关于权限"android.permission.GLOBAL_SEARCH"
2017-03-24 16:07
316 查看
此前有一篇文章说明如何将自己的app作为一个外部数据源提供给android系统搜索:
http://blog.csdn.net/zhanglianyu00/article/details/61196900
里面提到安卓提供了一个权限android.permission.GLOBAL_SEARCH,供数据源提供方使用,来作为数据的保护机制。android官方文档对于此权限的说明较少,只有如下文字:
This permission can be used on content providers to allow the global search system to access their data. Typically it used when the provider has some permissions protecting it (which global search would not be expected to hold), and added as a read-only
permission to the path in the provider where global search queries are performed. This permission can not be held by regular applications; it is used by applications to protect themselves from everyone else besides global search.
https://developer.android.com/reference/android/Manifest.permission.html#GLOBAL_SEARCH
这里稍微深入,在android内部研究一下这个权限。
通过search android源代码,可以找到这个权限是在这个工程中定义 frameworks/base/core/res。这个工程在android内部托管各种框架层使用的资源。查看frameworks/base/core/res/AndroidManifest.xml,找到此权限的定义:
<!-- @SystemApi This permission can be used on content providers to allow the global
search system to access their data. Typically it used when the
provider has some permissions protecting it (which global search
would not be expected to hold), and added as a read-only permission
to the path in the provider where global search queries are
performed. This permission can not be held by regular applications;
it is used by applications to protect themselves from everyone else
besides global search. -->
<permission android:name="android.permission.GLOBAL_SEARCH"
android:protectionLevel="signature|privileged" />
看到保护级别是signature,再复习一下这两个flag的含义(https://developer.android.com/reference/android/R.attr.html#protectionLevel ):
signature:
A permission that the system is to grant only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying
the user or asking for the user's explicit approval.
privileged:
Additional flag from base permission type: this permission can also be granted to any applications installed as privileged apps on the system image. Please avoid using this option, as the signature protection level should be sufficient for most needs and
works regardless of exactly where applications are installed. This permission flag is used for certain special situations where multiple vendors have applications built in to a system image which need to share specific features explicitly because they are
being built together.
可见需要与frameworks/base/core/res签名相同或者是由系统授权的应用(譬如vendor)才能使用这个权限。
frameworks/base/core/res是一个系统工程,查看其mk文件 frameworks/base/core/res/Android.mk,看到签名信息:
LOCAL_CERTIFICATE := platform
android一共有4种系统签名:
testkey:用于普通apk
platform:用于系统核心apk
shared:用于Launcher、Contacts等重要apk
media:用于系统的多媒体和下载类apk
(参见build/target/product/security/)
由此引申出一个问题,由签名为platform的工程定义的signature级别的permission,只对platform开放,还是对上述四种都开放?
在一个shared签名的系统应用中测试添加使用该permission,编译,成功。所以可见对于所有系统签名都可用。
对于纯第三方App,使用Android Studio开发时是无法添加这个use permission的,会提示错误:
Permission is only granted to system apps.
http://blog.csdn.net/zhanglianyu00/article/details/61196900
里面提到安卓提供了一个权限android.permission.GLOBAL_SEARCH,供数据源提供方使用,来作为数据的保护机制。android官方文档对于此权限的说明较少,只有如下文字:
This permission can be used on content providers to allow the global search system to access their data. Typically it used when the provider has some permissions protecting it (which global search would not be expected to hold), and added as a read-only
permission to the path in the provider where global search queries are performed. This permission can not be held by regular applications; it is used by applications to protect themselves from everyone else besides global search.
https://developer.android.com/reference/android/Manifest.permission.html#GLOBAL_SEARCH
这里稍微深入,在android内部研究一下这个权限。
通过search android源代码,可以找到这个权限是在这个工程中定义 frameworks/base/core/res。这个工程在android内部托管各种框架层使用的资源。查看frameworks/base/core/res/AndroidManifest.xml,找到此权限的定义:
<!-- @SystemApi This permission can be used on content providers to allow the global
search system to access their data. Typically it used when the
provider has some permissions protecting it (which global search
would not be expected to hold), and added as a read-only permission
to the path in the provider where global search queries are
performed. This permission can not be held by regular applications;
it is used by applications to protect themselves from everyone else
besides global search. -->
<permission android:name="android.permission.GLOBAL_SEARCH"
android:protectionLevel="signature|privileged" />
看到保护级别是signature,再复习一下这两个flag的含义(https://developer.android.com/reference/android/R.attr.html#protectionLevel ):
signature:
A permission that the system is to grant only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying
the user or asking for the user's explicit approval.
privileged:
Additional flag from base permission type: this permission can also be granted to any applications installed as privileged apps on the system image. Please avoid using this option, as the signature protection level should be sufficient for most needs and
works regardless of exactly where applications are installed. This permission flag is used for certain special situations where multiple vendors have applications built in to a system image which need to share specific features explicitly because they are
being built together.
可见需要与frameworks/base/core/res签名相同或者是由系统授权的应用(譬如vendor)才能使用这个权限。
frameworks/base/core/res是一个系统工程,查看其mk文件 frameworks/base/core/res/Android.mk,看到签名信息:
LOCAL_CERTIFICATE := platform
android一共有4种系统签名:
testkey:用于普通apk
platform:用于系统核心apk
shared:用于Launcher、Contacts等重要apk
media:用于系统的多媒体和下载类apk
(参见build/target/product/security/)
由此引申出一个问题,由签名为platform的工程定义的signature级别的permission,只对platform开放,还是对上述四种都开放?
在一个shared签名的系统应用中测试添加使用该permission,编译,成功。所以可见对于所有系统签名都可用。
对于纯第三方App,使用Android Studio开发时是无法添加这个use permission的,会提示错误:
Permission is only granted to system apps.
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- View.setKeepScreenOn(true) 需要 "android.permission.WAKE_LOCK" 权限?
- 如何判断是否得到"android.permission.PACKAGE_USAGE_STATS"权限
- 关于添加android:name="android.permission.INSTALL_PACKAGES"报错的解决方法
- 关于android:sharedUserId="android.uid.system"这个系统级权限
- android关于uses-permission权限列表
- 关于android:sharedUserId="android.uid.system"这个系统级权限
- 关于Uri的java.lang.SecurityException: Permission Denial错误、(Android权限Uri.parse的详细资料)
- android关于uses-permission权限列表
- 关于android:sharedUserId="android.uid.system"这个系统级权限
- 因为Android M权限问题导致的"Permission Denial: reading com.android.providers.media.MediaProvider"解决办法
- android permission——关于权限你需要知道的事
- 关于android:sharedUserId="android.uid.system"这个系统级权限
- 关于android:sharedUserId="android.uid.system"这个系统级权限
- 随笔:关于权限android.permission.SYSTEM_ALERT_WINDOW
- android关于uses-permission权限列表
- Android常用的权限(关于Android uses-permission的资料)
- android关于uses-permission权限列表
- 关于android:sharedUserId="android.uid.system"这个系统级权限
- Android SDK1.0 Permission 大全访问权限许可
- Android权限列表permission说明