news 2026/7/7 18:37:46

AI豆包手机权限文章补充:Mainfest中某个权限的protectionLevel具体是如何被系统定义的?

作者头像

张小明

前端开发工程师

1.2k 24
文章封面图
AI豆包手机权限文章补充:Mainfest中某个权限的protectionLevel具体是如何被系统定义的?

背景:

经常我们在做framework开发时候,看到某些权限时候会有对权限定义进行深入查看,例如上一篇文章:
聊一聊豆包AI手机助手高度敏感权限CAPTURE_SECURE_VIDEO_OUTPUT

中就有看到关键字保护级别:android:protectionLevel=“signature|role”。
也有其他权限看到是android:protectionLevel=“normal”:

看到这里就有vip学员朋友提出针对这个xml保护级别protectionLevel到底代表什么意思,除了常见的signature这个级别属于我们常见知道的的外又还有哪些protectionLevel呢?

这个问题确实是个好问题,要解答这个问题就需要深入看一下这块的源码分析,下面马哥带大家来一起解答。

源码剖析

protectionLevel对应的xml部分

先看看权限及保护级别的定义:
frameworks/base/core/res/AndroidManifest.xml

<!-- @SystemApi @TestApi @hide Allows an application to change to remove/kill tasks --><permissionandroid:name="android.permission.REMOVE_TASKS"android:protectionLevel="signature|recents|role"/><!-- @deprecated Use MANAGE_ACTIVITY_TASKS instead. @SystemApi @TestApi @hide Allows an application to create/manage/remove stacks --><permissionandroid:name="android.permission.MANAGE_ACTIVITY_STACKS"android:protectionLevel="signature"/>

一般这里里面的关键signature,recents,role一般都是有在对应attrs.xml中有定义,是不可以随意对写一个字符signaturexxx,role1xxx的,这样写的不对会直接报错。那么是在哪里进行定义的呢?

这里可以如果大家不知道具体在哪个attrs的xml文件定义,可以通过grep来查找定位:
在frameworks/base/core/res/res/values目录进行查找关键字“protectionLevel”。

test@test:~/disk_2T/aosp16/frameworks/base/core/res/res/values$grep"protectionLevel"./ -rn ./public-final.xml:37:<publictype="attr"name="protectionLevel"id="0x01010009"/>./attrs_manifest.xml:183: permanent protectionLevel. If you are creating a custom permissioninan ./attrs_manifest.xml:184: application, you can define a protectionLevel attribute with one of the ./attrs_manifest.xml:185: values listed below. If no protectionLevel is definedfora custom ./attrs_manifest.xml:194:<attrname="protectionLevel">./attrs_manifest.xml:2438:<attrname="protectionLevel"/>

可以看到这里查找到了,原来是在attrs_manifest.xml中进行的定义。
这里看看对应的xml定义部分:

