1.PermissionInfo
对应的是AndroidManifest(这里的AndroidManifest.xml是指\frameworks\base\core\res\AndroidManifest.xml))文件中permission标签。如在使用READ_CALL_LOG权限的时候,那么系统就可以知道READ_CALL_LOG权限相应的PermissionInfo。
/**
* Information you can retrieve about a particular security permission
* known to the system. This corresponds to information collected from the
* AndroidManifest.xml's <permission> tags.
*/
public class PermissionInfo extends PackageItemInfo implements Parcelable {
public int protectionLevel; //对应的标签为:android:protectionLevel="dangerous|instant"
public @Nullable String group; //权限组,对应的标签为:android:permissionGroup="android.permission-group.UNDEFINED"
......
public @Flags int flags; //对应的标签为:android:permissionFlags="hardRestricted"
public @StringRes int descriptionRes; //对应的标签为:android:description="@string/permdesc_accessFineLocation"
@SystemApi
public @StringRes int requestRes;
@SystemApi
@TestApi
public final @Nullable String backgroundPermission; //对应的标签为:android:backgroundPermission="android.permission.ACCESS_BACKGROUND_LOCATION"
......
}以下为READ_CALL_LOG的权限信息:
<permission android:name="android.permission.READ_CALL_LOG"
android:permissionGroup="android.permission-group.UNDEFINED"
android:label="@string/permlab_readCallLog"
android:description="@string/permdesc_readCallLog"
android:permissionFlags="hardRestricted"
android:protectionLevel="dangerous" />相关string的定义
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permlab_readCallLog">read call log</string>
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permdesc_readCallLog">This app can read your call history.</string>2.PermissionGroupInfo
特定的权限组信息,在AndroidManifest.xml(这里的AndroidManifest.xml是指\frameworks\base\core\res\AndroidManifest.xml)中的标记为permission-group。如在使用LOCATION权限组的时候,那么系统就可以知道LOCATION权限组相应的PermissionGroupInfo。
/**
* Information you can retrieve about a particular security permission
* group known to the system. This corresponds to information collected from the
* AndroidManifest.xml's <permission-group> tags.
*/
public class PermissionGroupInfo extends PackageItemInfo implements Parcelable {
public @StringRes int descriptionRes; //对应的标签为:android:description="@string/permgroupdesc_location"
@SystemApi
public @StringRes int requestRes; //对应的标签为:android:request="@string/permgrouprequest_location"
@SystemApi
public final @StringRes int requestDetailResourceId; //对应的标签为:android:requestDetail="@string/permgrouprequestdetail_location"
@SystemApi
public final @StringRes int backgroundRequestResourceId; //对应的标签为:android:backgroundRequestDetail="@string/permgroupbackgroundrequestdetail_location"
@SystemApi
public final @StringRes int backgroundRequestDetailResourceId; //对应的标签为:android:backgroundRequestDetail
......
public int priority; //对应的标签为: android:priority="400"
}以下为LOCATION的权限组信息:
<!-- Used for permissions that allow accessing the device location. -->
<permission-group android:name="android.permission-group.LOCATION"
android:icon="@drawable/ry_perm_group_location"
android:label="@string/permgrouplab_location"
android:description="@string/permgroupdesc_location"
android:request="@string/permgrouprequest_location"
android:requestDetail="@string/permgrouprequestdetail_location"
android:backgroundRequest="@string/permgroupbackgroundrequest_location"
android:backgroundRequestDetail="@string/permgroupbackgroundrequestdetail_location"
android:priority="400" />相关string的定义:
<!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permgrouplab_location">Location</string>
<!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permgroupdesc_location">access this device\'s location</string>
<!-- Message shown to the user when the apps requests permission from this group. If ever possible this should stay below 80 characters (assuming the parameters takes 20 characters). Don't abbreviate until the message reaches 120 characters though. [CHAR LIMIT=120] -->
<string name="permgrouprequest_location">Allow
<b><xliff:g id="app_name" example="Gmail">%1$s</xliff:g></b> to access this device\'s location?</string>
<!-- Subtitle of the message shown to the user when the apps requests permission to use the location only while app is in foreground [CHAR LIMIT=150]-->
<string name="permgrouprequestdetail_location">The app will only have access to the location while you\u2019re using the app</string>
