Runtime Permissions

Runtime Permissions

在Android 6.0中谷歌摒棄了以前的install time permissions model取而代之的是**runtime permissions model**。先來講說install time permissions model，這個你們不陌生，就是當Android App安裝的時候會向用戶展現一坨權限，若是此時用戶選擇安裝，則表示用戶贊成將這些權限賦予App，若是用戶不一樣意那麼這個App就會取消安裝。runtime permissions model就牛逼了，在App安裝的時候一樣會向用戶展現所須要的權限，而且在用戶選擇安裝App的時候並不表示用戶將這些權限賦予了App，而是須要App在運行階段主動去申請這些權限。這樣作的好處顯而易見，App對權限的申請對於用戶來講變得更加透明，並且用戶對App權限的控制也更加靈活。 權限的分類

Android將系統權限分紅了四個保護等級:

• normal,
• dangerous,
• signature,
• signatureOrSystem

其中最多見的是normal permission和dangerous permission兩類。

normal permission

normal permission涵蓋的一系列權限的共同點是：App須要訪問App運行沙盒之外的數據或資源，可是這些資源對用戶的隱私或其餘App的危險性較小，下面列舉一下這些權限：

ACCESS_LOCATION_EXTRA_COMMANDS

ACCESS_NETWORK_STATE ACCESS_NOTIFICATION_POLICY ACCESS_WIFI_STATE BLUETOOTH BLUETOOTH_ADMIN BROADCAST_STICKY CHANGE_NETWORK_STATE CHANGE_WIFI_MULTICAST_STATE CHANGE_WIFI_STATE DISABLE_KEYGUARD EXPAND_STATUS_BAR FLASHLIGHT GET_PACKAGE_SIZE INTERNET KILL_BACKGROUND_PROCESSES MODIFY_AUDIO_SETTINGS NFC READ_SYNC_SETTINGS READ_SYNC_STATS RECEIVE_BOOT_COMPLETED REORDER_TASKS REQUEST_INSTALL_PACKAGES SET_TIME_ZONE SET_WALLPAPER SET_WALLPAPER_HINTS TRANSMIT_IR USE_FINGERPRINT VIBRATE WAKE_LOCK WRITE_SYNC_SETTINGS SET_ALARM INSTALL_SHORTCUT

>
>以上這些就是Android 6.0中全部的normal permissions了。

### dangerous permissions

dangerous permissions 涵蓋的一系列權限的共同點是：這些權限會讀寫用戶的隱私信息，也可能會讀寫用戶存儲的數據或影響其餘App的正常運行。下面例舉出這些權限：


> - CALENDAR
>     - READ_CALENDAR
    - WRITE_CALENDAR
> - CAMERA
>     - CAMERA
> - CONTACTS	
>     - READ_CONTACTS
    - WRITE_CONTACTS
    - GET_ACCOUNTS

> - LOCATION	
>     - **ACCESS\_FINE\_LOCATION**
    - **ACCESS\_COARSE\_LOCATION**

> - MICROPHONE
>     - RECORD_AUDIO
> 
> - SENSORS
> 	- BODY_SENSORS
> - PHONE	
>      - READ_PHONE_STATE
     - CALL_PHONE
     - READ_CALL_LOG
     - WRITE_CALL_LOG
     - ADD_VOICEMAIL
     - USE_SIP
     - PROCESS\_OUTGOING_CALLS
> 
> - SMS
> 	- SEND_SMS
	- RECEIVE_SMS
	- READ_SMS
	- RECEIVE_WAP_PUSH
	- RECEIVE_MMS

> - STORAGE
> 	- **READ\_EXTERNAL_STORAGE**
	- **WRITE\_EXTERNAL_STORAGE**

以上這些權限就是Android6.0中全部的dangerous permissions。

**Runtime Permissions**針對的是**dangerous permissions**，normal permissions仍是會在App安裝期間被默認賦予。


## ps：關於protection level

> 
> 有時候別人建立的應用有自定義的Permission, 在permissionLevel的定義時設置了android:protectionLevel這一項。取值範圍有四種：
>  
> 
- "normal" 
- "dangerous" 
- "signature" 
- "signatureOrSystem" 

> 若是定義的是前面兩種**`normal`**或者**`dangerous`**, 咱們本身的應用須要去訪問其對應受保護的資源時只須要在androidManifest.xml中添加相同的uses-permission就好了。 
> 
> 若是是**`signature`**, 咱們僅僅添加對權限的使用還不行， 必須同時使用相同的證書來簽名。

>>A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.
 
> 
> 若是是**`signatureOrSystem`**, 不只要有相同的簽名， 還必須有相同的sharedUserId.
>> A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificate as the application that declared the permission. Please avoid using this option, as the `signature` protection level should be sufficient for most needs and works regardless of exactly where applications are installed. The "signatureOrSystem" permission is used for certain special situations where multiple vendors have applications built into a system image and need to share specific features explicitly because they are being built together.


參考：
https://developer.android.com/guide/topics/manifest/permission-element.html

http://blog.csdn.net/l_serein/article/details/6776377

http://www.wilkeryun.com/android-6-0%E6%96%B0%E7%89%B9%E6%80%A7%E4%B9%8Bruntime-permission/925.html