {link #protectionLevel}. */ProtectionFlagspublicintgetProtectionFlags(){returnprotectionLevel~PROTECTION_MASK_BASE;}protectionLevel代碼部分frameworks/base/core/java/android/content/pm/PermissionInfo.java代表權(quán)限保護(hù)級(jí)別的變量/** * The level of access this permission is protecting, as per * {link android.R.attr#protectionLevel}. Consists of * a base permission type and zero or more flags. Use the following functions * to extract them. * * pre * int basePermissionType permissionInfo.getProtection(); * int permissionFlags permissionInfo.getProtectionFlags(); * /pre * * p/pBase permission types are {link #PROTECTION_NORMAL}, * {link #PROTECTION_DANGEROUS}, {link #PROTECTION_SIGNATURE}, {link #PROTECTION_INTERNAL} * and the deprecated {link #PROTECTION_SIGNATURE_OR_SYSTEM}. * Flags are listed under {link android.R.attr#protectionLevel}. * * deprecated Use #getProtection() and #getProtectionFlags() instead. */DeprecatedpublicintprotectionLevel;一般這個(gè)變量值有以下這些/** * Information you can retrieve about a particular security permission * known to the system. This corresponds to information collected from the * AndroidManifest.xmls lt;permissiongt; tags. */publicclassPermissionInfoextendsPackageItemInfoimplementsParcelable{/** * A normal application value for {link #protectionLevel}, corresponding * to the codenormal/code value of * {link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_NORMAL0;/** * Dangerous value for {link #protectionLevel}, corresponding * to the codedangerous/code value of * {link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_DANGEROUS1;/** * System-level value for {link #protectionLevel}, corresponding * to the codesignature/code value of * {link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_SIGNATURE2;/** * deprecated Use {link #PROTECTION_SIGNATURE}|{link #PROTECTION_FLAG_PRIVILEGED} * instead. */DeprecatedpublicstaticfinalintPROTECTION_SIGNATURE_OR_SYSTEM3;/** * System-level value for {link #protectionLevel}, corresponding * to the codeinternal/code value of * {link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_INTERNAL4;/** hide */IntDef(flagfalse,prefix{PROTECTION_},value{PROTECTION_NORMAL,PROTECTION_DANGEROUS,PROTECTION_SIGNATURE,PROTECTION_SIGNATURE_OR_SYSTEM,PROTECTION_INTERNAL,})Retention(RetentionPolicy.SOURCE)publicinterfaceProtection{}/** * Additional flag for {link #protectionLevel}, corresponding * to the codeprivileged/code value of * {link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_PRIVILEGED0x10;/** * deprecated Old name for {link #PROTECTION_FLAG_PRIVILEGED}, which * is now very confusing because it only applies to privileged apps, not all * apps on the system image. */DeprecatedpublicstaticfinalintPROTECTION_FLAG_SYSTEM0x10;/** * Additional flag for {link #protectionLevel}, corresponding * to the codedevelopment/code value of * {link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_DEVELOPMENT0x20;/** * Additional flag for {link #protectionLevel}, corresponding * to the codeappop/code value of * {link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_APPOP0x40;/** * Additional flag for {link #protectionLevel}, corresponding * to the codepre23/code value of * {link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_PRE230x80;/** * Additional flag for {link #protectionLevel}, corresponding * to the codeinstaller/code value of * {link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_INSTALLER0x100;/** * Additional flag for {link #protectionLevel}, corresponding * to the codeverifier/code value of * {link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_VERIFIER0x200;/** * Additional flag for {link #protectionLevel}, corresponding * to the codepreinstalled/code value of * {link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_PREINSTALLED0x400;/** * Additional flag for {link #protectionLevel}, corresponding * to the codesetup/code value of * {link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_SETUP0x800;/** * Additional flag for {link #protectionLevel}, corresponding * to the codeinstant/code value of * {link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_INSTANT0x1000;/** * Additional flag for {link #protectionLevel}, corresponding * to the coderuntime/code value of * {link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_RUNTIME_ONLY0x2000;/** * Additional flag for {link #protectionLevel}, corresponding * to the