<!-- Message shown to the user when the apps requests permission to use the location while app is in foreground and background. If ever possible this should stay below 80 characters (assuming the parameters takes 20 characters). Don't abbreviate until the message reaches 120 characters though. [CHAR LIMIT=120] -->
<string name="permgroupbackgroundrequest_location">Allow
<b><xliff:g id="app_name" example="Gmail">%1$s</xliff:g></b> to access this device\u2019s location <b>all the time</b>?</string>
<!-- Subtitle of the message shown to the user when the apps requests permission to use the location while app is in foreground and background [CHAR LIMIT=150] -->
<string name="permgroupbackgroundrequestdetail_location">App currently can access location only while you\u2019re using the app</string>3.BasePermission
主要用在动态权限中,保存PermissionInfo,及其对应的uid,包名等。
public final class BasePermission {
final String name; // BasePermission名字,实际为packages.xml中<permissions>标签里面item name,即为每一条permission的名字
// <item name="android.permission.REAL_GET_TASKS" package="android" protection="18" />
final @PermissionType int type; //normal,dangerous,signature,signatureOrSystem等
String sourcePackageName; //动态权限对应的包名
// TODO: Can we get rid of this? Seems we only use some signature info from the setting
PackageSettingBase sourcePackageSetting; //对应的包信息PackageSetting,包含PackageParser.Package pkg;
int protectionLevel; //权限等级
PackageParser.Permission perm; //apk解析出来的权限信息,主要包括PermissionInfo及PermissionGroup
PermissionInfo pendingPermissionInfo;
/** UID that owns the definition of this permission */
int uid;
/** Additional GIDs given to apps granted this permission */
private int[] gids;
/**
* Flag indicating that {@link #gids} should be adjusted based on the
* {@link UserHandle} the granted app is running as.
*/
private boolean perUser;
}4.PackageParser.Permission
安装包中解析出来的权限信息,主要包括PermissionInfo及PermissionGroup。
public final static class Permission extends Component<IntentInfo> implements Parcelable {
@UnsupportedAppUsage
public final PermissionInfo info;
@UnsupportedAppUsage
public boolean tree;
@UnsupportedAppUsage
public PermissionGroup group;
}5.PackageParser.PermissionGroup
安装包中解析出来的权限组信息,主要是PermissionGroupInfo。
public final static class PermissionGroup extends Component<IntentInfo> implements Parcelable {
@UnsupportedAppUsage
public final PermissionGroupInfo info;
}6.PermissionsState
这个类封装了一个包或者一个共享用户的权限。
有两种类型的权限,安装权限(在安装时授予的权限)和运行时权限(在运行时授予的权限)。
安装权限被授予送给设备的所有用户,运行时权限被显式授予特定用户。
权限按每个设备用户保留,例如,一个应用程序可能在设备所有者下授予了某些运行时权限,但在第二用户下没有授予。
这个类还负责跟踪包或共享用户的每个用户的Linux gid。gid是按每个用户为所有授予权限的gid计算的一组gid。
/**
* This class encapsulates the permissions for a package or a shared user.
* <p>
* There are two types of permissions: install (granted at installation)
* and runtime (granted at runtime). Install permissions are granted to
* all device users while runtime permissions are granted explicitly to
* specific users.
* </p>
* <p>
* The permissions are kept on a per device user basis. For example, an
* application may have some runtime permissions granted under the device
* owner but not granted under the secondary user.
* <p>
* This class is also responsible for keeping track of the Linux gids per
* user for a package or a shared user. The gids are computed as a set of
* the gids for all granted permissions' gids on a per user basis.
* </p>
*/
public final class PermissionsState {
/** The permission operation failed. */
public static final int PERMISSION_OPERATION_FAILURE = -1;
/** The permission operation succeeded and no gids changed. */
public static final int PERMISSION_OPERATION_SUCCESS = 0;
/** The permission operation succeeded and gids changed. */
public static final int PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED = 1;
......
@GuardedBy("mLock")
private ArrayMap<String, PermissionData> mPermissions; // 所有权限
private int[] mGlobalGids = NO_GIDS;
private SparseBooleanArray mPermissionReviewRequired;
}此类非常重要,基本上对于权限的所有具体操作,如授权,取消,判断是否具有某权限,都是在这个类中进行操作的。
7.PermissionsState.PermissionData
private static final class PermissionData {
private final BasePermission mPerm;
private SparseArray<PermissionState> mUserStates = new SparseArray<>();
}8.PermissionsState.PermissionState
public static final class PermissionState {
private final String mName; //权限name
private boolean mGranted; //是否授权了
private int mFlags;
}
用一张图来示例更清晰:
