android自定义访问权限

android 中如果我们想让我们的activity或service限制别人的访问，可以加上自定义权限，只有加上我们定义的权限才能访问我们的组件，具体在我们应用中的AndroidManifest.xml
中添加

<permission android:name="com.qualcomm.permission.USE_QCRIL_MSG_TUNNEL"               android:protectionLevel="signatureOrSystem" /><uses-permission android:name="com.qualcomm.permission.USE_QCRIL_MSG_TUNNEL" /><service android:name="QcrilMsgTunnelService"               android:exported="true"               android:permission="com.qualcomm.permission.USE_QCRIL_MSG_TUNNEL" />          

如果其他应用需要访问我们的service，就得需要配置

<uses-permission android:name="com.qualcomm.permission.USE_QCRIL_MSG_TUNNEL" />

权限，并且还需要将android:sharedUserId=”android.uid.system”
这里需要提醒一下因为我们的自定义权限中设置了protectionLevel=”signatureOrSystem” 所以这里只有系统级别应用可以使用该权限，其他都不可以。
protectionLevel 有几个值，分别为”normal”，”dangerous”，”signature”，”signatureOrSystem”
官方给予的说明如下：

“normal”

The default value. A lower-risk permission that gives requesting applications access to isolated application-level features, with minimal risk to other applications, the system, or the user. The system automatically grants this type of permission to a requesting application at installation, without asking for the user’s explicit approval (though the user always has the option to review these permissions before installing).

“dangerous”

A higher-risk permission that would give a requesting application access to private user data or control over the device that can negatively impact the user. Because this type of permission introduces potential risk, the system may not automatically grant it to the requesting application. For example, any dangerous permissions requested by an application may be displayed to the user and require confirmation before proceeding, or some other approach may be taken to avoid the user automatically allowing the use of such facilities.

“signature”

A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user’s explicit approval.

“signatureOrSystem”

A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificate as the application that declared the permission. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. The “signatureOrSystem” permission is used for certain special situations where multiple vendors have applications built into a system image and need to share specific features explicitly because they are being built together.

英语好的，可以直接读上面的文档，下面是我简单的理解：

1. normal：这是最低风险的权限，如果应用声明了此权限，也不会提示安装应用的用户授权（例如，如果声明了定位权限，则应用到定位功能时，会明确提示用户，是否授予定位权限，但是protectionLevel为normal的不会明确提示，直接默认授予），系统直接默认该应用有此权限；

2. dangerous：这种级别的权限风险更高，拥有此权限可能会访问用户私人数据或者控制设备，给用户带来负面影响，这种类型的权限一般不会默认授权（但是我测了好多次，有时候还是会默认授权）；

3. signature：这种权限级别，只有当发请求的应用和接收此请求的应用使用同一签名文件，并且声明了该权限才会授权，并且是默认授权，不会提示用户授权

4. signatureOrSystem：这种权限应该尽量避免使用，偏向系统级

对于normal或者dangerous级别的权限，我们自己的应用需要去访问其对应受保护的资源时只需要在androidManifest.xml中添加相同的uses-permission就行了。对于signature级别的除了声明权限，还要有相同的签名。而对于signatureOrSystem，还需要sharedUserId=”android.uid.system” .