frameworks/base/core/res/res/values/attrs_manifest.xml

<!-- Characterizes the potential risk implied in a permission and indicates the procedure the system should follow when determining whether to grant the permission to an application requesting it. {@link android.Manifest.permission Standard permissions} have a predefined and permanent protectionLevel. If you are creating a custom permission in an application, you can define a protectionLevel attribute with one of the values listed below. If no protectionLevel is defined for a custom permission, the system assigns the default ("normal"). <p>Each protection level consists of a base permission type and zero or more flags. Use the following functions to extract those. <pre> int basePermissionType = permissionInfo.getProtection(); int permissionFlags = permissionInfo.getProtectionFlags(); </pre> --><attrname="protectionLevel"><!-- <strong>Base permission type</strong>: a lower-risk permission that gives an application access to isolated application-level features, with minimal risk to other applications, the system, or the user. The system automatically grants this type of permission to a requesting application at installation, without asking for the user's explicit approval (though the user always has the option to review these permissions before installing). --><flagname="normal"value="0"/><!-- <strong>Base permission type</strong>: a higher-risk permission that would give a requesting application access to private user data or control over the device that can negatively impact the user. Because this type of permission introduces potential risk, the system may not automatically grant it to the requesting application. For example, any dangerous permissions requested by an application may be displayed to the user and require confirmation before proceeding, or some other approach may be taken to avoid the user automatically allowing the use of such facilities. --><flagname="dangerous"value="1"/><!-- <strong>Base permission type</strong>: a permission that the system is to grant only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval. --><flagname="signature"value="2"/><!-- Old synonym for "signature|privileged". Deprecated in API level 23. Base permission type: a permission that the system is to grant only to packages in the Android system image <em>or</em> that are signed with the same certificates. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. This permission is used for certain special situations where multiple vendors have applications built in to a system image which need to share specific features explicitly because they are being built together. --><flagname="signatureOrSystem"value="3"/><!-- <strong>Base permission type</strong>: a permission that is managed internally by the system and only granted according to the protection flags. --><flagname="internal"value="4"/><!-- Additional flag from base permission type: this permission can also be granted to any applications installed as privileged apps on the system image. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. This permission flag is used for certain special situations where multiple vendors have applications built in to a system image which need to share specific features explicitly because they are being built together. --><flagname="privileged"value="0x10"/><!-- Old synonym for "privileged". Deprecated in API level 23. --><flagname="system"value="0x10"/><!-- Additional flag from base permission type: this permission can also (optionally) be granted to development applications. Although undocumented, the permission state used to be shared by all users (including future users), but it is managed per-user since API level 31. --><flagname="development"value="0x20"/><!-- Additional flag from base permission type: this permission is closely associated with an app op for controlling access. --><flagname="appop"value="0x40"/><!-- Additional flag from base permission type: this permission can be automatically granted to apps that target API levels below {@link android.os.Build.VERSION_CODES#M} (before runtime permissions were introduced). --><flagname="pre23"value="0x80"/><!-- Additional flag from base permission type: this permission can be automatically granted to system apps that install packages. --><flagname="installer"value="0x100"/><!-- Additional flag from base permission type: this permission can be automatically granted to system apps that verify packages. --><flagname="verifier"value="0x200"/><!-- Additional flag from base permission type: this permission can be automatically granted any application pre-installed on the system image (not just privileged apps). --><flagname="preinstalled"value="0x400"/><!-- Additional flag from base permission type: this permission can be automatically granted to the setup wizard app --><flagname="setup"value="0x800"/><!-- Additional flag from base permission type: this permission can be granted to instant apps --><flagname="instant"value="0x1000"/><!-- Additional flag from base permission type: this permission can only be granted to apps that target runtime permissions ({@link android.os.Build.VERSION_CODES#M} and above) --><flagname="runtime"value="0x2000"/><!-- Additional flag from base permission type: this permission can be granted only if its protection level is signature, the requesting app resides on the OEM partition, and the OEM has allowlisted the app to receive this permission by the OEM. --><flagname="oem"value="0x4000"/><!-- Additional flag from base permission type: this permission can be granted to privileged apps in vendor partition. --><flagname="vendorPrivileged"value="0x8000"/><!-- Additional flag from base permission type: this permission can be automatically granted to the system default text classifier --><flagname="textClassifier"value="0x10000"/><!-- Additional flag from base permission type: this permission automatically granted to device configurator --><flagname="configurator"value="0x80000"/><!-- Additional flag from base permission type: this permission designates the app that will approve the sharing of incident reports. --><flagname="incidentReportApprover"value="0x100000"/><!-- Additional flag from base permission type: this permission can be automatically granted to the system app predictor --><flagname="appPredictor"value="0x200000"/><!-- Additional flag from base permission type: this permission can also be granted if the requesting application is included in the mainline module}. --><flagname="module"value="0x400000"/><!-- Additional flag from base permission type: this permission can be automatically granted to the system companion device manager service --><flagname="companion"value="0x800000"/><!-- Additional flag from base permission type: this permission will be granted to the retail demo app, as defined by the OEM. This flag has been replaced by the retail demo role and is a no-op since Android V. --><flagname="retailDemo"value="0x1000000"/><!-- Additional flag from base permission type: this permission will be granted to the recents app. --><flagname="recents"value="0x2000000"/><!-- Additional flag from base permission type: this permission is managed by role. --><flagname="role"value="0x4000000"/><!-- Additional flag from base permission type: this permission can also be granted if the requesting application is signed by, or has in its signing lineage, any of the certificate digests declared in {@link android.R.attr#knownCerts}. --><flagname="knownSigner"value="0x8000000"/></attr>

上面xml其实也自带了相关的注释非常详细,大概意思就是protectionLevel中在xml中的只可以是上面这些,每个保护字符都是有自己的含义,具体含义可以看注释哈,这些字符都会变成一个个的int类型的数字。
比如name=“signature”,这种最后就被转换成数字2。