codeoem/code value of * {link android.R.attr#protectionLevel}. * * hide */SystemApipublicstaticfinalintPROTECTION_FLAG_OEM0x4000;/** * Additional flag for {${link #protectionLevel}, corresponding * to the codevendorPrivileged/code value of * {link android.R.attr#protectionLevel}. * * hide */SystemApipublicstaticfinalintPROTECTION_FLAG_VENDOR_PRIVILEGED0x8000;/** * Additional flag for {link #protectionLevel}, corresponding * to the codetext_classifier/code value of * {link android.R.attr#protectionLevel}. * * hide */SystemApipublicstaticfinalintPROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER0x10000;/** * Additional flag for {${link #protectionLevel}, corresponding * to the codewellbeing/code value of * {link android.R.attr#protectionLevel}. * * deprecated this protectionLevel is obsolete. Permissions previously granted through this * protectionLevel have been migrated to use coderole/code instead * hide */SystemApipublicstaticfinalintPROTECTION_FLAG_WELLBEING0x20000;/** * Additional flag for {link #protectionLevel}, corresponding to the * {code documenter} value of {link android.R.attr#protectionLevel}. * * deprecated this protectionLevel is obsolete. Permissions previously granted * through this protectionLevel have been migrated to use coderole/code instead * hide */SystemApipublicstaticfinalintPROTECTION_FLAG_DOCUMENTER0x40000;/** * Additional flag for {link #protectionLevel}, corresponding to the * {code configurator} value of {link android.R.attr#protectionLevel}. * * hide */SystemApipublicstaticfinalintPROTECTION_FLAG_CONFIGURATOR0x80000;/** * Additional flag for {${link #protectionLevel}, corresponding * to the codeincident_report_approver/code value of * {link android.R.attr#protectionLevel}. * * hide */SystemApipublicstaticfinalintPROTECTION_FLAG_INCIDENT_REPORT_APPROVER0x100000;/** * Additional flag for {link #protectionLevel}, corresponding * to the codeapp_predictor/code value of * {link android.R.attr#protectionLevel}. * * hide */SystemApipublicstaticfinalintPROTECTION_FLAG_APP_PREDICTOR0x200000;/** * Additional flag for {link #protectionLevel}, corresponding * to the codemodule/code value of * {link android.R.attr#protectionLevel}. * * hide */SystemApipublicstaticfinalintPROTECTION_FLAG_MODULE0x400000;/** * Additional flag for {link #protectionLevel}, corresponding * to the codecompanion/code value of * {link android.R.attr#protectionLevel}. * * hide */SystemApipublicstaticfinalintPROTECTION_FLAG_COMPANION0x800000;/** * Additional flag for {link #protectionLevel}, corresponding * to the coderetailDemo/code value of * {link android.R.attr#protectionLevel}. * * deprecated This flag has been replaced by the * {link android.R.string#config_defaultRetailDemo retail demo role} and is a * no-op since {link Build.VERSION_CODES#VANILLA_ICE_CREAM}. * * hide */SystemApipublicstaticfinalintPROTECTION_FLAG_RETAIL_DEMO0x1000000;/** * Additional flag for {link #protectionLevel}, corresponding * to the coderecents/code value of * {link android.R.attr#protectionLevel}. * * hide */SystemApipublicstaticfinalintPROTECTION_FLAG_RECENTS0x2000000;/** * Additional flag for {link #protectionLevel}, corresponding to the coderole/code value of * {link android.R.attr#protectionLevel}. * * hide */SystemApipublicstaticfinalintPROTECTION_FLAG_ROLE0x4000000;/** * Additional flag for {link #protectionLevel}, correspoinding to the {code knownSigner} value * of {link android.R.attr#protectionLevel}. * * hide */SystemApipublicstaticfinalintPROTECTION_FLAG_KNOWN_SIGNER0x8000000;/** hide */IntDef(flagtrue,prefix{PROTECTION_FLAG_},value{PROTECTION_FLAG_PRIVILEGED,PROTECTION_FLAG_SYSTEM,PROTECTION_FLAG_DEVELOPMENT,PROTECTION_FLAG_APPOP,PROTECTION_FLAG_PRE23,PROTECTION_FLAG_INSTALLER,PROTECTION_FLAG_VERIFIER,PROTECTION_FLAG_PREINSTALLED,PROTECTION_FLAG_SETUP,PROTECTION_FLAG_INSTANT,PROTECTION_FLAG_RUNTIME_ONLY,PROTECTION_FLAG_OEM,PROTECTION_FLAG_VENDOR_PRIVILEGED,PROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER,PROTECTION_FLAG_CONFIGURATOR,PROTECTION_FLAG_INCIDENT_REPORT_APPROVER,PROTECTION_FLAG_APP_PREDICTOR,PROTECTION_FLAG_COMPANION,PROTECTION_FLAG_RETAIL_DEMO,PROTECTION_FLAG_RECENTS,PROTECTION_FLAG_ROLE,PROTECTION_FLAG_KNOWN_SIGNER,PROTECTION_FLAG_MODULE,})xml中值如何轉(zhuǎn)換成java的protectionLevel變量這塊可以看一下如下代碼到此就把學(xué)員關(guān)于權(quán)限的protectionLevel保護(hù)級(jí)別部分進(jìn)行了全面的剖析。原文參考https://mp.weixin.qq.com/s/3GNkarfoiab7akLtdtZanA