Runtime Permissions

Runtime Permissions

在Android 6.0中谷歌摒弃了以前的install time permissions model取而代之的是**runtime permissions model**。先来讲说install time permissions model，这个你们不陌生，就是当Android App安装的时候会向用户展现一坨权限，若是此时用户选择安装，则表示用户赞成将这些权限赋予App，若是用户不一样意那么这个App就会取消安装。runtime permissions model就牛逼了，在App安装的时候一样会向用户展现所须要的权限，而且在用户选择安装App的时候并不表示用户将这些权限赋予了App，而是须要App在运行阶段主动去申请这些权限。这样作的好处显而易见，App对权限的申请对于用户来讲变得更加透明，并且用户对App权限的控制也更加灵活。 权限的分类

Android将系统权限分红了四个保护等级:

• normal,
• dangerous,
• signature,
• signatureOrSystem

其中最多见的是normal permission和dangerous permission两类。

normal permission

normal permission涵盖的一系列权限的共同点是：App须要访问App运行沙盒之外的数据或资源，可是这些资源对用户的隐私或其余App的危险性较小，下面列举一下这些权限：

ACCESS_LOCATION_EXTRA_COMMANDS

ACCESS_NETWORK_STATE ACCESS_NOTIFICATION_POLICY ACCESS_WIFI_STATE BLUETOOTH BLUETOOTH_ADMIN BROADCAST_STICKY CHANGE_NETWORK_STATE CHANGE_WIFI_MULTICAST_STATE CHANGE_WIFI_STATE DISABLE_KEYGUARD EXPAND_STATUS_BAR FLASHLIGHT GET_PACKAGE_SIZE INTERNET KILL_BACKGROUND_PROCESSES MODIFY_AUDIO_SETTINGS NFC READ_SYNC_SETTINGS READ_SYNC_STATS RECEIVE_BOOT_COMPLETED REORDER_TASKS REQUEST_INSTALL_PACKAGES SET_TIME_ZONE SET_WALLPAPER SET_WALLPAPER_HINTS TRANSMIT_IR USE_FINGERPRINT VIBRATE WAKE_LOCK WRITE_SYNC_SETTINGS SET_ALARM INSTALL_SHORTCUT

>
>以上这些就是Android 6.0中全部的normal permissions了。

### dangerous permissions

dangerous permissions 涵盖的一系列权限的共同点是：这些权限会读写用户的隐私信息，也可能会读写用户存储的数据或影响其余App的正常运行。下面例举出这些权限：


> - CALENDAR
>     - READ_CALENDAR
    - WRITE_CALENDAR
> - CAMERA
>     - CAMERA
> - CONTACTS	
>     - READ_CONTACTS
    - WRITE_CONTACTS
    - GET_ACCOUNTS

> - LOCATION	
>     - **ACCESS\_FINE\_LOCATION**
    - **ACCESS\_COARSE\_LOCATION**

> - MICROPHONE
>     - RECORD_AUDIO
> 
> - SENSORS
> 	- BODY_SENSORS
> - PHONE	
>      - READ_PHONE_STATE
     - CALL_PHONE
     - READ_CALL_LOG
     - WRITE_CALL_LOG
     - ADD_VOICEMAIL
     - USE_SIP
     - PROCESS\_OUTGOING_CALLS
> 
> - SMS
> 	- SEND_SMS
	- RECEIVE_SMS
	- READ_SMS
	- RECEIVE_WAP_PUSH
	- RECEIVE_MMS

> - STORAGE
> 	- **READ\_EXTERNAL_STORAGE**
	- **WRITE\_EXTERNAL_STORAGE**

以上这些权限就是Android6.0中全部的dangerous permissions。

**Runtime Permissions**针对的是**dangerous permissions**，normal permissions仍是会在App安装期间被默认赋予。


## ps：关于protection level

> 
> 有时候别人建立的应用有自定义的Permission, 在permissionLevel的定义时设置了android:protectionLevel这一项。取值范围有四种：
>  
> 
- "normal" 
- "dangerous" 
- "signature" 
- "signatureOrSystem" 

> 若是定义的是前面两种**`normal`**或者**`dangerous`**, 咱们本身的应用须要去访问其对应受保护的资源时只须要在androidManifest.xml中添加相同的uses-permission就好了。 
> 
> 若是是**`signature`**, 咱们仅仅添加对权限的使用还不行， 必须同时使用相同的证书来签名。

>>A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.
 
> 
> 若是是**`signatureOrSystem`**, 不只要有相同的签名， 还必须有相同的sharedUserId.
>> A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificate as the application that declared the permission. Please avoid using this option, as the `signature` protection level should be sufficient for most needs and works regardless of exactly where applications are installed. The "signatureOrSystem" permission is used for certain special situations where multiple vendors have applications built into a system image and need to share specific features explicitly because they are being built together.


参考：
https://developer.android.com/guide/topics/manifest/permission-element.html

http://blog.csdn.net/l_serein/article/details/6776377

http://www.wilkeryun.com/android-6-0%E6%96%B0%E7%89%B9%E6%80%A7%E4%B9%8Bruntime-permission/925.html