<flagname="signature"value="2"/>

那么数字2又被谁使用呢?这里注释中可以看看出来是PermissionInfo的getProtectionFlags方法:

/** * Return the additional flags in {@link #protectionLevel}. */@ProtectionFlagspublicintgetProtectionFlags(){returnprotectionLevel&~PROTECTION_MASK_BASE;}

protectionLevel代码部分

frameworks/base/core/java/android/content/pm/PermissionInfo.java

代表权限保护级别的变量:

/** * The level of access this permission is protecting, as per * {@link android.R.attr#protectionLevel}. Consists of * a base permission type and zero or more flags. Use the following functions * to extract them. * * <pre> * int basePermissionType = permissionInfo.getProtection(); * int permissionFlags = permissionInfo.getProtectionFlags(); * </pre> * * <p></p>Base permission types are {@link #PROTECTION_NORMAL}, * {@link #PROTECTION_DANGEROUS}, {@link #PROTECTION_SIGNATURE}, {@link #PROTECTION_INTERNAL} * and the deprecated {@link #PROTECTION_SIGNATURE_OR_SYSTEM}. * Flags are listed under {@link android.R.attr#protectionLevel}. * * @deprecated Use #getProtection() and #getProtectionFlags() instead. */@DeprecatedpublicintprotectionLevel;

一般这个变量值有以下这些:

/** * Information you can retrieve about a particular security permission * known to the system. This corresponds to information collected from the * AndroidManifest.xml's &lt;permission&gt; tags. */publicclassPermissionInfoextendsPackageItemInfoimplementsParcelable{/** * A normal application value for {@link #protectionLevel}, corresponding * to the <code>normal</code> value of * {@link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_NORMAL=0;/** * Dangerous value for {@link #protectionLevel}, corresponding * to the <code>dangerous</code> value of * {@link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_DANGEROUS=1;/** * System-level value for {@link #protectionLevel}, corresponding * to the <code>signature</code> value of * {@link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_SIGNATURE=2;/** * @deprecated Use {@link #PROTECTION_SIGNATURE}|{@link #PROTECTION_FLAG_PRIVILEGED} * instead. */@DeprecatedpublicstaticfinalintPROTECTION_SIGNATURE_OR_SYSTEM=3;/** * System-level value for {@link #protectionLevel}, corresponding * to the <code>internal</code> value of * {@link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_INTERNAL=4;/** @hide */@IntDef(flag=false,prefix={"PROTECTION_"},value={PROTECTION_NORMAL,PROTECTION_DANGEROUS,PROTECTION_SIGNATURE,PROTECTION_SIGNATURE_OR_SYSTEM,PROTECTION_INTERNAL,})@Retention(RetentionPolicy.SOURCE)public@interfaceProtection{}/** * Additional flag for {@link #protectionLevel}, corresponding * to the <code>privileged</code> value of * {@link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_PRIVILEGED=0x10;/** * @deprecated Old name for {@link #PROTECTION_FLAG_PRIVILEGED}, which * is now very confusing because it only applies to privileged apps, not all * apps on the system image. */@DeprecatedpublicstaticfinalintPROTECTION_FLAG_SYSTEM=0x10;/** * Additional flag for {@link #protectionLevel}, corresponding * to the <code>development</code> value of * {@link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_DEVELOPMENT=0x20;/** * Additional flag for {@link #protectionLevel}, corresponding * to the <code>appop</code> value of * {@link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_APPOP=0x40;/** * Additional flag for {@link #protectionLevel}, corresponding * to the <code>pre23</code> value of * {@link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_PRE23=0x80;/** * Additional flag for {@link #protectionLevel}, corresponding * to the <code>installer</code> value of * {@link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_INSTALLER=0x100;/** * Additional flag for {@link #protectionLevel}, corresponding * to the <code>verifier</code> value of * {@link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_VERIFIER=0x200;/** * Additional flag for {@link #protectionLevel}, corresponding * to the <code>preinstalled</code> value of * {@link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_PREINSTALLED=0x400;/** * Additional flag for {@link #protectionLevel}, corresponding * to the <code>setup</code> value of * {@link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_SETUP=0x800;/** * Additional flag for {@link #protectionLevel}, corresponding * to the <code>instant</code> value of * {@link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_INSTANT=0x1000;/** * Additional flag for {@link #protectionLevel}, corresponding * to the <code>runtime</code> value of * {@link android.R.attr#protectionLevel}. */publicstaticfinalintPROTECTION_FLAG_RUNTIME_ONLY=0x2000;/** * Additional flag for {@link #protectionLevel}, corresponding * to the <code>oem</code> value of * {@link android.R.attr#protectionLevel}. * * @hide */@SystemApipublicstaticfinalintPROTECTION_FLAG_OEM=0x4000;/** * Additional flag for {${link #protectionLevel}, corresponding * to the <code>vendorPrivileged</code> value of * {@link android.R.attr#protectionLevel}. * * @hide */@SystemApipublicstaticfinalintPROTECTION_FLAG_VENDOR_PRIVILEGED=0x8000;/** * Additional flag for {@link #protectionLevel}, corresponding * to the <code>text_classifier</code> value of * {@link android.R.attr#protectionLevel}. * * @hide */@SystemApipublicstaticfinalintPROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER=0x10000;/** * Additional flag for {${link #protectionLevel}, corresponding * to the <code>wellbeing</code> value of * {@link android.R.attr#protectionLevel}. * * @deprecated this protectionLevel is obsolete. Permissions previously granted through this * protectionLevel have been migrated to use <code>role</code> instead * @hide */@SystemApipublicstaticfinalintPROTECTION_FLAG_WELLBEING=0x20000;/** * Additional flag for {@link #protectionLevel}, corresponding to the * {@code documenter} value of {@link android.R.attr#protectionLevel}. * * @deprecated this protectionLevel is obsolete. Permissions previously granted * through this protectionLevel have been migrated to use <code>role</code> instead * @hide */@SystemApipublicstaticfinalintPROTECTION_FLAG_DOCUMENTER=0x40000;/** * Additional flag for {@link #protectionLevel}, corresponding to the * {@code configurator} value of {@link android.R.attr#protectionLevel}. * * @hide */@SystemApipublicstaticfinalintPROTECTION_FLAG_CONFIGURATOR=0x80000;/** * Additional flag for {${link #protectionLevel}, corresponding * to the <code>incident_report_approver</code> value of * {@link android.R.attr#protectionLevel}. * * @hide */@SystemApipublicstaticfinalintPROTECTION_FLAG_INCIDENT_REPORT_APPROVER=0x100000;/** * Additional flag for {@link #protectionLevel}, corresponding * to the <code>app_predictor</code> value of * {@link android.R.attr#protectionLevel}. * * @hide */@SystemApipublicstaticfinalintPROTECTION_FLAG_APP_PREDICTOR=0x200000;/** * Additional flag for {@link #protectionLevel}, corresponding * to the <code>module</code> value of * {@link android.R.attr#protectionLevel}. * * @hide */@SystemApipublicstaticfinalintPROTECTION_FLAG_MODULE=0x400000;/** * Additional flag for {@link #protectionLevel}, corresponding * to the <code>companion</code> value of * {@link android.R.attr#protectionLevel}. * * @hide */@SystemApipublicstaticfinalintPROTECTION_FLAG_COMPANION=0x800000;/** * Additional flag for {@link #protectionLevel}, corresponding * to the <code>retailDemo</code> value of * {@link android.R.attr#protectionLevel}. * * @deprecated This flag has been replaced by the * {@link android.R.string#config_defaultRetailDemo retail demo role} and is a * no-op since {@link Build.VERSION_CODES#VANILLA_ICE_CREAM}. * * @hide */@SystemApipublicstaticfinalintPROTECTION_FLAG_RETAIL_DEMO=0x1000000;/** * Additional flag for {@link #protectionLevel}, corresponding * to the <code>recents</code> value of * {@link android.R.attr#protectionLevel}. * * @hide */@SystemApipublicstaticfinalintPROTECTION_FLAG_RECENTS=0x2000000;/** * Additional flag for {@link #protectionLevel}, corresponding to the <code>role</code> value of * {@link android.R.attr#protectionLevel}. * * @hide */@SystemApipublicstaticfinalintPROTECTION_FLAG_ROLE=0x4000000;/** * Additional flag for {@link #protectionLevel}, correspoinding to the {@code knownSigner} value * of {@link android.R.attr#protectionLevel}. * * @hide */@SystemApipublicstaticfinalintPROTECTION_FLAG_KNOWN_SIGNER=0x8000000;/** @hide */@IntDef(flag=true,prefix={"PROTECTION_FLAG_"},value={PROTECTION_FLAG_PRIVILEGED,PROTECTION_FLAG_SYSTEM,PROTECTION_FLAG_DEVELOPMENT,PROTECTION_FLAG_APPOP,PROTECTION_FLAG_PRE23,PROTECTION_FLAG_INSTALLER,PROTECTION_FLAG_VERIFIER,PROTECTION_FLAG_PREINSTALLED,PROTECTION_FLAG_SETUP,PROTECTION_FLAG_INSTANT,PROTECTION_FLAG_RUNTIME_ONLY,PROTECTION_FLAG_OEM,PROTECTION_FLAG_VENDOR_PRIVILEGED,PROTECTION_FLAG_SYSTEM_TEXT_CLASSIFIER,PROTECTION_FLAG_CONFIGURATOR,PROTECTION_FLAG_INCIDENT_REPORT_APPROVER,PROTECTION_FLAG_APP_PREDICTOR,PROTECTION_FLAG_COMPANION,PROTECTION_FLAG_RETAIL_DEMO,PROTECTION_FLAG_RECENTS,PROTECTION_FLAG_ROLE,PROTECTION_FLAG_KNOWN_SIGNER,PROTECTION_FLAG_MODULE,})

xml中值如何转换成java的protectionLevel变量,这块可以看一下如下代码:
到此就把学员关于权限的protectionLevel保护级别部分进行了全面的剖析。

原文参考:
https://mp.weixin.qq.com/s/3GNkarfoiab7akLtdtZanA

版权声明: 本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若内容造成侵权/违法违规/事实不符,请联系邮箱:809451989@qq.com进行投诉反馈,一经查实,立即删除!
网站建设 2026/7/7 18:19:15

GG3M全球智慧平台商业计划书GG3M Global Wisdom Platform Business Plan

GG3M全球智慧平台商业计划书GG3M Global Wisdom Platform Business Plan文档控制页 | Document Control Page项目Item内容Content文档标题Document TitleGG3M全球智慧平台商业计划书GG3M Global Wisdom Platform Business Plan版本号Version2.02.0发布日期Release Date2025年1月…

作者头像 李华
网站建设 2026/7/6 22:17:23

8、Docker网络与持续集成全解析

Docker网络与持续集成全解析 一、Docker网络基础 Docker 网络是 Docker 中至关重要的一部分。默认情况下,Docker 自带三种网络,我们可以通过执行以下命令来查看: docker network ls以下是对不同网络类型的解释: - bridge :这是默认网络。在桥接模式下,它与主机是完…

作者头像 李华
网站建设 2026/7/7 13:27:18

2022年CIE SCI2区TOP,双向交替搜索 A* 算法的移动机器人全局路径规划,深度解析+性能实测

目录1.摘要2.改进A*算法3.结果展示4.参考文献5.代码获取6.算法辅导应用定制读者交流1.摘要 针对传统 A* 算法在大规模环境中存在的计算效率低、路径转向角大以及路径不平滑等问题&#xff0c;本文提出了一种改进 A* 路径规划算法&#xff0c;该方法引入双向交替搜索&#xff0…

作者头像 李华
网站建设 2026/7/6 14:55:03

知识分享--Mapping the inflammatory origins of lung cancer

作者&#xff0c;Evil Genius 看了看医生的考核晋升指标&#xff0c;明白了为什么医生都要做科研了。 但是我觉得最好还是需要有医学院才行。 今天我们科普一下&#xff0c;参考文献如下 大家可以参加文章单细胞空间外显子--多模态空间组学揭示肺前驱病变进展中肺泡祖细胞与…

作者头像 李华
网站建设 2026/7/6 21:09:52

15、SSH 端口转发:配置与网络基础全解析

SSH 端口转发:配置与网络基础全解析 1. 可配置端口转发的 SSH 客户端和服务器 在 SSH 应用中,有多种客户端和服务器可进行端口转发配置。 客户端方面: - SSH 命令行客户端(包括 OpenSSH 和商业版本) - SSH Communications 的 SSH 客户端 - SecureCRT SSH 客户端 服…

作者头像 李华